Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam Associate Cloud Engineer topic 1 question 1 discussion

Actual exam question from Google's Associate Cloud Engineer
Question #: 1
Topic #: 1
[All Associate Cloud Engineer Questions]

Every employee of your company has a Google account. Your operational team needs to manage a large number of instances on Compute Engine. Each member of this team needs only administrative access to the servers. Your security team wants to ensure that the deployment of credentials is operationally efficient and must be able to determine who accessed a given instance. What should you do?

  • A. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.
  • B. Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.
  • C. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the ג€compute.osAdminLoginג€ role to the Google group corresponding to this team.
  • D. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.
Show Suggested Answer Hide Answer

Suggested Answer: D
Reference:
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys

Comments

dan80
Highly Voted 1 year ago
C is correct - https://cloud.google.com/compute/docs/instances/managing-instance-access
upvoted 15 times
adedj99
7 months, 3 weeks ago
We recommend collecting users with the same responsibilities into groups and assigning IAM roles to the groups rather than to individual users. For example, you can create a "data scientist" group and assign appropriate roles to enable interaction with BigQuery and Cloud Storage. When a new data scientist joins your team, you can simply add them to the group and they will inherit the defined permissions. You can create and manage groups through the Admin Console.
upvoted 1 times
...
...
zakhili
Highly Voted 1 year ago
Send private key to users is not safe, i think it's C
upvoted 9 times
...
KiranChinna
Most Recent 4 days, 3 hours ago
C is correct
upvoted 1 times
...
Finger41
1 month ago
C - Need compute.osAdminLogin role to perform this role.
upvoted 1 times
...
mcaromit
1 month ago
C is correct
upvoted 2 times
...
viswanand
1 month ago
C is correct as it is recommended approach from google to use groups
upvoted 1 times
...
kopper2019
2 months ago
Answers QUESTION 179 A. 1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ. B. 1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ. C. 1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ. D. 1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.
upvoted 3 times
Ash543211
3 weeks, 6 days ago
Hi, Can you send all the remaining question to me .
upvoted 1 times
...
mdc
1 month, 3 weeks ago
what is the answer to this? is it C?
upvoted 1 times
...
tavva_prudhvi
2 months ago
Hey Kopper2019 , can you post all the questions to me?
upvoted 1 times
AmineHM
1 month, 3 weeks ago
Do you have another questions ?
upvoted 2 times
...
...
...
kopper2019
2 months ago
Answer is C, since OsLogin is needed
upvoted 1 times
...
kopper2019
2 months ago
QUESTION 177 You are creating an application that will run on Google Kubernetes Engine. You have identified MongoDB as the most suitable database system for your application and want to deploy a managed MongoDB environment that provides a support SLA. What should you do? A. Create a Cloud Bigtable cluster, and use the HBase API. B. Deploy MongoDB Atlas from the Google Cloud Marketplace. C. Download a MongoDB installation package, and run it on Compute Engine instances. D. Download a MongoDB installation package, and run it on a Managed Instance Group
upvoted 2 times
mathurshagun17
1 week, 1 day ago
B. Deploy from Marketplace.
upvoted 1 times
...
Ashii
3 weeks, 2 days ago
Mongo is available in Marketplace, its B
upvoted 1 times
...
tavva_prudhvi
2 months ago
Simple, it's D.
upvoted 1 times
tavva_prudhvi
2 months ago
Sorry, its B.
upvoted 4 times
...
...
...
kopper2019
2 months ago
QUESTION 176 You will have several applications running on different Compute Engine instances in the same project. You want to specify at a more granular level the service account each instance uses when calling Google Cloud APIs. What should you do? A. When creating the instances, specify a Service Account for each instance. B. When creating the instances, assign the name of each Service Account as instance metadata. C. After starting the instances, use gcloud compute instances update to specify a Service Account for each instance. D. After starting the instances, use gcloud compute instances update to assign the name of the relevant Service Account as instance metadata.
upvoted 3 times
tavva_prudhvi
2 months ago
It's A, as In the Identity and API Access section, choose the service account you want to use from the drop-down list.
upvoted 4 times
...
...
kopper2019
2 months ago
QUESTION 175 You have developed an application that consists of multiple microservices, with each microservice packaged in its own Docker container image. You want to deploy the entire application on Google Kubernetes Engine so that each microservice can be scaled individually. What should you do? A. Create and deploy a Custom Resource Definition per microservice. B. Create and deploy a Docker Compose File. C. Create and deploy a Job per microservice. D. Create and deploy a Deployment per microservice.
upvoted 3 times
meh009
1 month, 3 weeks ago
D: https://cloud.google.com/architecture/scaling-commerce-workloads-architecture
upvoted 1 times
...
tavva_prudhvi
2 months ago
When you use GKE, each microservice has a separate development and deployment lifecycle. Each microservice is packaged as a Docker container. You deploy those containers as a Kubernetes Pod and Service using one of these ways: imperative commands (using kubectl) declarative specifications (Kubernetes Deployments) packaged as Helm charts So, we can stick with D. but It can be B too as docker-compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application's services. Then, with a single command, you create and start all the services from your configuration.
upvoted 2 times
EricJason
1 month ago
It's all about K8s, so just forget the docker-compose
upvoted 1 times
...
...
...
kopper2019
2 months ago
QUESTION 174 You are about to deploy a new Enterprise Resource Planning (ERP) system on Google Cloud. The application holds the full database in-memory for fast data access, and you need to configure the most appropriate resources on Google Cloud for this application. What should you do? A. Provision preemptible Compute Engine instances. B. Provision Compute Engine instances with GPUs attached. C. Provision Compute Engine instances with local SSDs attached. D. Provision Compute Engine instances with M1 machine type.
upvoted 2 times
tavva_prudhvi
2 months ago
this is D, as M1 machine types are specifically for in-memory databases and operations.
upvoted 4 times
...
...
kopper2019
2 months ago
NEW Q, 173 You are developing a financial trading application that will be used globally. Data is stored and queried using a relational structure, and clients from all over the world should get the exact identical state of the data. The application will be deployed in multiple regions to provide the lowest latency to end users. You need to select a storage option for the application data while minimizing latency. What should you do? A. Use Cloud Bigtable for data storage. B. Use Cloud SQL for data storage. C. Use Cloud Spanner for data storage. D. Use Firestore for data storage.
upvoted 2 times
dude11
2 months ago
C. Cloud spanner (it says relational, all over the world)
upvoted 3 times
...
...
kranti1020
2 months, 1 week ago
Its not advisable to share keys to everyone and best answer is C
upvoted 1 times
...
[Removed]
2 months, 3 weeks ago
C is correct. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the "compute.osAdminLogin" role to the Google group corresponding to this team.
upvoted 1 times
...
rajeshsvrn
2 months, 3 weeks ago
You cannot share private keys. I would choose C
upvoted 3 times
...
GCP_Student1
2 months, 4 weeks ago
C. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the ג€compute.osAdminLoginג€ role to the Google group corresponding to this team.
upvoted 1 times
...

SaveCancel