google PROFESSIONAL CLOUD ARCHITECT Exam Questions
Questions for the PROFESSIONAL CLOUD ARCHITECT were updated on : Nov 14 ,2024
Page 1 out of 18. Viewing questions 1-15 out of 259
Question 1 Topic 1, Case Study 1Case Study Question View Case
The JencoMart security team requires that all Google Cloud Platform infrastructure is deployed using a least privilege model
with separation of duties for administration between production and development resources.
What Google domain and project structure should you recommend?
- A. Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application
- B. Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications
- C. Create a single G Suite account to manage users with each stage of each application in its own project
- D. Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment
Answer:
D
Explanation:
Note: The principle of least privilege and separation of duties are concepts that, although semantically different, are
intrinsically related from the standpoint of security. The intent behind both is to prevent people from having higher privilege
levels than they actually need
Principle of Least Privilege: Users should only have the least amount of privileges required to perform their job and no
more. This reduces authorization exploitation by limiting access to resources such as targets, jobs, or monitoring templates
for which they are not authorized.
Separation of Duties: Beyond limiting user privilege level, you also limit user duties, or the specific jobs they can perform.
No user should be given responsibility for more than one related function. This limits the ability of a user to perform a
malicious action and then cover up that action. Reference: https://cloud.google.com/kms/docs/separation-of-duties
Question 2 Topic 1, Case Study 1Case Study Question View Case
A few days after JencoMart migrates the user credentials database to Google Cloud Platform and shuts down the old server,
the new database server stops responding to SSH connections. It is still serving database requests to the application servers
correctly.
What three steps should you take to diagnose the problem? (Choose three.)
- A. Delete the virtual machine (VM) and disks and create a new one
- B. Delete the instance, attach the disk to a new VM, and investigate
- C. Take a snapshot of the disk and connect to a new machine to investigate
- D. Check inbound firewall rules for the network the machine is connected to
- E. Connect the machine to another network with very simple firewall rules and investigate
- F. Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate
Answer:
C D F
Explanation:
D: Handling "Unable to connect on port 22" error message Possible causes include:
There is no firewall rule allowing SSH access on the port. SSH access on port 22 is enabled on all Compute Engine
instances by default. If you have disabled access, SSH from the Browser will not work. If you run sshd on a port other than
22, you need to enable the access to that port with a custom firewall rule.
The firewall rule allowing SSH access is enabled, but is not configured to allow connections from GCP Console services.
Source IP addresses for browser-based SSH sessions are dynamically allocated by GCP Console and can vary from
session to session.
F: Handling "Could not connect, retrying..." error
You can verify that the daemon is running by navigating to the serial console output page and looking for output lines
prefixed with the accounts-from-metadata: string. If you are using a standard image but you do not see these output prefixes
in the serial console output, the daemon might be stopped. Reboot the instance to restart the daemon.
Reference: https://cloud.google.com/compute/docs/ssh-in-browser https://cloud.google.com/compute/docs/ssh-in-browser
Question 3 Topic 1, Case Study 1Case Study Question View Case
JencoMart has decided to migrate user profile storage to Google Cloud Datastore and the application servers to Google
Compute Engine (GCE). During the migration, the existing infrastructure will need access to Datastore to upload the data.
What service account key-management strategy should you recommend?
- A. Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs)
- B. Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs
- C. Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs
- D. Deploy a custom authentication service on GCE/Google Kubernetes Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs
Answer:
C
Explanation:
Migrating data to Google Cloud Platform
Lets say that you have some data processing that happens on another cloud provider and you want to transfer the
processed data to Google Cloud Platform. You can use a service account from the virtual machines on the external cloud to
push the data to Google Cloud Platform. To do this, you must create and download a service account key when you create
the service account and then use that key from the external process to call the Cloud Platform APIs.
Reference: https://cloud.google.com/iam/docs/understanding-service-accounts#migrating_data_to_google_cloud_platform
Question 4 Topic 1, Case Study 1Case Study Question View Case
JencoMart has built a version of their application on Google Cloud Platform that serves traffic to Asia. You want to measure
success against their business and technical goals.
Which metrics should you track?
- A. Error rates for requests from Asia
- B. Latency difference between US and Asia
- C. Total visits, error rates, and latency from Asia
- D. Total visits and average latency for users from Asia
- E. The number of character sets present in the database
Answer:
D
Explanation:
From scenario:
Business Requirements include: Expand services into Asia
Technical Requirements include: Decrease latency in Asia
Question 5 Topic 1, Case Study 1Case Study Question View Case
The migration of JencoMarts application to Google Cloud Platform (GCP) is progressing too slowly. The infrastructure is
shown in the diagram. You want to maximize throughput.
What are three potential bottlenecks? (Choose three.)
- A. A single VPN tunnel, which limits throughput
- B. A tier of Google Cloud Storage that is not suited for this task
- C. A copy command that is not suited to operate over long distances
- D. Fewer virtual machines (VMs) in GCP than on-premises machines
- E. A separate storage layer outside the VMs, which is not suited for this task
- F. Complicated internet connectivity between the on-premises infrastructure and GCP
Answer:
A C E
Question 6 Topic 1, Case Study 1Case Study Question View Case
JencoMart wants to move their User Profiles database to Google Cloud Platform.
Which Google Database should they use?
- A. Cloud Spanner
- B. Google BigQuery
- C. Google Cloud SQL
- D. Google Cloud Datastore
Answer:
D
Explanation:
Common workloads for Google Cloud Datastore:
User profiles
Product catalogs
Game state
Reference: https://cloud.google.com/storage-options/ https://cloud.google.com/datastore/docs/concepts/overview
Question 7 Topic 2, Case Study 2Case Study Question View Case
Mountkirk Games wants you to design their new testing strategy. How should the test coverage differ from their existing
backends on the other platforms?
- A. Tests should scale well beyond the prior approaches
- B. Unit tests are no longer required, only end-to-end tests
- C. Tests should be applied after the release is in the production environment
- D. Tests should include directly testing the Google Cloud Platform (GCP) infrastructure
Answer:
A
Explanation:
From Scenario:
A few of their games were more popular than expected, and they had problems scaling their application servers, MySQL
databases, and analytics tools.
Requirements for Game Analytics Platform include: Dynamically scale up or down based on game activity
Question 8 Topic 2, Case Study 2Case Study Question View Case
Mountkirk Games has deployed their new backend on Google Cloud Platform (GCP). You want to create a through testing
process for new versions of the backend before they are released to the public. You want the testing environment to scale in
an economical way. How should you design the process?
- A. Create a scalable environment in GCP for simulating production load
- B. Use the existing infrastructure to test the GCP-based backend at scale
- C. Build stress tests into each component of your application using resources internal to GCP to simulate load
- D. Create a set of static environments in GCP to test different levels of load – for example, high, medium, and low
Answer:
A
Explanation:
From scenario: Requirements for Game Backend Platform
1. Dynamically scale up or down based on game activity
2. Connect to a managed NoSQL database service
3. Run customize Linux distro
Question 9 Topic 2, Case Study 2Case Study Question View Case
Mountkirk Games wants to set up a continuous delivery pipeline. Their architecture includes many small services that they
want to be able to update and roll back quickly. Mountkirk Games has the following requirements:
Services are deployed redundantly across multiple regions in the US and Europe
Only frontend services are exposed on the public internet
They can provide a single frontend IP for their fleet of services
Deployment artifacts are immutable
Which set of products should they use?
- A. Google Cloud Storage, Google Cloud Dataflow, Google Compute Engine
- B. Google Cloud Storage, Google App Engine, Google Network Load Balancer
- C. Google Kubernetes Registry, Google Container Engine, Google HTTP(S) Load Balancer
- D. Google Cloud Functions, Google Cloud Pub/Sub, Google Cloud Deployment Manager
Answer:
C
Question 10 Topic 2, Case Study 2Case Study Question View Case
Mountkirk Games gaming servers are not automatically scaling properly. Last month, they rolled out a new feature, which
suddenly became very popular. A record number of users are trying to use the service, but many of them are getting 503
errors and very slow response times. What should they investigate first?
- A. Verify that the database is online
- B. Verify that the project quota hasn’t been exceeded
- C. Verify that the new feature code did not introduce any performance bugs
- D. Verify that the load-testing team is not running their tool against production
Answer:
B
Explanation:
503 is service unavailable error. If the database was online everyone would get the 503 error.
Question 11 Topic 2, Case Study 2Case Study Question View Case
Mountkirk Games needs to create a repeatable and configurable mechanism for deploying isolated application
environments. Developers and testers can access each others environments and resources, but they cannot access staging
or production resources. The staging environment needs access to some services from production.
What should you do to isolate development environments from staging and production?
- A. Create a project for development and test and another for staging and production
- B. Create a network for development and test and another for staging and production
- C. Create one subnetwork for development and another for staging and production
- D. Create one project for development, a second for staging and a third for production
Answer:
D
Question 12 Topic 2, Case Study 2Case Study Question View Case
Mountkirk Games wants to set up a real-time analytics platform for their new game. The new platform must meet their
technical requirements.
Which combination of Google technologies will meet all of their requirements?
- A. Kubernetes Engine, Cloud Pub/Sub, and Cloud SQL
- B. Cloud Dataflow, Cloud Storage, Cloud Pub/Sub, and BigQuery
- C. Cloud SQL, Cloud Storage, Cloud Pub/Sub, and Cloud Dataflow
- D. Cloud Dataproc, Cloud Pub/Sub, Cloud SQL, and Cloud Dataflow
- E. Cloud Pub/Sub, Compute Engine, Cloud Storage, and Cloud Dataproc
Answer:
B
Explanation:
Ingest millions of streaming events per second from anywhere in the world with Cloud Pub/Sub, powered by Google's
unique, high-speed private network. Process the streams with Cloud Dataflow to ensure reliable, exactly-once, low-latency
data transformation. Stream the transformed data into BigQuery, the cloud-native data warehousing service, for immediate
analysis via SQL or popular visualization tools.
From scenario: They plan to deploy the games backend on Google Compute Engine so they can capture streaming metrics,
run intensive analytics.
Requirements for Game Analytics Platform
1. Dynamically scale up or down based on game activity
2. Process incoming data on the fly directly from the game servers
3. Process data that arrives late because of slow mobile networks
4. Allow SQL queries to access at least 10 TB of historical data
5. Process files that are regularly uploaded by users mobile devices
6. Use only fully managed services
Reference: https://cloud.google.com/solutions/big-data/stream-analytics/
Company Overview
Mountkirk Games makes online, session-based, multiplayer games for mobile platforms. They build all of their games using
some server-side integration. Historically, they have used cloud providers to lease physical servers.
Due to the unexpected popularity of some of their games, they have had problems scaling their global audience, application
servers, MySQL databases, and analytics tools.
Their current model is to write game statistics to files and send them through an ETL tool that loads them into a centralized
MySQL database for reporting.
Solution Concept
Mountkirk Games is building a new game, which they expect to be very popular. They plan to deploy the games backend on
Google Compute Engine so they can capture streaming metrics, run intensive analytics, and take advantage of its
autoscaling server environment and integrate with a managed NoSQL database.
Business Requirements
Increase to a global footprint
Improve uptime downtime is loss of players
Increase efficiency of the cloud resources we use
Reduce latency to all customers
Technical Requirements
Requirements for Game Backend Platform
Dynamically scale up or down based on game activity
Connect to a transactional database service to manage user profiles and game state
Store game activity in a timeseries database service for future analysis
As the system scales, ensure that data is not lost due to processing backlogs Run hardened Linux distro
Requirements for Game Analytics Platform
Dynamically scale up or down based on game activity
Process incoming data on the fly directly from the game servers
Process data that arrives late because of slow mobile networks
Allow queries to access at least 10 TB of historical data
Process files that are regularly uploaded by users mobile devices
Executive Statement
Our last successful game did not scale well with our previous cloud provider, resulting in lower user adoption and affecting
the games reputation. Our investors want more key performance indicators (KPIs) to evaluate the speed and stability of the
game, as well as other metrics that provide deeper insight into usage patterns so we can adapt the game to target users.
Additionally, our current technology stack cannot provide the scale we need, so we want to replace MySQL and move to an
environment that provides autoscaling, low latency load balancing, and frees us up from managing physical servers.
Question 13 Topic 2, Case Study 2Case Study Question View Case
For this question, refer to the Mountkirk Games case study. Mountkirk Games wants to migrate from their current analytics
and statistics reporting model to one that meets their technical requirements on Google Cloud Platform.
Which two steps should be part of their migration plan? (Choose two.)
- A. Evaluate the impact of migrating their current batch ETL code to Cloud Dataflow.
- B. Write a schema migration plan to denormalize data for better performance in BigQuery.
- C. Draw an architecture diagram that shows how to move from a single MySQL database to a MySQL cluster.
- D. Load 10 TB of analytics data from a previous game into a Cloud SQL instance, and run test queries against the full dataset to confirm that they complete successfully.
- E. Integrate Cloud Armor to defend against possible SQL injection attacks in analytics files uploaded to Cloud Storage.
Answer:
A B
Question 14 Topic 2, Case Study 2Case Study Question View Case
For this question, refer to the Mountkirk Games case study. You need to analyze and define the technical architecture for the
compute workloads for your company, Mountkirk Games. Considering the Mountkirk Games business and technical
requirements, what should you do?
- A. Create network load balancers. Use preemptible Compute Engine instances.
- B. Create network load balancers. Use non-preemptible Compute Engine instances.
- C. Create a global load balancer with managed instance groups and autoscaling policies. Use preemptible Compute Engine instances.
- D. Create a global load balancer with managed instance groups and autoscaling policies. Use non-preemptible Compute Engine instances.
Answer:
D
Question 15 Topic 2, Case Study 2Case Study Question View Case
For this question, refer to the Mountkirk Games case study. Mountkirk Games wants to design their solution for the future in
order to take advantage of cloud and technology improvements as they become available. Which two steps should they
take? (Choose two.)
- A. Store as much analytics and game activity data as financially feasible today so it can be used to train machine learning models to predict user behavior in the future.
- B. Begin packaging their game backend artifacts in container images and running them on Google Kubernetes Engine to improve the ability to scale up or down based on game activity.
- C. Set up a CI/CD pipeline using Jenkins and Spinnaker to automate canary deployments and improve development velocity.
- D. Adopt a schema versioning tool to reduce downtime when adding new game features that require storing additional player data in the database.
- E. Implement a weekly rolling maintenance process for the Linux virtual machines so they can apply critical kernel patches and package updates and reduce the risk of 0-day vulnerabilities.
Answer:
C E