• ホーム
  • ブログ
  • Professional-Cloud-ArchitectのPDF問題集で2022年03月09日試験問題 有効なProfessional-Cloud-Architect問題集 [Q116-Q137]

Professional-Cloud-ArchitectのPDF問題集で2022年03月09日試験問題 有効なProfessional-Cloud-Architect問題集 [Q116-Q137]

Share

Professional-Cloud-ArchitectのPDF問題集で2022年03月09日試験問題 有効なProfessional-Cloud-Architect問題集

究極のProfessional-Cloud-Architect準備ガイドで無料最新のGoogle練習テスト問題集

質問 116
You need to deploy an application to Google Cloud. The application receives traffic via TCP and reads and writes data to the filesystem. The application does not support horizontal scaling. The application process requires full control over the data on the file system because concurrent access causes corruption. The business is willing to accept a downtime when an incident occurs, but the application must be available 24/7 to support their business operations. You need to design the architecture of this application on Google Cloud.
What should you do?

  • A. Use a managed instance group with instances in multiple zones, use Cloud Filestore, and use a network load balancer in front of the instances.
  • B. Use an unmanaged instance group with an active and standby instance in different zones, use a regional persistent disk, and use an HTTP load balancer in front of the instances.
  • C. Use an unmanaged instance group with an active and standby instance in different zones, use a regional persistent disk, and use a network load balancer in front of the instances.
  • D. Use a managed instance group with instances in multiple zones, use Cloud Filestore, and use an HTTP load balancer in front of the instances.

正解: C

解説:
Reference: https://cloud.google.com/compute/docs/instance-groups

 

質問 117
For this question, refer to the EHR Healthcare case study. In the past, configuration errors put public IP addresses on backend servers that should not have been accessible from the Internet. You need to ensure that no one can put external IP addresses on backend Compute Engine instances and that external IP addresses can only be configured on frontend Compute Engine instances. What should you do?

  • A. Create an Identity and Access Management (IAM) policy that maps the IT staff to the compute.networkAdmin role for the organization.
  • B. Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances.
  • C. Create a custom Identity and Access Management (IAM) role named GCE_FRONTEND with the compute.addresses.create permission.
  • D. Revoke the compute.networkAdmin role from all users in the project with front end instances.

正解: B

解説:
https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address#disableexternalip

 

質問 118
Your development team has installed a new Linux kernel module on the batch servers in Google Compute Engine (GCE) virtual machines (VMs) to speed up the nightly batch process. Two days after the installation,
50% of the batch servers failed the nightly batch run. You want to collect details on the failure to pass back to the development team.
Which three actions should you take? Choose 3 answers.

  • A. Read the debug GCE Activity log using the API or Cloud Console
  • B. Use gcloud or Cloud Console to connect to the serial console and observe the logs
  • C. Adjust the Google Stackdriver timeline to match the failure time, and observe the batch server metrics
  • D. Identify whether a live migration event of the failed server occurred, using in the activity log
  • E. Use Stackdriver Logging to search for the module log entries
  • F. Export a debug VM into an image, and run the image on a local server where kernel log messages will be displayed on the native screen

正解: B,C,E

 

質問 119
For this question, refer to the JencoMart case study.
The migration of JencoMart's application to Google Cloud Platform (GCP) is progressing too slowly. The infrastructure is shown in the diagram. You want to maximize throughput. What are three potential bottlenecks? (Choose 3 answers.)

  • A. A tier of Google Cloud Storage that is not suited for this task
  • B. A copy command that is not suited to operate over long distances
  • C. Fewer virtual machines (VMs) in GCP than on-premises machines
  • D. A single VPN tunnel, which limits throughput
  • E. Complicated internet connectivity between the on-premises infrastructure and GCP
  • F. A separate storage layer outside the VMs, which is not suited for this task

正解: D,E,F

 

質問 120
The current Dress4win system architecture has high latency to some customers because it is located in
one data center.
As of a future evaluation and optimizing for performance in the cloud, Dresss4win wants to distribute its
system architecture to multiple locations when Google cloud platform.
Which approach should they use?

  • A. Use a global load balancer with a set of virtual machines that forward the requests to a closer group of
    virtual machines as part of a separate managed instance groups.
  • B. Use a global load balancer with a set of virtual machines that forward the requests to a closer group of
    virtual machines managed by your operations team.
  • C. Use regional managed instance groups and a global load balancer to increase performance because
    the regional managed instance group can grow instances in each region separately based on traffic.
  • D. Use regional managed instance groups and a global load balancer to increase reliability by providing
    automatic failover between zones in different regions.

正解: A

解説:
Explanation/Reference:
Testlet 1
Company Overview
Dress4win is a web-based company that helps their users organize and manage their personal wardrobe
using a website and mobile application. The company also cultivates an active social network that
connects their users with designers and retailers. They monetize their services through advertising, e-
commerce, referrals, and a freemium app model. The application has grown from a few servers in the
founder's garage to several hundred servers and appliances in a collocated data center. However, the
capacity of their infrastructure is now insufficient for the application's rapid growth. Because of this growth
and the company's desire to innovate faster. Dress4Win is committing to a full migration to a public cloud.
Solution Concept
For the first phase of their migration to the cloud, Dress4win is moving their development and test
environments. They are also building a disaster recovery site, because their current infrastructure is at a
single location. They are not sure which components of their architecture they can migrate as is and which
components they need to change before migrating them.
Existing Technical Environment
The Dress4win application is served out of a single data center location. All servers run Ubuntu LTS
v16.04.
Databases:
MySQL. 1 server for user data, inventory, static data:

- MySQL 5.8
- 8 core CPUs
- 128 GB of RAM
- 2x 5 TB HDD (RAID 1)
Redis 3 server cluster for metadata, social graph, caching. Each server is:

- Redis 3.2
- 4 core CPUs
- 32GB of RAM
Compute:
40 Web Application servers providing micro-services based APIs and static content.

- Tomcat - Java
- Nginx
- 4 core CPUs
- 32 GB of RAM
20 Apache Hadoop/Spark servers:

- Data analysis
- Real-time trending calculations
- 8 core CPUS
- 128 GB of RAM
- 4x 5 TB HDD (RAID 1)
3 RabbitMQ servers for messaging, social notifications, and events:

- 8 core CPUs
- 32GB of RAM
Miscellaneous servers:

- Jenkins, monitoring, bastion hosts, security scanners
- 8 core CPUs
- 32GB of RAM
Storage appliances:
iSCSI for VM hosts

Fiber channel SAN - MySQL databases

- 1 PB total storage; 400 TB available
NAS - image storage, logs, backups

- 100 TB total storage; 35 TB available
Business Requirements
Build a reliable and reproducible environment with scaled parity of production.

Improve security by defining and adhering to a set of security and Identity and Access Management

(IAM) best practices for cloud.
Improve business agility and speed of innovation through rapid provisioning of new resources.

Analyze and optimize architecture for performance in the cloud.

Technical Requirements
Easily create non-production environment in the cloud.

Implement an automation framework for provisioning resources in cloud.

Implement a continuous deployment process for deploying applications to the on-premises datacenter

or cloud.
Support failover of the production environment to cloud during an emergency.

Encrypt data on the wire and at rest.

Support multiple private connections between the production data center and cloud environment.

Executive Statement
Our investors are concerned about our ability to scale and contain costs with our current infrastructure.
They are also concerned that a competitor could use a public cloud platform to offset their up-front
investment and free them to focus on developing better features. Our traffic patterns are highest in the
mornings and weekend evenings; during other times, 80% of our capacity is sitting idle.
Our capital expenditure is now exceeding our quarterly projections. Migrating to the cloud will likely cause
an initial increase in spending, but we expect to fully transition before our next hardware refresh cycle. Our
total cost of ownership (TCO) analysis over the next 5 years for a public cloud strategy achieves a cost
reduction between 30% and 50% over our current model.

 

質問 121
For this question, refer to the TerramEarth case study.
The TerramEarth development team wants to create an API to meet the company's business requirements. You want the development team to focus their development effort on business value versus creating a custom framework. Which method should they use?

  • A. Use Google Container Engine with a Tomcat container with the Swagger (Open API Specification) framework. Focus on an API for dealers and partners.
  • B. Use Google App Engine with Google Cloud Endpoints. Focus on an API for dealers and partners.
  • C. Use Google Container Engine with a Django Python container. Focus on an API for the public.
  • D. Use Google App Engine with a JAX-RS Jersey Java-based framework. Focus on an API for the public.
  • E. Use Google App Engine with the Swagger (open API Specification) framework. Focus on an API for the public.

正解: B

解説:
Explanation
https://cloud.google.com/endpoints/docs/openapi/about-cloud-endpoints?hl=en_US&_ga=2.21787131.-1712523
https://cloud.google.com/endpoints/docs/openapi/architecture-overview
https://cloud.google.com/storage/docs/gsutil/commands/test
Develop, deploy, protect and monitor your APIs with Google Cloud Endpoints. Using an Open API Specification or one of our API frameworks, Cloud Endpoints gives you the tools you need for every phase of API development.
From scenario:
Business Requirements
Decrease unplanned vehicle downtime to less than 1 week, without increasing the cost of carrying surplus inventory Support the dealer network with more data on how their customers use their equipment to better position new products and services Have the ability to partner with different companies - especially with seed and fertilizer suppliers in the fast-growing agricultural business - to create compelling joint offerings for their customers.
Reference: https://cloud.google.com/certification/guides/cloud-architect/casestudy-terramearth
Topic 2, Mountkirk Games Case Study
Company Overview
Mountkirk Games makes online, session-based. multiplayer games for the most popular mobile platforms.
Company Background
Mountkirk Games builds all of their games with some server-side integration and has historically used cloud providers to lease physical servers. A few of their games were more popular than expected, and they had problems scaling their application servers, MySQL databases, and analytics tools.
Mountkirk's current model is to write game statistics to files and send them through an ETL tool that loads them into a centralized MySQL database for reporting.
Solution Concept
Mountkirk Games is building a new game, which they expect to be very popular. They plan to deploy the game's backend on Google Compute Engine so they can capture streaming metrics, run intensive analytics and take advantage of its autoscaling server environment and integrate with a managed NoSQL database.
Technical Requirements
Requirements for Game Backend Platform
1. Dynamically scale up or down based on game activity.
2. Connect to a managed NoSQL database service.
3. Run customized Linx distro.
Requirements for Game Analytics Platform
1. Dynamically scale up or down based on game activity.
2. Process incoming data on the fly directly from the game servers.
3. Process data that arrives late because of slow mobile networks.
4. Allow SQL queries to access at least 10 TB of historical data.
5. Process files that are regularly uploaded by users' mobile devices.
6. Use only fully managed services
CEO Statement
Our last successful game did not scale well with our previous cloud provider, resuming in lower user adoption and affecting the game's reputation. Our investors want more key performance indicators (KPIs) to evaluate the speed and stability of the game, as well as other metrics that provide deeper insight into usage patterns so we can adapt the gams to target users.
CTO Statement
Our current technology stack cannot provide the scale we need, so we want to replace MySQL and move to an environment that provides autoscaling, low latency load balancing, and frees us up from managing physical servers.
CFO Statement
We are not capturing enough user demographic data usage metrics, and other KPIs. As a result, we do not engage the right users. We are not confident that our marketing is targeting the right users, and we are not selling enough premium Blast-Ups inside the games, which dramatically impacts our revenue.

 

質問 122
You have deployed several instances on Compute Engine. As a security requirement, instances cannot have a public IP address. There is no VPN connection between Google Cloud and your office, and you need to connect via SSH into a specific machine without violating the security requirements. What should you do?

  • A. Configure Identity-Aware Proxy (IAP) for the instance and ensure that you have the role of IAP-secured Tunnel User. Use the gcloud command line tool to ssh into the instance.
  • B. Configure Cloud NAT on the subnet where the instance is hosted. Create an SSH connection to the Cloud NAT IP address to reach the instance.
  • C. Create a bastion host in the network to SSH into the bastion host from your office location. From the bastion host, SSH into the desired instance.
  • D. Add all instances to an unmanaged instance group. Configure TCP Proxy Load Balancing with the instance group as a backend. Connect to the instance using the TCP Proxy IP.

正解: C

解説:
Reference: https://cloud.google.com/solutions/connecting-securely

 

質問 123
For this question, refer to the Dress4Win case study. Considering the given business requirements, how would you automate the deployment of web and transactional data layers?

  • A. Deploy Nginx and Tomcat using Cloud Launcher. Deploy a MySQL server using Cloud Launcher. Deploy Jenkins to Compute Engine using Cloud Deployment Manager scripts.
  • B. Migrate Nginx and Tomcat to App Engine. Deploy a Cloud Datastore server to replace the MySQL server in a high-availability configuration. Deploy Jenkins to Compute Engine using Cloud Launcher.
  • C. Migrate Nginx and Tomcat to App Engine. Deploy a MySQL server using Cloud Launcher. Deploy Jenkins to Compute Engine using Cloud Launcher.
  • D. Deploy Nginx and Tomcat using Cloud Deployment Manager to Compute Engine. Deploy a Cloud SQL server to replace MySQL. Deploy Jenkins using Cloud Deployment Manager.

正解: B

 

質問 124
Your applications will be writing their logs to BigQuery for analysis. Each application should have its own table.
Any logs older than 45 days should be removed. You want to optimize storage and follow Google- recommended practices. What should you do?

  • A. Create a script that uses the BigQuery command line tool (bq) to remove records older than 45 days
  • B. Make the tables time-partitioned, and configure the partition expiration at 45 days
  • C. Configure the expiration time for your tables at 45 days
  • D. Rely on BigQuery's default behavior to prune application logs older than 45 days

正解: C

解説:
Explanation/Reference: https://cloud.google.com/bigquery/docs/managing-tables

 

質問 125
A few days after JencoMart migrates the user credentials database to Google Cloud Platform and shuts down the old server, the new database server stops responding to SSH connections. It is still serving database requests to the application servers correctly.
What three steps should you take to diagnose the problem? (Choose three.)

  • A. Delete the virtual machine (VM) and disks and create a new one
  • B. Take a snapshot of the disk and connect to a new machine to investigate
  • C. Delete the instance, attach the disk to a new VM, and investigate
  • D. Check inbound firewall rules for the network the machine is connected to
  • E. Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate
  • F. Connect the machine to another network with very simple firewall rules and investigate

正解: B,D,E

解説:
D: Handling "Unable to connect on port 22" error message
Possible causes include:
* There is no firewall rule allowing SSH access on the port. SSH access on port 22 is enabled on all Compute Engine instances by default. If you have disabled access, SSH from the Browser will not work. If you run sshd on a port other than 22, you need to enable the access to that port with a custom firewall rule.
* The firewall rule allowing SSH access is enabled, but is not configured to allow connections from GCP Console services. Source IP addresses for browser-based SSH sessions are dynamically allocated by GCP Console and can vary from session to session.
F: Handling "Could not connect, retrying..." error
You can verify that the daemon is running by navigating to the serial console output page and looking for output lines prefixed with the accounts-from-metadata: string. If you are using a standard image but you do not see these output prefixes in the serial console output, the daemon might be stopped. Reboot the instance to restart the daemon.
Reference:
https://cloud.google.com/compute/docs/ssh-in-browser
https://cloud.google.com/compute/docs/ssh-in-browser

 

質問 126
You write a Python script to connect to Google BigQuery from a Google Compute Engine virtual machine.
The script is printing errors that it cannot connect to BigQuery. What should you do to fix the script?

  • A. Create a new service account with BigQuery access and execute your script with that user
  • B. Install the latest BigQuery API client library for Python
  • C. Run your script on a new virtual machine with the BigQuery access scope enabled
  • D. Install the bq component for gccloud with the command gcloud components install bq.

正解: C

解説:
Explanation
The error is most like caused by the access scope issue. When create new instance, you have the default Compute engine default service account but most serves access including BigQuery is not enable. Create an instance Most access are not enabled by default You have default service account but don't have the permission (scope) you can stop the instance, edit, change scope and restart it to enable the scope access. Of course, if you Run your script on a new virtual machine with the BigQuery access scope enabled, it also works
https://cloud.google.com/compute/docs/access/service-accounts

 

質問 127
Your company's user-feedback portal comprises a standard LAMP stack replicated across two zones. It is deployed in the us-central1 region and uses autoscaled managed instance groups on all layers, except the database. Currently, only a small group of select customers have access to the portal. The portal meets a
99,99% availability SLA under these conditions. However next quarter, your company will be making the portal available to all users, including unauthenticated users. You need to develop a resiliency testing strategy to ensure the system maintains the SLA once they introduce additional user load.
What should you do?

  • A. Capture existing users input, and replay captured user load until resource utilization crosses 80%. Also, derive estimated number of users based on existing user's usage of the app, and deploy enough resources to handle 200% of expected load
  • B. Expose the new system to a larger group of users, and increase group size each day until autoscale logic is triggered on all layers. At the same time, terminate random resources on both zones
  • C. Capture existing users input, and replay captured user load until autoscale is triggered on all layers. At the same time, terminate all resources in one of the zones
  • D. Create synthetic random user input, replay synthetic load until autoscale logic is triggered on at least one layer, and introduce "chaos" to the system by terminating random resources on both zones

正解: A

 

質問 128
Your organization has a 3-tier web application deployed in the same network on Google Cloud Platform.
Each tier (web, API, and database) scales independently of the others. Network traffic should flow through the web to the API tier and then on to the database tier. Traffic should not flow between the web and the database tier.
How should you configure the network?

  • A. Set up software based firewalls on individual VMs
  • B. Add tags to each tier and set up firewall rules to allow the desired traffic flow
  • C. Add tags to each tier and set up routes to allow the desired traffic flow
  • D. Add each tier to a different subnetwork

正解: B

解説:
Google Cloud Platform(GCP) enforces firewall rules through rules and tags. GCP rules and tags can be defined once and used across all regions.
Reference: https://cloud.google.com/docs/compare/openstack/
https://aws.amazon.com/it/blogs/aws/building-three-tier-architectures-with-security-groups/

 

質問 129
For this question, refer to the TerramEarth case study.
TerramEarth's CTO wants to use the raw data from connected vehicles to help identify approximately when a vehicle in the field will have a catastrophic failure. You want to allow analysts to centrally query the vehicle data. Which architecture should you recommend?

  • A. Option B
  • B. Option D
  • C. Option C
  • D. Option A

正解: A

 

質問 130
You are deploying a PHP App Engine Standard service with SQL as the backend. You want to minimize the number of queries to the database.
What should you do?

  • A. Set the memcache service level to shared. Create a key called "cached-queries", and return database values from the key before using a query to Cloud SQL.
  • B. Set the memcache service level to shared. Create a cron task that runs every minute to save all expected queries to a key called "cached-queries".
  • C. Set the memcache service level to dedicated. Create a cron task that runs every minute to populate the cache with keys containing query results.
  • D. Set the memcache service level to dedicated. Create a key from the hash of the query, and return database values from memcache before issuing a query to Cloud SQL.

正解: D

解説:
https://cloud.google.com/appengine/docs/standard/php/memcache/using

 

質問 131
You have an App Engine application that needs to be updated. You want to test the update with production traffic before replacing the current application version.
What should you do?

  • A. Deploy the update in a new VPC, and use Google's global HTTP load balancing to split traffic between the update and current applications.
  • B. Deploy the update as a new App Engine application, and use Google's global HTTP load balancing to split traffic between the new and current applications.
  • C. Deploy the update as a new version in the App Engine application, and split traffic between the new and current versions.
  • D. Deploy the update using the Instance Group Updater to create a partial rollout, which allows for canary testing.

正解: C

解説:
Explanation
https://cloud.google.com/appengine/docs/standard/python/splitting-traffic

 

質問 132
You are designing a large distributed application with 30 microservices. Each of your distributed microservices needs to connect to a database back-end. You want to store the credentials securely.
Where should you store the credentials?

  • A. In a config file that has restricted access through ACLs
  • B. In an environment variable
  • C. In the source code
  • D. In a secret management system

正解: D

解説:
A is not correct because storing credentials in source code and source control is discoverable, in plain text, by anyone with access to the source code. This also introduces the requirement to update code and do a deployment each time the credentials are rotated.
B is not correct because consistently populating environment variables would require the credentials to be available, in plain text, when the session is started.
C is correct because key management systems generate, use, rotate, encrypt, and destroy cryptographic keys and manage permissions to those keys.
D is not correct because instead of managing access to the config file and updating manually as keys are rotated, it would be better to leverage a key management system. Additionally, there is increased risk if the config file contains the credentials in plain text.
https://cloud.google.com/kms/

 

質問 133
Your company's test suite is a custom C++ application that runs tests throughout each day on Linux virtual machines. The full test suite takes several hours to complete, running on a limited number of on premises servers reserved for testing. Your company wants to move the testing infrastructure to the cloud, to reduce the amount of time it takes to fully test a change to the system, while changing the tests as little as possible. Which cloud infrastructure should you recommend?

  • A. Google Cloud Dataproc to run Apache Hadoop jobs to process each test
  • B. Google Compute Engine unmanaged instance groups and Network Load Balancer
  • C. Google Compute Engine managed instance groups with auto-scaling
  • D. Google App Engine with Google Stackdriver for logging

正解: A

 

質問 134
Your company has decided to build a backup replica of their on-premises user authentication PostgreSQL database on Google Cloud Platform. The database is 4 TB, and large updates are frequent. Replication requires private address space communication.
Which networking approach should you use?

  • A. A Google Compute Engine instance with a VPN server installed connected to the data center network
  • B. A NAT and TLS translation gateway installed on-premises
  • C. Google Cloud VPN connected to the data center network
  • D. Google Cloud Dedicated Interconnect

正解: A

 

質問 135
You have an application that will run on Compute Engine. You need to design an architecture that takes into account a disaster recovery plan that requires your application to fail over to another region in case of a regional outage. What should you do?

  • A. Deploy the application on two Compute Engine instances in the same project but in a different region.
    Use the first instance to serve traffic, and use the HTTP load balancing service to fail over to the standby instance in case of a disaster.
  • B. Deploy the application on two Compute Engine instance groups, each in separate project and a different region. Use the first instance group to server traffic, and use the HTTP load balancing service to fail over to the standby instance in case of a disaster.
  • C. Deploy the application on a Compute Engine instance. Use the instance to serve traffic, and use the HTTP load balancing service to fail over to an instance on your premises in case of a disaster.
  • D. Deploy the application on two Compute Engine instance groups, each in the same project but in a different region. Use the first instance group to serve traffic, and use the HTTP load balancing service to fail over to the standby instance group in case of a disaster.

正解: C

 

質問 136
You deploy your custom Java application to Google App Engine. It fails to deploy and gives you the following stack trace.

What should you do?

  • A. Upload missing JAR files and redeploy your application.
  • B. Recompile the CLoakedServlet class using and MD5 hash instead of SHA1
  • C. Digitally sign all of your JAR files and redeploy your application

正解: C

 

質問 137
......

合格率 取得する秘訣はProfessional-Cloud-Architect認定試験エンジンPDF:https://www.goshiken.com/Google/Professional-Cloud-Architect-mondaishu.html

今すぐ試そう!高評価Google Professional-Cloud-Architect試験問題集:https://drive.google.com/open?id=1FApWrBxzGhuHVz_8Y455vxXTs6x2cr4Q

関するブログ

もっと
Professional-Cloud-Architect無料問題集