Question 1

Your organization is migrating to Google Cloud. As part of that effort, it needs to move terabytes
of data from on-premises file servers to Cloud Storage. Your organization wants the migration
process to be automated and to be managed by Google. Your organization has an existing
Dedicated Interconnect connection that it wants to use. Which Google Cloud product or feature
should your organization use?

 A. Storage Transfer Service

 B. Migrate for Anthos
 C. BigQuery Data Transfer Service
 D. Transfer Appliance

Your organization needs to analyze data in order to gather insights into its daily operations. You
only want to pay for the data you store and the queries you perform. Which Google Cloud
product should your organization choose for its data analytics warehouse?

 A. Cloud SQL
 B. Dataproc
 C. Cloud Spanner
 D. BigQuery

Your organization wants to run a container-based application on Google Cloud. This application
is expected to increase in complexity. You have a security need for fine-grained control of traffic
between the containers. You also have an operational need to exercise fine-grained control over
the application's scaling policies.
What Google Cloud product or feature should your organization use?

 A. Google Kubernetes Engine cluster

 B. App Engine
 C. Cloud Run
 D. Compute Engine virtual machines

Which Google Cloud product or feature makes specific recommendations based on security risks
and compliance violations?

 A. Google Cloud firewalls

 B. Security Command Center
 C. Cloud Deployment Manager
  D. Google Cloud Armor

Which Google Cloud product provides a consistent platform for multi-cloud application
deployments and extends other Google Cloud services to your organization's environment?

 A. Google Kubernetes Engine

 B. Virtual Public Cloud
 C. Compute Engine
 D. Anthos

Your organization is developing an application that will manage payments and online bank
accounts located around the world. The most critical requirement for your database is that each
transaction is handled consistently. Your organization anticipates almost unlimited growth in the
amount of data stored.
Which Google Cloud product should your organization choose?

 A. Cloud SQL
 B. Cloud Storage
 C. Firestore
 D. Cloud Spanner

Your organization wants an economical solution to store data such as files, graphical images, and
videos and to access and share them securely.
Which Google Cloud product or service should your organization use?

 A. Cloud Storage
 B. Cloud SQL
 C. Cloud Spanner
 D. BigQuery

Your organization wants to predict the behavior of visitors to its public website. To do that, you
have decided to build a machine learning model. Your team has database-related skills but only
basic machine learning skills, and would like to use those database skills.
Which Google Cloud product or feature should your organization choose?

 A. BigQuery ML
 B. LookML
 C. TensorFlow
 D. Cloud SQL
Your organization needs to restrict access to a Cloud Storage bucket. Only employees who are
based in Canada should be allowed to view the contents.
What is the most effective and efficient way to satisfy this requirement?

 A. Deploy the Cloud Storage bucket to a Google Cloud region in Canada

 B. Configure Google Cloud Armor to allow access to the bucket only from IP addresses
based in Canada
 C. Give each employee who is based in Canada access to the bucket
 D. Create a group consisting of all Canada-based employees, and give the group access to
the bucket

Your organization is moving an application to Google Cloud. As part of that effort, it needs to
migrate the application's working database from another cloud provider to Cloud SQL. The
database runs on the MySQL engine. The migration must cause minimal disruption to users.
Data must be secured while in transit.
Which should your organization use?

 A. BigQuery Data Transfer Service

 B. MySQL batch insert
 C. Database Migration Service
 D. Cloud Composer

Your organization is developing and deploying an application on Google Cloud. Tracking your
Google Cloud spending needs to stay as simple as possible.
What should you do to ensure that workloads in the development environment are fully isolated
from production workloads?

 A. Apply a unique tag to development resources

 B. Associate the development resources with their own network
 C. Associate the development resources with their own billing account
 D. Put the development resources in their own project

Your organization is developing and deploying an application on Google Cloud. Tracking your
Google Cloud spending needs to stay as simple as possible.
What should you do to ensure that workloads in the development environment are fully isolated
from production workloads?

 A. Apply a unique tag to development resources

 B. Associate the development resources with their own network
 C. Associate the development resources with their own billing account
  D. Put the development resources in their own project

Your organization is running all its workloads in a private cloud on top of a hypervisor. Your
organization has decided it wants to move to Google Cloud as quickly as possible. Your
organization wants minimal changes to the current environment, while using the maximum
amount of managed services Google offers.
What should your organization do?

 A. Migrate the workloads to Google Cloud VMware Engine

 B. Migrate the workloads to Compute Engine
 C. Migrate the workloads to Bare Metal Solution
 D. Migrate the workloads to Google Kubernetes Engine

Your organization is releasing its first publicly available application in Google Cloud. The
application is critical to your business and customers and requires a 2- hour SLA.
How should your organization set up support to minimize costs?

 A. Enroll in Premium Support

 B. Enroll in Enhanced Support
 C. Enroll in Standard Support
 D. Enroll in Basic Support

Your organization offers public mobile apps and websites. You want to migrate to a Google
Cloud-based solution for checking and maintaining your users' usernames and passwords and
controlling their access to different resources based on their identity.
Which should your organization choose?

 A. VPN tunnels
 B. Identity Platform
 C. Compute Engine firewall rules
 D. Private Google Access

You are migrating workloads to the cloud. The goal of the migration is to serve customers
worldwide as quickly as possible According to local regulations, certain data is required to be
stored in a specific geographic area, and it can be served worldwide. You need to design the
architecture and deployment for your workloads.
What should you do?

 A. Select a public cloud provider that is only active in the required geographic area
 B. Select a private cloud provider that globally replicates data storage for fast data access
  C. Select a public cloud provider that guarantees data location in the required geographic
area
 D. Select a private cloud provider that is only active in the required geographic area

Your organization needs a large amount of extra computing power within the next two weeks.
After those two weeks, the need for the additional resources will end.
Which is the most cost-effective approach?

 A. Use a committed use discount to reserve a very powerful virtual machine

 B. Purchase one very powerful physical computer
 C. Start a very powerful virtual machine without using a committed use discount
 D. Purchase multiple physical computers and scale workload across them

Your organization needs to plan its cloud infrastructure expenditures.

Which should your organization do?

 A. Review cloud resource costs frequently, because costs change often based on use
 B. Review cloud resource costs annually as part of planning your organization‫ג‬€™s
overall budget
 C. If your organization uses only cloud resources, infrastructure costs are no longer part
of your overall budget
 D. Involve fewer people in cloud resource planning than your organization did for on-
premises resource planning

The operating systems of some of your organization's virtual machines may have a security
vulnerability.
How can your organization most effectively identify all virtual machines that do not have the
latest security update?

 A. View the Security Command Center to identify virtual machines running vulnerable
disk images
 B. View the Compliance Reports Manager to identify and download a recent PCI audit
 C. View the Security Command Center to identify virtual machines started more than 2
weeks ago
 D. View the Compliance Reports Manager to identify and download a recent SOC 1 audit

You are currently managing workloads running on Windows Server for which your company
owns the licenses. Your workloads are only needed during working hours, which allows you to
shut down the instances during the weekend. Your Windows Server licenses are up for renewal
in a month, and you want to optimize your license cost.
What should you do?

 A. Renew your licenses for an additional period of 3 years. Renew your licenses for an
additional period of 3 years. Negotiate a cost reduction with your current hosting provider
wherein infrastructure cost is reduced when workloads are not in use
 B. Renew your licenses for an additional period of 2 years. Negotiate a cost reduction by
committing to an automatic renewal of the licenses at the end of the 2 year period
 C. Migrate the workloads to Compute Engine with a bring-your-own-license (BYOL)
model
 D. Migrate the workloads to Compute Engine with a pay-as-you-go (PAYG) model

Your organization runs a distributed application in the Compute Engine virtual machines. Your
organization needs redundancy, but it also needs extremely fast communication (less than 10
milliseconds) between the parts of the application in different virtual machines.
Where should your organization locate this virtual machines?

 A. In a single zone within a single region

 B. In different zones within a single region
 C. In multiple regions, using one zone per region
 D. In multiple regions, using multiple zones per region

An organization decides to migrate their on-premises environment to the cloud. They need to
determine which resource components still need to be assigned ownership.
Which two functions does a public cloud provider own? (Choose two.)

 A. Hardware maintenance
 B. Infrastructure architecture
 C. Infrastructure deployment automation
 D. Hardware capacity management
 E. Fixing application security issues

You are a program manager within a Software as a Service (SaaS) company that offers rendering
software for animation studios. Your team needs the ability to allow scenes to be scheduled at
will and to be interrupted at any time to restart later. Any individual scene rendering takes less
than 12 hours to complete, and there is no service-level agreement (SLA) for the completion time
for all scenes. Results will be stored in a global Cloud Storage bucket. The compute resources
are not bound to any single geographical location. This software needs to run on Google Cloud
in a cost-optimized way.
What should you do?

 A. Deploy the application on Compute Engine using preemptible instances

  B. Develop the application so it can run in an unmanaged instance group
 C. Create a reservation for the minimum number of Compute Engine instances you will
use
 D. Start more instances with fewer virtual centralized processing units (vCPUs) instead
of fewer instances with more vCPUs

Your manager wants to restrict communication of all virtual machines with internet access; with
resources in another network; or with a resource outside Compute
Engine. It is expected that different teams will create new folders and projects in the near future.
How would you restrict all virtual machines from having an external IP address?

 A. Define an organization policy at the root organization node to restrict virtual machine
instances from having an external IP address
 B. Define an organization policy on all existing folders to define a constraint to restrict
virtual machine instances from having an external IP address
 C. Define an organization policy on all existing projects to restrict virtual machine
instances from having an external IP address
 D. Communicate with the different teams and agree that each time a virtual machine is
created, it must be configured without an external IP address

Your multinational organization has servers running mission-critical workloads on its premises
around the world. You want to be able to manage these workloads consistently and centrally, and
you want to stop managing infrastructure.
What should your organization do?

 A. Migrate the workloads to a public cloud

 B. Migrate the workloads to a central office building
 C. Migrate the workloads to multiple local co-location facilities
 D. Migrate the workloads to multiple local private clouds

Your organization stores highly sensitive data on-premises that cannot be sent over the public
internet. The data must be processed both on-premises and in the cloud.
What should your organization do?

 A. Configure Identity-Aware Proxy (IAP) in your Google Cloud VPC network

 B. Create a Cloud VPN tunnel between Google Cloud and your data center
 C. Order a Partner Interconnect connection with your network provider
 D. Enable Private Google Access in your Google Cloud VPC network
Your company's development team is building an application that will be deployed on Cloud
Run. You are designing a CI/CD pipeline so that any new version of the application can be
deployed in the fewest number of steps possible using the CI/CD pipeline you are designing.
You need to select a storage location for the images of the application after the CI part of your
pipeline has built them.
What should you do?

 A. Create a Compute Engine image containing the application

 B. Store the images in Container Registry
 C. Store the images in Cloud Storage
 D. Create a Compute Engine disk containing the application

Your organization stores highly sensitive data on-premises that cannot be sent over the public
internet. The data must be processed both on-premises and in the cloud.
What should your organization do?

 A. Configure Identity-Aware Proxy (IAP) in your Google Cloud VPC network

 B. Create a Cloud VPN tunnel between Google Cloud and your data center
 C. Order a Partner Interconnect connection with your network provider
 D. Enable Private Google Access in your Google Cloud VPC network

Your company's development team is building an application that will be deployed on Cloud
Run. You are designing a CI/CD pipeline so that any new version of the application can be
deployed in the fewest number of steps possible using the CI/CD pipeline you are designing.
You need to select a storage location for the images of the application after the CI part of your
pipeline has built them.
What should you do?

 A. Create a Compute Engine image containing the application

 B. Store the images in Container Registry
 C. Store the images in Cloud Storage
 D. Create a Compute Engine disk containing the application

Each of the three cloud service models - infrastructure as a service (IaaS), platform as a service
(PaaS), and software as a service (SaaS) - offers benefits between flexibility and levels of
management by the cloud provider and the customer.
Why would SaaS be the right choice of service model?
  A. You want a balance between flexibility for the customer and the level of management
by the cloud provider
 B. You want to minimize the level of management by the customer
 C. You want to maximize flexibility for the customer.
 D. You want to be able to shift your emphasis between flexibility and management by the
cloud provider as business needs change

As your organization increases its release velocity, the VM-based application upgrades take a
long time to perform rolling updates due to OS boot times. You need to make the application
deployments faster.
What should your organization do?

 A. Migrate your VMs to the cloud, and add more resources to them
 B. Convert your applications into containers
 C. Increase the resources of your VMs
 D. Automate your upgrade rollouts

Your organization uses Active Directory to authenticate users. Users' Google account access
must be removed when their Active Directory account is terminated.
How should your organization meet this requirement?

 A. Configure two-factor authentication in the Google domain

 B. Remove the Google account from all IAM policies
 C. Configure BeyondCorp and Identity-Aware Proxy in the Google domain
 D. Configure single sign-on in the Google domain

Your company has recently acquired three growing startups in three different countries. You
want to reduce overhead in infrastructure management and keep your costs low without
sacrificing security and quality of service to your customers.
How should you meet these requirements?

 A. Host all your subsidiaries‫ג‬€™ services on-premises together with your existing
services.
 B. Host all your subsidiaries‫ג‬€™ services together with your existing services on the
public cloud.
 C. Build a homogenous infrastructure at each subsidiary, and invest in training their
engineers.
 D. Build a homogenous infrastructure at each subsidiary, and invest in hiring more
engineers.

What is the difference between Standard and Coldline storage?

 A. Coldline storage is for data for which a slow transfer rate is acceptable.
  B. Standard and Coldline storage have different durability guarantees.
 C. Standard and Coldline storage use different APIs.
 D. Coldline storage is for infrequently accessed data.

What would provide near-unlimited availability of computing resources without requiring your
organization to procure and provision new equipment?

 A. Public cloud
 B. Containers
 C. Private cloud
 D. Microservices

You are a program manager for a team of developers who are building an event-driven
application to allow users to follow one another's activities in the app. Each time a user adds
himself as a follower of another user, a write occurs in the real-time database.
The developers will develop a lightweight piece of code that can respond to database writes and
generate a notification to let the appropriate users know that they have gained new followers.
The code should integrate with other cloud services such as Pub/Sub, Firebase, and Cloud APIs
to streamline the orchestration process. The application requires a platform that automatically
manages underlying infrastructure and scales to zero when there is no activity.
Which primary compute resource should your developers select, given these requirements?

 A. Google Kubernetes Engine

 B. Cloud Functions
 C. App Engine flexible environment
 D. Compute Engine

Your organization needs to build streaming data pipelines. You don't want to manage the
individual servers that do the data processing in the pipelines. Instead, you want a managed
service that will automatically scale with the amount of data to be processed.
Which Google Cloud product or feature should your organization choose?

 A. Pub/Sub
 B. Dataflow
 C. Data Catalog
 D. Dataprep by Trifacta

Your organization is building an application running in Google Cloud. Currently, software

builds, tests, and regular deployments are done manually, but you want to reduce work for the
team. Your organization wants to use Google Cloud managed solutions to automate your build,
testing, and deployment process.
Which Google Cloud product or feature should your organization use?

 A. Cloud Scheduler
 B. Cloud Code
 C. Cloud Build
 D. Cloud Deployment Manager

Which Google Cloud product can report on and maintain compliance on your entire Google
Cloud organization to cover multiple projects?

 A. Cloud Logging
 B. Identity and Access Management
 C. Google Cloud Armor
 D. Security Command Center

Your organization needs to establish private network connectivity between its on-premises
network and its workloads running in Google Cloud. You need to be able to set up the
connection as soon as possible.
Which Google Cloud product or feature should you use?

 A. Cloud Interconnect
 B. Direct Peering
 C. Cloud VPN
 D. Cloud CDN

Your organization is developing a mobile app and wants to select a fully featured cloud-based
compute platform for it.
Which Google Cloud product or feature should your organization use?

 A. Google Kubernetes Engine

 B. Firebase
 C. Cloud Functions
 D. App Engine

Your company has been using a shared facility for data storage and will be migrating to Google
Cloud. One of the internal applications uses Linux custom images that need to be migrated.
Which Google Cloud product should you use to maintain the custom images?

 A. App Engine flexible environment

 B. Compute Engine
 C. App Engine standard environment
 D. Google Kubernetes Engine
Your organization wants to migrate its data management solutions to Google Cloud because it
needs to dynamically scale up or down and to run transactional
SQL queries against historical data at scale. Which Google Cloud product or service should your
organization use?

 A. BigQuery
 B. Cloud Bigtable
 C. Pub/Sub
 D. Cloud Spanner

Your organization needs to categorize objects in a large group of static images using machine
learning. Which Google Cloud product or service should your organization use?

 A. BigQuery ML
 B. AutoML Video Intelligence
 C. Cloud Vision API
 D. AutoML Tables

Your organization runs all its workloads on Compute Engine virtual machine instances. Your
organization has a security requirement: the virtual machines are not allowed to access the public
internet. The workloads running on those virtual machines need to access BigQuery and Cloud
Storage, using their publicly accessible interfaces, without violating the security requirement.
Which Google Cloud product or feature should your organization use?

 A. Identity-Aware Proxy
 B. Cloud NAT (network address translation)
 C. VPC internal load balancers
 D. Private Google Access

Which Google Cloud product is designed to reduce the risks of handling personally identifiable
information (PII)?

 A. Cloud Storage
 B. Google Cloud Armor
 C. Cloud Data Loss Prevention
 D. Secret Manager

Your organization is migrating to Google Cloud. As part of that effort, it needs to move terabytes
of data from on-premises file servers to Cloud Storage. Your organization wants the migration
process to be automated and to be managed by Google. Your organization has an existing
Dedicated Interconnect connection that it wants to use. Which Google Cloud product or feature
should your organization use?
  A. Storage Transfer Service
 B. Migrate for Anthos
 C. BigQuery Data Transfer Service
 D. Transfer Appliance

Your organization needs to analyze data in order to gather insights into its daily operations. You
only want to pay for the data you store and the queries you perform. Which Google Cloud
product should your organization choose for its data analytics warehouse?

 A. Cloud SQL
 B. Dataproc
 C. Cloud Spanner
 D. BigQuery

Your organization wants to run a container-based application on Google Cloud. This application
is expected to increase in complexity. You have a security need for fine-grained control of traffic
between the containers. You also have an operational need to exercise fine-grained control over
the application's scaling policies.
What Google Cloud product or feature should your organization use?

A. Which Google Cloud product or feature makes specific recommendations based on security
risks and compliance violations?

 A. Google Cloud firewalls

 B. Security Command Center
 C. Cloud Deployment Manager
 D. Google Cloud Armor

 Google Kubernetes Engine cluster

 B. App Engine
 C. Cloud Run
 D. Compute Engine virtual machines

Which Google Cloud product or feature makes specific recommendations based on security risks
and compliance violations?

 A. Google Cloud firewalls

 B. Security Command Center
 C. Cloud Deployment Manager
 D. Google Cloud Armor
Which Google Cloud product provides a consistent platform for multi-cloud application
deployments and extends other Google Cloud services to your organization's environment?

 A. Google Kubernetes Engine

 B. Virtual Public Cloud
 C. Compute Engine
 D. Anthos

Your organization is developing an application that will manage payments and online bank
accounts located around the world. The most critical requirement for your database is that each
transaction is handled consistently. Your organization anticipates almost unlimited growth in the
amount of data stored.
Which Google Cloud product should your organization choose?

 A. Cloud SQL
 B. Cloud Storage
 C. Firestore
 D. Cloud Spanner