Setting Up a Cloud Solution Environment – Diagnostic questions

1. Jane will manage objects in Cloud Storage for the Cymbal Superstore. She needs to
have access to the proper permissions for every project across the organization. What
should you do?

a. Assign Jane the roles/storage.objectCreator on every project.

b. Assign Jane the roles/viewer on each project and the roles/storage.objectCreator for
each bucket.
c. Assign Jane the roles/editor at the organizational level.
d. Add Jane to a group that has the roles/storage.objectAdmin role assigned at the
organizational level.

2. You want to use the Cloud Shell to copy files to your Cloud Storage bucket. Which Cloud
SDK command should you use?

a. gcloud
b. check
c. gsutil
d. bq

3. Fiona is the billing administrator for the project associated with Cymbal Superstore’s
eCommerce application. Jeffrey, the marketing department lead, wants to receive emails
related to budget alerts. Jeffrey should have access to no additional billing information.
What should you do?

a. Change the budget alert default threshold rules to include Jeffrey as a recipient.
b. Use Cloud Monitoring notification channels to send Jeffrey an email alert.
c. Add Jeffrey and Fiona to the budget scope custom email delivery dialog.
d. Send alerts to a Pub/Sub topic that Jeffrey is subscribed to.

4. Stella is a new member of a team in your company who has been put in charge of
monitoring VM instances in the organization. Stella will need the required permissions to
perform this role. How should you grant her those permissions?

a. Assign Stella a roles/compute.viewer role.

b. Assign Stella compute.instances.get permissions on all of the projects she needs to
monitor.
c. Add Stella to a Google Group in your organization. Bind that group to
roles/compute.viewer
d. Assign the “viewer” policy to Stella.
5. What Google Cloud project attributes can be changed?

a. The Project ID.

b. The Project Name.
c. The Project Number.
d. The Project Category.

6. The Operations Department at Cymbal Superstore wants to provide managers access to

information about VM usage without allowing them to make changes that would affect
the state. You assign them the Compute Engine Viewer role. Which two permissions will
they receive?

a. computer.images.update
b. compute.images.list
c. compute.images.get
d. compute.images.create
e. compute.images.setIAM

7. How are resource hierarchies organized in Google Cloud?

a. Organization, Project, Resource, Folder

b. Organization, Folder, Project, Resource
c. Project, Organization, Folder, Resource
d. Resource, Folder, Organization, Project

8. How are billing accounts applied to projects in Google Cloud? (Pick two).

a. If your project only uses free resources you don’t need a link to an active billing account.
b. Set up Cloud Billing to pay for usage costs in Google Cloud projects and Google
Workspace accounts.
c. A project and its resources can be tied to more than one billing account.
d. A billing account can be linked to one or more projects.
e. A project and its resources can only be tied to one billing account.

9. You need to add new groups of employees in Cymbal Superstore’s production

environment. You need to consider Google’s recommendation of using least privilege.
What should you do?
 a. Grant the most restrictive basic role to most services, grant predefined or custom roles
as necessary.
b. Grant predefined and custom roles that provide necessary permissions and grant basic
roles only where needed.
c. Grant the least restrictive basic roles to most services and grant predefined and custom
roles only when necessary.
d. Grant custom roles to individual users and implement basic roles at the resource level.

10. Pick two choices, from the options below, that provide a command line interface to
Google Cloud.

a. REST-based API
b. Google Cloud Console
c. Cloud Shell
d. Cloud Console Mobile App
e. Cloud SDK

Planning and Configuring a Cloud Solution – Diagnostic questions

1. Cymbal Superstore’s supply chain application frequently analyzes large amounts of data
to inform business processes and operational dashboards. What storage class would
make sense for this use case?

a. Coldline
b. Regional
c. Multi-regional
d. Nearline

2. Cymbal Superstore needs to analyze whether they met quarterly sales projections.
Analysts assigned to run this query are familiar with SQL. What data solution should
they implement?

a. Cloud Firestore
b. Cloud SQL
c. BigQuery
d. Cloud Spanner

3. An application running on a highly-customized version of Ubuntu needs to be migrated

to Google Cloud. You need to do this in the least amount of time with minimal code
changes. How should you proceed?
a. Implement a Kubernetes cluster and create pods to enable your app.
b. Deploy the existing application to App Engine.
c. Create Compute Engine Virtual Machines and migrate the app to that infrastructure
d. Deploy your application in a container image to Cloud Run.

4. Cymbal Superstore decides to migrate their supply chain application to Google Cloud.
You need to configure specific operating system dependencies. What should you do?

a. Implement an application using virtual machines on Compute Engine.

b. Implement an application using code on App Engine.
c. Implement an application using containers on Cloud Run.
d. Implement an application using containers on Google Kubernetes Engine.

5. Cymbal Superstore decides to pilot a cloud application for their point of sale system in
their flagship store. You want to focus on code and develop your solution quickly, and
you want your code to be portable. How do you proceed?

a. Code your solution in Cloud Functions.

b. Package your code to a container image and post it to Cloud Run.
c. SSH into a Compute Engine VM and execute your code.
d. Implement a deployment manifest and run kubectl apply on it in Google Kubernetes
Engine.

6. Cymbal Superstore has a need to populate visual dashboards with historical time-based
data. This is an analytical use-case. Which two storage solutions could they use?
a. Cloud SQL
b. Cloud Bigtable
c. Cloud Storage
d. BigQuery
e. Cloud Firestore

7. Which Google Cloud load balancing option runs at Layer 7 of the TCP stack?

a. Regional Network
b. Global SSL Proxy
c. Global http(s)
d. Global TCP Proxy8

8. You want to deploy a microservices application. You need full control of how you
manage containers, reliability, and autoscaling, but don’t want or need to manage the
control plane. Which compute option should you use?
 a. Compute Engine
b. App Engine
c. Cloud Run
d. Google Kubernetes Engine

9. The projected amount of cloud storage required for Cymbal Superstore to enable users
to post pictures for project reviews is 10 TB of immediate access storage in the US and
30 TB of storage for historical posts in a bucket located near Cymbal Superstore’s
headquarters. The contents of this bucket will need to be accessed once every 30 days.
You want to estimate the cost of these storage resources to ensure this is economically
feasible. What should you do?

a. Use the pricing calculator to estimate the price for 10 TB of multi-region standard
storage, 30 TB for regional Nearline, and egress charges for reads from the bucket.
b. Use the pricing calculator to estimate the price for 10 TB of regional standard storage,
30 TB of regional Nearline storage, and ingress charges for posts to the bucket.
c. Use the pricing calculator to estimate the costs for 10 TB of regional standard storage,
30 TB of regional Coldline storage, and egress charges for reads from storage.
d. Use the pricing calculator to estimate the price for 10 TB of multi-region standard
storage, 30 TB for regional Coldline storage, and ingress charges for posts to the
bucket.

10. Cymbal Superstore is piloting an update to its ecommerce app for the flagship store in
Minneapolis, Minnesota. The app is implemented as a three-tier web service with traffic
originating from the local area and resources dedicated for it in us-central1. You need to
configure a secure, low-cost network load-balancing architecture for it. How do you
proceed?

a. Configure a proxied SSL load balancer connected to the web tier as the frontend and a
standard tier internal TCP/UDP load balancer between the web tier and the backend.
b. Implement a proxied external TCP/UDP network load balancer connected to the web tier
as the frontend and a premium network tier ssl load balancer between the web tier and
the backend.
c. Implement a premium tier pass-through external https load balancer connected to the
web tier as the frontend and a regional internal load balancer between the web tier and
backend.
d. Configure a standard tier proxied external https load balancer connected to the web tier
as a frontend and a regional internal load balancer between the web tier and the
backend.

Planning and Configuring a cloud solution – Diagnostic questions

1. Which Virtual Private Cloud (VPC) network type allows you to fully control IP ranges and
the definition of regional subnets?
a. Default Project network
b. Custom mode network
c. An auto mode network converted to a custom network
d. Auto mode network

2. You need to quickly deploy a containerized web application on Google Cloud. You know
the services you want to be exposed. You do not want to manage infrastructure. You
only want to pay when requests are being handled and need support for custom
packages. What technology meets these needs?

a. App Engine Flexible

b. Cloud Run
c. Cloud Functions
d. App Engine Standard

3. Cymbal Superstore’s sales department has a medium-sized MySQL database. This

database includes user-defined functions and is used internally by the marketing
department at Cymbal Superstore HQ. The sales department asks you to migrate the
database to Google Cloud in the most timely and economical way. What should you do?

a. Find a MySQL machine image in Cloud Marketplace and configure it to meet your
needs.
b. Configure a Compute Engine VM with an N2 machine type, install MySQL, and restore
your data to the new instance.
c. Use gcloud to implement a Compute Engine instance with an E2-standard-8 machine
type, install, and configure MySQL.
d. Implement a database instance using Cloud SQL, back up your local data, and restore it
to the new instance.

4. What action does the terraform apply command perform?

a. Downloads the latest version of the terraform provider.

b. Shows a preview of resources that will be created.
c. Sets up resources requested in the terraform config file.
d. Verifies syntax of terraform config file.

5. Cymbal Superstore asks you to implement Cloud SQL as a database backend to their
supply chain application. You want to configure automatic failover in case of a zone
outage. You decide to use the gcloud sql instances create command set to accomplish
 this. Which gcloud command line argument is required to configure the stated failover
capability as you create the required instances?

a. --availability-type
b. --secondary-zone
c. --master-instance-name
d. --replica-type

6. The backend of Cymbal Superstore’s e-commerce system consists of managed instance

groups. You need to update the operating system of the instances in an automated way
using minimal resources. What do you do?

a. Create a new instance template. Click Update VMs. Set the update type to
Opportunistic. Click Start.
b. Create a new instance template. Click Update VMs. Set max surge to 5. Click Start.
c. Abandon each of the instances in the managed instance group. Delete the instance
template, replace it with a new one, and recreate the instances in the managed group.
d. Create a new instance template, then click Update VMs. Set the update type to
PROACTIVE. Click Start.

7. You require a Cloud Storage bucket serving users in New York City. There is a need for
geo-redundancy. You do not plan on using ACLs. What CLI command do you use?

a. Run a gcloud mb command specifying the name of the bucket and accepting defaults for
the other mb settings.
b. Run a gsutil mb command specifying a dual-region bucket and an option to turn ACL
evaluation off.
c. Run a gsutil mb command specifying a dual-region bucket and accepting defaults for the
other mb settings.
d. Run a gsutil mb command specifying a multi-regional location and an option to turn ACL
evaluation off.

8. You need to analyze and act on files being added to a Cloud Storage bucket. Your
programming team is proficient in Python. The analysis you need to do takes at most 5
minutes. You implement a Cloud Function to accomplish your processing and specify a
trigger resource pointing to your bucket. How should you configure the --trigger-event
parameter using gcloud?

a. --trigger-event google.storage.object.finalize
b. --trigger-event google.storage.object.change
c. --trigger-event google.storage.object.add
d. --trigger-event google.storage.object.create
 9. The development team for the supply chain project is ready to start building their new
cloud app using a small Kubernetes cluster for the pilot. The cluster should only be
available to team members and does not need to be highly available. The developers
also need the ability to change the cluster architecture as they deploy new capabilities.
How would you implement this?

a. Implement an autopilot cluster in us-central1-a with a default pool and an Ubuntu image.
b. Implement a private standard regional cluster in us-central1 with a default pool and
container-optimized image type.
c. Implement an autopilot cluster in us-central1 with an Ubuntu image type.
d. Implement a private standard zonal cluster in us-central1-a with a default pool and an
Ubuntu image.

10. Cymbal Superstore’s marketing department needs to load some slowly changing data
into BigQuery. The data arrives hourly in a Cloud Storage bucket. You want to minimize
cost and implement this in the fewest steps. What should you do?

a. Implement a bq load command in a command line script and schedule it with cron.
b. Create a Cloud Function to push data to BigQuery through a Dataflow pipeline.
c. Use the BigQuery data transfer service to schedule a transfer between your bucket and
BigQuery.
d. Read the data from your bucket by using the BigQuery streaming API in a program.

Deploying and implementing cloud solutions – Diagnostic questions

1. Which of the following tasks are part of the process when configuring a managed
instance group? (Pick two.)

a. Specifying Persistent disks

b. Providing Number of instances
c. Choosing instance Machine type
d. Defining Health checks
e. Configuring the operating system

2. You have a Cloud Run service with a database backend. You want to limit the number of
connections to your database. What should you do?

a. Set CPU Utilization.

b. Set Max instances.
c. Set Concurrency settings.
d. Set Min instances.
3. You have a scheduled snapshot you are trying to delete, but the operation returns an
error. What should you do to resolve this problem?

a. Detach the snapshot schedule before deleting it.

b. Delete the object the snapshot was created from.
c. Restore the snapshot to a persistent disk before deleting it.
d. Delete the downstream incremental snapshots before deleting the main reference.

4. Cymbal Superstore’s GKE cluster requires an internal http(s) load balancer. You are
creating the configuration files required for this resource. What is the proper setting for
this scenario?

a. Annotate your service object with a NEG (network group endpoint) reference.
b. Configure your service object with a type: LoadBalancer.
c. Implement custom static routes in your VPC
d. Annotate your ingress object with an ingress.class of “gce.”

5. Cymbal Superstore’s supply chain management system has been deployed and is
working well. You are tasked with monitoring the system’s resources so you can react
quickly to any problems. You want to ensure the CPU usage of each of your Compute
Engine instances in us-central1 remains below 60%. You want an incident created if it
exceeds this value for 5 minutes. You need to configure the proper alerting policy for this
scenario. What should you do?

a. Choose resource type of VM instance, and metric of CPU utilization, condition trigger if
any time series violates, condition is below, threshold is .60 for 5 minutes.
b. Choose resource type of VM instance and metric of CPU utilization, condition trigger all
time series violates, condition is above, threshold is .60 for 5 minutes.
c. Choose resource type of VM instance and metric of CPU utilization, condition trigger if
any time series violates, condition is above, threshold is .60 for 5 minutes.
d. Choose resource type of VM instance and metric of CPU load, condition trigger if any
time series violates, condition is below, threshold is .60, for 5 minutes.

6. You want to implement a lifecycle rule that changes your storage type from standard to
nearline after a specific date. What conditions should you use? (Pick two).

a. MatchesStorageClass
b. CreatedBefore
c. IsLive
d. Age
 e. NumberofNewerVersions

7. What is the declarative way to initialize and update Kubernetes objects?

a. kubectl replace
b. kubectl create
c. kubectl run
d. kubectl apply

8. Cymbal Superstore has a subnetwork called mysubnet with an IP range of 10.1.2.0/24.

You need to expand this subnet to include enough IP addresses for at most 2000 new
users or devices. What should you do?

a. gcloud compute networks subnets expand-ip-range mysubnet --region us-central1 --

prefix-length 21
b. gcloud networks subnets expand-ip-range mysubnet --region us-central1 --prefix-length
21
c. gcloud compute networks subnets expand-ip-range mysubnet --region us-central1 --
prefix-length 22
d. gcloud compute networks subnets expand-ip-range mysubnet --region us-central1 --
prefix-length 20

9. What Kubernetes object provides access to logic running in your cluster via endpoints
that you define?

a. Services
b. Pods
c. Deployment
d. Pod template

10. You want to view a description of your available snapshots using the command line
interface (CLI). What gcloud command should you use?

a. gcloud compute snapshots get

b. gcloud snapshots list
c. gcloud compute list snapshots
d. gcloud compute snapshots list

Ensuring successful operation of a cloud solution – Diagnostic questions

1. You need to configure access to Cloud Spanner from the GKE cluster that is supporting
Cymbal Superstore’s ecommerce microservices application. You want to specify an
account type to set the proper permissions. What should you do?

a. Assign permissions through service account referenced by the application

b. Assign permissions through a Google Workspace account referenced by the application
c. Assign permissions to a Google account referenced by the application
d. Assign permissions through a Cloud Identity account referenced by the application

2. Outline where Cloud Audit logs can be accessed: in the logging tab of the operations
interface. You are configuring audit logging for Cloud Storage. You want to know when
objects are added to a bucket. Which type of audit log entry should you monitor?

a. DATA_READ log entries

b. ADMIN_READ log entries
c. Admin Activity log entries
d. DATA_WRITE log entries

3. Which Cloud Audit log is disabled by default with a few exceptions?

a. System Event audit logs

b. Data Access audit logs
c. Admin Activity audit logs
d. Policy Denied audit logs

4. Cymbal Superstore is implementing a mobile app for end users to track deliveries that
are en route to them. The app needs to access data about truck location from Pub/Sub
using Google recommended practices. What kind of credentials should you use?

a. Environment provided service account

b. OAuth 2.0 client
c. API key
d. Service account key

5. You are trying to assign roles to the dev and prod projects of Cymbal Superstore’s e-
commerce app but are receiving an error when you try to run set-iam policy. The
projects are organized into an ecommerce folder in the Cymbal Superstore
organizational hierarchy. You want to follow best practices for the permissions you need
while respecting the practice of least privilege. What should you do?
a. Ask your administrator for the roles/resourcemanager.organizationAdmin for Cymbal
Superstore
b. Ask your administrator for the roles/resourcemanager.folderIamAdmin for the
ecommerce folder
c. Ask your administrator for resourcemanager.projects.setIamPolicy roles for each project
d. Ask your administrator for the roles/iam.securityAdmin role in IAM.

6. You have a custom role implemented for administration of the dev/test environment for
Cymbal Superstore’s transportation management application. You are developing a pilot
to use Cloud Run instead of Cloud Functions. You want to ensure your administrators
have the correct access to the new resources. What should you do?

a. Copy the existing role, add the new permissions to the copy, and delete the old role
b. Delete the custom role and recreate a new custom role with required permissions
c. Make the change to the custom role locally and run an update on the custom role
d. Create a new role with needed permissions and migrate users to it.

7. Which of the scenarios below is an example of a situation where you should use a
service account?

a. For interactive analysis

b. For development environments
c. To directly access user data
d. For individual GKE pods
Setting Up a Cloud Solution Environment – Diagnostic questions
1. Jane will manage objects in Cloud Storage for the Cymbal Superstore. She needs to
have access to the proper permissions for every project across the organization. What
should you do?

a. Assign Jane the roles/storage.objectCreator on every project.

b. Assign Jane the roles/viewer on each project and the roles/storage.objectCreator for
each bucket.
c. Assign Jane the roles/editor at the organizational level.
d. Add Jane to a group that has the roles/storage.objectAdmin role assigned at the
organizational level.

2. You want to use the Cloud Shell to copy files to your Cloud Storage bucket. Which Cloud
SDK command should you use?

a. gcloud
b. check
c. gsutil
d. bq

3. Fiona is the billing administrator for the project associated with Cymbal Superstore’s
eCommerce application. Jeffrey, the marketing department lead, wants to receive emails
related to budget alerts. Jeffrey should have access to no additional billing information.
What should you do?

a. Change the budget alert default threshold rules to include Jeffrey as a recipient.
b. Use Cloud Monitoring notification channels to send Jeffrey an email alert.
c. Add Jeffrey and Fiona to the budget scope custom email delivery dialog.
d. Send alerts to a Pub/Sub topic that Jeffrey is subscribed to.
4. Stella is a new member of a team in your company who has been put in charge of
monitoring VM instances in the organization. Stella will need the required permissions to
perform this role. How should you grant her those permissions?

a. Assign Stella a roles/compute.viewer role.

b. Assign Stella compute.instances.get permissions on all of the projects she needs to
monitor.
c. Add Stella to a Google Group in your organization. Bind that group to
roles/compute.viewer
d. Assign the “viewer” policy to Stella.

5. What Google Cloud project attributes can be changed?

a. The Project ID.

b. The Project Name.
c. The Project Number.
d. The Project Category.

6. The Operations Department at Cymbal Superstore wants to provide managers access to

information about VM usage without allowing them to make changes that would affect
the state. You assign them the Compute Engine Viewer role. Which two permissions will
they receive?

a. computer.images.update
b. compute.images.list
c. compute.images.get
d. compute.images.create
e. compute.images.setIAM

7. How are resource hierarchies organized in Google Cloud?

a. Organization, Project, Resource, Folder

b. Organization, Folder, Project, Resource
c. Project, Organization, Folder, Resource
d. Resource, Folder, Organization, Project

8. How are billing accounts applied to projects in Google Cloud? (Pick two).
 a. If your project only uses free resources you don’t need a link to an active billing account.
b. Set up Cloud Billing to pay for usage costs in Google Cloud projects and Google
Workspace accounts.
c. A project and its resources can be tied to more than one billing account.
d. A billing account can be linked to one or more projects.
e. A project and its resources can only be tied to one billing account.

9. You need to add new groups of employees in Cymbal Superstore’s production

environment. You need to consider Google’s recommendation of using least privilege.
What should you do?

a. Grant the most restrictive basic role to most services, grant predefined or custom roles
as necessary.
b. Grant predefined and custom roles that provide necessary permissions and grant basic
roles only where needed.
c. Grant the least restrictive basic roles to most services and grant predefined and custom
roles only when necessary.
d. Grant custom roles to individual users and implement basic roles at the resource level.

10. Pick two choices, from the options below, that provide a command line interface to
Google Cloud.

a. REST-based API
b. Google Cloud Console
c. Cloud Shell
d. Cloud Console Mobile App
e. Cloud SDK

Planning and Configuring a Cloud Solution – Diagnostic questions

1. Cymbal Superstore’s supply chain application frequently analyzes large amounts of data
to inform business processes and operational dashboards. What storage class would
make sense for this use case?

a. Coldline
b. Regional
c. Multi-regional
d. Nearline
2. Cymbal Superstore needs to analyze whether they met quarterly sales projections.
Analysts assigned to run this query are familiar with SQL. What data solution should
they implement?

a. Cloud Firestore
b. Cloud SQL
c. BigQuery
d. Cloud Spanner

3. An application running on a highly-customized version of Ubuntu needs to be migrated

to Google Cloud. You need to do this in the least amount of time with minimal code
changes. How should you proceed?

a. Implement a Kubernetes cluster and create pods to enable your app.

b. Deploy the existing application to App Engine.
c. Create Compute Engine Virtual Machines and migrate the app to that infrastructure
d. Deploy your application in a container image to Cloud Run.

4. Cymbal Superstore decides to migrate their supply chain application to Google Cloud.
You need to configure specific operating system dependencies. What should you do?

a. Implement an application using virtual machines on Compute Engine.

b. Implement an application using code on App Engine.
c. Implement an application using containers on Cloud Run.
d. Implement an application using containers on Google Kubernetes Engine.

5. Cymbal Superstore decides to pilot a cloud application for their point of sale system in
their flagship store. You want to focus on code and develop your solution quickly, and
you want your code to be portable. How do you proceed?

a. Code your solution in Cloud Functions.

b. Package your code to a container image and post it to Cloud Run.
c. SSH into a Compute Engine VM and execute your code.
d. Implement a deployment manifest and run kubectl apply on it in Google Kubernetes
Engine.

6. Cymbal Superstore has a need to populate visual dashboards with historical time-based
data. This is an analytical use-case. Which two storage solutions could they use?
a. Cloud SQL
b. Cloud Bigtable
c. Cloud Storage
d. BigQuery
e. Cloud Firestore

7. Which Google Cloud load balancing option runs at Layer 7 of the TCP stack?

a. Regional Network
b. Global SSL Proxy
c. Global http(s)
d. Global TCP Proxy

8. You want to deploy a microservices application. You need full control of how you
manage containers, reliability, and autoscaling, but don’t want or need to manage the
control plane. Which compute option should you use?

a. Compute Engine
b. App Engine
c. Cloud Run
d. Google Kubernetes Engine

9. The projected amount of cloud storage required for Cymbal Superstore to enable users
to post pictures for project reviews is 10 TB of immediate access storage in the US and
30 TB of storage for historical posts in a bucket located near Cymbal Superstore’s
headquarters. The contents of this bucket will need to be accessed once every 30 days.
You want to estimate the cost of these storage resources to ensure this is economically
feasible. What should you do?

a. Use the pricing calculator to estimate the price for 10 TB of multi-region standard
storage, 30 TB for regional Nearline, and egress charges for reads from the bucket.
b. Use the pricing calculator to estimate the price for 10 TB of regional standard storage,
30 TB of regional Nearline storage, and ingress charges for posts to the bucket.
c. Use the pricing calculator to estimate the costs for 10 TB of regional standard storage,
30 TB of regional Coldline storage, and egress charges for reads from storage.
d. Use the pricing calculator to estimate the price for 10 TB of multi-region standard
storage, 30 TB for regional Coldline storage, and ingress charges for posts to the
bucket.

10. Cymbal Superstore is piloting an update to its ecommerce app for the flagship store in
Minneapolis, Minnesota. The app is implemented as a three-tier web service with traffic
originating from the local area and resources dedicated for it in us-central1. You need to
configure a secure, low-cost network load-balancing architecture for it. How do you
proceed?
 a. Configure a proxied SSL load balancer connected to the web tier as the frontend and a
standard tier internal TCP/UDP load balancer between the web tier and the backend.
b. Implement a proxied external TCP/UDP network load balancer connected to the web tier
as the frontend and a premium network tier ssl load balancer between the web tier and
the backend.
c. Implement a premium tier pass-through external https load balancer connected to the
web tier as the frontend and a regional internal load balancer between the web tier and
backend.
d. Configure a standard tier proxied external https load balancer connected to the web tier
as a frontend and a regional internal load balancer between the web tier and the
backend.

Planning and Configuring a cloud solution – Diagnostic questions

1. Which Virtual Private Cloud (VPC) network type allows you to fully control IP ranges and
the definition of regional subnets?

a. Default Project network

b. Custom mode network
c. An auto mode network converted to a custom network
d. Auto mode network

2. You need to quickly deploy a containerized web application on Google Cloud. You know
the services you want to be exposed. You do not want to manage infrastructure. You
only want to pay when requests are being handled and need support for custom
packages. What technology meets these needs?

a. App Engine Flexible

b. Cloud Run
c. Cloud Functions
d. App Engine Standard

3. Cymbal Superstore’s sales department has a medium-sized MySQL database. This

database includes user-defined functions and is used internally by the marketing
department at Cymbal Superstore HQ. The sales department asks you to migrate the
database to Google Cloud in the most timely and economical way. What should you do?

a. Find a MySQL machine image in Cloud Marketplace and configure it to meet your
needs.
b. Configure a Compute Engine VM with an N2 machine type, install MySQL, and restore
your data to the new instance.
c. Use gcloud to implement a Compute Engine instance with an E2-standard-8 machine
type, install, and configure MySQL.
d. Implement a database instance using Cloud SQL, back up your local data, and restore it
to the new instance.

4. What action does the terraform apply command perform?

a. Downloads the latest version of the terraform provider.

b. Shows a preview of resources that will be created.
c. Sets up resources requested in the terraform config file.
d. Verifies syntax of terraform config file.

5. Cymbal Superstore asks you to implement Cloud SQL as a database backend to their
supply chain application. You want to configure automatic failover in case of a zone
outage. You decide to use the gcloud sql instances create command set to accomplish
this. Which gcloud command line argument is required to configure the stated failover
capability as you create the required instances?

a. --availability-type
b. --secondary-zone
c. --master-instance-name
d. --replica-type

6. The backend of Cymbal Superstore’s e-commerce system consists of managed instance

groups. You need to update the operating system of the instances in an automated way
using minimal resources. What do you do?

a. Create a new instance template. Click Update VMs. Set the update type to
Opportunistic. Click Start.
b. Create a new instance template. Click Update VMs. Set max surge to 5. Click Start.
c. Abandon each of the instances in the managed instance group. Delete the instance
template, replace it with a new one, and recreate the instances in the managed group.
d. Create a new instance template, then click Update VMs. Set the update type to
PROACTIVE. Click Start.

7. You require a Cloud Storage bucket serving users in New York City. There is a need for
geo-redundancy. You do not plan on using ACLs. What CLI command do you use?

a. Run a gcloud mb command specifying the name of the bucket and accepting defaults for
the other mb settings.
b. Run a gsutil mb command specifying a dual-region bucket and an option to turn ACL
evaluation off.
 c. Run a gsutil mb command specifying a dual-region bucket and accepting defaults for the
other mb settings.
d. Run a gsutil mb command specifying a multi-regional location and an option to turn ACL
evaluation off.

8. You need to analyze and act on files being added to a Cloud Storage bucket. Your
programming team is proficient in Python. The analysis you need to do takes at most 5
minutes. You implement a Cloud Function to accomplish your processing and specify a
trigger resource pointing to your bucket. How should you configure the --trigger-event
parameter using gcloud?

a. --trigger-event google.storage.object.finalize
b. --trigger-event google.storage.object.change
c. --trigger-event google.storage.object.add
d. --trigger-event google.storage.object.create

9. The development team for the supply chain project is ready to start building their new
cloud app using a small Kubernetes cluster for the pilot. The cluster should only be
available to team members and does not need to be highly available. The developers
also need the ability to change the cluster architecture as they deploy new capabilities.
How would you implement this?

a. Implement an autopilot cluster in us-central1-a with a default pool and an Ubuntu image.
b. Implement a private standard regional cluster in us-central1 with a default pool and
container-optimized image type.
c. Implement an autopilot cluster in us-central1 with an Ubuntu image type.
d. Implement a private standard zonal cluster in us-central1-a with a default pool and an
Ubuntu image.

10. Cymbal Superstore’s marketing department needs to load some slowly changing data
into BigQuery. The data arrives hourly in a Cloud Storage bucket. You want to minimize
cost and implement this in the fewest steps. What should you do?

a. Implement a bq load command in a command line script and schedule it with cron.
b. Create a Cloud Function to push data to BigQuery through a Dataflow pipeline.
c. Use the BigQuery data transfer service to schedule a transfer between your bucket and
BigQuery.
d. Read the data from your bucket by using the BigQuery streaming API in a program.

Deploying and implementing cloud solutions – Diagnostic questions

1. Which of the following tasks are part of the process when configuring a managed
instance group? (Pick two.)
a. Specifying Persistent disks
b. Providing Number of instances
c. Choosing instance Machine type
d. Defining Health checks
e. Configuring the operating system

2. You have a Cloud Run service with a database backend. You want to limit the number of
connections to your database. What should you do?

a. Set CPU Utilization.

b. Set Max instances.
c. Set Concurrency settings.
d. Set Min instances.

3. You have a scheduled snapshot you are trying to delete, but the operation returns an
error. What should you do to resolve this problem?

a. Detach the snapshot schedule before deleting it.

b. Delete the object the snapshot was created from.
c. Restore the snapshot to a persistent disk before deleting it.
d. Delete the downstream incremental snapshots before deleting the main reference.

4. Cymbal Superstore’s GKE cluster requires an internal http(s) load balancer. You are
creating the configuration files required for this resource. What is the proper setting for
this scenario?

a. Annotate your service object with a NEG (network group endpoint) reference.
b. Configure your service object with a type: LoadBalancer.
c. Implement custom static routes in your VPC
d. Annotate your ingress object with an ingress.class of “gce.”

5. Cymbal Superstore’s supply chain management system has been deployed and is
working well. You are tasked with monitoring the system’s resources so you can react
quickly to any problems. You want to ensure the CPU usage of each of your Compute
Engine instances in us-central1 remains below 60%. You want an incident created if it
exceeds this value for 5 minutes. You need to configure the proper alerting policy for this
scenario. What should you do?
a. Choose resource type of VM instance, and metric of CPU utilization, condition trigger if
any time series violates, condition is below, threshold is .60 for 5 minutes.
b. Choose resource type of VM instance and metric of CPU utilization, condition trigger all
time series violates, condition is above, threshold is .60 for 5 minutes.
c. Choose resource type of VM instance and metric of CPU utilization, condition trigger if
any time series violates, condition is above, threshold is .60 for 5 minutes.
d. Choose resource type of VM instance and metric of CPU load, condition trigger if any
time series violates, condition is below, threshold is .60, for 5 minutes.

6. You want to implement a lifecycle rule that changes your storage type from standard to
nearline after a specific date. What conditions should you use? (Pick two).

a. MatchesStorageClass
b. CreatedBefore
c. IsLive
d. Age
e. NumberofNewerVersions

7. What is the declarative way to initialize and update Kubernetes objects?

a. kubectl replace
b. kubectl create
c. kubectl run
d. kubectl apply

8. Cymbal Superstore has a subnetwork called mysubnet with an IP range of 10.1.2.0/24.

You need to expand this subnet to include enough IP addresses for at most 2000 new
users or devices. What should you do?

a. gcloud compute networks subnets expand-ip-range mysubnet --region us-central1 --

prefix-length 21
b. gcloud networks subnets expand-ip-range mysubnet --region us-central1 --prefix-length
21
c. gcloud compute networks subnets expand-ip-range mysubnet --region us-central1 --
prefix-length 22
d. gcloud compute networks subnets expand-ip-range mysubnet --region us-central1 --
prefix-length 20

9. What Kubernetes object provides access to logic running in your cluster via endpoints
that you define?
 a. Services
b. Pods
c. Deployment
d. Pod template

10. You want to view a description of your available snapshots using the command line
interface (CLI). What gcloud command should you use?

a. gcloud compute snapshots get

b. gcloud snapshots list
c. gcloud compute list snapshots
d. gcloud compute snapshots list

Ensuring successful operation of a cloud solution – Diagnostic questions

1. You need to configure access to Cloud Spanner from the GKE cluster that is supporting
Cymbal Superstore’s ecommerce microservices application. You want to specify an
account type to set the proper permissions. What should you do?

a. Assign permissions through service account referenced by the application

b. Assign permissions through a Google Workspace account referenced by the application
c. Assign permissions to a Google account referenced by the application
d. Assign permissions through a Cloud Identity account referenced by the application

2. Outline where Cloud Audit logs can be accessed: in the logging tab of the operations
interface. You are configuring audit logging for Cloud Storage. You want to know when
objects are added to a bucket. Which type of audit log entry should you monitor?

a. DATA_READ log entries

b. ADMIN_READ log entries
c. Admin Activity log entries
d. DATA_WRITE log entries

3. Which Cloud Audit log is disabled by default with a few exceptions?

a. System Event audit logs

b. Data Access audit logs
c. Admin Activity audit logs
d. Policy Denied audit logs
4. Cymbal Superstore is implementing a mobile app for end users to track deliveries that
are en route to them. The app needs to access data about truck location from Pub/Sub
using Google recommended practices. What kind of credentials should you use?

a. Environment provided service account

b. OAuth 2.0 client
c. API key
d. Service account key

5. You are trying to assign roles to the dev and prod projects of Cymbal Superstore’s e-
commerce app but are receiving an error when you try to run set-iam policy. The
projects are organized into an ecommerce folder in the Cymbal Superstore
organizational hierarchy. You want to follow best practices for the permissions you need
while respecting the practice of least privilege. What should you do?

a. Ask your administrator for the roles/resourcemanager.organizationAdmin for Cymbal

Superstore
b. Ask your administrator for the roles/resourcemanager.folderIamAdmin for the
ecommerce folder
c. Ask your administrator for resourcemanager.projects.setIamPolicy roles for each project
d. Ask your administrator for the roles/iam.securityAdmin role in IAM.

6. You have a custom role implemented for administration of the dev/test environment for
Cymbal Superstore’s transportation management application. You are developing a pilot
to use Cloud Run instead of Cloud Functions. You want to ensure your administrators
have the correct access to the new resources. What should you do?

a. Copy the existing role, add the new permissions to the copy, and delete the old role
b. Delete the custom role and recreate a new custom role with required permissions
c. Make the change to the custom role locally and run an update on the custom role
d. Create a new role with needed permissions and migrate users to it.

7. Which of the scenarios below is an example of a situation where you should use a
service account?

a. For interactive analysis

b. For development environments
c. To directly access user data
d. For individual GKE pods