You have one project called proj-sa where you manage all your service accounts. You want to be able to use a service account from this project to take snapshots of VMs running in another project called proj-vm. What should you do?
Answer(s): C
https://gtseres.medium.com/using-service-accounts-across-projects-in-gcp-cf9473fef8f0You create the service account in proj-sa and take note of the service account email, then you go to proj-vm in IAM > ADD and add the service account's email as new member and give it the Compute Storage Admin role.https://cloud.google.com/compute/docs/access/iam#compute.storageAdmin
You created a Google Cloud Platform project with an App Engine application inside the project. You initially configured the application to be served from the us-central region. Now you want the application to be served from the asia-northeast1 region. What should you do?
Answer(s): D
https://cloud.google.com/appengine/docs/flexible/managing-projects-apps- billing#:~:text=Each%20Cloud%20project%20can%20contain%20only%20a%20single%20App%20Eng ine%20application%2C%20and%20once%20created%20you%20cannot%20change%20the%20locatio n%20of%20your%20App%20Engine%20application.Two App engine can't be running on the same project: you can check this easy diagram for more info:https://cloud.google.com/appengine/docs/standard/an-overview-of-app- engine#components_of_an_applicationAnd you can't change location after setting it for your app Engine. https://cloud.google.com/appengine/docs/standard/locationsApp Engine is regional and you cannot change an apps region after you set it. Therefore, the only way to have an app run in another region is by creating a new project and targeting the app engine to run in the required region (asia-northeast1 in our case).Ref: https://cloud.google.com/appengine/docs/locations
You need to grant access for three users so that they can view and edit table data on a Cloud Spanner instance. What should you do?
Answer(s): B
https://cloud.google.com/spanner/docs/iam#spanner.databaseUser Using the gcloud tool, execute the gcloud iam roles describe roles/spanner.databaseUser command on Cloud Shell. Attach the users to a newly created Google group and add the group to the role.
You create a new Google Kubernetes Engine (GKE) cluster and want to make sure that it always runs a supported and stable version of Kubernetes. What should you do?
Creating or upgrading a cluster by specifying the version as latest does not provide automatic upgrades. Enable node auto-upgrades to ensure that the nodes in your cluster are up-to-date with the latest stable version.https://cloud.google.com/kubernetes-engine/versioning-and-upgradesNode auto-upgrades help you keep the nodes in your cluster up to date with the cluster master version when your master is updated on your behalf. When you create a new cluster or node pool with Google Cloud Console or the gcloud command, node auto-upgrade is enabled by default. Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades
You have an instance group that you want to load balance. You want the load balancer to terminate the client SSL session. The instance group is used to serve a public web application over HTTPS. You want to follow Google-recommended practices. What should you do?
Answer(s): A
https://cloud.google.com/load-balancing/docs/https/ According to this guide for setting up an HTTP (S) load balancer in GCP: The client SSL session terminates at the load balancer. Sessions between the load balancer and the instance can either be HTTPS (recommended) or HTTP.https://cloud.google.com/load-balancing/docs/ssl
Share your comments for Google Google Associate Cloud Engineer exam with other users:
Question 1:
compute.osAdminLogin
enable-oslogin