Home/Directory/professional cloud architect

professional cloud architect Practice Questions

Page 3 of 3 (240 total questions)

You need to route traffic to Google Compute Engine instances based on URL paths (e.g., '/api' vs '/static'). Which load balancer type should you use?
View Question & Answer ➔
Your organization wants to implement 'Service Account Impersonation' to allow highly privileged scripts to run without developers having direct access to the service account's private keys. Which IAM role is required to allow a user to impersonate a service account?
View Question & Answer ➔
An organization wants to analyze their cloud usage to identify resources that were created more than 3 months ago but have had zero activity. Which Active Assist component should they consult?
View Question & Answer ➔
Which feature of the Google Cloud Resource Manager allows you to group several projects together so that they can all inherit the same set of IAM permissions and Organization Policies?
View Question & Answer ➔
How can you securely provide temporary administrative access to a specific GCP project for a 3rd-party auditor without granting them long-term roles or needing to manage their credentials?
View Question & Answer ➔
How can you analyze the 'Effective Policy' for a resource in GCP, taking into account all inherited permissions from the organization and folders?
View Question & Answer ➔
Your company is adopting a microservices architecture. They want to ensure that each service has its own dedicated identity and can only access the specific Google Cloud resources it needs. What is the key mechanism?
View Question & Answer ➔
An organization wants to ensure that all their employees can access their internal GCP dashboards only while they are connected to the corporate office network. Which tool can enforce this IP-based restriction?
View Question & Answer ➔
Which GCP service provides a managed way to run 'Zero-Trust' remote access to on-premises web applications without a VPN?
View Question & Answer ➔
An organization wants to analyze the cost of their Google Cloud resources in real-time. They want a solution that scales with their data and allows them to perform complex ad-hoc queries on several years of historical billing data. What should they do?
View Question & Answer ➔
Your high-traffic application requires ultra-low latency and needs to handle millions of requests per second at the network level. Which load balancer is best?
View Question & Answer ➔
Your company is acquiring another firm that uses Azure Active Directory (Azure AD). You want to allow their employees to log in to the Google Cloud Console using their existing Azure AD credentials. Which solution is recommended?
View Question & Answer ➔
Scenario: You are designing a hybrid cloud architecture where your on-premises app needs to trigger a serverless function in GCP when a database change occurs. Solution?
View Question & Answer ➔
Scenario: You are deploying a mission-critical application and want to minimize the risk of a single human making a catastrophic change. Solution?
View Question & Answer ➔
Scenario: To lower the cost of a high-end AI training workload, you want to use GPUs that can be reclaimed by Google with a 1-minute notice. What should you use?
View Question & Answer ➔
Scenario: A fintech startup wants to launch a new app in 5 different global regions simultaneously with a single SSL-encrypted endpoint. Solution?
View Question & Answer ➔
Scenario: To lower the RTO of a disaster recovery plan, an architect wants to maintain a 'Pilot Light' environment in a secondary region. Which GCE configuration should they use?
View Question & Answer ➔
Scenario: You want to ensure that if your on-premises data center is hit by a disaster, your primary business applications in GCP can continue to run with zero manual reconfiguration of networking. Solution ?
View Question & Answer ➔
Scenario: You want to ensure that your CI/CD pipeline in Cloud Build can only deploy to a GKE cluster if the build was triggered by a specific branch in your Git repository. Solution ?
View Question & Answer ➔
Scenario: You are designing a globally distributed application that requires a single anycast IP address to route users to the closest healthy region. Solution ?
View Question & Answer ➔
Scenario: To minimize the blast radius of a potential credential theft, you want to ensure that your developers can only access the production GCP project during business hours. Solution ?
View Question & Answer ➔
Scenario: You are designing a data lake and want to move objects from a standard bucket to a Coldline bucket after 30 days of no access. Solution ?
View Question & Answer ➔
You are building a real-time data ingestion pipeline using Cloud Pub/Sub. You want to ensure that no messages are lost even if the subscriber application (Cloud Run) is offline for 4 hours. How should you configure Pub/Sub?
View Question & Answer ➔
You are designing a high-scale data ingestion system using Cloud Functions. You want to ensure that if a function fails, the event is not lost and can be retried later. Which pattern should you use?
View Question & Answer ➔
You are building a serverless data processing pipeline. You want to trigger a Cloud Function every time a new file is created in a Cloud Storage bucket, but you need to ensure the function finishes within its 9-minute execution limit. What is the best design?
View Question & Answer ➔
An organization following a multi-cloud strategy wants to manage their GCP resources using the same tools they use for AWS and on-premises infrastructure. Which tool is most commonly used for this vendor-neutral IaC?
View Question & Answer ➔
Scenario: To improve security for a financial application, an architect wants to ensure that all database access from GKE pods is encrypted and authenticated using IAM identities, not static passwords. Solution ?
View Question & Answer ➔
Scenario: You want to ensure that all data stored in a specific Cloud Storage bucket is automatically deleted after 7 years to comply with data privacy regulations. Solution ?
View Question & Answer ➔
Your organization is migrating a high-performance database that requires a minimum of 60,000 IOPS. Which storage configuration in Google Cloud provides the best price-performance ratio while meeting this requirement?
View Question & Answer ➔
An enterprise wants to ensure that all their Cloud Logging data is encrypted with keys that they physically control in an on-premises HSM. Which GCP feature supports this 'encryption at rest' requirement for logs?
View Question & Answer ➔
Which Cloud Monitoring feature allows you to define a 'SLO' (Service Level Objective) and track your 'Error Budget' progress over time?
View Question & Answer ➔
Which tool provides a way to 'Shadow' or 'Mirror' production traffic to a secondary, non-production cluster for testing purposes without affecting the primary traffic?
View Question & Answer ➔
To improve the security of a multi-tenant GKE cluster, an architect wants to ensure that pods from one tenant cannot reach pods from another tenant unless explicitly allowed. Which native Kubernetes resource is used to enforce this isolation?
View Question & Answer ➔
Your team is running a massive Bigtable cluster for a real-time analytics dashboard. They notice that queries are becoming slow. Which Bigtable monitoring metric is the most critical indicator that the cluster needs more nodes?
View Question & Answer ➔
Which Cloud Spanner configuration provides the highest availability and lowest latency for users distributed globally across Europe, North America, and Asia?
View Question & Answer ➔
An organization wants to analyze their GCP spend and identify 'orphaned' resources (e.g., GCE instances with no network activity). Which tool provides these automated cost-saving recommendations?
View Question & Answer ➔
Your High Performance Computing (HPC) workload requires low network latency between Google Compute Engine instances. What feature should you use?
View Question & Answer ➔
An organization following the 'Zero Trust' model wants to ensure that employees can only access the GCP Console from their company-issued laptops. Which GCP feature enables this device-based access control?
View Question & Answer ➔
To prevent 'bill shock' from a developer accidentally running a very expensive BigQuery query, which control should you implement at the project level?
View Question & Answer ➔
Your organization wants to move their legacy .NET application to a serverless platform in GCP that supports Windows containers and scales to zero. Which service is the best fit?
View Question & Answer ➔

← PreviousPage 3 of 3

professional cloud architect Practice Questions

You need to route traffic to Google Compute Engine instances based on URL paths (e.g., '/api' vs '/static'). Which load balancer type should you use?

Your organization wants to implement 'Service Account Impersonation' to allow highly privileged scripts to run without developers having direct access to the service account's private keys. Which IAM role is required to allow a user to impersonate a service account?

An organization wants to analyze their cloud usage to identify resources that were created more than 3 months ago but have had zero activity. Which Active Assist component should they consult?

Which feature of the Google Cloud Resource Manager allows you to group several projects together so that they can all inherit the same set of IAM permissions and Organization Policies?

How can you securely provide temporary administrative access to a specific GCP project for a 3rd-party auditor without granting them long-term roles or needing to manage their credentials?

How can you analyze the 'Effective Policy' for a resource in GCP, taking into account all inherited permissions from the organization and folders?

Your company is adopting a microservices architecture. They want to ensure that each service has its own dedicated identity and can only access the specific Google Cloud resources it needs. What is the key mechanism?

An organization wants to ensure that all their employees can access their internal GCP dashboards only while they are connected to the corporate office network. Which tool can enforce this IP-based restriction?

Which GCP service provides a managed way to run 'Zero-Trust' remote access to on-premises web applications without a VPN?

An organization wants to analyze the cost of their Google Cloud resources in real-time. They want a solution that scales with their data and allows them to perform complex ad-hoc queries on several years of historical billing data. What should they do?

Your high-traffic application requires ultra-low latency and needs to handle millions of requests per second at the network level. Which load balancer is best?

Your company is acquiring another firm that uses Azure Active Directory (Azure AD). You want to allow their employees to log in to the Google Cloud Console using their existing Azure AD credentials. Which solution is recommended?

Scenario: You are designing a hybrid cloud architecture where your on-premises app needs to trigger a serverless function in GCP when a database change occurs. Solution?

Scenario: You are deploying a mission-critical application and want to minimize the risk of a single human making a catastrophic change. Solution?

Scenario: To lower the cost of a high-end AI training workload, you want to use GPUs that can be reclaimed by Google with a 1-minute notice. What should you use?

Scenario: A fintech startup wants to launch a new app in 5 different global regions simultaneously with a single SSL-encrypted endpoint. Solution?

Scenario: To lower the RTO of a disaster recovery plan, an architect wants to maintain a 'Pilot Light' environment in a secondary region. Which GCE configuration should they use?

Scenario: You want to ensure that if your on-premises data center is hit by a disaster, your primary business applications in GCP can continue to run with zero manual reconfiguration of networking. Solution ?

Scenario: You want to ensure that your CI/CD pipeline in Cloud Build can only deploy to a GKE cluster if the build was triggered by a specific branch in your Git repository. Solution ?

Scenario: You are designing a globally distributed application that requires a single anycast IP address to route users to the closest healthy region. Solution ?

Scenario: To minimize the blast radius of a potential credential theft, you want to ensure that your developers can only access the production GCP project during business hours. Solution ?

Scenario: You are designing a data lake and want to move objects from a standard bucket to a Coldline bucket after 30 days of no access. Solution ?

You are building a real-time data ingestion pipeline using Cloud Pub/Sub. You want to ensure that no messages are lost even if the subscriber application (Cloud Run) is offline for 4 hours. How should you configure Pub/Sub?

You are designing a high-scale data ingestion system using Cloud Functions. You want to ensure that if a function fails, the event is not lost and can be retried later. Which pattern should you use?

You are building a serverless data processing pipeline. You want to trigger a Cloud Function every time a new file is created in a Cloud Storage bucket, but you need to ensure the function finishes within its 9-minute execution limit. What is the best design?

An organization following a multi-cloud strategy wants to manage their GCP resources using the same tools they use for AWS and on-premises infrastructure. Which tool is most commonly used for this vendor-neutral IaC?

Scenario: To improve security for a financial application, an architect wants to ensure that all database access from GKE pods is encrypted and authenticated using IAM identities, not static passwords. Solution ?

Scenario: You want to ensure that all data stored in a specific Cloud Storage bucket is automatically deleted after 7 years to comply with data privacy regulations. Solution ?

Your organization is migrating a high-performance database that requires a minimum of 60,000 IOPS. Which storage configuration in Google Cloud provides the best price-performance ratio while meeting this requirement?

An enterprise wants to ensure that all their Cloud Logging data is encrypted with keys that they physically control in an on-premises HSM. Which GCP feature supports this 'encryption at rest' requirement for logs?

Which Cloud Monitoring feature allows you to define a 'SLO' (Service Level Objective) and track your 'Error Budget' progress over time?

Which tool provides a way to 'Shadow' or 'Mirror' production traffic to a secondary, non-production cluster for testing purposes without affecting the primary traffic?

To improve the security of a multi-tenant GKE cluster, an architect wants to ensure that pods from one tenant cannot reach pods from another tenant unless explicitly allowed. Which native Kubernetes resource is used to enforce this isolation?

Your team is running a massive Bigtable cluster for a real-time analytics dashboard. They notice that queries are becoming slow. Which Bigtable monitoring metric is the most critical indicator that the cluster needs more nodes?

Which Cloud Spanner configuration provides the highest availability and lowest latency for users distributed globally across Europe, North America, and Asia?

An organization wants to analyze their GCP spend and identify 'orphaned' resources (e.g., GCE instances with no network activity). Which tool provides these automated cost-saving recommendations?

Your High Performance Computing (HPC) workload requires low network latency between Google Compute Engine instances. What feature should you use?

An organization following the 'Zero Trust' model wants to ensure that employees can only access the GCP Console from their company-issued laptops. Which GCP feature enables this device-based access control?

To prevent 'bill shock' from a developer accidentally running a very expensive BigQuery query, which control should you implement at the project level?

Your organization wants to move their legacy .NET application to a serverless platform in GCP that supports Windows containers and scales to zero. Which service is the best fit?