Exam Associate Cloud Engineer topic 1 question 1 discussion

C is correct - https://cloud.google.com/compute/docs/instances/managing-instance-access

Send private key to users is not safe, i think it's C

C is correct

C - Need compute.osAdminLogin role to perform this role.

C is correct

C is correct as it is recommended approach from google to use groups

Answers QUESTION 179 A. 1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ. B. 1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ. C. 1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ. D. 1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.

Answer is C, since OsLogin is needed

QUESTION 177 You are creating an application that will run on Google Kubernetes Engine. You have identified MongoDB as the most suitable database system for your application and want to deploy a managed MongoDB environment that provides a support SLA. What should you do? A. Create a Cloud Bigtable cluster, and use the HBase API. B. Deploy MongoDB Atlas from the Google Cloud Marketplace. C. Download a MongoDB installation package, and run it on Compute Engine instances. D. Download a MongoDB installation package, and run it on a Managed Instance Group

QUESTION 176 You will have several applications running on different Compute Engine instances in the same project. You want to specify at a more granular level the service account each instance uses when calling Google Cloud APIs. What should you do? A. When creating the instances, specify a Service Account for each instance. B. When creating the instances, assign the name of each Service Account as instance metadata. C. After starting the instances, use gcloud compute instances update to specify a Service Account for each instance. D. After starting the instances, use gcloud compute instances update to assign the name of the relevant Service Account as instance metadata.

QUESTION 175 You have developed an application that consists of multiple microservices, with each microservice packaged in its own Docker container image. You want to deploy the entire application on Google Kubernetes Engine so that each microservice can be scaled individually. What should you do? A. Create and deploy a Custom Resource Definition per microservice. B. Create and deploy a Docker Compose File. C. Create and deploy a Job per microservice. D. Create and deploy a Deployment per microservice.

QUESTION 174 You are about to deploy a new Enterprise Resource Planning (ERP) system on Google Cloud. The application holds the full database in-memory for fast data access, and you need to configure the most appropriate resources on Google Cloud for this application. What should you do? A. Provision preemptible Compute Engine instances. B. Provision Compute Engine instances with GPUs attached. C. Provision Compute Engine instances with local SSDs attached. D. Provision Compute Engine instances with M1 machine type.

NEW Q, 173 You are developing a financial trading application that will be used globally. Data is stored and queried using a relational structure, and clients from all over the world should get the exact identical state of the data. The application will be deployed in multiple regions to provide the lowest latency to end users. You need to select a storage option for the application data while minimizing latency. What should you do? A. Use Cloud Bigtable for data storage. B. Use Cloud SQL for data storage. C. Use Cloud Spanner for data storage. D. Use Firestore for data storage.

Its not advisable to share keys to everyone and best answer is C

C is correct. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the "compute.osAdminLogin" role to the Google group corresponding to this team.

You cannot share private keys. I would choose C

C. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the ג€compute.osAdminLoginג€ role to the Google group corresponding to this team.