• Home
  • Articles
  • PassLeader Professional-Cloud-Architect Exam Questions Real Professional-Cloud-Architect Practice Dumps [Q152-Q167]

PassLeader Professional-Cloud-Architect Exam Questions Real Professional-Cloud-Architect Practice Dumps [Q152-Q167]

Share

PassLeader Professional-Cloud-Architect Exam Questions | Real Professional-Cloud-Architect Practice Dumps

Verified Professional-Cloud-Architect Exam Dumps Q&As - Provide Professional-Cloud-Architect with Correct Answers


Topics of Google Professional Cloud Architect Exam

Candidates must know the exam topics before they start of preparation. because it will really help them in hitting the core. Our Google Professional Cloud Architect Dumps will include the following topics:

1. Designing and planning a cloud solution architecture

Business requirements considerations

  • Business use cases and product strategy
  • Integration with external systems
  • Movement of data
  • Build, buy or modify

Technical requirements considerations

  • Scalability to meet growth requirements
  • Elasticity of cloud resources
  • Performance and latency
  • High availability and failover design

Network, Storage, and Compute resources Considerations

  • Choosing appropriate storage types (e.g., object, file, RDBMS, NoSQL, NewSQL)
  • Choosing data processing technologies
  • Integration with on- premises/multi- cloud environments
  • Cloud-native networking (VPC, peering, firewalls, container networking)

Creating a migration plan

  • Dependency management planning
  • Migrating systems and data to support the solution
  • Integrating solution with existing systems
  • Licensing mapping

Envisioning future solution improvements

  • Cloud and technology improvements
  • Evangelism and advocacy
  • Business needs evolution

2. Managing and provisioning a solution Infrastructure

Configuring network topologies

  • Security and data protection
  • Extending to on-premises (hybrid networking)
  • Extending to a multi-cloud environment that may include GCP to GCP communication

Configuring individual storage systems

  • Data storage allocation
  • Data processing/compute provisioning
  • Security and access management
  • Data retention and data life cycle management

Configuring compute systems

  • Infrastructure provisioning technology configuration (e.g. Chef/Puppet/Ansible/Terraform/Deployment Manager)
  • Container orchestration with Kubernetes
  • Compute volatility configuration (preemptible vs. standard)
  • Compute system provisioning
  • Network configuration for compute nodes

3. Designing for security and compliance

Security considerations

  • Identity and access management (IAM)
  • Resource hierarchy (organizations, folders, projects)
  • Penetration testing
  • Security controls (e.g., auditing, VPC Service Controls organization policy)
  • Data security (key management, encryption)

compliance Considerations

  • Industry certifications (e.g., SOC 2)
  • Commercial (e.g., sensitive data such as credit card information handling, personally identifiable information [PII])
  • Audits (including logs)
  • Legislation (e.g., health record privacy, children's privacy, data privacy, and ownership)

4. Analyzing and optimizing technical and business processes

Analyzing and defining technical processes considerations

  • Service catalog and provisioning
  • Software development life cycle plan (SDLC)
  • Troubleshooting / post mortem analysis culture

Analyzing and defining business processes. Considerations include:

  • Change management
  • Cost optimization / resource optimization (capex / opex)
  • Team assessment / skills readiness

Developing procedures to ensure resilience of solution in production (e.g., chaos engineering)

5. Managing implementation

Advising development/operation team(s) to ensure successful deployment of the solution. considerations

  • Data and system migration tooling
  • Testing frameworks (load/unit/integration)
  • API best practices
  • Application development

Interacting with Google Cloud using GCP SDK (gcloud, gsutil, and bq) considerations

  • Local installation
  • Google Cloud Shell

6. Ensuring solution and operations reliability

  • Monitoring/logging/profiling/alerting solution
  • Deployment and release management
  • Evaluating quality control measures
  • Assisting with the support of solutions in operation

 

NEW QUESTION 152
A development manager is building a new application. He asks you to review his requirements and identify what cloud technologies he can use to meet them. The application must:
1. Be based on open-source technology for cloud portability
2. Dynamically scale compute capacity based on demand
3. Support continuous software delivery
4. Run multiple segregated copies of the same application stack
5. Deploy application bundles using dynamic templates
6. Route network traffic to specific services based on URL
Which combination of technologies will meet all of his requirements?

  • A. Google Kubernetes Engine, Jenkins, and Cloud Load Balancing
  • B. Google Kubernetes Engine and Cloud Load Balancing
  • C. Google Kubernetes Engine and Cloud Deployment Manager
  • D. Google Kubernetes Engine, Jenkins, and Helm

Answer: A

Explanation:
Jenkins is an open-source automation server that lets you flexibly orchestrate your build, test, and deployment pipelines. Kubernetes Engine is a hosted version of Kubernetes, a powerful cluster manager and orchestration system for containers.
When you need to set up a continuous delivery (CD) pipeline, deploying Jenkins on Kubernetes Engine provides important benefits over a standard VM-based deployment Incorrect Answers:
A: Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources.
Use Helm to:
* Find and use popular software packaged as Kubernetes charts
* Share your own applications as Kubernetes charts
* Create reproducible builds of your Kubernetes applications
* Intelligently manage your Kubernetes manifest files
* Manage releases of Helm packages
Reference: https://cloud.google.com/solutions/jenkins-on-kubernetes-engine

 

NEW QUESTION 153
For this question, refer to the Dress4Win case study.
Dress4Win has asked you to recommend machine types they should deploy their application servers to. How should you proceed?

  • A. Recommend that Dress4Win deploy into production with the smallest instances available, monitor them over time, and scale the machine type up until the desired performance is reached.
  • B. Perform a mapping of the on-premises physical hardware cores and RAM to the nearest machine types in the cloud.
  • C. Identify the number of virtual cores and RAM associated with the application server virtual machines align them to a custom machine type in the cloud, monitor performance, and scale the machine types up until the desired performance is reached.
  • D. Recommend that Dress4Win deploy application servers to machine types that offer the highest RAM to CPU ratio available.

Answer: A

Explanation:
Topic 5, Dress4Win Case 2
Company Overview
Dress4win is a web-based company that helps their users organize and manage their personal wardrobe using a website and mobile application. The company also cultivates an active social network that connects their users with designers and retailers. They monetize their services through advertising, e-commerce, referrals, and a freemium app model. The application has grown from a few servers in the founder's garage to several hundred servers and appliances in a collocated data center. However, the capacity of their infrastructure is now insufficient for the application's rapid growth. Because of this growth and the company's desire to innovate faster. Dress4Win is committing to a full migration to a public cloud.
Solution Concept
For the first phase of their migration to the cloud, Dress4win is moving their development and test environments. They are also building a disaster recovery site, because their current infrastructure is at a single location. They are not sure which components of their architecture they can migrate as is and which components they need to change before migrating them.
Existing Technical Environment
The Dress4win application is served out of a single data center location. All servers run Ubuntu LTS v16.04.
Databases:
MySQL. 1 server for user data, inventory, static data:
- MySQL 5.8
- 8 core CPUs
- 128 GB of RAM
- 2x 5 TB HDD (RAID 1)
Redis 3 server cluster for metadata, social graph, caching. Each server is:
- Redis 3.2
- 4 core CPUs
- 32GB of RAM
Compute:
40 Web Application servers providing micro-services based APIs and static content.
- Tomcat - Java
- Nginx
- 4 core CPUs
- 32 GB of RAM
20 Apache Hadoop/Spark servers:
- Data analysis
- Real-time trending calculations
- 8 core CPUS
- 128 GB of RAM
- 4x 5 TB HDD (RAID 1)
3 RabbitMQ servers for messaging, social notifications, and events:
- 8 core CPUs
- 32GB of RAM
Miscellaneous servers:
- Jenkins, monitoring, bastion hosts, security scanners
- 8 core CPUs
- 32GB of RAM
Storage appliances:
iSCSI for VM hosts
Fiber channel SAN - MySQL databases
- 1 PB total storage; 400 TB available
NAS - image storage, logs, backups
- 100 TB total storage; 35 TB available
Business Requirements
Build a reliable and reproducible environment with scaled parity of production.
Improve security by defining and adhering to a set of security and Identity and Access Management (IAM) best practices for cloud.
Improve business agility and speed of innovation through rapid provisioning of new resources.
Analyze and optimize architecture for performance in the cloud.
Technical Requirements
Easily create non-production environment in the cloud.
Implement an automation framework for provisioning resources in cloud.
Implement a continuous deployment process for deploying applications to the on-premises datacenter or cloud.
Support failover of the production environment to cloud during an emergency.
Encrypt data on the wire and at rest.
Support multiple private connections between the production data center and cloud environment.
Executive Statement
Our investors are concerned about our ability to scale and contain costs with our current infrastructure. They are also concerned that a competitor could use a public cloud platform to offset their up-front investment and free them to focus on developing better features. Our traffic patterns are highest in the mornings and weekend evenings; during other times, 80% of our capacity is sitting idle.
Our capital expenditure is now exceeding our quarterly projections. Migrating to the cloud will likely cause an initial increase in spending, but we expect to fully transition before our next hardware refresh cycle. Our total cost of ownership (TCO) analysis over the next 5 years for a public cloud strategy achieves a cost reduction between 30% and 50% over our current model.

 

NEW QUESTION 154
Your company is migrating its on-premises data center into the cloud. As part of the migration, you want to
integrate Kubernetes Engine for workload orchestration. Parts of your architecture must also be PCI DSS-
compliant. Which of the following is most accurate?

  • A. All Google Cloud services are usable because Google Cloud Platform is certified PCI-compliant.
  • B. App Engine is the only compute platform on GCP that is certified for PCI DSS hosting.
  • C. Kubernetes Engine and GCP provide the tools you need to build a PCI DSS-compliant environment.
  • D. Kubernetes Engine cannot be used under PCI DSS because it is considered shared hosting.

Answer: C

 

NEW QUESTION 155
Your company is migrating its on-premises data center into the cloud. As part of the migration, you want to integrate Google Kubernetes Engine (GKE) for workload orchestration. Parts of your architecture must also be PCI DSS-compliant. Which of the following is most accurate?

  • A. GKE cannot be used under PCI DSS because it is considered shared hosting.
  • B. All Google Cloud services are usable because Google Cloud Platform is certified PCI-compliant.
  • C. App Engine is the only compute platform on GCP that is certified for PCI DSS hosting.
  • D. GKE and GCP provide the tools you need to build a PCI DSS-compliant environment.

Answer: D

 

NEW QUESTION 156
Case Study: 4 - Dress4Win case study
Company Overview
Dress4win is a web-based company that helps their users organize and manage their personal wardrobe using a website and mobile application. The company also cultivates an active social network that connects their users with designers and retailers. They monetize their services through advertising, e-commerce, referrals, and a freemium app model.
Company Background
Dress4win's application has grown from a few servers in the founder's garage to several hundred servers and appliances in a colocated data center. However, the capacity of their infrastructure is now insufficient for the application's rapid growth. Because of this growth and the company's desire to innovate faster, Dress4win is committing to a full migration to a public cloud.
Solution Concept
For the first phase of their migration to the cloud, Dress4win is considering moving their development and test environments. They are also considering building a disaster recovery site, because their current infrastructure is at a single location. They are not sure which components of their architecture they can migrate as is and which components they need to change before migrating them.
Existing Technical Environment
The Dress4win application is served out of a single data center location.
Databases:
MySQL - user data, inventory, static data
* Redis - metadata, social graph, caching
* Application servers:
Tomcat - Java micro-services
* Nginx - static content
* Apache Beam - Batch processing
* Storage appliances:
iSCSI for VM hosts
* Fiber channel SAN - MySQL databases
* NAS - image storage, logs, backups
* Apache Hadoop/Spark servers:
Data analysis
* Real-time trending calculations
* MQ servers:
Messaging
* Social notifications
* Events
* Miscellaneous servers:
Jenkins, monitoring, bastion hosts, security scanners
* Business Requirements
* Build a reliable and reproducible environment with scaled parity of production. Improve security by defining and adhering to a set of security and Identity and Access Management (IAM) best practices for cloud.
Improve business agility and speed of innovation through rapid provisioning of new resources.
Analyze and optimize architecture for performance in the cloud. Migrate fully to the cloud if all other requirements are met.
Technical Requirements
Evaluate and choose an automation framework for provisioning resources in cloud. Support failover of the production environment to cloud during an emergency. Identify production services that can migrate to cloud to save capacity.
Use managed services whenever possible.
Encrypt data on the wire and at rest.
Support multiple VPN connections between the production data center and cloud environment.
CEO Statement
Our investors are concerned about our ability to scale and contain costs with our current infrastructure. They are also concerned that a new competitor could use a public cloud platform to offset their up-front investment and freeing them to focus on developing better features.
CTO Statement
We have invested heavily in the current infrastructure, but much of the equipment is approaching the end of its useful life. We are consistently waiting weeks for new gear to be racked before we can start new projects. Our traffic patterns are highest in the mornings and weekend evenings; during other times, 80% of our capacity is sitting idle.
CFO Statement
Our capital expenditure is now exceeding our quarterly projections. Migrating to the cloud will likely cause an initial increase in spending, but we expect to fully transition before our next hardware refresh cycle. Our total cost of ownership (TCO) analysis over the next 5 years puts a cloud strategy between 30 to 50% lower than our current model.
For this question, refer to the Dress4Win case study.
Dress4Win has configured a new uptime check with Google Stackdriver for several of their legacy services. The Stackdriver dashboard is not reporting the services as healthy. What should they do?

  • A. In the Cloud Platform Console download the list of the uptime servers' IP addresses and create an inbound firewall rule
  • B. Configure their load balancer to pass through the User-Agent HTTP header when the value matches GoogleStackdriverMonitoring-UptimeChecks (https://cloud.google.com/monitoring)
  • C. Install the Stackdriver agent on all of the legacy web servers.
  • D. Configure their legacy web servers to allow requests that contain user-Agent HTTP header when the value matches GoogleStackdriverMonitoring-- UptimeChecks (https://cloud.google.com/monitoring)

Answer: D

 

NEW QUESTION 157
For this question, refer to the TerramEarth case study.
TerramEarth's 20 million vehicles are scattered around the world. Based on the vehicle's location its telemetry data is stored in a Google Cloud Storage (GCS) regional bucket (US.
Europe, or Asia). The CTO has asked you to run a report on the raw telemetry data to determine why vehicles are breaking down after 100 K miles. You want to run this job on all the data. What is the most cost-effective way to run this job?

  • A. Launch a cluster in each region to preprocess and compress the raw data, then move the data into a multi region bucket and use a Dataproc cluster to finish the job.
  • B. Move all the data into 1 zone, then launch a Cloud Dataproc cluster to run the job.
  • C. Launch a cluster in each region to preprocess and compress the raw data, then move the data into a regional bucket and use a Cloud Dataproc cluster .....
  • D. Move all the data into 1 region, then launch a Google Cloud Dataproc cluster to run the job.

Answer: C

 

NEW QUESTION 158
For this question, refer to the JencoMart case study.
The JencoMart security team requires that all Google Cloud Platform infrastructure is deployed using a least privilege model with separation of duties for administration between production and development resources. What Google domain and project structure should you recommend?

  • A. Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application.
  • B. Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment.
  • C. Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications.
  • D. Create a single G Suite account to manage users with each stage of each application in its own project.

Answer: B

Explanation:
Note: The principle of least privilege and separation of duties are concepts that, although semantically different, are intrinsically related from the standpoint of security. The intent behind both is to prevent people from having higher privilege levels than they actually need Principle of Least Privilege: Users should only have the least amount of privileges required to perform their job and no more. This reduces authorization exploitation by limiting access to resources such as targets, jobs, or monitoring templates for which they are not authorized.
Separation of Duties: Beyond limiting user privilege level, you also limit user duties, or the specific jobs they can perform. No user should be given responsibility for more than one related function. This limits the ability of a user to perform a malicious action and then cover up that action.

 

NEW QUESTION 159
The operations manager asks you for a list of recommended practices that she should consider when migrating a J2EE application to the cloud. Which three practices should you recommend? Choose 3 answers

  • A. Port the application code to run on Google App Engine.
  • B. Deploy a continuous integration tool with automated testing in a staging environment.
  • C. Integrate Cloud Dataflow into the application to capture real-time metrics.
  • D. Migrate from MySQL to a managed NoSQL database like Google Cloud Datastore or Bigtable.
  • E. Instrument the application with a monitoring tool like Stackdriver Debugger.
  • F. Select an automation framework to reliably provision the cloud infrastructure.

Answer: A,B,D

Explanation:
Reference:
https://cloud.google.com/appengine/docs/standard/java/building-app/cloud-sql

 

NEW QUESTION 160
Your customer wants to do resilience testing of their authentication layer. This consists of a regional managed instance group serving a public REST API that reads from and writes to a Cloud SQL instance.
What should you do?

  • A. Schedule a disaster simulation exercise during which you can shut off all VMs in a zone to see how your application behaves.
  • B. Deploy intrusion detection software to your virtual machines to detect and log unauthorized access.
  • C. Engage with a security company to run web scrapes that look your users' authentication data om malicious websites and notify you if any if found.
  • D. Configure a red replica for your Cloud SQL instance in a different zone than the master, and then manually trigger a failover while monitoring KPIs for our REST API.

Answer: A

 

NEW QUESTION 161
Your architecture calls for the centralized collection of all admin activity and VM system logs within your project.
How should you collect these logs from both VMs and services?

  • A. Install the Stackdriver Logging agent on a single compute instance and let it collect all audit and access logs for your environment.
  • B. Launch a custom syslogd compute instance and configure your GCP project and VMs to forward all logs to it.
  • C. Stackdriver automatically collects admin activity logs for most services. The Stackdriver Logging agent must be installed on each instance to collect system logs.
  • D. All admin and VM system logs are automatically collected by Stackdriver.

Answer: C

Explanation:
Explanation
https://cloud.google.com/logging/docs/agent/default-logs

 

NEW QUESTION 162
For this question, refer to the TerramEarth case study.
To speed up data retrieval, more vehicles will be upgraded to cellular connections and be able to transmit data to the ETL process. The current FTP process is error-prone and restarts the data transfer from the start of the file when connections fail, which happens often. You want to improve the reliability of the solution and minimize data transfer time on the cellular connections. What should you do?

  • A. Use multiple Google Container Engine clusters running FTP servers located in different regions. Save the data to Multi-Regional buckets in us, eu, and asia. Run the ETL process using the data in the bucket.
  • B. Use one Google Container Engine cluster of FTP servers. Save the data to a Multi-Regional bucket. Run the ETL process using data in the bucket.
  • C. Directly transfer the files to different Google Cloud Multi-Regional Storage bucket locations in us, eu, and asia using Google APIs over HTTP(S). Run the ETL process using the data in the bucket.
  • D. Directly transfer the files to a different Google Cloud Regional Storage bucket location in us, eu, and asia using Google APIs over HTTP(S). Run the ETL process to retrieve the data from each Regional bucket.

Answer: D

Explanation:
Reference:
https://cloud.google.com/storage/docs/locations

 

NEW QUESTION 163

The migration of JencoMart's application to Google Cloud Platform (GCP) is progressing too slowly. The infrastructure is shown in the diagram. You want to maximize throughput.
What are three potential bottlenecks? (Choose three.)

  • A. A separate storage layer outside the VMs, which is not suited for this task
  • B. Fewer virtual machines (VMs) in GCP than on-premises machines
  • C. A copy command that is not suited to operate over long distances
  • D. A single VPN tunnel, which limits throughput
  • E. Complicated internet connectivity between the on-premises infrastructure and GCP
  • F. A tier of Google Cloud Storage that is not suited for this task

Answer: A,C,D

 

NEW QUESTION 164
Your architecture calls for the centralized collection of all admin activity and VM system logs within your project.
How should you collect these logs from both VMs and services?

  • A. Launch a custom syslogd compute instance and configure your GCP project and VMs to forward all logs to it.
  • B. Install the Stackdriver Logging agent on a single compute instance and let it collect all audit and access logs for your environment.
  • C. Stackdriver automatically collects admin activity logs for most services. The Stackdriver Logging agent must be installed on each instance to collect system logs.
  • D. All admin and VM system logs are automatically collected by Stackdriver.

Answer: B

Explanation:
Explanation
Reference https://cloud.google.com/logging/docs/agent/

 

NEW QUESTION 165
Your company is developing a web-based application. You need to make sure that production deployments are linked to source code commits and are fully auditable. What should you do?

  • A. Make sure the developer is tagging the commits with :latest
  • B. Make the container tag match the source code commit hash.
  • C. Make sure a developer is tagging the code commit with the date and time of commit
  • D. Make sure a developer is adding a comment to the commit that links to the deployment.

Answer: B

Explanation:
From: https://cloud.google.com/architecture/best-practices-for-building-containers Under: Tagging using the Git commit hash (bottom of page almost)
"In this case, a common way of handling version numbers is to use the Git commit SHA-1 hash (or a short version of it) as the version number. By design, the Git commit hash is immutable and references a specific version of your software.
You can use this commit hash as a version number for your software, but also as a tag for the Docker image built from this specific version of your software. Doing so makes Docker images traceable: because in this case the image tag is immutable, you instantly know which specific version of your software is running inside a given container."

 

NEW QUESTION 166
You need to design a solution for global load balancing based on the URL path being requested. You need to ensure operations reliability and end-to-end in-transit encryption based on Google best practices.
What should you do?

  • A. Create a global forwarding rule. Configure SSL proxy balancing.
  • B. Create appropriate instance groups and instances. Configure SSL proxy load balancing.
  • C. Create a cross-region load balancer with URL Maps.
  • D. Create an HTTPS load balancer with URL maps.

Answer: D

Explanation:
Explanation
Reference https://cloud.google.com/load-balancing/docs/https/url-map

 

NEW QUESTION 167
......


Exam Details

The Google Professional Cloud Architect certificate requires one qualifying exam. This test is 2 hours long and consists of the multiple-choice and multiple-select questions. The applicants can take it in English or Japanese, but before registering, they are required to pay the fee of $200. The students can pass the exam online or on-site at one of the testing centers. You should check the certification webpage for more details regarding the registration and testing processes.

 

Get Top-Rated Google Professional-Cloud-Architect Exam Dumps Now: https://certkiller.passleader.top/Google/Professional-Cloud-Architect-exam-braindumps.html

Related Articles

more
Google Professional-Cloud-Architect Certification Practice Exam