컴퓨터/클라우드

GCP Associate 덤프 문제 151 ~ 200

sidedoor 2025. 2. 18. 23:18

https://www.examtopics.com/exams/google/associate-cloud-engineer/view

 

Associate Cloud Engineer Exam - Free Actual Q&As, Page 1 | ExamTopics

 

www.examtopics.com

위의 GCP Associate 덤프 문제에 대한 풀의를 한다.

 

151. You are working with a user to set up an application in a new VPC behind a firewall. The user is concerned about data egress. You want to configure the fewest open egress ports. What should you do?

  • A. Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.
  • B. Set up a high-priority (1000) rule that pairs both ingress and egress ports.
  • C. Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.
  • D. Set up a high-priority (1000) rule to allow the appropriate ports.

Google Cloud의 방화벽 규칙은 우선순위 값이 낮을수록 높은 우선순위를 갖는다.
따라서, 우선순위가 낮은(65534) "모든 egress 차단" 규칙을 먼저 추가하고, 이후 우선순위가 높은(1000) 특정 포트 허용 규칙을 추가하면 최소한의 egress 포트만 열리도록 설정 가능하다.

정답 A



152. Your company runs its Linux workloads on Compute Engine instances. Your company will be working with a new operations partner that does not use Google
Accounts. You need to grant access to the instances to your operations partner so they can maintain the installed tooling. What should you do?

  • A. Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.
  • B. Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.
  • C. Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.
  • D. Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

IAP는 Google 계정이 필요한 기능이므로 적절하지 않다.

VPN은 네트워크 연결을 제공할 뿐, SSH 인증 문제를 해결하지 않는다.

Google 계정이 없는 경우에도 SSH 키를 사용하여 Compute Engine VM에 접근 가능하다.

정답 D



153. You have created a code snippet that should be triggered whenever a new file is uploaded to a Cloud Storage bucket. You want to deploy this code snippet. What should you do?

  • A. Use App Engine and configure Cloud Scheduler to trigger the application using Pub/Sub.
  • B. Use Cloud Functions and configure the bucket as a trigger resource.
  • C. Use Google Kubernetes Engine and configure a CronJob to trigger the application using Pub/Sub.
  • D. Use Dataflow as a batch job, and configure the bucket as a data source.

Cloud Scheduler는 정기적인 트리거만 가능하며, 파일 업로드 이벤트를 감지할 수 없다.

Cloud Functions는 Cloud Storage 이벤트를 트리거할 수 있다.

Dataflow는 스트리밍 또는 배치 데이터 처리 용도이므로 즉각적인 파일 업로드 이벤트를 처리하기에는 부적절하다.

정답 B

154. You have been asked to set up Object Lifecycle Management for objects stored in storage buckets. The objects are written once and accessed frequently for 30 days. After 30 days, the objects are not read again unless there is a special need. The objects should be kept for three years, and you need to minimize cost.
What should you do?

  • A. Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.
  • B. Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.
  • C. Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.
  • D. Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

Standard Storage: 처음 30일 동안 자주 액세스되므로 사용
Coldline Storage: 1년 동안 거의 접근하지 않는 데이터에 저렴한 비용 제공
Archive Storage: 마지막 2년 동안 보관, 최저 비용 (가장 저렴한 장기 보관 옵션)

정답 B

155. You are storing sensitive information in a Cloud Storage bucket. For legal reasons, you need to be able to record all requests that read any of the stored data. You want to make sure you comply with these requirements. What should you do?

  • A. Enable the Identity Aware Proxy API on the project.
  • B. Scan the bucket using the Data Loss Prevention API.
  • C. Allow only a single Service Account access to read the data.
  • D. Enable Data Access audit logs for the Cloud Storage API.

IAP는 웹 애플리케이션 접근을 보호하는 기능이며, Cloud Storage와 관련이 없다.

DLP는 저장된 데이터에서 민감한 정보를 찾는 용도이지, 읽기 요청 로깅을 제공하지 않는다.

Data Access audit logs는 Cloud Storage의 "읽기(Read)" 요청을 포함한 모든 API 요청을 기록한다.
이를 활성화하면, 누가 언제 데이터를 조회했는지 확인 가능하여 법적 요건을 충족할 수 있다.

정답 D



156. You are the team lead of a group of 10 developers. You provided each developer with an individual Google Cloud Project that they can use as their personal sandbox to experiment with different Google Cloud solutions. You want to be notified if any of the developers are spending above $500 per month on their sandbox environment. What should you do?

  • A. Create a single budget for all projects and configure budget alerts on this budget.
  • B. Create a separate billing account per sandbox project and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per billing account.
  • C. Create a budget per project and configure budget alerts on all of these budgets.
  • D. Create a single billing account for all sandbox projects and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per project.

각 개발자의 샌드박스 프로젝트별로 개별 예산을 설정하면 프로젝트별 지출을 추적하고 초과 시 알림을 받을 수 있다.
Google Cloud Billing의 예산 및 알림 기능을 활용하면 자동으로 초과 지출을 감지하고 알림을 보낼 수 있다.

Billing Account를 프로젝트별로 생성하는 것은 관리 오버헤드가 크고 비효율적이다.

BigQuery와 Data Studio를 활용하는 방식은 실시간 모니터링이 어렵고, 즉각적인 알림이 불가능하다.

정답 C



157. You are deploying a production application on Compute Engine. You want to prevent anyone from accidentally destroying the instance by clicking the wrong button. What should you do?

  • A. Disable the flag ג€Delete boot disk when instance is deleted.ג€
  • B. Enable delete protection on the instance.
  • C. Disable Automatic restart on the instance.
  • D. Enable Preemptibility on the instance.

Compute Engine의 "Delete Protection" 옵션을 활성화하면, 실수로 삭제하려고 할 때 경고가 표시되며 삭제할 수 없도록 보호된다.

정답 B



158. Your company uses a large number of Google Cloud services centralized in a single project. All teams have specific projects for testing and development. The
DevOps team needs access to all of the production services in order to perform their job. You want to prevent Google Cloud product changes from broadening their permissions in the future. You want to follow Google-recommended practices. What should you do?

  • A. Grant all members of the DevOps team the role of Project Editor on the organization level.
  • B. Grant all members of the DevOps team the role of Project Editor on the production project.
  • C. Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the production project.
  • D. Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the organization level.

DevOps 팀에 필요한 권한만 포함된 맞춤형 역할을 생성하여 Production 프로젝트에 할당하면, 최소 권한 원칙(Least Privilege)을 유지하면서도 필요한 권한을 제공할 수 있다.

맞춤형 역할이라도 조직 전체에 부여하면 불필요한 권한 확장이 발생할 수 있다.

정답 C



159. You are building an application that processes data files uploaded from thousands of suppliers. Your primary goals for the application are data security and the expiration of aged data. You need to design the application to:

* Restrict access so that suppliers can access only their own data.
* Give suppliers write access to data only for 30 minutes.
* Delete data that is over 45 days old.
You have a very short development cycle, and you need to make sure that the application requires minimal maintenance. Which two strategies should you use?
(Choose two.)

  • A. Build a lifecycle policy to delete Cloud Storage objects after 45 days.
  • B. Use signed URLs to allow suppliers limited time access to store their objects.
  • C. Set up an SFTP server for your application, and create a separate user for each supplier.
  • D. Build a Cloud function that triggers a timer of 45 days to delete objects that have expired.
  • E. Develop a script that loops through all Cloud Storage buckets and deletes any buckets that are older than 45 days.

45일이 지난 데이터를 자동으로 삭제하여 데이터 보존 정책을 준수하고, 유지 관리 부담을 줄일 수 있다.
공급업체가 특정 기간(예: 30분) 동안만 파일을 업로드할 수 있도록 제한 가능하며, 별도의 사용자 계정 관리 없이도 보안이 강화된다.

Cloud Function을 사용하면 불필요한 비용이 발생할 수 있다.

정답 A, B


160. Your company wants to standardize the creation and management of multiple Google Cloud resources using Infrastructure as Code. You want to minimize the amount of repetitive code needed to manage the environment. What should you do?

  • A. Develop templates for the environment using Cloud Deployment Manager.
  • B. Use curl in a terminal to send a REST request to the relevant Google API for each individual resource.
  • C. Use the Cloud Console interface to provision and manage all related resources.
  • D. Create a bash script that contains all requirement steps as gcloud commands.

Cloud Deployment Manager는 Google Cloud의 공식 Infrastructure as Code (IaC) 솔루션으로, 템플릿 기반으로 리소스를 관리하여 반복적인 코드 작성을 최소화하고, JSON/YAML을 사용하여 쉽게 리소스를 정의할 수 있다.

REST API를 사용하면 매번 새로운 요청을 만들어야 하므로 유지보수가 어렵고 반복적인 코드가 증가한다.

Bash 스크립트는 스크립트 유지보수가 어렵고, 대규모 환경에서 일관성을 유지하기 어렵다.

정답 A



161. You are performing a monthly security check of your Google Cloud environment and want to know who has access to view data stored in your Google Cloud
Project. What should you do?

  • A. Enable Audit Logs for all APIs that are related to data storage.
  • B. Review the IAM permissions for any role that allows for data access.
  • C. Review the Identity-Aware Proxy settings for each resource.
  • D. Create a Data Loss Prevention job.

Google Cloud에서 데이터 접근을 제어하는 것은 IAM 역할(Role)과 권한(Permissions)을 통해 이루어진다.

정답 B



162. Your company has embraced a hybrid cloud strategy where some of the applications are deployed on Google Cloud. A Virtual Private Network (VPN) tunnel connects your Virtual Private Cloud (VPC) in Google Cloud with your company's on-premises network. Multiple applications in Google Cloud need to connect to an on-premises database server, and you want to avoid having to change the IP configuration in all of your applications when the IP of the database changes.
What should you do?

  • A. Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.
  • B. Create a private zone on Cloud DNS, and configure the applications with the DNS name.
  • C. Configure the IP of the database as custom metadata for each instance, and query the metadata server.
  • D. Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.

Cloud NAT는 Google Cloud에서 외부로 나가는 트래픽(NAT Gateway) 설정이다.

Cloud DNS의 Private Zone을 사용하면 내부 DNS를 통해 온프레미스 데이터베이스의 IP를 동적으로 관리할 수 있다.
데이터베이스 IP가 변경되더라도, DNS 이름을 사용하는 애플리케이션에서는 설정을 변경할 필요 없이 자동으로 새로운 IP를 해석할 수 있다.

메타데이터 서버는 VM 내부에서만 접근 가능하며, 데이터베이스가 변경될 때마다 각 VM에서 메타데이터를 업데이트해야한다.

Compute Engine의 내부 DNS는 Google Cloud 내에서 VM 인스턴스를 식별하는 용도이다.

정답 B



163. You have developed a containerized web application that will serve internal colleagues during business hours. You want to ensure that no costs are incurred outside of the hours the application is used. You have just created a new Google Cloud project and want to deploy the application. What should you do?

  • A. Deploy the container on Cloud Run for Anthos, and set the minimum number of instances to zero.
  • B. Deploy the container on Cloud Run (fully managed), and set the minimum number of instances to zero.
  • C. Deploy the container on App Engine flexible environment with autoscaling, and set the value min_instances to zero in the app.yaml.
  • D. Deploy the container on App Engine flexible environment with manual scaling, and set the value instances to zero in the app.yaml.

Anthos 기반 Cloud Run은 Kubernetes 클러스터에서 실행되므로, 인스턴스를 0으로 줄이더라도 기본적인 클러스터 비용이 발생한다.
Cloud Run (Fully Managed)는 사용량이 없을 때 자동으로 인스턴스를 0으로 줄일 수 있다.
업무 시간이 아닐 때는 자동으로 종료되므로 비용이 발생하지 않는다.

App Engine Flexible 환경은 최소한의 리소스를 유지해야 하므로 완전히 비용이 0이 되지 않는다.

정답 B

164. You have experimented with Google Cloud using your own credit card and expensed the costs to your company. Your company wants to streamline the billing process and charge the costs of your projects to their monthly invoice. What should you do?

  • A. Grant the financial team the IAM role of ג€Billing Account Userג€ on the billing account linked to your credit card.
  • B. Set up BigQuery billing export and grant your financial department IAM access to query the data.
  • C. Create a ticket with Google Billing Support to ask them to send the invoice to your company.
  • D. Change the billing account of your projects to the billing account of your company.

Google Cloud에서는 프로젝트의 청구 계정을 변경하면 해당 프로젝트의 모든 비용이 새로운 청구 계정으로 전가된다.

정답 D



165. You are running a data warehouse on BigQuery. A partner company is offering a recommendation engine based on the data in your data warehouse. The partner company is also running their application on Google Cloud. They manage the resources in their own project, but they need access to the BigQuery dataset in your project. You want to provide the partner company with access to the dataset. What should you do?

  • A. Create a Service Account in your own project, and grant this Service Account access to BigQuery in your project.
  • B. Create a Service Account in your own project, and ask the partner to grant this Service Account access to BigQuery in their project.
  • C. Ask the partner to create a Service Account in their project, and have them give the Service Account access to BigQuery in their project.
  • D. Ask the partner to create a Service Account in their project, and grant their Service Account access to the BigQuery dataset in your project.

파트너사의 Google Cloud 프로젝트에 Service Account를 생성하면, 해당 계정을 특정 리소스에 대한 IAM 역할을 통해 접근하도록 설정 가능하다.
이후 BigQuery 데이터셋에 이 서비스 계정에 대해 bigquery.dataViewer 권한을 부여하면, 파트너사는 데이터를 읽을 수 있다.

정답 D



166. Your web application has been running successfully on Cloud Run for Anthos. You want to evaluate an updated version of the application with a specific percentage of your production users (canary deployment). What should you do?

  • A. Create a new service with the new version of the application. Split traffic between this version and the version that is currently running.
  • B. Create a new revision with the new version of the application. Split traffic between this version and the version that is currently running.
  • C. Create a new service with the new version of the application. Add an HTTP Load Balancer in front of both services.
  • D. Create a new revision with the new version of the application. Add an HTTP Load Balancer in front of both revisions.

Cloud Run for Anthos는 "Revision" 단위로 새로운 버전을 배포할 수 있으며, 트래픽을 특정 비율로 조정하여 Canary Deployment를 수행할 수 있다.
Cloud Run의 트래픽 스플리팅 기능을 사용하면 기존 버전과 새 버전 간의 트래픽 비율을 조정 가능하다.

정답 B



167. Your company developed a mobile game that is deployed on Google Cloud. Gamers are connecting to the game with their personal phones over the Internet. The game sends UDP packets to update the servers about the gamers' actions while they are playing in multiplayer mode. Your game backend can scale over multiple virtual machines (VMs), and you want to expose the VMs over a single IP address. What should you do?

  • A. Configure an SSL Proxy load balancer in front of the application servers.
  • B. Configure an Internal UDP load balancer in front of the application servers.
  • C. Configure an External HTTP(s) load balancer in front of the application servers.
  • D. Configure an External Network load balancer in front of the application servers.

SSL Proxy Load Balancer는 TCP 트래픽만 지원하며, UDP 트래픽을 처리할 수 없다.

Internal Load Balancer는 VPC 내부 트래픽을 처리하는 데 사용되므로, 외부 인터넷에서 오는 게임 트래픽을 처리할 수 없다.

UDP 트래픽을 지원하는 유일한 Google Cloud 로드 밸런서는 "External Network Load Balancer"이다.
멀티플레이어 게임에서 UDP 패킷을 처리하는데 적합하며, 하나의 공용 IP를 통해 여러 VM으로 트래픽을 분산할 수 있다.

정답 D



168. You are working for a hospital that stores its medical images in an on-premises data room. The hospital wants to use Cloud Storage for archival storage of these images. The hospital wants an automated process to upload any new medical images to Cloud Storage. You need to design and implement a solution. What should you do?

  • A. Create a Pub/Sub topic, and enable a Cloud Storage trigger for the Pub/Sub topic. Create an application that sends all medical images to the Pub/Sub topic.
  • B. Deploy a Dataflow job from the batch template, ג€Datastore to Cloud Storage.ג€ Schedule the batch job on the desired interval.
  • C. Create a script that uses the gsutil command line interface to synchronize the on-premises storage with Cloud Storage. Schedule the script as a cron job.
  • D. In the Cloud Console, go to Cloud Storage. Upload the relevant images to the appropriate bucket.

Pub/Sub은 이벤트 기반 메시징 시스템이다.

의료 이미지가 Datastore에 저장되는 것이 아니므로, 해당 Dataflow 템플릿을 사용할 수 없다.

gsutil rsync 명령어를 사용하면 로컬 스토리지와 Cloud Storage 간의 동기화가 가능하다.
크론잡(Cron Job)을 사용하면 새로운 이미지를 정기적으로 자동 업로드할 수 있어 유지보수가 간편하다.

정답 C

169. Your auditor wants to view your organization's use of data in Google Cloud. The auditor is most interested in auditing who accessed data in Cloud Storage buckets. You need to help the auditor access the data they need. What should you do?

  • A. Turn on Data Access Logs for the buckets they want to audit, and then build a query in the log viewer that filters on Cloud Storage.
  • B. Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs.
  • C. Assign the appropriate permissions, and then use Cloud Monitoring to review metrics.
  • D. Use the export logs API to provide the Admin Activity Audit Logs in the format they want.

Cloud Storage의 Data Access Logs를 활성화하면 누가 데이터를 읽었는지에 대한 로그를 남길 수 있다.

Admin Activity Logs는 관리자 작업(예: IAM 권한 변경, 버킷 생성 등)에 대한 기록만 포함하며, 데이터 읽기 접근 내역은 포함되지 않는다.

정답 A



170. You received a JSON file that contained a private key of a Service Account in order to get access to several resources in a Google Cloud project. You downloaded and installed the Cloud SDK and want to use this private key for authentication and authorization when performing gcloud commands. What should you do?

  • A. Use the command gcloud auth login and point it to the private key.
  • B. Use the command gcloud auth activate-service-account and point it to the private key.
  • C. Place the private key file in the installation directory of the Cloud SDK and rename it to ג€credentials.jsonג€.
  • D. Place the private key file in your home directory and rename it to ג€GOOGLE_APPLICATION_CREDENTIALSג€.

gcloud auth login은 사용자 계정 인증을 위한 명령어이며, 서비스 계정 인증에는 사용되지 않는다.

서비스 계정의 JSON 키 파일을 사용하여 Cloud SDK에서 인증하려면 gcloud auth activate-service-account 명령어를 사용해야 한다.
이후 --key-file 플래그를 사용하여 JSON 키 파일의 경로를 지정하면 해당 서비스 계정으로 인증된다.

정답 B

171. You are working with a Cloud SQL MySQL database at your company. You need to retain a month-end copy of the database for three years for audit purposes.
What should you do?

  • A. Set up an export job for the first of the month. Write the export file to an Archive class Cloud Storage bucket.
  • B. Save the automatic first-of-the-month backup for three years. Store the backup file in an Archive class Cloud Storage bucket.
  • C. Set up an on-demand backup for the first of the month. Write the backup to an Archive class Cloud Storage bucket.
  • D. Convert the automatic first-of-the-month backup to an export file. Write the export file to a Coldline class Cloud Storage bucket.

Cloud SQL 자동 백업은 장기 보관이 어려우므로, 데이터를 내보내(export) Cloud Storage에 저장하는 것이 적절하다.

정답 A

172. You are monitoring an application and receive user feedback that a specific error is spiking. You notice that the error is caused by a Service Account having insufficient permissions. You are able to solve the problem but want to be notified if the problem recurs. What should you do?

  • A. In the Log Viewer, filter the logs on severity 'Error' and the name of the Service Account.
  • B. Create a sink to BigQuery to export all the logs. Create a Data Studio dashboard on the exported logs.
  • C. Create a custom log-based metric for the specific error to be used in an Alerting Policy.
  • D. Grant Project Owner access to the Service Account.

Cloud Logging에서 특정 오류 메시지를 감지하는 로그 기반 메트릭(Log-Based Metric)을 생성하면, Cloud Monitoring Alerting Policy를 설정하여 동일한 오류 발생 시 알림을 받을 수 있다.

정답 C

173. You are developing a financial trading application that will be used globally. Data is stored and queried using a relational structure, and clients from all over the world should get the exact identical state of the data. The application will be deployed in multiple regions to provide the lowest latency to end users. You need to select a storage option for the application data while minimizing latency. What should you do?

  • A. Use Cloud Bigtable for data storage.
  • B. Use Cloud SQL for data storage.
  • C. Use Cloud Spanner for data storage.
  • D. Use Firestore for data storage.

Cloud Bigtable와 Firestore은 NoSQL 데이터베이스로, 관계형 데이터 모델을 지원하지 않는다.

Cloud SQL은 단일 지역(RDS) 서비스로, 여러 지역에서 동일한 상태를 유지하려면 수동으로 복제 및 동기화해야 하므로 금융 시스템에 부적절하다.

Cloud Spanner는 글로벌 트랜잭션 일관성(Strong Consistency)을 제공하는 유일한 Google Cloud의 관계형 데이터베이스이다.

정답 C


174. You are about to deploy a new Enterprise Resource Planning (ERP) system on Google Cloud. The application holds the full database in-memory for fast data access, and you need to configure the most appropriate resources on Google Cloud for this application. What should you do?

  • A. Provision preemptible Compute Engine instances.
  • B. Provision Compute Engine instances with GPUs attached.
  • C. Provision Compute Engine instances with local SSDs attached.
  • D. Provision Compute Engine instances with M1 machine type.

M1 머신 타입(Memory-Optimized Machine Type)은 RAM 용량이 매우 크며, 메모리 내 데이터베이스 및 ERP 시스템에 적합하다.

Local SSD는 높은 IOPS 성능을 제공하지만, 데이터베이스가 메모리에 적재되는 ERP 시스템에는 불필요하다.

정답 D

175. You have developed an application that consists of multiple microservices, with each microservice packaged in its own Docker container image. You want to deploy the entire application on Google Kubernetes Engine so that each microservice can be scaled individually. What should you do?

  • A. Create and deploy a Custom Resource Definition per microservice.
  • B. Create and deploy a Docker Compose File.
  • C. Create and deploy a Job per microservice.
  • D. Create and deploy a Deployment per microservice.

CRD는 Kubernetes에서 사용자 정의 리소스를 정의할 때 사용된다.

Docker Compose는 로컬 개발 환경에서 컨테이너를 실행할 때 사용된다.

GKE에서는 각 마이크로서비스를 Deployment객체로 배포하는 것이 표준 방식이다.

정답 D



176. You will have several applications running on different Compute Engine instances in the same project. You want to specify at a more granular level the service account each instance uses when calling Google Cloud APIs. What should you do?

  • A. When creating the instances, specify a Service Account for each instance.
  • B. When creating the instances, assign the name of each Service Account as instance metadata.
  • C. After starting the instances, use gcloud compute instances update to specify a Service Account for each instance.
  • D. After starting the instances, use gcloud compute instances update to assign the name of the relevant Service Account as instance metadata.

Compute Engine 인스턴스를 생성할 때, 각 인스턴스별로 특정 서비스 계정을 할당할 수 있고, 인스턴스 생성 후에는 서비스 계정을 변경할 수 없으므로, 생성 시 올바른 서비스 계정을 지정하는 것이 중요하다.

정답 A

177. You are creating an application that will run on Google Kubernetes Engine. You have identified MongoDB as the most suitable database system for your application and want to deploy a managed MongoDB environment that provides a support SLA. What should you do?

  • A. Create a Cloud Bigtable cluster, and use the HBase API.
  • B. Deploy MongoDB Atlas from the Google Cloud Marketplace.
  • C. Download a MongoDB installation package, and run it on Compute Engine instances.
  • D. Download a MongoDB installation package, and run it on a Managed Instance Group.

MongoDB Atlas는 관리형 MongoDB 서비스이며, Google Cloud Marketplace에서 제공된다.

정답 B



178. You are managing a project for the Business Intelligence (BI) department in your company. A data pipeline ingests data into BigQuery via streaming. You want the users in the BI department to be able to run the custom SQL queries against the latest data in BigQuery. What should you do?

  • A. Create a Data Studio dashboard that uses the related BigQuery tables as a source and give the BI team view access to the Data Studio dashboard.
  • B. Create a Service Account for the BI team and distribute a new private key to each member of the BI team.
  • C. Use Cloud Scheduler to schedule a batch Dataflow job to copy the data from BigQuery to the BI team's internal data warehouse.
  • D. Assign the IAM role of BigQuery User to a Google Group that contains the members of the BI team.

Data Studio는 시각화 도구이며, BI 팀이 BigQuery에서 SQL을 직접 실행하는 것을 지원하지 않는다.

IAM 역할(roles/bigquery.user)을 Google Group에 부여하면, 모든 BI 팀원이 BigQuery에서 SQL 쿼리를 실행할 수 있다.



179. Your company is moving its entire workload to Compute Engine. Some servers should be accessible through the Internet, and other servers should only be accessible over the internal network. All servers need to be able to talk to each other over specific ports and protocols. The current on-premises network relies on a demilitarized zone (DMZ) for the public servers and a Local Area Network (LAN) for the private servers. You need to design the networking infrastructure on
Google Cloud to match these requirements. What should you do?

  • A. 1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.
  • B. 1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.
  • C. 1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.
  • D. 1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.

Google Cloud에서는 하나의 VPC 내에서 여러 개의 서브넷을 생성할 수 있기 때문에 DMZ 서브넷은 외부 인터넷과 통신하도록 설정하고, 내부 LAN 서브넷은 내부 통신만 허용하는 방화벽 규칙을 설정하면 된다.

DMZ는 외부에서 접근 가능해야 하므로, ingress(입력) 트래픽을 차단하면 웹 서버 접근이 불가능하다.

정답 A

180. You have just created a new project which will be used to deploy a globally distributed application. You will use Cloud Spanner for data storage. You want to create a Cloud Spanner instance. You want to perform the first step in preparation of creating the instance. What should you do?

  • A. Enable the Cloud Spanner API.
  • B. Configure your Cloud Spanner instance to be multi-regional.
  • C. Create a new VPC network with subnetworks in all desired regions.
  • D. Grant yourself the IAM role of Cloud Spanner Admin.

Cloud Spanner를 사용하려면 먼저 Cloud Spanner API를 활성화해야 하고 만약 API가 활성화되지 않으면 Spanner 인스턴스를 생성할 수 없다.

정답 A

181. You have created a new project in Google Cloud through the gcloud command line interface (CLI) and linked a billing account. You need to create a new Compute Engine instance using the CLI. You need to perform the prerequisite steps. What should you do?

  • A. Create a Cloud Monitoring Workspace.
  • B. Create a VPC network in the project.
  • C. Enable the compute googleapis.com API.
  • D. Grant yourself the IAM role of Computer Admin.

Google Cloud에서 Compute Engine을 사용하려면 "Compute Engine API" (compute.googleapis.com)를 활성화해야 한다.

정답 C

182. Your company has developed a new application that consists of multiple microservices. You want to deploy the application to Google Kubernetes Engine (GKE), and you want to ensure that the cluster can scale as more applications are deployed in the future. You want to avoid manual intervention when each new application is deployed. What should you do?

  • A. Deploy the application on GKE, and add a HorizontalPodAutoscaler to the deployment.
  • B. Deploy the application on GKE, and add a VerticalPodAutoscaler to the deployment.
  • C. Create a GKE cluster with autoscaling enabled on the node pool. Set a minimum and maximum for the size of the node pool.
  • D. Create a separate node pool for each application, and deploy each application to its dedicated node pool.

Node Pool Autoscaling을 사용하면 GKE 클러스터가 자동으로 확장되므로, 추가 애플리케이션을 배포할 때 수동 개입 없이 노드가 증가 가능하다.

HorizontalPodAutoscaler(HPA)는 Pod 개수를 조정, VerticalPodAutoscaler(VPA)는 Pod 내의 리소스(CPU, 메모리)를 조정이다.

정답 C



183. You need to manage a third-party application that will run on a Compute Engine instance. Other Compute Engine instances are already running with default configuration. Application installation files are hosted on Cloud Storage. You need to access these files from the new instance without allowing other virtual machines (VMs) to access these files. What should you do?

  • A. Create the instance with the default Compute Engine service account. Grant the service account permissions on Cloud Storage.
  • B. Create the instance with the default Compute Engine service account. Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.
  • C. Create a new service account and assign this service account to the new instance. Grant the service account permissions on Cloud Storage.
  • D. Create a new service account and assign this service account to the new instance. Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.

기본 서비스 계정(Default Compute Engine Service Account)은 모든 VM에서 공유되므로, 특정 인스턴스만 Cloud Storage에 접근하도록 제어하기 어렵다.
따라서 별도의 서비스 계정을 생성하고, 해당 서비스 계정을 특정 VM에만 할당해야 한다.

정답 C



184. You need to configure optimal data storage for files stored in Cloud Storage for minimal cost. The files are used in a mission-critical analytics pipeline that is used continually. The users are in Boston, MA (United States). What should you do?

  • A. Configure regional storage for the region closest to the users. Configure a Nearline storage class.
  • B. Configure regional storage for the region closest to the users. Configure a Standard storage class.
  • C. Configure dual-regional storage for the dual region closest to the users. Configure a Nearline storage class.
  • D. Configure dual-regional storage for the dual region closest to the users. Configure a Standard storage class.

미션 크리티컬 분석 파이프라인에서 지속적으로 데이터를 사용하므로, Standard 스토리지 클래스가 필요하다.

Nearline Storage는 한 달에 한두 번만 접근하는 데이터를 위한 옵션이며, 지속적으로 접근하는 워크로드에는 적합하지 않다.

정답 B

185. You are developing a new web application that will be deployed on Google Cloud Platform. As part of your release cycle, you want to test updates to your application on a small portion of real user traffic. The majority of the users should still be directed towards a stable version of your application. What should you do?

  • A. Deploy the application on App Engine. For each update, create a new version of the same service. Configure traffic splitting to send a small percentage of traffic to the new version.
  • B. Deploy the application on App Engine. For each update, create a new service. Configure traffic splitting to send a small percentage of traffic to the new service.
  • C. Deploy the application on Kubernetes Engine. For a new release, update the deployment to use the new version.
  • D. Deploy the application on Kubernetes Engine. For a new release, create a new deployment for the new version. Update the service to use the new deployment.

App Engine에서는 트래픽 스플리팅을 통해 특정 비율의 요청을 새 버전으로 라우팅할 수 있다.

정답 A



186. You need to add a group of new users to Cloud Identity. Some of the users already have existing Google accounts. You want to follow one of Google's recommended practices and avoid conflicting accounts. What should you do?

  • A. Invite the user to transfer their existing account.
  • B. Invite the user to use an email alias to resolve the conflict.
  • C. Tell the user that they must delete their existing account.
  • D. Tell the user to remove all personal email from the existing account.

Google의 권장 방법은 기존 Google 계정 사용자가 계정을 새로운 조직 계정으로 이전하도록 초대하는 것으로 조직이 Cloud Identity 또는 Google Workspace를 사용하여 계정을 관리하려면, 기존 개인 계정을 조직 계정으로 전환해야 한다.

정답 A



187. You need to manage a Cloud Spanner instance for best query performance. Your instance in production runs in a single Google Cloud region. You need to improve performance in the shortest amount of time. You want to follow Google best practices for service configuration. What should you do?

  • A. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 45%. If you exceed this threshold, add nodes to your instance.
  • B. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 45%. Use database query statistics to identify queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage.
  • C. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%. If you exceed this threshold, add nodes to your instance.
  • D. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%. Use database query statistics to identify queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage.

Google Cloud Spanner의 권장사항은 고우선순위 CPU 사용률(High Priority CPU Utilization)이 65%를 초과하면 노드를 추가하는 것이다.

정답 C



188. Your company has an internal application for managing transactional orders. The application is used exclusively by employees in a single physical location. The application requires strong consistency, fast queries, and ACID guarantees for multi-table transactional updates. The first version of the application is implemented in PostgreSQL, and you want to deploy it to the cloud with minimal code changes. Which database is most appropriate for this application?

  • A. BigQuery
  • B. Cloud SQL
  • C. Cloud Spanner
  • D. Cloud Datastore

Cloud SQL은 PostgreSQL을 지원하는 완전 관리형 데이터베이스 서비스이며, 기존 PostgreSQL 애플리케이션을 변경 없이 클라우드로 이전 가능하다.
ACID 트랜잭션을 지원하며, 강력한 일관성과 빠른 쿼리를 제공한다.

Cloud Spanner는 글로벌 확장성을 갖춘 관계형 데이터베이스지만, 기존 PostgreSQL 애플리케이션을 그대로 이전하려면 상당한 코드 변경이 필요하다.

정답 B



189. You are assigned to maintain a Google Kubernetes Engine (GKE) cluster named 'dev' that was deployed on Google Cloud. You want to manage the GKE configuration using the command line interface (CLI). You have just downloaded and installed the Cloud SDK. You want to ensure that future CLI commands by default address this specific cluster What should you do?

  • A. Use the command gcloud config set container/cluster dev.
  • B. Use the command gcloud container clusters update dev.
  • C. Create a file called gke.default in the ~/.gcloud folder that contains the cluster name.
  • D. Create a file called defaults.json in the ~/.gcloud folder that contains the cluster name.

gcloud config set container/cluster [CLUSTER_NAME] 명령어를 사용하면 기본 GKE 클러스터를 설정할 수 있다.

정답 A


190. The sales team has a project named Sales Data Digest that has the ID acme-data-digest. You need to set up similar Google Cloud resources for the marketing team but their resources must be organized independently of the sales team. What should you do?

  • A. Grant the Project Editor role to the Marketing team for acme-data-digest.
  • B. Create a Project Lien on acme-data-digest and then grant the Project Editor role to the Marketing team.
  • C. Create another project with the ID acme-marketing-data-digest for the Marketing team and deploy the resources there.
  • D. Create a new project named Marketing Data Digest and use the ID acme-data-digest. Grant the Project Editor role to the Marketing team.

Google Cloud에서 각 팀은 개별 프로젝트를 가져야 독립적으로 리소스를 관리할 수 있기 때문에 별도의 프로젝트를 생성하면 IAM, 결제, 리소스 사용량을 분리하여 관리할 수 있다.

정답 C



191. You have deployed multiple Linux instances on Compute Engine. You plan on adding more instances in the coming weeks. You want to be able to access all of these instances through your SSH client over the internet without having to configure specific access on the existing and new instances. You do not want the Compute Engine instances to have a public IP. What should you do?

  • A. Configure Cloud Identity-Aware Proxy for HTTPS resources.
  • B. Configure Cloud Identity-Aware Proxy for SSH and TCP resources
  • C. Create an SSH keypair and store the public key as a project-wide SSH Key.
  • D. Create an SSH keypair and store the private key as a project-wide SSH Key.

IAP for HTTPS는 웹 애플리케이션 접근을 보호하는 용도로, SSH 접근과 관련 없다.

Cloud Identity-Aware Proxy (IAP) for SSH를 사용하면, 공용 IP 없이도 인터넷을 통해 Compute Engine 인스턴스에 안전하게 SSH 접속 가능하다.

프로젝트 수준 SSH 키를 사용하면 새 인스턴스를 추가할 때 자동으로 키가 배포되지만, 인터넷에서 직접 접속하려면 공용 IP가 필요하다.
정답 B

192. You have created an application that is packaged into a Docker image. You want to deploy the Docker image as a workload on Google Kubernetes Engine. What should you do?

  • A. Upload the image to Cloud Storage and create a Kubernetes Service referencing the image.
  • B. Upload the image to Cloud Storage and create a Kubernetes Deployment referencing the image.
  • C. Upload the image to Container Registry and create a Kubernetes Service referencing the image.
  • D. Upload the image to Container Registry and create a Kubernetes Deployment referencing the image.

Cloud Storage는 컨테이너 이미지를 저장하는 용도가 아니다.

GKE에서 컨테이너 이미지는 Container Registry 또는 Artifact Registry에 업로드하여 배포해야한다.

Deployment는 지속적으로 실행되는 애플리케이션을 배포하는 가장 적절한 리소스이다.

정답 D


193. You are using Data Studio to visualize a table from your data warehouse that is built on top of BigQuery. Data is appended to the data warehouse during the day. At night, the daily summary is recalculated by overwriting the table. You just noticed that the charts in Data Studio are broken, and you want to analyze the problem. What should you do?

  • A. Review the Error Reporting page in the Cloud Console to find any errors.
  • B. Use the BigQuery interface to review the nightly job and look for any errors.
  • C. Use Cloud Debugger to find out why the data was not refreshed correctly.
  • D. In Cloud Logging, create a filter for your Data Studio report.

BigQuery에서 Data Studio의 원본 데이터 테이블이 손상되거나 업데이트되지 않았을 가능성이 높다. BigQuery 콘솔에서 nightly job을 확인하여, 테이블이 올바르게 업데이트되었는지 확인한다.

Data Studio 자체는 로그를 남기지 않는다.

정답 B


194. You have been asked to set up the billing configuration for a new Google Cloud customer. Your customer wants to group resources that share common IAM policies. What should you do?

  • A. Use labels to group resources that share common IAM policies.
  • B. Use folders to group resources that share common IAM policies.
  • C. Set up a proper billing account structure to group IAM policies.
  • D. Set up a proper project naming structure to group IAM policies.

레이블은 리소스 관리를 위한 메타데이터이다.

Google Cloud의 폴더(Folders)는 동일한 IAM 정책을 적용할 수 있도록 여러 프로젝트를 그룹화하는 역할을 한다. 따라서 폴더 내의 모든 프로젝트는 상위 폴더에서 정의된 IAM 정책을 자동으로 상속받는다.

정답 B

195. You have been asked to create robust Virtual Private Network (VPN) connectivity between a new Virtual Private Cloud (VPC) and a remote site. Key requirements include dynamic routing, a shared address space of 10.19.0.1/22, and no overprovisioning of tunnels during a failover event. You want to follow Google- recommended practices to set up a high availability Cloud VPN. What should you do?

  • A. Use a custom mode VPC network, configure static routes, and use active/passive routing.
  • B. Use an automatic mode VPC network, configure static routes, and use active/active routing.
  • C. Use a custom mode VPC network, use Cloud Router border gateway protocol (BGP) routes, and use active/passive routing.
  • D. Use an automatic mode VPC network, use Cloud Router border gateway protocol (BGP) routes, and configure policy-based routing.

Google Cloud에서 고가용성(HA) Cloud VPN을 설정하려면 Cloud Router와 BGP(Border Gateway Protocol)를 사용해야 한다.
Active/Passive 구성은 기본 터널이 실패할 경우 대기 터널이 활성화되는 방식으로, 과도한 터널 오버프로비저닝을 방지할 수 있다.
Custom Mode VPC를 사용하면 서브넷을 수동으로 관리할 수 있어 더 유연한 네트워크 구성이 가능하다.

Automatic Mode VPC는 모든 리전에 동일한 서브넷을 생성하여, 세밀한 네트워크 구성이 어렵다.

정답 C

 

196. You are running multiple microservices in a Kubernetes Engine cluster. One microservice is rendering images. The microservice responsible for the image rendering requires a large amount of CPU time compared to the memory it requires. The other microservices are workloads that are optimized for n1-tandard machine types. You need to optimize your cluster so that all workloads are using resources as efficiently as possible. What should you do?

  • A. Assign the pods of the image rendering microservice a higher pod priority than the other microservices.
  • B. Create a node pool with compute-optimized machine type nodes for the image rendering microservice. Use the node pool with general-purpose machine type nodes for the other microservices.
  • C. Use the node pool with general-purpose machine type nodes for the image rendering microservice. Create a node pool with compute-optimized machine type nodes for the other microservices.
  • D. Configure the required amount of CPU and memory in the resource requests specification of the image rendering microservice deployment. Keep the resource requests for the other microservices at the default.

Pod Priority는 CPU 사용량을 최적화하는 방법이 아니며, 스케줄링 우선순위를 조정하는 기능이다.

이미지 렌더링 서비스는 CPU 사용량이 높으므로, Compute-Optimized 머신 타입을 사용하는 별도의 노드 풀을 생성하는 것이 적절하고, 일반적인 마이크로서비스는 n1-standard 머신 타입과 같은 General-Purpose 노드에서 실행하는 것이 효율적이다.

정답 B

 


197. Your organization has three existing Google Cloud projects. You need to bill the Marketing department for only their Google Cloud services for a new initiative within their group. What should you do?

  • A. 1. Verify that you are assigned the Billing Administrator IAM role for your organization's Google Cloud Project for the Marketing department. 2. Link the new project to a Marketing Billing Account.
  • B. 1. Verify that you are assigned the Billing Administrator IAM role for your organization's Google Cloud account. 2. Create a new Google Cloud Project for the Marketing department. 3. Set the default key-value project labels to department:marketing for all services in this project.
  • C. 1. Verify that you are assigned the Organization Administrator IAM role for your organization's Google Cloud account. 2. Create a new Google Cloud Project for the Marketing department. 3. Link the new project to a Marketing Billing Account.
  • D. 1. Verify that you are assigned the Organization Administrator IAM role for your organization's Google Cloud account. 2. Create a new Google Cloud Project for the Marketing department. 3. Set the default key-value project labels to department:marketing for all services in this project.

Billing Administrator 역할을 가진 후, 새로운 프로젝트를 마케팅 부서의 청구 계정에 연결하면 해당 프로젝트의 비용이 마케팅 부서로 청구된다.

정답  A


198. You deployed an application on a managed instance group in Compute Engine. The application accepts Transmission Control Protocol (TCP) traffic on port 389 and requires you to preserve the IP address of the client who is making a request. You want to expose the application to the internet by using a load balancer. What should you do?

  • A. Expose the application by using an external TCP Network Load Balancer.
  • B. Expose the application by using a TCP Proxy Load Balancer.
  • C. Expose the application by using an SSL Proxy Load Balancer.
  • D. Expose the application by using an internal TCP Network Load Balancer.

TCP 389 포트는 LDAP(Lightweight Directory Access Protocol)에서 사용되며, 클라이언트 IP를 유지해야한다.
External TCP Network Load Balancer는 클라이언트 IP를 유지하며, TCP 기반의 로드 밸런싱이 가능하다.
Cloud TCP Proxy Load Balancer 및 SSL Proxy Load Balancer는 클라이언트 IP를 유지하지 않는다.

정답 A


199. You are building a multi-player gaming application that will store game information in a database. As the popularity of the application increases, you are concerned about delivering consistent performance. You need to ensure an optimal gaming performance for global users, without increasing the management complexity. What should you do?

  • A. Use Cloud SQL database with cross-region replication to store game statistics in the EU, US, and APAC regions.
  • B. Use Cloud Spanner to store user data mapped to the game statistics.
  • C. Use BigQuery to store game statistics with a Redis on Memorystore instance in the front to provide global consistency.
  • D. Store game statistics in a Bigtable database partitioned by username.

Cloud Spanner는 글로벌 트랜잭션 일관성을 보장하며, 자동 확장성이 뛰어나므로 대규모 사용자 기반에 적합하다.

BigQuery는 데이터 분석용(OLAP) 데이터베이스이다.

Bigtable은 NoSQL 기반이며, SQL 쿼리 및 관계형 데이터 모델을 지원하지 않는다.

정답 B


200. You are building an application that stores relational data from users. Users across the globe will use this application. Your CTO is concerned about the scaling requirements because the size of the user base is unknown. You need to implement a database solution that can scale with your user growth with minimum configuration changes. Which storage solution should you use?

  • A. Cloud SQL
  • B. Firestore
  • C. Cloud Spanner
  • D. Bigtable

Firestore는 문서형 NoSQL 데이터베이스이며, 관계형 데이터를 저장하는 데 적절하지 않다.

Cloud Spanner는 글로벌 분산형 관계형 데이터베이스로, 자동 확장이 가능하여 예측할 수 없는 사용자 증가를 처리할 수 있다.
관계형 데이터 모델(SQL 지원)과 ACID 트랜잭션을 제공하여, 전 세계 사용자에게 일관된 데이터 경험을 제공 가능하다.

정답 C