CCNA Ace Ensuring Operation Questions

75 of 100 questions · Page 1/2 · Ace Ensuring Operation topic · Answers revealed

1
Multi-Selectmedium

You want to create a log-based metric to count errors from your application logs. Which TWO resources are required? (Select 2)

Select 2 answers
A.A filter that matches the error log entries
B.An alerting policy
C.A metric descriptor (e.g., name, type, label)
D.A log sink
E.A notification channel
AnswersA, C

Required to identify which logs count.

Why this answer

You need a filter to match error logs and a metric descriptor that defines the metric type.

2
MCQmedium

You have updated a deployment in GKE, but the new pods are crashing. You want to revert to the previous working version. What should you do?

A.kubectl rollout status deployment/my-app
B.kubectl rollout undo deployment/my-app
C.kubectl scale deployment/my-app --replicas=0
D.kubectl delete deployment/my-app and recreate
AnswerB

This rolls back the deployment to the previous revision.

Why this answer

kubectl rollout undo reverts to the previous revision.

3
Multi-Selecteasy

You need to update a deployment in your GKE cluster from image version 1.0 to 2.0. You have already updated the manifest file. Which THREE kubectl commands should you use in sequence? (Choose three in the correct order.)

Select 2 answers
A.kubectl get pods -l app=myapp
B.kubectl set image deployment/myapp myapp-container=gcr.io/myproject/myapp:2.0
C.kubectl rollout undo deployment/myapp
D.kubectl rollout history deployment/myapp
E.kubectl rollout status deployment/myapp
AnswersB, E

Initiates the rolling update.

Why this answer

The sequence is: set image, then rollout status to monitor, and if needed rollout undo. But the question asks for three commands in order. Typically you'd do set image, rollout status, and possibly rollout history? But undo is not always needed.

However, the question may expect: set image, rollout status, and rollout undo (if something goes wrong). But the scenario doesn't mention a problem. I'll choose the standard commands for a rolling update: kubectl set image, kubectl rollout status, and kubectl rollout history (to see revisions).

But the question says 'in sequence' for updating. The correct answer likely includes set image, rollout status, and rollout undo (as a safety net). I'll go with that.

4
MCQeasy

You are using Cloud Run and want to split traffic so that 10% of requests go to revision v2 and 90% go to revision v1. Which command should you use?

A.gcloud run deploy --image my-image --traffic v1=90,v2=10
B.gcloud run services update --traffic v1=90,v2=10
C.gcloud run revisions update v2 --traffic 10
D.gcloud run services update-traffic --to-revisions v1=90,v2=10
AnswerD

Correct command and syntax.

Why this answer

gcloud run services update-traffic allows traffic splitting between revisions.

5
Multi-Selectmedium

An engineer needs to create a Cloud Monitoring dashboard that displays CPU utilization for all Compute Engine instances in a project. Which TWO steps are required? (Choose 2)

Select 2 answers
A.Create an uptime check
B.Add the chart to a dashboard
C.Create a chart using Metric Explorer
D.Create a log-based metric
E.Set up a notification channel
AnswersB, C

Why this answer

First, use Metric Explorer to create a chart with the CPU utilization metric. Then, add that chart to a dashboard. Dashboards can have charts from Metric Explorer.

You do not need to create an alert or export logs.

6
MCQhard

You have a Cloud Run service that experiences intermittent high latency. You want to analyze the latency of specific request paths to identify bottlenecks. You enable Cloud Trace and instrument your application with OpenTelemetry. Which tool or feature should you use to view a waterfall diagram of latencies across services for a single request?

A.Error Reporting
B.Cloud Trace Trace List and Trace Details
C.Cloud Monitoring Metrics Explorer
D.Cloud Logging Logs Explorer
AnswerB

Cloud Trace provides trace details including a waterfall chart showing spans and their latencies for each request.

Why this answer

Cloud Trace provides distributed tracing capabilities, including waterfall diagrams that show the latency of each span in a request. Cloud Logging shows logs, not trace details. Error Reporting aggregates errors.

Metrics Explorer shows aggregated metrics, not per-request traces.

7
MCQeasy

You have a Compute Engine instance that is running a CPU-intensive workload. After monitoring, you realize the machine type needs to be upgraded to a larger CPU. What is the correct sequence to change the machine type?

A.Stop the instance, run gcloud compute instances set-machine-type, then start the instance
B.Run gcloud compute instances set-machine-type while the instance is running
C.Delete the instance and create a new one with the desired machine type
D.Use gcloud compute instances update to change the machine type
AnswerA

This is the correct sequence.

Why this answer

Changing the machine type requires stopping the instance, then using gcloud compute instances set-machine-type, and finally starting the instance.

8
Multi-Selecteasy

You want to monitor the uptime of an external HTTP endpoint from multiple locations around the world. Which TWO steps should you take? (Choose two.)

Select 2 answers
A.Create a log-based metric for the endpoint response time
B.Create a notification channel of type Pub/Sub
C.Select multiple locations (e.g., us-west1, europe-west1, asia-east1) for the uptime check
D.Create an uptime check in Cloud Monitoring with the HTTP endpoint URL
E.Enable VPC flow logs for the endpoint
AnswersC, D

Multiple locations are needed for global monitoring.

Why this answer

Uptime checks are configured in Cloud Monitoring. You create an uptime check specifying the endpoint and locations. Option A and D are correct.

9
MCQeasy

A developer needs to query BigQuery using the bq command-line tool with standard SQL. Which flag should they include?

A.--format
B.--use_legacy_sql=false
C.--project_id
D.--sync
AnswerB

Why this answer

The '--use_legacy_sql=false' flag enables standard SQL. By default, bq uses legacy SQL. '--format' controls output format, not SQL dialect. '--project_id' specifies project. '--sync' is not a valid bq flag.

10
MCQhard

You need to collect and analyze latency traces for a microservices application running on GKE. You want to identify which services are contributing to overall latency. Which Google Cloud service should you enable and use?

A.Cloud Logging
B.Cloud Profiler
C.Cloud Monitoring
D.Cloud Trace
AnswerD

Cloud Trace is designed for distributed tracing and latency analysis.

Why this answer

Cloud Trace is a distributed tracing service that collects latency data from applications and provides tools to analyze performance bottlenecks.

11
MCQhard

You are deploying a GKE cluster with node autoscaling enabled. The cluster runs batch jobs that are sensitive to startup latency. You notice that during scale-up, new nodes take several minutes to become ready. Which action can reduce the time it takes for new nodes to join the cluster?

A.Increase the initial node pool size
B.Set the --max-nodes-per-pool flag to a higher value
C.Use a custom image with pre-installed dependencies
D.Enable cluster autoscaler with --enable-autorepair
AnswerC

Correct: custom images with pre-installed software reduce node startup time.

Why this answer

Using a custom image with pre-installed dependencies reduces the time needed for node initialization because the image already contains the required software, avoiding downloads during startup. This is especially beneficial for batch jobs.

12
MCQmedium

Your BigQuery query is taking longer than expected. You want to estimate the query cost before running it and get a preview of how many bytes will be processed. Which bq command should you use?

A.bq show --format=prettyjson mydataset.mytable
B.bq ls --format=prettyjson mydataset
C.bq query --use_legacy_sql=false --dry_run 'SELECT ...'
D.bq query --use_legacy_sql=false --batch 'SELECT ...'
AnswerC

Correct: --dry_run estimates bytes processed without running the query.

Why this answer

The bq query command with the --dry_run flag (or --dry-run) will process the query and return the amount of data that would be scanned, without executing the query. This helps estimate cost and performance.

13
MCQmedium

A company wants to split traffic between two revisions of a Cloud Run service: 90% to revision 'green' and 10% to revision 'blue'. Which command should they use?

A.gcloud run revisions list
B.gcloud run services update
C.gcloud run services update-traffic
D.gcloud run deploy
AnswerC

Why this answer

'gcloud run services update-traffic' is the correct command to manage traffic splitting between revisions. 'gcloud run revisions list' only lists revisions. 'gcloud run services update' does not handle traffic directly. 'gcloud run deploy' with --no-traffic is for initial deployment.

14
MCQhard

An engineer needs to update a Kubernetes Deployment's container image to version v2. They run 'kubectl set image deployment/my-app my-container=gcr.io/my-project/my-image:v2'. After a few minutes, they check the rollout status and see a failure. They want to revert to the previous image. Which command should they use?

A.kubectl rollout status deployment/my-app
B.kubectl rollout undo deployment/my-app
C.kubectl delete deployment/my-app --cascade=false
D.kubectl set image deployment/my-app my-container=gcr.io/my-project/my-image:v1
AnswerB

Why this answer

'kubectl rollout undo' reverts the Deployment to the previous revision. 'kubectl rollout status' shows status but does not revert. 'kubectl set image' with v1 would manually set the old image, but 'undo' is the standard rollback command.

15
MCQmedium

Your team wants to send Cloud Monitoring alerts to a Slack channel. You have created a Pub/Sub topic and subscription. Which notification channel type should you configure in Cloud Monitoring?

A.Pub/Sub
B.PagerDuty
C.Slack
D.Email
AnswerA

Use a Pub/Sub notification channel to publish messages to a topic for downstream processing.

Why this answer

Cloud Monitoring can send notifications to Pub/Sub topics, which can then be processed by a subscriber like Slack webhook.

16
MCQmedium

You have a Cloud Run service that is experiencing high latency. You want to analyze the latency distribution of requests. Which Google Cloud tool should you use?

A.Cloud Debugger
B.Cloud Logging Log Explorer
C.Cloud Trace
D.Cloud Monitoring Metrics Explorer
AnswerC

Cloud Trace is designed for latency analysis of requests and services.

Why this answer

Cloud Trace is a distributed tracing service that collects latency data from applications and provides detailed analysis, including latency distributions and per-request traces.

17
MCQeasy

You have a Pub/Sub subscription that is accumulating a backlog of messages. Which Cloud Monitoring metric should you alert on to detect this condition?

A.pubsub.googleapis.com/subscription/oldest_unacked_message_age
B.pubsub.googleapis.com/subscription/sent_messages_count
C.pubsub.googleapis.com/subscription/unacked_messages_by_region
D.pubsub.googleapis.com/subscription/ack_message_count
AnswerA

Correct: this metric shows the age of the oldest unacked message, indicating backlog depth.

Why this answer

The Pub/Sub subscription's 'oldest_unacked_message_age' metric indicates how long the oldest unacknowledged message has been pending. A high value suggests a backlog that is not being processed.

18
MCQmedium

You need to update a deployment in your GKE cluster from image version v1 to v2 gradually, ensuring that only a small percentage of pods run v2 initially. After the rollout, you want to verify the rollout status. Which commands should you use?

A.kubectl set image deployment/my-deployment my-container=gcr.io/my-project/my-image:v2 --record && kubectl rollout status deployment/my-deployment
B.kubectl apply -f updated-deployment.yaml and kubectl rollout undo
C.kubectl edit deployment and kubectl rollout history
D.kubectl run my-deployment --image=gcr.io/my-project/my-image:v2 and kubectl get pods
AnswerA

Correct: set image updates the deployment, and rollout status monitors progress until complete.

Why this answer

Use kubectl set image to update the image, then kubectl rollout status to monitor the rollout. For gradual rollout, you can use kubectl rollout pause/resume or set maxSurge/maxUnavailable, but the question asks for the command to update and verify.

19
Multi-Selecteasy

You need to set up an alert that triggers when the 99th percentile latency of your HTTP(S) load balancer exceeds 5 seconds for 5 minutes. Which THREE resources must you create or configure? (Choose three.)

Select 3 answers
A.An uptime check
B.An alerting policy
C.A notification channel (e.g., email, Slack, PagerDuty)
D.A log-based metric for latency
E.A metric threshold condition in the alerting policy
AnswersB, C, E

The policy ties the condition and notification together.

Why this answer

An alerting policy requires a metric threshold condition, a notification channel, and a policy. Options A, C, and E are correct.

20
Multi-Selecthard

Your application running on Compute Engine is experiencing intermittent high latency. You need to diagnose the root cause. Which THREE tools or services should you use to gather data? (Choose 3)

Select 3 answers
A.Cloud Monitoring
B.Cloud Logging
C.Cloud Profiler
D.Cloud Debugger
E.Cloud Trace
AnswersA, B, E

Correct: to view metrics like CPU, memory, network, and set up dashboards.

Why this answer

Cloud Monitoring provides metrics and dashboards; Cloud Logging provides logs; Cloud Trace provides trace data for latency analysis. Together they cover metrics, logs, and traces for comprehensive troubleshooting.

21
MCQmedium

A company wants to export all Cloud Logging logs to BigQuery for long-term analysis. They create a log sink with a BigQuery dataset as the destination. After a few days, they notice that some logs are missing in BigQuery. What is the most likely reason?

A.The sink's inclusion filter is too restrictive
B.Logs older than 30 days cannot be exported
C.The sink's destination is a table, not a dataset
D.BigQuery dataset is in a different region
AnswerA

Why this answer

Log sinks have a buffer period of up to a few minutes, but they guarantee delivery. However, if the sink's filter excludes certain logs (e.g., by resource type or severity), those logs are not exported. Missing logs usually indicate a filter misconfiguration.

22
MCQhard

Your GKE cluster nodes are running low on resources. You need to enable node pool autoscaling so that the cluster automatically adds and removes nodes based on demand. The node pool is named 'default-pool'. Which command completes this task?

A.gcloud container node-pools update default-pool --autoscaling enabled
B.gcloud container node-pools update default-pool --enable-autoscaling --min-nodes 1 --max-nodes 10
C.kubectl autoscale node-pool default-pool --min 1 --max 10
D.gcloud container clusters update my-cluster --enable-autoscaling --min-nodes 1 --max-nodes 10
AnswerB

Correct command for node pool autoscaling.

Why this answer

gcloud container node-pools update with --enable-autoscaling enables autoscaling, and --min-nodes/--max-nodes set boundaries.

23
MCQhard

Your organization runs a critical application on Compute Engine VMs. You have created a snapshot schedule, but you need to ensure that snapshots of disks attached to running instances are crash-consistent. What must you do before taking the snapshot?

A.Stop the VM before taking the snapshot
B.Detach the disk from the instance
C.Enable guest OS features for the instance
D.Use the --no-pause flag when creating the snapshot
AnswerA

Stopping the VM guarantees that all writes are flushed to disk, producing a crash-consistent snapshot.

Why this answer

Crash-consistent snapshots require no special preparation if the disk is not attached or the VM is stopped. For running instances, you must stop the VM or flush disk caches to ensure crash consistency.

24
MCQeasy

An engineer needs to create an alerting policy in Cloud Monitoring that sends a notification when the 99th percentile latency of a service exceeds 500 ms for 5 minutes. Which metric type should they use?

A.Metric threshold
B.Log-based metric
C.Uptime check
D.Cloud Audit Logs
AnswerA

Why this answer

A metric threshold alert uses a numeric metric and triggers when the value crosses a threshold. Log-based alerts are for when a specific log entry appears. Uptime checks monitor availability, not latency percentiles.

25
MCQhard

You need to change the machine type of a running Compute Engine instance from n1-standard-4 to n1-standard-8. What is the correct procedure?

A.Delete the instance and recreate it with the new machine type.
B.Run gcloud compute instances set-machine-type while the instance is running.
C.Stop the instance, run gcloud compute instances set-machine-type, then start the instance.
D.Take a snapshot, create a new instance, and attach the disk.
AnswerC

This is the required sequence.

Why this answer

Changing machine type requires stopping the instance first.

26
MCQmedium

You need to export all Cloud Logging logs from a specific project to BigQuery for long-term analysis. What should you create?

A.A log-based metric with BigQuery as destination
B.A log sink with BigQuery as the destination
C.A Pub/Sub subscription that pushes logs to BigQuery
D.An export job from Logging to BigQuery using gcloud logging export
AnswerB

Log sinks export logs to a destination. BigQuery is a supported destination.

Why this answer

Log sinks in Cloud Logging allow you to route logs to destinations like BigQuery, Cloud Storage, or Pub/Sub. You create a sink with BigQuery as the destination.

27
MCQmedium

You need to attach an existing 100 GB persistent disk named 'my-disk' to a Compute Engine instance 'web-server-1'. What is the correct command?

A.gcloud compute instances add-disk web-server-1 --disk my-disk
B.gcloud compute disks attach my-disk --instance web-server-1
C.gcloud compute disks create my-disk --instance web-server-1
D.gcloud compute instances attach-disk web-server-1 --disk my-disk
AnswerD

This attaches the disk to the instance.

Why this answer

The command is gcloud compute instances attach-disk.

28
MCQmedium

A developer needs to check the latest logs from a Compute Engine instance to debug a failed startup script. They want to filter logs from the last hour with severity ERROR or higher. Which Cloud Logging query language filter should they use?

A.resource.type="gce_instance" timestamp>="-1h" severity>=ERROR
B.resource.type="gce_instance" severity=ERROR timestamp>="-1h"
C.resource.type="compute.googleapis.com/Instance" severity>=ERROR timestamp<"-1h"
D.resource.labels.instance_id="*" severity>=ERROR timestamp>="-3600s"
AnswerA

Uses resource.type for GCE instances, time range -1h, and severity>=ERROR to include ERROR, CRITICAL, ALERT, EMERGENCY.

Why this answer

The correct filter uses resource.type for compute instances, timestamp to limit to the last hour, and severity >= ERROR to capture errors and above. Option B uses the correct syntax.

29
MCQmedium

A team needs to analyze application logs to find errors from the last 24 hours. The logs are stored in Cloud Logging. Which query language filters would select log entries where the severity is ERROR and the resource type is a GCE VM instance?

A.resource.type = 'gce_instance' AND severity = 'ERROR'
B.resource.type:gce_instance AND severity:ERROR
C.resource.type == 'gce_instance' && severity == 'ERROR'
D.type='gce_instance' AND level='ERROR'
AnswerA

This filter correctly specifies the resource type and severity.

Why this answer

Cloud Logging query language uses filters like resource.type and severity. The correct syntax uses parentheses for conditions.

30
MCQeasy

You want to receive notifications when a specific metric exceeds a threshold. Which Cloud Monitoring resource defines the condition and the action?

A.Alerting policy
B.Dashboard
C.Uptime check
D.Notification channel
AnswerA

Alerting policies define conditions and actions like sending notifications.

Why this answer

An alerting policy defines conditions (metric threshold) and notification channels.

31
Multi-Selectmedium

You need to drain a GKE node for maintenance. Which THREE steps should you perform? (Select 3)

Select 3 answers
A.Cordon the node to prevent new pods
B.Use kubectl drain <node-name> --ignore-daemonsets --delete-emptydir-data
C.Use gcloud container clusters upgrade to upgrade the node
D.After draining, perform maintenance or delete the node
E.Use kubectl uncordon after maintenance to allow scheduling
AnswersB, D, E

Standard drain command.

Why this answer

Draining a node evicts pods while respecting PodDisruptionBudgets, and after draining you can perform maintenance or delete the node.

32
MCQmedium

You are using Cloud Logging and want to export all logs from a specific Compute Engine instance to BigQuery for long-term analysis. You create a log sink with a filter for the instance's resource type and labels. What additional step is required to complete the export?

A.Create a Cloud Pub/Sub topic and configure a push subscription
B.Create a BigQuery dataset and grant the log sink's service account the BigQuery Data Editor role
C.Create a Cloud Storage bucket as a staging location
D.Enable BigQuery's streaming buffer on the dataset
AnswerB

Correct: the dataset must exist, and the sink's writer identity needs write access to the dataset.

Why this answer

Log sinks require a destination. For BigQuery, the sink must be configured with the destination as a BigQuery dataset. You must create the dataset first, then specify it in the sink.

The sink also needs appropriate permissions on the dataset.

33
Multi-Selectmedium

You are managing a GKE cluster and need to upgrade the node pool to a newer Kubernetes version. Which THREE steps should you perform as part of the upgrade process?

Select 3 answers
A.Upgrade the cluster control plane using gcloud container clusters upgrade
B.Drain all nodes in the node pool using kubectl drain
C.Upgrade the node pool using gcloud container node-pools upgrade
D.Verify the node pool status and pod health after upgrade
E.Create a new node pool and migrate workloads
AnswersA, C, D

Correct: the control plane must be at or above the target version before upgrading node pools.

Why this answer

To upgrade a node pool, you first upgrade the control plane (if not already upgraded), then upgrade the node pool. You can use gcloud container clusters upgrade to upgrade the cluster (control plane) or node pool. If you want to minimize disruption, you may also consider draining nodes beforehand, but it is not strictly required if you use surge upgrade.

The question asks for steps in the process.

34
MCQmedium

You need to split traffic between two revisions of your Cloud Run service: revision-1 (stable) should receive 90% of traffic, and revision-2 (canary) should receive 10%. Which command should you run?

A.gcloud run services update SERVICE --to-revisions=revision-1=90,revision-2=10
B.gcloud run revisions update revision-2 --traffic=10
C.gcloud run services set-iam-policy SERVICE policy.yaml
D.gcloud run deploy SERVICE --image=IMAGE --no-traffic
AnswerA

Correct: this sets the traffic split as specified.

Why this answer

The gcloud run services update-traffic command allows you to specify traffic percentages per revision. You can use --to-revisions to assign percentages.

35
MCQmedium

You have a Cloud Run service that you want to update to use a new container image. You also want to keep the previous revision available in case you need to roll back. Which command should you use?

A.gcloud run deploy my-service --image gcr.io/my-project/my-app:v2
B.gcloud run revisions update my-service --image gcr.io/my-project/my-app:v2
C.gcloud run services update --image gcr.io/my-project/my-app:v2
D.kubectl set image service/my-service my-app=gcr.io/my-project/my-app:v2
AnswerA

Deploy creates a new revision and retains old ones.

Why this answer

gcloud run deploy creates a new revision and by default keeps the previous revision(s).

36
MCQhard

Your application uses Pub/Sub to process orders. You notice that the subscription backlog is growing. Which tool should you use to analyze the latency of each step in the processing pipeline?

A.Cloud Monitoring
B.Cloud Profiler
C.Cloud Logging
D.Cloud Trace
AnswerD

Cloud Trace traces requests across services to identify latency.

Why this answer

Cloud Trace provides end-to-end latency analysis across distributed services, helping identify bottlenecks.

37
Multi-Selectmedium

You are troubleshooting a slow Pub/Sub subscription. Which three steps should you take to diagnose the issue? (Choose three.)

Select 3 answers
A.Check the subscription's backlog in the Pub/Sub console or via gcloud pubsub subscriptions describe
B.Use Cloud Monitoring Metrics Explorer to view the subscription's backlog and ack messages count
C.Use Cloud Trace to analyze the latency of each Pub/Sub message
D.Use Cloud Debugger to inspect the subscriber code
E.Use Cloud Logging to check for subscriber errors or delivery failures
AnswersA, B, E

Backlog indicates how many unacknowledged messages are pending.

Why this answer

Cloud Monitoring (Metrics Explorer) can show subscription backlog, Cloud Logging can show subscriber errors, and checking the subscription's backlog via gcloud or console helps assess the issue. Cloud Trace is for HTTP-based services, not Pub/Sub directly. Cloud Debugger is for code debugging, not Pub/Sub monitoring.

38
MCQhard

Your organization runs a stateful workload on a Compute Engine VM with a 500 GB persistent disk. You need to resize the VM to a machine type with more CPUs and memory, while minimizing downtime. You also need to ensure the disk is backed up before the change. What is the correct sequence of steps?

A.1. gcloud compute instances stop VM_NAME 2. gcloud compute disks snapshot DISK_NAME --snapshot-names backup-snapshot 3. gcloud compute instances set-machine-type VM_NAME --machine-type n1-standard-8 4. gcloud compute instances start VM_NAME
B.1. gcloud compute snapshots create backup-snapshot --disk DISK_NAME 2. gcloud compute instances set-machine-type VM_NAME --machine-type n1-standard-8 3. gcloud compute instances start VM_NAME
C.1. gcloud compute instances stop VM_NAME 2. gcloud compute snapshots create backup-snapshot --source-disk DISK_NAME --source-disk-zone ZONE 3. gcloud compute instances set-machine-type VM_NAME --machine-type n1-standard-8 4. gcloud compute instances start VM_NAME
D.1. gcloud compute instances set-machine-type VM_NAME --machine-type n1-standard-8 2. gcloud compute snapshots create backup-snapshot --disk DISK_NAME 3. gcloud compute instances start VM_NAME
AnswerA

Correct order: stop VM, create disk snapshot (command uses 'disks snapshot' with --snapshot-names), change machine type, start.

Why this answer

To change machine type, the VM must be stopped. A snapshot can be created without stopping the disk, but for consistency it's recommended to stop the VM first. After snapshot, change machine type, then start.

Option C is the only correct sequence.

39
MCQhard

You need to drain a GKE node for maintenance. The node runs DaemonSet pods and pods using emptyDir volumes. Which kubectl drain command correctly handles these pods without causing disruption to critical system components?

A.kubectl drain NODE --force
B.kubectl drain NODE --ignore-daemonsets
C.kubectl drain NODE --delete-emptydir-data
D.kubectl drain NODE --ignore-daemonsets --delete-emptydir-data
AnswerD

Correct: both flags are needed to handle DaemonSets and emptyDir pods.

Why this answer

The kubectl drain command evicts pods from a node. To handle DaemonSet pods (which should be ignored because they are managed by the DaemonSet controller) and pods with emptyDir volumes (which may need --delete-emptydir-data to force eviction), you use --ignore-daemonsets and --delete-emptydir-data.

40
MCQhard

A GKE cluster is running a critical workload. An engineer needs to perform maintenance on a node without disrupting the pods. They plan to use 'kubectl drain'. Which additional flags are typically required to safely drain a node?

A.--dry-run --now
B.--ignore-daemonsets --delete-emptydir-data
C.--force --grace-period=0
D.--all-namespaces --selector
AnswerB

Why this answer

The '--ignore-daemonsets' flag tells kubectl to ignore DaemonSet-managed pods (they will be rescheduled). The '--delete-emptydir-data' flag allows draining nodes with pods using emptyDir volumes (data is ephemeral). Both are commonly required for safe draining.

41
Multi-Selectmedium

You need to export all logs from Cloud Logging to a BigQuery dataset for long-term analysis. The export should include logs from all projects in the organization. Which TWO actions should you take? (Choose two.)

Select 2 answers
A.Create a log sink with destination type Cloud Storage bucket
B.Create a log sink with destination type BigQuery dataset
C.Create a log-based metric to filter the logs
D.Create the sink at the organization level
E.Create the sink at the project level for each project individually
AnswersB, D

Log sinks can export to BigQuery. The sink must specify the BigQuery dataset as the destination.

Why this answer

To export logs to BigQuery, you create a sink with a BigQuery destination. To include all projects, you create the sink at the organization level. Options A and E are correct.

42
Multi-Selectmedium

Your BigQuery dataset contains a table with sensitive customer data. You want to allow a data analyst to query the table but prevent them from viewing the data directly. You also need to ensure they cannot export the data. Which TWO IAM roles should you grant the analyst? (Choose two.)

Select 2 answers
A.roles/bigquery.jobUser
B.roles/bigquery.dataViewer
C.roles/bigquery.admin
D.roles/storage.objectViewer
E.roles/bigquery.dataEditor
AnswersA, B

Allows running query jobs.

Why this answer

BigQuery Data Viewer allows querying but not viewing table data directly? Actually, BigQuery Data Viewer allows reading table data. However, the scenario is tricky: to prevent viewing data directly, you might need to use authorized views. But among roles, BigQuery Job User allows running jobs (queries) without reading data, and BigQuery Data Viewer allows reading data but not exporting.

The combination of Job User and Data Viewer would allow querying and reading data. But the requirement is to prevent viewing data directly, so perhaps they should not have Data Viewer. A better approach is to grant BigQuery Job User and BigQuery Data Viewer? Actually, without Data Viewer, they cannot query tables.

So the correct combination is BigQuery Job User (to submit queries) and BigQuery Data Viewer (to read the table). However, Data Viewer allows viewing data. To prevent direct viewing, you could use column-level security or authorized views.

But the question asks for IAM roles. The standard answer for allowing querying but not direct access is to grant BigQuery Job User and BigQuery Data Viewer on the dataset. I'll go with that.

43
MCQeasy

You want to stop a Compute Engine instance to reduce costs. It will be started again in a few hours. Which command should you use?

A.gcloud compute instances suspend
B.gcloud compute instances stop
C.gcloud compute instances delete
D.gcloud compute instances reset
AnswerB

Stop suspends the instance, preserving its state and attached disks.

Why this answer

The gcloud compute instances stop command gracefully stops the instance.

44
MCQmedium

An engineer needs to attach an existing persistent disk to a Compute Engine instance. They have created the disk using 'gcloud compute disks create'. Which command should they use to attach it?

A.gcloud compute disks resize
B.gcloud compute instances attach-disk
C.gcloud compute instances add-disk
D.gcloud compute disks attach
AnswerB

Why this answer

'gcloud compute instances attach-disk' attaches a disk to an instance. 'gcloud compute disks attach' does not exist. 'gcloud compute instances add-disk' is not a valid command. 'gcloud compute disks resize' resizes the disk.

45
MCQeasy

You want to export a subset of Cloud Logging logs to BigQuery for long-term analysis. Which method should you use?

A.Create a log-based metric and export the metric to BigQuery
B.Create a log sink with a filter and destination BigQuery
C.Set up a Cloud Function that triggers on logs and inserts into BigQuery
D.Use gcloud logging read and pipe to bq load
AnswerB

Log sinks are designed for exporting logs to specified destinations.

Why this answer

Log sinks route logs to destinations like BigQuery, Cloud Storage, or Pub/Sub. Creating a sink with a filter is the correct approach.

46
MCQmedium

You want to monitor the uptime of an external HTTP endpoint every minute and receive an email notification if the endpoint is unavailable for more than two consecutive checks. What should you do?

A.Create a log-based alert in Cloud Logging that triggers on network errors
B.Create an uptime check in Cloud Monitoring, then create an alerting policy with condition 'metric threshold' for 'check_failed' and set notification channel to email
C.Use Cloud Functions to periodically call the endpoint and send an email on failure
D.Configure a TCP health check on the load balancer
AnswerB

Uptime check plus alerting policy with metric threshold condition is the correct approach.

Why this answer

Uptime checks in Cloud Monitoring can be configured to check HTTP endpoints. You can set alerting conditions based on the duration of the outage and choose email as a notification channel.

47
MCQmedium

You need to export logs from Cloud Logging to a BigQuery dataset for long-term analysis. What should you create?

A.An alerting policy with a log-based trigger
B.A log-based metric
C.An export job in BigQuery
D.A log sink with BigQuery as the destination
AnswerD

A log sink routes logs to BigQuery, Cloud Storage, or Pub/Sub.

Why this answer

Log sinks are used to route logs to destinations like BigQuery, Cloud Storage, or Pub/Sub.

48
MCQhard

You need to drain a GKE node for maintenance, ensuring that daemonsets and pods using emptyDir volumes are handled properly. Which command should you use?

A.kubectl taint nodes NODE key=value:NoSchedule
B.kubectl drain NODE --ignore-daemonsets --delete-emptydir-data
C.kubectl delete node NODE
D.kubectl cordon NODE && kubectl delete pods --all
AnswerB

These flags properly handle daemonsets and emptyDir volumes.

Why this answer

kubectl drain with flags ignores daemonsets and deletes emptyDir pods.

49
MCQmedium

You need to resize a Compute Engine instance from n1-standard-4 to n1-highmem-8. The instance has a local SSD attached. What must you do before changing the machine type?

A.Stop the instance, change the machine type, then start the instance
B.Take a snapshot of the local SSD
C.Change the machine type without stopping
D.Detach the local SSD
AnswerA

Correct: stopping is required to change machine type. Local SSD data will be lost, but that is expected.

Why this answer

To change the machine type, the instance must be stopped. Local SSDs preserve data only if the instance is not stopped or terminated; however, when you stop the instance, local SSD data is lost. The correct procedure is to stop the instance, change the machine type, and then start it.

Data on local SSDs will be lost.

50
MCQhard

An application is experiencing intermittent high latency. Using Cloud Trace, an engineer identifies that the bottleneck is a Pub/Sub subscription with a large backlog. Which action would MOST directly help reduce the backlog?

A.Increase the ack deadline
B.Increase the maximum message size
C.Increase the message retention duration
D.Increase the number of subscribers
AnswerD

Why this answer

Increasing the number of subscribers (e.g., scaling out the subscriber application) will increase the processing rate and reduce backlog. Increasing the retention duration keeps messages longer, not reducing backlog. The ack deadline and message size are not the primary causes of backlog.

51
MCQmedium

You need to export all Cloud Logging logs from your project to BigQuery for long-term analysis. What should you create?

A.A Cloud Monitoring dashboard
B.A VPC flow log
C.A log-based alert
D.A log sink with destination BigQuery
AnswerD

A log sink can export logs to BigQuery datasets.

Why this answer

Log sinks route logs to supported destinations including BigQuery.

52
MCQmedium

You are investigating high latency in your application deployed on Compute Engine. You suspect a specific API call is taking longer than expected. Which Google Cloud tool should you use to analyze the latency of individual requests?

A.Cloud Debugger
B.Cloud Trace
C.Cloud Monitoring dashboards
D.Cloud Logging log explorer
AnswerB

Correct: Cloud Trace is designed for latency analysis and distributed tracing.

Why this answer

Cloud Trace provides distributed tracing, allowing you to see the latency of individual requests and identify bottlenecks. It captures trace spans from supported frameworks and services.

53
MCQhard

You are deploying a new revision of a Cloud Run service. You want to gradually shift traffic from the old revision to the new one, starting with 10% traffic to the new revision. Which command should you use?

A.gcloud run services update-traffic my-service --to-revision new-revision --percent 10
B.gcloud run revisions traffic my-service --to-revision new-revision --percent 10
C.gcloud run services update my-service --image gcr.io/my-project/my-image:new
D.gcloud run deploy my-service --image gcr.io/my-project/my-image:new --traffic new-revision=10
AnswerA

This command sets 10% traffic to the new revision.

Why this answer

Cloud Run allows traffic splitting between revisions. The gcloud run services update-traffic command can specify the percentage of traffic for each revision.

54
MCQmedium

You manage a Google Kubernetes Engine (GKE) cluster and need to update the deployment 'web-app' to use a new container image tag 'v2'. You also want to ensure the update proceeds and, if it fails, roll back to the previous revision. Which set of commands should you use?

A.gcloud container clusters upgrade; kubectl rollout status; kubectl rollout undo
B.kubectl set image deployment/web-app web-app=gcr.io/myproject/web-app:v2; kubectl rollout status; kubectl rollout undo
C.kubectl edit deployment web-app; kubectl rollout status; kubectl delete deployment web-app
D.kubectl apply -f web-app.yaml; kubectl rollout status; kubectl rollout undo
AnswerB

This correctly updates the image, checks rollout status, and provides a rollback command if needed.

Why this answer

kubectl set image updates the image; kubectl rollout status monitors progress; kubectl rollout undo reverts to the previous revision.

55
MCQmedium

You have a GKE cluster with a node pool that needs to scale automatically based on load. The cluster was created with autoscaling disabled. Which command enables autoscaling on an existing node pool?

A.gcloud container node-pools create my-pool --enable-autoscaling
B.kubectl autoscale node-pool my-pool --min=1 --max=10
C.gcloud container node-pools update my-pool --cluster=my-cluster --enable-autoscaling --min-nodes=1 --max-nodes=10
D.gcloud container clusters update my-cluster --enable-autoscaling
AnswerC

This correctly enables autoscaling on the specified node pool.

Why this answer

gcloud container node-pools update with --enable-autoscaling and min/max node parameters enables autoscaling.

56
Multi-Selectmedium

You need to set up log-based alerting in Cloud Logging to send notifications when a specific error pattern appears in your application logs. Which TWO components are required to accomplish this?

Select 2 answers
A.An alerting policy
B.A log sink
C.A Cloud Pub/Sub topic
D.An uptime check
E.A log-based metric
AnswersA, E

Correct: the policy sets the threshold and notification channels.

Why this answer

To create a log-based alert, you need a log-based metric that counts the matching log entries, and an alerting policy that uses that metric. The metric is the source of the condition, and the policy defines when to notify.

57
Multi-Selectmedium

You are troubleshooting a Pub/Sub subscription that is not delivering messages promptly. Which THREE factors should you investigate? (Choose THREE.)

Select 3 answers
A.The subscription's backlog size
B.The topic's retention duration
C.The subscriber's processing latency
D.The message ordering key
E.The acknowledgment deadline
AnswersA, C, E

A large backlog indicates slow processing.

Why this answer

Common causes include backlog, subscriber latency, and ack deadlines.

58
MCQmedium

You have a Compute Engine VM instance that is currently running. You need to resize it to a different machine type. What must you do first?

A.Stop the instance, then use gcloud compute instances set-machine-type, then start the instance.
B.Use gcloud compute instances update --machine-type while the instance is running.
C.Detach all disks, change machine type, then reattach disks.
D.Create a snapshot of the disk and use it to create a new instance with the desired machine type.
AnswerA

Correct procedure: stop the instance, change machine type, start.

Why this answer

Changing the machine type requires the VM to be in a stopped state. You must stop the instance, change the machine type, then start it.

59
Multi-Selectmedium

A company wants to automate the response to specific log entries by triggering a Cloud Function. Which THREE components are required? (Choose 3)

Select 3 answers
A.Cloud Function (Pub/Sub trigger)
B.Cloud Logging log sink
C.Pub/Sub topic
D.BigQuery dataset
E.Cloud Monitoring notification channel
AnswersA, B, C

Why this answer

Log entries must be routed to a Pub/Sub topic via a log sink. The Cloud Function subscribes to that topic (triggered by Pub/Sub). The log sink is the exporter, Pub/Sub is the intermediary, and Cloud Function is the action.

A notification channel is for alerts, not triggers. BigQuery is not needed.

60
Multi-Selectmedium

Your GKE cluster has a node pool that is underutilized. You want to enable cluster autoscaling to automatically adjust the number of nodes based on workload demand. Which TWO steps are required? (Choose two.)

Select 2 answers
A.Upgrade the control plane to the latest version
B.Specify --min-nodes and --max-nodes parameters
C.Run gcloud container clusters update CLUSTER_NAME --node-pool POOL_NAME --enable-autoscaling
D.Set the --autoscaling-profile option to 'optimize-utilization'
E.Run gcloud container node-pools update POOL_NAME --enable-autoscaling --cluster CLUSTER_NAME
AnswersB, E

Minimum and maximum node counts must be set for autoscaling to work.

Why this answer

Cluster autoscaling requires enabling autoscaling on the node pool and updating it with min/max node limits. Options A and C are the correct steps. Option B is for legacy, D is for manual scaling, E is for upgrading.

61
MCQeasy

An engineer needs to monitor the external HTTP availability of a web application hosted on Compute Engine. Which Cloud Monitoring feature should they use?

A.Uptime check
B.Dashboard
C.Metric Explorer
D.Log-based alert
AnswerA

Why this answer

Uptime checks are designed to verify that a resource is accessible and measure response latency from various locations. They can check HTTP/HTTPS/TCP endpoints.

62
MCQmedium

A Cloud Run service is experiencing high latency. You suspect one revision is causing the issue. The service is configured to split traffic 90% to revision A and 10% to revision B. You want to gradually shift traffic back to revision A only. Which command should you use?

A.kubectl set traffic my-service --revision=my-service-00001=100
B.gcloud run services update-traffic my-service --to-revisions=my-service-00001=100
C.gcloud run revisions delete my-service-00002
D.gcloud run services update my-service --set-revision my-service-00001
AnswerB

This sets 100% traffic to revision A (represented by the revision name).

Why this answer

gcloud run services update-traffic allows you to set traffic percentages for revisions. Setting 100% to revision A achieves the goal.

63
MCQmedium

You need to find all log entries from the past hour where a Compute Engine instance failed to start. Which Cloud Logging query language filter should you use?

A.resource.type="gce_instance" AND severity="ERROR" AND "instance" AND timestamp>="-1h"
B.resource.type="gce_instance" AND severity="ERROR" AND "Could not start instance" AND timestamp>="-1h"
C.resource.type="gce_instance" AND "instance" AND timestamp>="-1h"
D.resource.type="gce_instance" AND severity="ERROR" AND "startup"
AnswerB

This filter targets Compute Engine instances, ERROR severity, a specific error message, and the last hour.

Why this answer

The correct filter combines resource type, severity, and a timestamp range.

64
MCQeasy

You need to update the container image of a deployment named 'my-app' in GKE to a new version. Which command should you use?

A.kubectl apply -f updated-deployment.yaml
B.kubectl update deployment my-app --image=my-image:v2
C.kubectl edit deployment my-app --image=my-image:v2
D.kubectl set image deployment/my-app my-app-container=my-image:v2
AnswerD

This updates the container named 'my-app-container' to the new image.

Why this answer

kubectl set image updates the image of a deployment.

65
MCQeasy

You want to view recent errors from your Compute Engine instances using Cloud Logging. Which query language statement would you use in the Log Explorer?

A.resource.type = "compute.googleapis.com/Instance" AND severity = "ERROR"
B.type = "gce_instance" AND level = "ERROR"
C.resource.type=gce_instance AND severity=error
D.resource.type = "gce_instance" AND severity = "ERROR"
AnswerD

This query correctly filters logs from Compute Engine instances with ERROR severity.

Why this answer

In Cloud Logging, you can filter logs by resource type and severity. The correct syntax uses fields like resource.type and severity.

66
Multi-Selecthard

An engineer is troubleshooting a Compute Engine instance that is unreachable via SSH. They suspect a firewall rule is blocking traffic. Which TWO actions should they take to diagnose the issue? (Choose 2)

Select 2 answers
A.Create a Cloud Monitoring alert for packet loss
B.View Cloud Logging for firewall rule logs
C.Run gcloud compute ssh --dry-run
D.Use Cloud Trace to analyze network latency
E.Check VPC firewall rules in Cloud Console
AnswersB, E

Why this answer

In Cloud Logging, you can view firewall logs (if VPC flow logs are enabled, but firewall rules logging can be enabled per rule). Checking VPC firewall rules in the Cloud Console allows you to verify the rules. Cloud Trace is for latency, Cloud Monitoring for metrics, and gcloud compute ssh is for connecting, not diagnosing firewall rules.

67
MCQhard

You need to perform a rolling update of a GKE deployment and ensure that during the update, the new pods are ready before terminating the old ones. You have already set the update strategy to RollingUpdate. Which kubectl command sequence should you use to update the image and monitor the rollout?

A.gcloud container clusters upgrade my-cluster; kubectl get deployments
B.kubectl set image deployment/myapp myapp=gcr.io/myproject/myapp:v2; kubectl rollout status deployment/myapp
C.kubectl edit deployment myapp; kubectl get pods; kubectl delete pod old-pod
D.kubectl apply -f deployment.yaml; kubectl rollout undo deployment/myapp
AnswerB

This updates the image and monitors the rollout status.

Why this answer

kubectl set image updates the image; kubectl rollout status monitors the progress. If the rollout fails, kubectl rollout undo rolls back.

68
Multi-Selecteasy

You need to set up an alerting policy to notify your team via email and Slack when a Compute Engine instance's CPU utilization exceeds 80% for 5 minutes. Which two resources must you configure? (Choose two.)

Select 2 answers
A.A Cloud Function to check CPU and send Slack message
B.A metric threshold condition on the 'compute.googleapis.com/instance/cpu/utilization' metric
C.An uptime check for the external IP of the instance
D.A notification channel of type 'email'
E.A log-based alert for the 'compute.googleapis.com/instance' log
AnswersB, D

This condition triggers when CPU exceeds 80% for the specified duration.

Why this answer

To create an alerting policy, you need a metric threshold condition (e.g., CPU utilization > 80% for 5 minutes) and notification channels (email, Slack). Uptime checks are for availability, not performance metrics. Log-based alerts are for log events, not metrics.

69
Multi-Selectmedium

You need to drain a GKE node for maintenance without disrupting running workloads that are managed by a DaemonSet. Which TWO flags should you use with kubectl drain? (Choose two.)

Select 2 answers
A.--delete-emptydir-data
B.--grace-period=0
C.--disable-eviction
D.--ignore-daemonsets
E.--force
AnswersA, D

Necessary if any pods use emptyDir volumes; the question doesn't specify, but it's a common flag used in drains.

Why this answer

kubectl drain evicts pods. By default, it will fail if there are pods not managed by a ReplicationController/ReplicaSet/Deployment or if there are DaemonSet pods. The --ignore-daemonsets flag allows draining despite DaemonSet pods.

The --delete-emptydir-data flag is needed if any pods use emptyDir volumes.

70
MCQhard

Your GKE cluster is running a deployment with a container image my-app:v1. You need to update it to my-app:v2 and monitor the rollout progress. Which commands should you use?

A.gcloud compute instances update-container and kubectl get events
B.kubectl edit deployment/my-app and change the image, then kubectl rollout undo if needed
C.kubectl set image deployment/my-app my-app=my-app:v2 followed by kubectl rollout status deployment/my-app
D.gcloud container clusters upgrade and kubectl get pods
AnswerC

Correct sequence to update and monitor rollout.

Why this answer

kubectl set image updates the deployment, and kubectl rollout status monitors progress.

71
MCQeasy

You need to alert when the CPU utilization of your Compute Engine instance exceeds 80% for 5 minutes. What should you create in Cloud Monitoring?

A.An uptime check
B.A metric threshold alerting policy
C.A log-based alert
D.A dashboard chart
AnswerB

Metric threshold alerts evaluate metric data against a threshold over time.

Why this answer

A metric threshold alerting policy triggers when a metric crosses a threshold for a specified duration.

72
MCQhard

You need to create a log-based metric that counts the number of 5xx errors from your application logs. The logs are in Cloud Logging and contain a field "httpRequest.status". Which filter should you use when creating the metric?

A.httpRequest.status:5*
B.severity=ERROR AND "5xx"
C.httpRequest.status = 500 OR httpRequest.status = 501 OR httpRequest.status = 502
D.httpRequest.status >= 500
AnswerD

This filter correctly selects log entries with status code 500 or greater.

Why this answer

Log-based metrics use Cloud Logging filter language to select log entries.

73
MCQmedium

You want to create a snapshot of a persistent disk named 'my-disk' in zone us-central1-a. Which command should you use?

A.gcloud compute snapshots create my-snapshot --source-disk my-disk --zone us-central1-a
B.gcloud compute disks snapshot my-disk --snapshot-names my-snapshot --zone us-central1-a
C.gcloud compute images create my-snapshot --source-disk my-disk --zone us-central1-a
D.gcloud compute disks create-snapshot my-disk --snapshot-name my-snapshot --zone us-central1-a
AnswerB

This creates a snapshot of the disk with the given name.

Why this answer

The gcloud compute disks snapshot command creates a snapshot of the specified disk. You need to provide the disk name and zone.

74
Multi-Selecthard

You are designing a disaster recovery plan for a stateful application running on Compute Engine. You need to create crash-consistent backups of persistent disks every hour and store them in a different region for at least 30 days. Which TWO steps should you take? (Choose two.)

Select 2 answers
A.Stop the VM before taking each snapshot
B.Copy the snapshot to a different region using gcloud compute snapshots create --source-snapshot --region
C.Use gcloud compute images create to create a custom image from the snapshot, then export to a different region
D.Create a snapshot schedule using gcloud compute resource-policies
E.Use gcloud compute snapshots create with the --source-disk flag while the VM is running
AnswersA, B

Stopping the VM ensures crash consistency.

Why this answer

Snapshots are stored in regional locations, but can be moved using image creation. You need to stop the instance for crash consistency, then create snapshots. To store in a different region, you can create a disk from the snapshot in the new region or use image sharing.

The correct combination: stop the instance, create a snapshot, then copy or store the snapshot in the target region.

75
MCQmedium

You have a BigQuery table with billions of rows. You need to create a new table with the same schema and copy all data from the original table. Which approach is most efficient?

A.Use bq load with an empty file to create the table, then insert data row by row.
B.Export the original table to Cloud Storage as Avro, then load into the new table.
C.Use bq query --destination_table mydataset.newtable 'SELECT * FROM mydataset.original'
D.Use bq cp (copy) command.
AnswerC

This copies data directly without intermediate storage.

Why this answer

Using bq query with SELECT * and a destination table is efficient because BigQuery can copy data without exporting and loading.

Page 1 of 2 · 100 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Ace Ensuring Operation questions.