CCNA Ace Deploying Implementing Questions

49 of 124 questions · Page 2/2 · Ace Deploying Implementing topic · Answers revealed

76
Multi-Selectmedium

An engineer is using gsutil to upload a large number of files to a Cloud Storage bucket. The upload is proceeding very slowly. Which two actions could improve the upload performance? (Choose two.)

Select 2 answers
A.Use the gsutil -m option to enable parallel multi-threading.
B.Increase the number of retries using gsutil -o Boto:num_retries=10.
C.Change the storage class of the bucket to Standard.
D.Set the parallel composite upload threshold to a value less than the size of the files being uploaded.
E.Set a custom ACL on the bucket to allow faster writes.
AnswersA, D

Parallel multi-threading speeds up uploads of multiple files.

Why this answer

To improve upload performance, you can use parallel composite uploads (gsutil -o GSUtil:parallel_composite_upload_threshold=150M) and increase the number of parallel threads (gsutil -m). Option A and C are correct. Option B increases the number of retries, which may slow down.

Option D changes storage class, which doesn't affect upload speed. Option E changes ACL settings.

77
MCQhard

A company is using a managed instance group (MIG) with autoscaling based on CPU utilization. The application is memory-intensive, and the team notices that new instances are not being created quickly enough during traffic spikes. What should the engineer do to improve responsiveness?

A.Enable predictive autoscaling
B.Increase the autoscaling cooldown period
C.Decrease the autoscaling cooldown period
D.Use a larger machine type in the instance template
AnswerC

A shorter cooldown allows the MIG to scale up faster.

Why this answer

Increasing autoscaling cooldown period slows down scaling. Decreasing it makes scaling more responsive. Changing to a more aggressive metric or using predictive autoscaling can help, but the simplest is to reduce the cooldown period.

The other options are wrong.

78
MCQmedium

A data scientist wants to deploy a Python function that processes messages from a Pub/Sub topic whenever a new message arrives. The function should be stateless and run in a serverless environment. Which deployment command should be used?

A.gcloud run deploy my-function --source . --region us-central1 --trigger-topic my-topic
B.gcloud functions deploy my-function --runtime python39 --trigger-topic my-topic --entry-point my_entry --region us-central1
C.gcloud pubsub subscriptions create my-sub --topic my-topic --push-endpoint https://my-function-url
D.gcloud functions deploy my-function --runtime python39 --trigger-http --entry-point my_entry --region us-central1
AnswerB

Correct. This deploys a Cloud Function triggered by Pub/Sub topic.

Why this answer

Cloud Functions is serverless and can be triggered by Pub/Sub. The command 'gcloud functions deploy' with --trigger-topic creates a function that is triggered by messages on the specified topic.

79
MCQmedium

An organization needs to deploy a regional Cloud SQL MySQL instance with 4 vCPUs and 15 GB of memory. The instance should be highly available within a single region. Which gcloud command should they use?

A.gcloud sql instances create my-instance --tier=db-n1-standard-4 --region=us-central1 --database-version=MYSQL_8_0 --root-password=password123 --availability-type=REGIONAL
B.gcloud sql instances create my-instance --tier=db-n1-highmem-4 --region=us-central1 --database-version=MYSQL_8_0
C.gcloud sql instances create my-instance --tier=db-n1-standard-4 --region=us-central1 --database-version=MYSQL_8_0 --root-password=password123
D.gcloud sql instances create my-instance --tier=db-n1-standard-4 --region=us-central1
AnswerC

Correct tier (4 vCPU, 15 GB), region, version, and root password.

Why this answer

The correct command uses --tier=db-n1-standard-4 (4 vCPU, 15 GB RAM), --region, --database-version= MYSQL_8_0, and --root-password. The --availability-type flag is not required for regional; it defaults to zonal. db-n1-highmem-4 has 26 GB RAM. The other commands either miss required flags or use wrong tier.

80
Multi-Selecthard

An engineer needs to allow an external IP address (203.0.113.5) to access a Compute Engine instance that only has an internal IP. The instance is in a VPC with Cloud NAT. Which TWO steps are necessary to enable this access?

Select 2 answers
A.Grant the user the roles/iap.tunnelResourceAccessor IAM role on the instance
B.Set a firewall rule allowing ingress from the IP 203.0.113.5 to port 22
C.Modify the Cloud NAT to allow the external IP
D.Assign a public IP to the instance
E.Use 'gcloud compute start-iap-tunnel' to create a tunnel to the instance
AnswersA, E

Required to use IAP tunneling.

Why this answer

To access an internal-only instance from the internet, you need an IAP TCP forwarding tunnel (gcloud compute start-iap-tunnel) and the appropriate IAM role (roles/iap.tunnelResourceAccessor) to use IAP. Alternatively, you could use a bastion host, but IAP is cleaner.

81
MCQeasy

An administrator needs to create a Cloud Storage bucket in the US with the Nearline storage class and make objects publicly readable via IAM. Which gcloud command should they use to create the bucket?

A.gsutil mb -c NEARLINE -l US gs://my-bucket
B.gsutil mb -s NEARLINE -l US-CENTRAL1 gs://my-bucket
C.gcloud storage buckets create gs://my-bucket --storage-class=NEARLINE --region=US
D.gcloud storage buckets create gs://my-bucket --default-storage-class=NEARLINE --location=us
AnswerA

Correct: gsutil mb with -c for storage class and -l for location.

Why this answer

The correct command is gcloud storage buckets create with --default-storage-class and --location flags. Option B uses gsutil mb with -c for storage class and -l for location. Option A uses gcloud storage but location should be a region, not 'us'.

Option C uses gsutil but -s is not a valid flag. Option D incorrectly uses --region.

82
MCQmedium

A company wants to allow unauthenticated HTTP invocations of a container deployed on Cloud Run. Which flag should be included in the 'gcloud run deploy' command?

A.--public
B.--no-authentication
C.--allow-unauthenticated
D.--auth-type public
AnswerC

Correct. This flag makes the service publicly accessible.

Why this answer

The '--allow-unauthenticated' flag allows unauthenticated invocations. By default, Cloud Run requires authentication.

83
MCQeasy

A developer needs to upload a large number of files from their local machine to a Cloud Storage bucket. Which command should they use?

A.gcloud storage ls gs://my-bucket
B.gsutil cp /local/dir/* gs://my-bucket/
C.gcloud storage buckets create gs://my-bucket
D.gsutil rsync -r /local/dir gs://my-bucket/
AnswerB

Correctly uploads files from local directory to bucket.

Why this answer

gsutil cp is the correct command for uploading files. Option B is correct. Option A creates a bucket; C lists files; D syncs a directory but is overkill for simple upload.

84
MCQhard

A Cloud SQL for MySQL instance needs to be created with the following requirements: MySQL 8.0, db-n1-standard-2 tier, in us-central1, with root password 'secret'. Which command meets these requirements?

A.gcloud compute instances create my-instance --database-version MYSQL_8_0 --tier db-n1-standard-2 --region us-central1 --root-password secret
B.gcloud sql instances create my-instance --database-version MYSQL8 --tier n1-standard-2 --region us-central1 --password secret
C.gcloud sql instances create my-instance --database-version MYSQL_8_0 --tier db-n1-standard-2 --region us-central1 --root-password secret
D.gcloud sql instances create my-instance --database-version MYSQL_8_0 --machine-type db-n1-standard-2 --region us-central1 --root-password secret
AnswerC

Correct. All flags are correct.

Why this answer

The 'gcloud sql instances create' command with --database-version, --tier, --region, and --root-password correctly creates the instance.

85
MCQeasy

A developer wants to deploy a containerized application to Cloud Run that should be publicly accessible over the internet. The container image is stored in Container Registry. Which gcloud command should they use?

A.gcloud run deploy my-service --image gcr.io/my-project/my-image --region us-central1 --platform cloud-run --allow-unauthenticated
B.gcloud run deploy my-service --image gcr.io/my-project/my-image --region us-central1 --platform managed --allow-unauthenticated
C.gcloud run deploy my-service --image gcr.io/my-project/my-image --region us-central1 --platform gke --allow-unauthenticated
D.gcloud run deploy my-service --image gcr.io/my-project/my-image --region us-central1 --platform managed
AnswerB

Correct: deploys to Cloud Run (fully managed) and makes it publicly accessible.

Why this answer

The correct command includes --allow-unauthenticated to grant public access, --region, --image, and --platform managed. Option C is correct. Option A missing --allow-unauthenticated; B uses wrong platform flag; D uses --platform gke which is for GKE.

86
Multi-Selectmedium

A company is deploying a microservice on Cloud Run. They want to ensure that the service can handle high traffic spikes by allowing multiple concurrent requests per container instance. They also want to minimize cold starts. Which two settings should they configure? (Choose two.)

Select 2 answers
A.Set the timeout to 900 seconds
B.Set CPU always on to true
C.Set min-instances to a value greater than 0 (e.g., 1)
D.Set max-instances to a high value
E.Set concurrency to a value higher than 1 (e.g., 80)
AnswersC, E

Keeps at least one instance always running, eliminating cold starts for baseline traffic.

Why this answer

Setting concurrency to a higher value (e.g., 80) allows each container instance to handle multiple requests simultaneously, improving throughput. Setting min-instances to a value greater than 0 keeps instances warm to reduce cold starts. Max-instances limits scaling but does not help with cold starts.

CPU always on keeps CPU allocated but does not directly affect cold starts. Timeout affects request duration, not concurrency or cold starts.

87
Multi-Selecthard

A DevOps engineer is creating a GKE cluster for a production workload that requires high availability and resilience to zone failures. They also need to deploy a stateless application that can scale based on CPU usage. Which two actions should they take? (Choose two.)

Select 2 answers
A.Enable node auto-repair on the node pool
B.Create a zonal cluster in a single zone
C.Set the deployment replicas to 1
D.Enable horizontal pod autoscaling on the deployment with CPU target utilization
E.Create a regional cluster with nodes in multiple zones
AnswersD, E

HPA automatically scales pods based on CPU usage, meeting the scaling requirement.

Why this answer

A regional cluster spans multiple zones, providing high availability. An HPA scales pods based on CPU. A zonal cluster is not highly available.

Node auto-repair is for node health, not resilience to zone failure. Using a deployment with replicas is good, but the question asks for actions related to cluster creation and scaling.

88
MCQhard

You are managing a Cloud SQL for PostgreSQL instance. You need to import a SQL dump file stored in a Cloud Storage bucket. The file is 10GB. Which command should you use?

A.Use psql command from a Compute Engine instance to connect and import the file.
B.gcloud sql import sql my-instance gs://bucket/file.sql --database=db
C.gcloud sql instances import my-instance gs://bucket/file.sql --database=db
D.gcloud sql import csv my-instance gs://bucket/file.sql --database=db
AnswerB

Correct command for SQL dump import.

Why this answer

gcloud sql import sql is the correct command for importing SQL dumps to Cloud SQL. Option D is correct.

89
MCQmedium

A developer wants to run a one-time query on a large dataset stored in Cloud Storage using BigQuery without loading the data into a table. Which feature should they use?

A.Use a BigQuery federated query with an external table definition
B.Create a permanent table and load the data using gcloud bq load
C.Use Cloud SQL to query the data via federated query
D.Use gcloud sql import to load data into BigQuery
AnswerA

Federated queries allow querying data directly in Cloud Storage.

Why this answer

BigQuery federated queries allow querying external data sources (like Cloud Storage) directly using external tables or the EXTERNAL_QUERY function. This avoids loading data.

90
MCQeasy

An engineer needs to create a GKE cluster with 3 nodes of machine type e2-medium in the us-central1 region. Which command should they use?

A.gcloud container clusters create my-cluster --num-nodes=3 --machine-type=e2-medium --region=us-central1
B.gcloud container clusters create my-cluster --num-nodes=3 --machine-type=e2-medium
C.gcloud container clusters create my-cluster --num-nodes=3 --machine-type=e2-medium --region=us-central1-a
D.gcloud container clusters create my-cluster --num-nodes=3 --machine-type=e2-medium --zone=us-central1-a
AnswerA

Correct regional cluster creation with 3 e2-medium nodes.

Why this answer

The correct command is 'gcloud container clusters create my-cluster --num-nodes=3 --machine-type=e2-medium --region=us-central1'. The --zone flag is for zonal clusters, not regional. The other options either use wrong zone or wrong flags.

91
Multi-Selectmedium

A company wants to deploy a new application on Google Cloud that requires a regional managed instance group with automatic scaling based on HTTP load. Which two resources must they create? (Choose TWO.)

Select 2 answers
A.Cloud Run service
B.GKE cluster
D.Instance template
E.Cloud Function
AnswersC, D

Required to distribute traffic to the MIG and for health checks.

Why this answer

For a regional MIG with HTTP load balancing, you need an instance template (to define VMs) and a load balancer (e.g., HTTP(S) Load Balancer). Option A and D are correct. Option B is for GKE; C is for Cloud Run; E is for Cloud Functions.

92
MCQeasy

You need to allow SSH access to a Compute Engine instance. Which method is the recommended way to manage SSH keys for multiple users?

A.Add SSH keys to the instance metadata.
B.Use gcloud compute ssh with the --ssh-key-file flag.
C.Enable OS Login and assign IAM roles to users.
D.Create a custom image with preconfigured SSH keys.
AnswerC

OS Login is the recommended method for managing SSH access at scale.

Why this answer

OS Login is the recommended method for managing SSH access to Compute Engine instances, as it links SSH keys to user accounts and integrates with IAM.

93
MCQmedium

A developer wants to deploy a containerized application on Cloud Run from a source code repository, without building a container image manually. The application is written in Node.js and includes a Dockerfile. Which command should the developer use to deploy directly from source?

A.gcloud run deploy --image=gcr.io/my-project/my-image --region=us-central1
B.gcloud app deploy --source .
C.gcloud run deploy my-service --source . --region=us-central1 --platform managed
D.gcloud functions deploy my-function --runtime nodejs14 --trigger-http --source .
AnswerC

Correct: --source tells Cloud Run to build from source and deploy.

Why this answer

Cloud Run supports deploying directly from source using gcloud run deploy with the --source flag. This command automatically builds a container image using Cloud Build and deploys it to Cloud Run. Option B is correct.

Option A uses --image, which expects a pre-built image. Option C is for Cloud Functions. Option D is for App Engine.

94
MCQmedium

A developer needs to make a Cloud Storage bucket publicly readable for all users. Which command should be used to set the appropriate IAM binding?

A.gsutil iam ch allUsers:objectViewer gs://my-bucket
B.gsutil acl ch -u AllUsers:R gs://my-bucket
C.gcloud storage buckets add-iam-policy-binding my-bucket --member allUsers --role roles/storage.objectViewer
D.gsutil iam set public-read gs://my-bucket
AnswerA

Correct. This grants allUsers the objectViewer role (read access).

Why this answer

The 'gsutil iam ch' command with 'allUsers' as the member and 'objectViewer' as the role grants public read access. Alternatively, 'gsutil acl ch' can be used, but modern best practice uses IAM.

95
MCQhard

A team is using Terraform to manage Google Cloud resources. They want to store the Terraform state file in a Cloud Storage bucket to enable collaboration. The bucket is in project 'state-project'. Which backend configuration should they use?

A.terraform { backend "gcs" { bucket = "state-project-tfstate" prefix = "prod" } }
B.terraform { backend "cloud" { bucket = "my-bucket" } }
C.terraform { backend "remote" { hostname = "app.terraform.io" organization = "my-org" workspaces { name = "prod" } } }
D.terraform { backend "s3" { bucket = "my-bucket" key = "prod/terraform.tfstate" region = "us-east1" } }
AnswerA

Correct GCS backend configuration.

Why this answer

To store Terraform state in GCS, use the 'gcs' backend with bucket name and optional prefix. Option A is correct. Option B uses 'remote' backend incorrectly.

Option C uses 's3' backend for AWS. Option D uses 'cloud' backend which is not valid.

96
MCQmedium

A team is using Terraform to manage Google Cloud infrastructure. They want to store Terraform state files in a remote backend that supports locking to prevent concurrent modifications. Which backend should they use?

A.Cloud Storage
B.Cloud Source Repositories
C.Cloud Shell
D.Cloud Bigtable
AnswerA

GCS is a supported backend for Terraform state with locking capabilities.

Why this answer

Google Cloud Storage (GCS) is the recommended backend for Terraform on GCP. It supports state locking via object versioning and a lock mechanism (using the state lock table in a GCS bucket). Cloud Shell is not a backend.

Cloud Source Repositories is for source code. Bigtable is for NoSQL workloads.

97
MCQmedium

A team is creating a managed instance group (MIG) for a stateless web application. They need to ensure that instances are automatically replaced if they become unhealthy and that new instances are rolled out gradually with no downtime during updates. Which set of configurations should they use?

A.Create a MIG without health check; set rolling update with maxSurge=1 and maxUnavailable=0.
B.Create a MIG with a health check for autohealing; set rolling update with maxSurge=0 and maxUnavailable=1.
C.Create a MIG with a health check configured for autohealing; set rolling update with maxSurge=1 and maxUnavailable=0.
D.Create a MIG without health check; set rolling update with maxSurge=0 and maxUnavailable=1.
AnswerC

Autohealing replaces unhealthy instances; rolling update with maxSurge>0 and maxUnavailable=0 ensures no downtime.

Why this answer

To replace unhealthy instances, enable autohealing with a health check. For gradual updates with no downtime, use a rolling update with maxSurge set to a positive value (e.g., 1) and maxUnavailable set to 0. Option A correctly specifies both.

Option B uses maxUnavailable=1 which allows some downtime. Option C sets maxSurge=0 which prevents new instances from being created before old ones are deleted, causing downtime. Option D omits autohealing.

98
MCQeasy

You created a Cloud Run service from source code using gcloud run deploy --source . --region us-central1 --platform managed. Where can you view the build logs and runtime logs?

A.In Cloud Logging (Logs Explorer) under the Cloud Run resource.
B.In Cloud Build history page.
C.In the Cloud Run service details page under 'Logs' tab.
D.In Cloud Monitoring dashboards.
AnswerA

Cloud Logging aggregates logs from Cloud Run.

Why this answer

Cloud Run logs are sent to Cloud Logging. You can view them in the Logs Explorer.

99
Multi-Selecthard

A company is migrating a legacy monolithic application to GKE. The application consists of multiple microservices that need to communicate with each other. The team wants to manage traffic routing, implement canary deployments, and provide SSL termination. Which three Google Cloud services should they consider using together? (Choose three.)

Select 3 answers
A.Cloud NAT
B.Cloud Endpoints
C.Cloud CDN
E.Cloud Armor
AnswersB, C, D

Can manage API traffic, implement canary deployments, and handle routing.

Why this answer

To manage traffic routing, canary deployments, and SSL termination in GKE, a common pattern is to use Cloud Load Balancing (for SSL and traffic routing), GKE Ingress (often with an Ingress controller like NGINX or GKE Ingress), and Cloud CDN for caching. Alternatively, using Cloud Endpoints for API management. The combination of Cloud Load Balancing, Cloud CDN, and Cloud Endpoints can provide the required features.

Option A, C, and D are correct. Cloud NAT is for outbound internet access, and Cloud Armor is for security.

100
Multi-Selectmedium

An engineer is deploying a Cloud Function that processes files uploaded to a Cloud Storage bucket. The function needs to be triggered by new object creation events. The engineer has already written the function code. Which commands should the engineer run to create the bucket and deploy the function with the correct trigger? (Choose two.)

Select 2 answers
A.gcloud functions deploy my-function --runtime python39 --trigger-bucket my-bucket --entry-point main --region=us-central1
B.gcloud functions deploy my-function --runtime python39 --trigger-http --entry-point main --region=us-central1
C.gcloud functions deploy my-function --runtime python39 --entry-point main --region=us-central1
D.gsutil mb gs://my-bucket
E.gcloud storage buckets create gs://my-bucket --location=us-central1
AnswersA, D

Deploys function triggered by bucket events.

Why this answer

To create a bucket, use gsutil mb. To deploy a Cloud Function triggered by Cloud Storage events, use gcloud functions deploy with --trigger-bucket. Option B and C are correct.

Option A creates a bucket but with wrong command. Option D is missing trigger. Option E is for HTTP trigger.

101
MCQeasy

You need to create a Cloud Storage bucket with the default storage class for frequently accessed data in the us-west1 region. Which command creates the bucket?

A.gsutil mb -s standard -l us-west1 gs://my-bucket
B.gsutil mb -c standard -l us-west1 gs://my-bucket
C.gsutil mb -l us-west1 gs://my-bucket
D.gcloud storage buckets create --storage-class=standard --location=us-west1 gs://my-bucket
AnswerB

-c standard sets the storage class; -l sets location.

Why this answer

The default storage class is Standard. Command gsutil mb -l us-west1 gs://my-bucket creates a bucket with Standard class in us-west1.

102
MCQhard

A company wants to deploy a containerized application on Cloud Run that is built from source code in a local directory. They want Cloud Run to automatically build the container image using Cloud Build. Which command should be used?

A.gcloud run deploy my-service --source . --region us-central1
B.gcloud app deploy --source .
C.gcloud run deploy my-service --image . --region us-central1
D.gcloud builds submit --tag gcr.io/my-project/my-image . && gcloud run deploy my-service --image gcr.io/my-project/my-image
AnswerA

Correct. --source triggers a build from local source code.

Why this answer

The 'gcloud run deploy' command with --source and --region flags tells Cloud Run to build and deploy from source. Cloud Build is invoked automatically.

103
MCQmedium

An engineer needs to view the logs generated by a Cloud Run service to troubleshoot a recent deployment. Which service should they use?

A.Cloud Monitoring
B.Cloud Logging
C.Error Reporting
D.Cloud Trace
AnswerB

Correct. Cloud Logging aggregates logs from Cloud Run and other services.

Why this answer

Cloud Logging (formerly Stackdriver Logging) is the unified logging service for Google Cloud. Cloud Run logs are automatically sent to Cloud Logging.

104
MCQmedium

A developer wants to make objects in a Cloud Storage bucket publicly readable. They want to grant access to allUsers with the objectViewer role. Which command should they use?

A.gsutil acl ch -u AllUsers:R gs://my-bucket
B.gcloud storage buckets add-iam-policy-binding my-bucket --member allUsers --role roles/storage.objectViewer
C.gsutil iam ch allUsers:storage.objectViewer gs://my-bucket
D.gsutil iam ch allUsers:objectViewer gs://my-bucket
AnswerD

Correct: grants objectViewer to allUsers using IAM.

Why this answer

gsutil iam ch grants IAM roles to members. The correct command adds the roles/storage.objectViewer role to allUsers. gsutil acl ch is the legacy ACL method; the question asks for IAM, so iam ch is appropriate.

105
MCQmedium

An engineer needs to create a Compute Engine instance with a specific custom subnet, an Ubuntu 20.04 LTS image, and a 50 GB boot disk. The engineer also wants to run a startup script that installs Apache. Which gcloud command should the engineer use to create this instance?

A.gcloud compute instances create my-instance --machine=e2-medium --image-family=ubuntu-2004-lts --image-project=ubuntu-os-cloud --boot-disk-size=50GB --subnet=my-subnet --zone=us-central1-a --metadata=startup-script='apt-get update && apt-get install -y apache2'
B.gcloud compute instances create my-instance --machine-type=e2-medium --image-family=ubuntu-2004-lts --image-project=ubuntu-os-cloud --boot-disk-size=50GB --subnet=my-subnet --zone=us-central1-a --metadata startup-script='apt-get update && apt-get install -y apache2'
C.gcloud compute instances create my-instance --machine-type=e2-medium --image-family=ubuntu-1804-lts --image-project=ubuntu-os-cloud --boot-disk-size=50GB --subnet=my-subnet --zone=us-central1-a --metadata=startup-script='apt-get update && apt-get install -y apache2'
D.gcloud compute instances create my-instance --machine-type=e2-medium --image=ubuntu-2004-lts --image-project=ubuntu-os-cloud --boot-disk-size=50GB --subnet=my-subnet --zone=us-central1-a --metadata startup-script='apt-get update && apt-get install -y apache2'
AnswerB

Correct flags and values.

Why this answer

The correct command uses gcloud compute instances create with flags --machine-type, --image-family, --image-project, --boot-disk-size, --subnet, and --metadata startup-script. Option A includes all required flags. Option B uses the wrong image (Ubuntu 18.04).

Option C misspells --machine-type as --machine. Option D incorrectly uses --image instead of --image-family.

106
MCQeasy

An engineer wants to create a regional GKE cluster with 3 nodes by default. Which command should be used?

A.gcloud container clusters create my-cluster --zone us-central1-a --num-nodes 3
B.gcloud container clusters create my-cluster --region us-central1 --num-nodes 3
C.gcloud container clusters create my-cluster --region us-central1 --nodes 3
D.gcloud compute clusters create my-cluster --region us-central1 --size 3
AnswerB

Correct. This creates a regional cluster with 3 nodes per zone.

Why this answer

The 'gcloud container clusters create' command with --region (not --zone) creates a regional cluster. --num-nodes specifies the number of nodes per zone.

107
Multi-Selectmedium

A company wants to deploy a stateless microservice on GCP. The service experiences unpredictable traffic bursts and must scale to zero when idle to minimize costs. Which two services meet these requirements?

Select 2 answers
A.Cloud Functions (HTTP trigger)
B.Cloud Run (fully managed)
C.Compute Engine managed instance group with autoscaling
D.App Engine Standard environment
E.Google Kubernetes Engine (GKE) with a managed instance group
AnswersA, B

Scales to zero and handles bursts.

Why this answer

Cloud Run (fully managed) and Cloud Functions (with HTTP trigger) both scale to zero when idle and handle burst traffic. GKE with clusters does not scale to zero (node pool minimum size > 0). Compute Engine MIG can scale down but not to zero (minimum instance count required).

108
MCQeasy

A developer wants to create a Compute Engine instance with the default Debian 11 image, a 50 GB boot disk, and in a specific subnet. Which command should be used?

A.gcloud compute instances create my-vm --image debian-11 --boot-disk-size 50 --subnet my-subnet
B.gcloud compute instances create my-vm --image-family debian-11 --image-project debian-cloud --disk-size 50GB --subnet my-subnet
C.gcloud compute instances create my-vm --image-family debian-11 --image-project debian-cloud --boot-disk-size 50GB --subnet my-subnet
D.gcloud compute instances create my-vm --image-family debian-11 --boot-disk-size 50 --subnet my-subnet
AnswerC

Correct. This uses the appropriate flags and values.

Why this answer

The command 'gcloud compute instances create' with flags --image-family, --image-project, --boot-disk-size, and --subnet correctly creates the instance with the specified configuration.

109
MCQmedium

A company has a managed instance group (MIG) with a fixed number of instances. They want to add an autoscaling policy that scales based on CPU utilization, with a target utilization of 60%. Which command should be used to update the MIG?

A.gcloud compute instance-groups managed set-autoscaling my-mig --region us-central1 --max-num-replicas 10 --target-cpu-utilization 0.6
B.gcloud compute instance-groups managed update my-mig --autoscaling --cpu-utilization 60
C.gcloud compute instance-groups managed configure-autoscaling my-mig --region us-central1 --target-cpu-utilization 0.6
D.gcloud compute instance-groups managed set-autoscaling my-mig --zone us-central1-a --max-num-replicas 10 --target-cpu-utilization 60
AnswerA

Correct. This sets autoscaling with CPU target utilization of 60%.

Why this answer

The 'gcloud compute instance-groups managed set-autoscaling' command configures autoscaling for a MIG with the specified target CPU utilization.

110
MCQmedium

A data analyst wants to import a SQL dump file from a Cloud Storage bucket into an existing Cloud SQL database. Which command should they use?

A.gcloud sql instances import my-instance gs://my-bucket/dump.sql --database=mydb
B.gcloud sql import sql my-instance gs://my-bucket/dump.sql --database=mydb
C.gcloud sql import csv my-instance gs://my-bucket/dump.sql --database=mydb
D.gcloud sql databases import my-instance gs://my-bucket/dump.sql
AnswerB

Correct syntax for importing SQL dump.

Why this answer

The correct command is 'gcloud sql import sql <instance> gs://<bucket>/<file> --database=<db>'. This imports a SQL dump file. The other commands either use wrong syntax or wrong import type (csv for CSV files).

111
MCQhard

A DevOps engineer needs to deploy a containerized microservice to Cloud Run that processes messages from Pub/Sub. The service must authenticate to Google Cloud APIs using a service account. Which Cloud Run deployment command should they use to ensure the service uses a specific service account?

A.gcloud run deploy my-service --image gcr.io/my-project/my-image --service-account my-sa@my-project.iam.gserviceaccount.com --platform managed
B.gcloud run deploy my-service --image gcr.io/my-project/my-image --account my-sa@my-project.iam.gserviceaccount.com
C.gcloud run deploy my-service --image gcr.io/my-project/my-image --impersonate-service-account my-sa@my-project.iam.gserviceaccount.com
D.gcloud run deploy my-service --image gcr.io/my-project/my-image
AnswerA

Correctly sets the service account for the Cloud Run service.

Why this answer

Cloud Run supports the --service-account flag to attach a specific service account. The --image flag specifies the container image. The other options either use incorrect flags (--account is for gcloud CLI user, not service account) or miss required flags.

112
Multi-Selectmedium

A company has a Cloud SQL for MySQL instance that needs to be replicated to a different region for disaster recovery. Which two actions should they take? (Choose TWO.)

Select 2 answers
A.Configure an external replica from the primary instance.
B.Enable binary logging on the primary instance.
C.Create a read replica of the primary instance in the target region.
D.Ensure the replica is in a different region and promote it to primary during failover.
E.Set up a failover replica in the same zone.
AnswersC, D

Read replica can be placed in a different region for DR.

Why this answer

To set up cross-region replication for Cloud SQL, you create a read replica in the desired region and enable cross-region replication. Option A and D are correct. Option B is for on-premises replication; C is for internal replication; E is not needed.

113
MCQmedium

A company has a Cloud Run service that needs to access a Cloud SQL database. What is the recommended way to connect securely?

A.Use Cloud SQL Proxy by adding the Cloud SQL instance connection name to the Cloud Run service
B.Use a public IP for the Cloud SQL instance and whitelist the Cloud Run service's IP
C.Store database credentials in environment variables
D.Use VPC peering to connect Cloud Run to Cloud SQL
AnswerA

Cloud SQL Proxy provides secure access via private IP or Unix socket.

Why this answer

Cloud Run can use the Cloud SQL Proxy via a sidecar container or the built-in Cloud SQL connection using Unix sockets when the Cloud SQL client libraries are used. The recommended way is to use the Cloud SQL proxy (sidecar) or the Cloud SQL connector.

114
MCQmedium

A developer is deploying a containerized application on Cloud Run. The application needs to be invoked by external HTTPS requests without requiring authentication. Which flag should be included in the 'gcloud run deploy' command?

A.--invoker=public
B.--allow-unauthenticated
C.--ingress=internal
D.--no-allow-unauthenticated
AnswerB

Correct flag to allow unauthenticated invocations from the internet.

Why this answer

The --allow-unauthenticated flag makes the Cloud Run service publicly accessible. By default, Cloud Run requires authentication via IAM. Adding this flag grants the 'run.invoker' role to allUsers.

115
MCQmedium

An engineer wants to deploy a Python function that processes messages from a Pub/Sub topic. The function should be triggered whenever a message is published to the topic. Which command should the engineer use to deploy the function?

A.gcloud functions deploy my-function --runtime python39 --trigger-http --entry-point main --region=us-central1
B.gcloud functions deploy my-function --runtime python39 --trigger-topic my-topic --entry-points main --region=us-central1
C.gcloud functions deploy my-function --runtime python39 --trigger-topic my-topic --entry-point main --region=us-central1
D.gcloud functions deploy my-function --runtime python39 --trigger-bucket my-bucket --entry-point main --region=us-central1
AnswerC

Correct: --trigger-topic specifies the Pub/Sub topic.

Why this answer

To deploy a Cloud Function triggered by a Pub/Sub topic, use gcloud functions deploy with --trigger-topic. Option C is correct. Option A uses --trigger-http for HTTP triggers.

Option B uses --trigger-topic but misspells --entry-point as --entry-points. Option D uses --trigger-bucket for Cloud Storage events.

116
MCQmedium

An organization needs to import a SQL dump file from a Cloud Storage bucket into an existing Cloud SQL for PostgreSQL instance. Which command should they use?

A.gcloud sql export sql my-instance gs://bucket/dump.sql
B.gcloud sql import sql my-instance gs://bucket/dump.sql --database=mydb
C.gcloud sql instances import my-instance gs://bucket/dump.sql
D.gcloud sql import csv my-instance gs://bucket/dump.sql --database=mydb
AnswerB

Correct: imports SQL dump into specified database.

Why this answer

The correct command is gcloud sql import sql. Option D is correct. Option A is for exporting; B uses incorrect subcommand; C is for importing CSV, not SQL dump.

117
Multi-Selecteasy

A developer wants to deploy a Cloud Run service from source code in a local directory. Which two commands or steps are necessary? (Choose two.)

Select 2 answers
A.Run gcloud builds submit --tag gcr.io/my-project/my-image .
B.Run gcloud functions deploy my-function --source . --runtime nodejs16
C.Run gcloud app deploy --source .
D.Run gcloud run deploy --source . --region=us-central1
E.Run gcloud run deploy --image=gcr.io/my-project/my-image --region=us-central1
AnswersA, D

This builds a container image and pushes it to Container Registry, which can then be used with gcloud run deploy --image.

Why this answer

gcloud run deploy with --source builds and deploys from source in one step. Alternatively, you can build a container with Cloud Build and then deploy, but the question asks for necessary steps. The --source flag handles both. gcloud builds submit is needed if you build separately. gcloud run deploy without --source expects a pre-built image. gcloud functions deploy is for Cloud Functions, not Cloud Run.

118
MCQhard

A team is deploying a microservice to Cloud Run that needs to process messages from Pub/Sub. The service should only be invocable by Pub/Sub push deliveries, not by unauthenticated HTTP requests. What should the team do?

A.Deploy with --allow-unauthenticated and set up a Pub/Sub subscription with OIDC token audience
B.Deploy with --no-allow-unauthenticated and create a VPC connector to allow Pub/Sub internal traffic
C.Deploy with --no-allow-unauthenticated and configure the Pub/Sub subscription to use a service account that has the roles/run.invoker role on the Cloud Run service
D.Use Cloud Functions instead, which is more secure for Pub/Sub triggers
AnswerC

This is the correct approach: only authenticated requests are allowed, and Pub/Sub uses a service account to authenticate.

Why this answer

To restrict invocation to only Pub/Sub, the Cloud Run service must require authentication and the Pub/Sub subscription must be configured to use a service account to push. The --no-allow-unauthenticated flag ensures only authenticated requests are accepted, and the Pub/Sub subscription's push endpoint must be set with the service's URL and use a service account with the run.invoker role.

119
MCQeasy

An engineer needs to create a Compute Engine VM instance with the following specifications: 4 vCPUs, 16 GB memory, running the latest Debian 11 image, a 50 GB boot disk, and attached to a specific subnet. Which command should be used?

A.gcloud compute instances create my-vm --machine-type=n1-standard-4 --image-family=debian-11 --image-project=debian-cloud --boot-disk-size=50GB --subnet=my-subnet --zone=us-central1-a
B.gcloud compute instances create my-vm --machine-type=n1-standard-4 --image-family=debian-11 --image-project=debian-cloud --boot-disk-size=50GB --subnet=my-subnet
C.gcloud compute instances create my-vm --machine-type=custom-4-16384 --image-family=debian-11 --image-project=debian-cloud --boot-disk-size=50GB --subnet=my-subnet --zone=us-central1-a
D.gcloud compute instances create my-vm --machine-type=n1-standard-4 --image-family=debian-11 --image-project=debian --boot-disk-size=50GB --subnet=my-subnet --zone=us-central1-a
AnswerA

Correct. The image-family 'debian-11' and image-project 'debian-cloud' are correct. Machine type, disk size, subnet, and zone are all specified correctly.

Why this answer

The required flags are: --machine-type (or --custom-cpu/--custom-memory), --image-family and --image-project for the image, --boot-disk-size, --subnet, and --zone. The correct command includes all these. Option D is correct.

Option A misspells 'debian' and uses wrong project. Option B uses 'debian-11' image-family but the correct family is 'debian-11' and project is 'debian-cloud'? Actually 'debian-11' image-family exists, but the project is 'debian-cloud' not 'debian'. Option C uses wrong machine-type format (custom should be 'custom-4-16384' or 'n1-standard-4' etc).

The question expects standard machine type n1-standard-4.

120
Multi-Selectmedium

A company wants to deploy a stateless web application on Google Cloud. The application should automatically scale based on CPU utilization and distribute traffic across instances. Which TWO services can meet these requirements?

Select 2 answers
A.App Engine Standard Environment
B.Cloud Functions
C.Cloud Run
D.Google Kubernetes Engine with Horizontal Pod Autoscaler
E.Compute Engine managed instance group with autoscaling
AnswersD, E

HPA scales pods based on CPU (or custom metrics).

Why this answer

Compute Engine managed instance groups (MIGs) with autoscaling based on CPU utilization can handle this. Also, GKE with Horizontal Pod Autoscaler scales pods based on CPU. Cloud Run scales automatically but does not offer CPU-based autoscaling (scales based on request concurrency).

Cloud Functions scales based on concurrency. App Engine Standard also scales automatically based on load but not CPU-based.

121
Multi-Selectmedium

A company runs a web application on Compute Engine instances behind a load balancer. They want to automatically scale the number of instances based on CPU utilization. Which two resources must they create? (Choose TWO.)

Select 2 answers
A.Cloud Storage bucket
B.Cloud SQL instance
C.Managed instance group (MIG) with autoscaling policy
D.Cloud Function
E.Instance template
AnswersC, E

The MIG manages the instances and the autoscaling policy scales based on CPU.

Why this answer

To auto-scale Compute Engine instances, you need an instance template (to define the VM configuration) and a managed instance group (MIG) with an autoscaling policy. Option A and D are correct. Option B is a Cloud Function, not relevant; C is a Cloud Storage bucket; E is Cloud SQL.

122
MCQhard

A team wants to use Cloud Run to deploy a container that processes messages from a Pub/Sub topic. The container is stateless and the workload is expected to have irregular traffic spikes with high concurrency. Which scaling configuration is most appropriate?

A.Set min-instances to 0 and max-instances to 1000 with concurrency of 1
B.Set min-instances to 0 and max-instances to 100 with concurrency of 80
C.Set min-instances to 10 and max-instances to 100 with concurrency of 1
D.Set min-instances to 1 and max-instances to 100 with concurrency of 1
AnswerB

Min-instances 0 allows scaling to zero when idle, max 100 handles spikes, high concurrency maximizes throughput.

Why this answer

Cloud Run can set a maximum number of concurrent requests per container instance. For Pub/Sub processing, setting max-instances can control cost, and the CPU is always allocated during request processing. The key is to allow multiple concurrent requests to handle spikes efficiently.

123
MCQeasy

An engineer needs to create a Compute Engine instance with 4 vCPUs, 16 GB of memory, and a 100 GB boot disk using the Ubuntu 22.04 LTS image. Which gcloud command accomplishes this?

A.gcloud compute instances create my-vm --zone=us-central1-a --machine-type=n1-standard-4 --image-family=ubuntu-2004-lts --boot-disk-size=100GB
B.gcloud compute instances create my-vm --zone=us-central1-a --machine-type=n1-highmem-4 --image-family=ubuntu-minimal-2204-lts --image-project=ubuntu-os-cloud --boot-disk-size=100GB
C.gcloud compute instances create my-vm --zone=us-central1-a --machine-type=n1-standard-4 --image-family=ubuntu-2204-lts --image-project=ubuntu-os-cloud --boot-disk-size=100GB
D.gcloud compute instances create my-vm --zone=us-central1-a --machine-type=e2-standard-4 --image-family=ubuntu-2204-lts --image-project=debian-cloud --boot-disk-size=100GB
AnswerC

Correct machine type, image family, project, and disk size.

Why this answer

The correct command specifies machine-type n1-standard-4 (4 vCPU, 15 GB memory; closest to 16 GB), boot-disk-size 100GB, and image-family ubuntu-2204-lts with image-project ubuntu-os-cloud. Option A is correct. Option B uses wrong image-project; C has wrong image-family; D omits image-project and uses wrong image-family.

124
MCQmedium

An engineer deployed a new version of their application on GKE using a Deployment. Users report that the new version has a bug. The engineer wants to quickly revert to the previous version. How can they achieve this?

A.Scale the deployment to zero and then scale back up
B.Run kubectl delete deployment and re-apply the old manifest
C.Run kubectl rollout undo deployment/<deployment-name>
D.Run kubectl rollout history deployment/<deployment-name>
AnswerC

Rolls back to the previous revision with minimal downtime.

Why this answer

Kubernetes Deployments support rollbacks using 'kubectl rollout undo'. The command automatically reverts to the previous revision. Deleting and recreating the Deployment would require re-creating from the previous manifest. 'kubectl rollout history' shows history but doesn't roll back.

Scaling down then up does not revert the version.

← PreviousPage 2 of 2 · 124 questions total

Ready to test yourself?

Try a timed practice session using only Ace Deploying Implementing questions.