CCNA Fundamental Cloud Concepts Questions

75 of 84 questions · Page 1/2 · Fundamental Cloud Concepts · Answers revealed

1
MCQeasy

A data scientist wants to train a machine learning model using a managed service that supports custom TensorFlow code and provides GPU/TPU hardware acceleration. They prefer not to manage the underlying infrastructure. Which Google Cloud service should they use?

A.Compute Engine with pre-installed TensorFlow
B.AI Platform Training (Vertex AI Training)
C.Cloud Functions
D.Google Kubernetes Engine with GPU nodes
AnswerB

Vertex AI Training provides a fully managed environment for custom training with hardware accelerators.

Why this answer

AI Platform Training (now Vertex AI Training) is a managed service that allows you to run custom TensorFlow/PyTorch training jobs on pre-configured VM instances with GPUs/TPUs, without managing the cluster.

2
Multi-Selectmedium

An e-commerce platform uses Compute Engine to serve its website. During a flash sale, traffic spikes and some instances become unhealthy. The team wants to automatically replace unhealthy instances and maintain a minimum number of running instances. Which TWO features should they configure? (Choose 2)

Select 2 answers
A.Regional load balancer
B.Managed instance group (MIG)
C.Autohealing (health checks)
D.Cloud CDN
E.Cloud NAT
AnswersB, C

MIG allows you to set autoscaling and autohealing policies.

Why this answer

Managed instance groups (MIGs) provide autoscaling and autohealing. Autoscaling adjusts the number of instances based on load, and autohealing replaces unhealthy instances automatically.

3
MCQmedium

A startup uses Google Workspace for email and collaboration. They want to add a custom domain to their Gmail accounts. Which service model does Google Workspace represent?

A.PaaS
B.FaaS
C.IaaS
D.SaaS
AnswerD

Google Workspace is a SaaS product.

Why this answer

Google Workspace is a SaaS offering where Google manages all infrastructure, including the application, runtime, OS, and hardware.

4
MCQeasy

A developer wants a fully managed environment to deploy containerized applications without managing the underlying infrastructure. They need auto-scaling, load balancing, and a serverless experience. Which Google Cloud service should they choose?

A.Google Kubernetes Engine
B.Compute Engine
C.App Engine Standard
D.Cloud Run
AnswerD

Cloud Run is serverless, auto-scales, and requires no infrastructure management.

Why this answer

Cloud Run is a fully managed, serverless container platform that auto-scales, handles load balancing, and charges only for resources used. It abstracts all infrastructure management.

5
MCQmedium

A multinational corporation needs to deploy a global web application that serves users from multiple continents. They want to minimize latency for end users by serving content from the nearest location. Which combination of Google Cloud services should they use?

A.Compute Engine with regional load balancers
B.Cloud Run with Cloud NAT
C.Cloud Load Balancing (global) with Cloud CDN
D.Cloud DNS with Traffic Director
AnswerC

Global load balancer routes traffic to the nearest region, and Cloud CDN caches content at edge locations for low-latency delivery.

Why this answer

Cloud CDN uses Google's globally distributed edge caches to deliver content close to users, reducing latency. A load balancer with global routing distributes traffic across regional backends and directs users to the nearest healthy backend.

6
MCQmedium

A company needs to run a legacy application that requires full control over the operating system, including custom kernel modules. They want to minimize management overhead for the underlying hardware. Which cloud service model should they use?

A.PaaS
B.FaaS
C.SaaS
D.IaaS
AnswerD

IaaS gives the customer control over the OS and kernel while Google manages hardware.

Why this answer

IaaS provides virtualized computing resources where the customer manages the OS and above, while the cloud provider manages the hardware and hypervisor.

7
Multi-Selecthard

An organization needs to allow a third-party auditor to review their Google Cloud resource configurations for compliance (read-only access). The auditor should not be able to modify resources or view data. Which THREE IAM roles or techniques should they use?

Select 3 answers
A.Grant the Organization Policy Administrator role
B.Grant the Viewer role at the project level
C.Grant the Cloud Debugger role
D.Grant the Security Reviewer role
E.Enable Access Transparency logs for the project
AnswersB, D, E

Viewer provides read-only access to resources and configurations.

Why this answer

Viewer gives read-only access to all resources (except data). Organization Policy Administrator is for setting policies, not reading configurations. Security Reviewer specifically allows reading security settings.

Access Transparency logs help auditors see Google's access. Cloud Debugger is for debugging code, not compliance.

8
Multi-Selecteasy

Which TWO of the following are NIST-defined characteristics of cloud computing?

Select 2 answers
A.High availability
B.Resource pooling
C.Pay-as-you-go pricing
D.Virtualization
E.Measured service
AnswersB, E

Resource pooling is a NIST characteristic: the provider's computing resources are pooled to serve multiple consumers.

Why this answer

The NIST definition includes: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Virtualization is an enabling technology but not a characteristic. High availability is a benefit but not a NIST characteristic.

9
Multi-Selectmedium

A company is migrating a legacy monolithic application to Google Cloud. The application has variable traffic and requires a relational database. They want to minimize operational overhead. Which TWO Google Cloud services should they choose? (Choose TWO.)

Select 2 answers
A.Cloud Run
B.Cloud SQL
C.Compute Engine
D.Google Kubernetes Engine
E.BigQuery
AnswersA, B

Cloud Run is serverless and manages scaling automatically.

Why this answer

Cloud Run is a serverless container platform that minimizes operational overhead by automatically scaling. Cloud SQL is a fully managed relational database service, reducing database management tasks.

10
MCQhard

An engineer needs to create a custom machine type on Compute Engine for a workload that requires exactly 6 vCPUs and 20 GB of memory. The engineer uses the gcloud command-line tool. Which command correctly creates the instance?

A.gcloud compute instances create my-instance --custom-cpu 6 --custom-memory 20
B.gcloud compute instances create my-instance --custom-cpu=6 --custom-memory=20GB
C.gcloud compute instances create my-instance --cpu=6 --memory=20GB
D.gcloud compute instances create my-instance --machine-type custom-6-20480
AnswerB

Correct syntax: custom-cpu and custom-memory with equals and GB suffix.

Why this answer

Custom machine types are specified using the --custom-cpu and --custom-memory flags. The correct syntax is --custom-cpu=6 --custom-memory=20GB. The other options use incorrect flags or formats.

11
Multi-Selecthard

A company runs a critical application on Compute Engine that must always be available, even if an entire zone fails. The application stores state in a Cloud Spanner instance. The operations team wants to test disaster recovery procedures without affecting production. Which TWO actions should they take? (Select two.)

Select 2 answers
A.Use the same Spanner instance but with a different database
B.Perform a manual failover of the production Spanner instance to another region
C.Modify IAM roles to grant testers read-only access to production
D.Create a Cloud Spanner clone from the production instance for testing
E.Restore a backup to a new Cloud Spanner instance
AnswersD, E

Cloning creates an independent copy for testing without affecting production.

Why this answer

To test DR without impacting production, you can create a clone of the production Spanner instance (which creates a point-in-time copy) and perform testing on the clone. Alternatively, you can set up a separate test environment with its own Spanner instance. Restoring a backup to a new instance is also valid.

However, the question asks for TWO actions. Modifying production IAM roles could affect access; failing over a regional Spanner instance would cause downtime.

12
Multi-Selecthard

An organization is migrating a sensitive application to Google Cloud and must comply with SOC 2 requirements. Which THREE actions should they take to meet their security responsibilities under the shared responsibility model? (Choose 3.)

Select 3 answers
A.Ensure that Google's data centers are guarded 24/7
B.Apply security patches to the guest OS and applications
C.Configure IAM roles and policies to enforce least privilege
D.Encrypt data at rest and in transit using customer-managed encryption keys
E.Implement network segmentation using VPC firewalls
AnswersB, C, D

Patching OS and apps is customer responsibility.

Why this answer

Under the shared responsibility model, the customer is responsible for IAM, encryption of data, and patching their OS and applications. Google manages the physical infrastructure.

13
MCQmedium

A data engineer needs to run a one-time complex data transformation job on a large dataset (10 TB) stored in Cloud Storage. The job will take approximately 8 hours and is not fault-tolerant. The engineer wants the cheapest possible compute option that can reliably complete the job. What should they use?

A.Preemptible VMs
B.Committed use discount VMs for 1 year
C.Dataflow with preemptible workers
D.Standard VMs (on-demand) and delete them after the job
AnswerD

Standard VMs guarantee completion and can be deleted to avoid ongoing costs.

Why this answer

Preemptible VMs can be terminated at any time, so they are not reliable for a non-fault-tolerant job. Standard VMs are reliable and can be stopped after the job to save costs. Committed use discounts require long-term commitment.

Dataflow is a fully managed service but may have a minimum cost; however, the question asks for the cheapest compute option, and standard VMs (with proper sizing) can be cheaper than Dataflow for a one-time job.

14
Multi-Selecthard

An architect is designing a globally distributed application that requires strong consistency and low-latency reads/writes across multiple continents. Which TWO Google Cloud database services can meet these requirements? (Choose TWO.)

Select 2 answers
A.Memorystore
B.Cloud Bigtable
C.Cloud SQL
D.Firestore
E.Cloud Spanner
AnswersD, E

Firestore (Native mode) offers strong consistency and global distribution.

Why this answer

Cloud Spanner provides strong consistency and global distribution with low-latency access. Firestore in Native mode also offers strong consistency and global distribution for NoSQL workloads.

15
MCQmedium

A global e-commerce company wants to serve its website from Google Cloud with low latency to users worldwide. The website consists of static content (images, CSS) and dynamic content served by a backend application. Which combination of services should they use?

A.Cloud Storage with Cloud CDN for static content, and Compute Engine instances behind Cloud Load Balancing for dynamic content
B.Compute Engine with Cloud Armor
C.Cloud Functions for all content
D.Cloud Storage only
AnswerA

This combination provides global low-latency for static content and scalable dynamic content serving.

Why this answer

Cloud CDN caches static content at edge locations (PoPs) for low-latency delivery. Cloud Load Balancing distributes traffic across backend instances in multiple regions, and the backend can be deployed on Compute Engine or GKE. Cloud Storage alone cannot serve dynamic content; Cloud Functions is serverless but not ideal for full web serving; Cloud Armor is a security service.

16
MCQmedium

A company wants to run a batch job that processes data every night. They need to provision a VM for this task but want to minimize costs. The job can tolerate interruptions and can be resumed. Which Compute Engine VM option should they use?

A.VM with committed use discount
B.Preemptible VM
C.Sole-tenant node
D.Standard VM
AnswerB

Preemptible VMs are cheaper and suitable for fault-tolerant batch jobs.

Why this answer

Preemptible VMs are short-lived, cost-effective instances that can be terminated at any time but are ideal for batch jobs that can handle interruptions.

17
MCQmedium

A company needs to store petabytes of time-series IoT sensor data and query it with single-digit millisecond latency at millions of reads per second. The data has a simple key-value structure with timestamps. Which Google Cloud database is MOST appropriate?

A.Cloud Spanner
B.BigQuery
C.Firestore
D.Cloud Bigtable
AnswerD

Bigtable is the correct choice: wide-column NoSQL, designed for time-series and IoT workloads, single-digit ms latency, and scales to millions of QPS with additional nodes.

Why this answer

Cloud Bigtable is designed for exactly this use case — petabyte-scale, low-latency (single-digit ms), high-throughput NoSQL storage for time-series, IoT, and financial data. It scales horizontally by adding nodes. BigQuery is optimised for analytics (seconds-to-minutes latency), Cloud SQL is for OLTP (limited to tens of thousands of QPS), and Firestore is for document data with hierarchical structure.

18
MCQeasy

Which of the following is a key characteristic of cloud computing as defined by NIST that allows users to automatically provision computing resources without requiring human interaction with each service provider?

A.Measured service
B.Resource pooling
C.On-demand self-service
D.Broad network access
AnswerC

On-demand self-service allows consumers to provision resources automatically without human interaction.

Why this answer

On-demand self-service enables users to provision resources automatically as needed, without requiring human interaction with the provider.

19
MCQhard

A company uses Cloud Storage buckets to store sensitive customer data. They must ensure that all objects are encrypted at rest using a customer-managed encryption key (CMEK) stored in Cloud KMS. They also need to prevent any object from being uploaded without encryption. How can they enforce this at the bucket level?

A.Enable object versioning and set a lifecycle rule to delete objects without CMEK
B.Configure a bucket policy that denies uploads unless the x-goog-encryption-kms-key-name header is present with a specific CMEK key
C.Use a Cloud Function to scan each object after upload and delete those not encrypted with CMEK
D.Set the bucket's default encryption to use a CMEK key, and enable the 'Requester Pays' setting
AnswerB

This bucket policy condition enforces that only objects encrypted with the specified CMEK key can be uploaded.

Why this answer

Setting a bucket policy that requires CMEK encryption (via defaultKmsKeyName) and using organization policy constraints (like constraints/storage.requireCustomerManagedEncryption) can enforce encryption. The other options either don't enforce CMEK specifically or are not bucket-level settings.

20
MCQeasy

An organization needs to store confidential healthcare data in Google Cloud. Which compliance certification ensures that Google Cloud infrastructure meets the required security controls for protected health information (PHI)?

A.ISO 27001
B.SOC 2
C.HIPAA
D.PCI DSS
AnswerC

HIPAA is the US regulation for protected health information.

Why this answer

HIPAA (Health Insurance Portability and Accountability Act) sets standards for protecting PHI. Customers must sign a Business Associate Agreement (BAA) with Google to use GCP for HIPAA-covered data. The other certifications address different data types.

21
MCQmedium

A development team is building a microservices-based application and wants to use a service mesh to secure and observe inter-service communication. They are using Google Kubernetes Engine (GKE). Which Google Cloud service should they integrate with GKE to provide service mesh capabilities?

A.Apigee
B.Cloud Traffic Director
C.Cloud Service Mesh (Anthos Service Mesh)
D.Cloud Endpoints
AnswerC

ASM is the recommended service mesh for GKE, offering Istio-based features with Google-managed control plane.

Why this answer

Anthos Service Mesh (ASM) is a fully managed service mesh that provides traffic management, security (mTLS), and observability for microservices running on GKE and other environments.

22
MCQmedium

A global e-commerce platform runs on Compute Engine instances in multiple regions. Users report high latency when accessing the website from South America. The company wants to improve performance by delivering static content (images, CSS, JS) from the nearest edge location. Which Google Cloud service should they implement?

A.Cloud CDN
B.Cloud DNS
C.Cloud Load Balancing
D.Cloud Armor
AnswerA

Cloud CDN caches content at edge locations for low-latency delivery.

Why this answer

Cloud CDN uses Google's global edge network (Points of Presence) to cache static content closer to users, reducing latency. Cloud Load Balancing distributes traffic but doesn't cache content. Cloud Armor provides security.

Cloud DNS resolves domain names.

23
MCQmedium

A company is migrating an on-premises Oracle database to Google Cloud. They want to minimize changes to the application code and need a fully managed, scalable relational database with built-in high availability. Which service is most appropriate?

A.BigQuery
B.Cloud SQL
C.Cloud Spanner
D.Bare Metal Solution
AnswerD

Bare Metal Solution provides dedicated physical servers for Oracle workloads, allowing minimal code changes and full control.

Why this answer

Cloud SQL for SQL Server or PostgreSQL would not support Oracle. Bare Metal Solution runs Oracle on dedicated hardware, but it is not fully managed. Cloud Spanner is globally distributed but not compatible with Oracle SQL.

The best option is to use Cloud SQL with a compatible database engine, but since Oracle is specific, Bare Metal Solution is the choice for minimal code changes. However, the question expects the most appropriate managed service for a relational database with high availability. Assuming they can migrate to PostgreSQL, Cloud SQL is fully managed and offers high availability.

But the stem says 'Oracle database'. The intended answer is Cloud SQL if compatible, but since Oracle is not supported by Cloud SQL, the correct answer should be 'Cloud SQL for PostgreSQL'? I need to adjust options. Let me redo this question properly.

24
MCQhard

A developer runs a batch job that processes data once a day. The job runs on a Compute Engine VM and takes 2 hours. To optimize costs, the developer wants to use a preemptible VM. However, the job is not checkpointing and can be restarted from scratch if interrupted. Which action should the developer take to reduce costs while ensuring the job completes?

A.Use a preemptible VM and accept the risk of failure.
B.Use a standard VM with a 1-year committed use discount.
C.Use a preemptible VM and set a maximum runtime of 2 hours.
D.Use a standard VM with a sustained use discount.
AnswerB

This reduces costs reliably and ensures the job completes.

Why this answer

Preemptible VMs can be terminated at any time. Without checkpointing, the job may not complete if interrupted. The best approach is to use a standard VM with a committed use discount for 1 year to reduce costs reliably.

25
MCQeasy

Which statement best describes the shared responsibility model in Google Cloud?

A.Google is responsible for security of the infrastructure; customers are responsible for their data and configurations.
B.Google is responsible for all security aspects, including customer data.
C.Customers are responsible for physical security of data centers.
D.Security is entirely the customer's responsibility in IaaS.
AnswerA

This correctly describes the shared responsibility model.

Why this answer

Google is responsible for the security of the cloud infrastructure, while customers are responsible for security within the cloud, including data, access, and configurations.

26
MCQhard

An engineer is deploying a global application that requires low latency for users in North America, Europe, and Asia. They plan to use Compute Engine instances in multiple regions. Which Google Cloud resource is essential to distribute traffic and provide a single anycast IP address?

A.Global external HTTP(S) load balancer
B.Cloud CDN
C.Traffic Director
D.Cloud NAT
AnswerA

This load balancer provides a single anycast IP and routes traffic to the closest region.

Why this answer

Global external HTTP(S) load balancer provides a single anycast IP and distributes traffic across regions, enabling low-latency access worldwide.

27
MCQmedium

A company wants to ensure its application remains available even if an entire data center fails. They plan to deploy the application across multiple zones within a single region. Which Google Cloud feature enables this?

A.Multi-region deployment
B.Zone-level deployment
C.Cloud CDN
D.Global load balancing
AnswerB

Deploying across multiple zones protects against data center failure within a region.

Why this answer

Deploying across multiple zones within a region provides high availability, as zones are isolated from each other. If one zone fails, the application continues in other zones.

28
Multi-Selecteasy

A retail company wants to reduce latency for customers in Europe and Asia by hosting their application closer to users. They also need high availability in case of a regional outage. Which TWO actions should they take?

Select 2 answers
A.Deploy the application in multiple regions
B.Use a single region with multiple zones
C.Enable Cloud CDN on the application
D.Configure a global load balancer
E.Increase machine size in a single zone
AnswersA, D

Multiple regions reduce latency and provide regional failover.

Why this answer

Deploying in multiple regions reduces latency for users in different geographies and provides disaster recovery. Replicating data across zones within a single region does not protect against regional failures.

29
MCQmedium

A startup wants to deploy a containerized web application without managing servers or clusters. They need automatic scaling, a managed runtime, and pay only for resources used. Which Google Cloud service should they choose?

A.Cloud Run
B.Google Kubernetes Engine (GKE)
C.Compute Engine
D.App Engine
AnswerA

Cloud Run runs containers in a fully managed environment, scales automatically, and charges per use.

Why this answer

Cloud Run is a fully managed serverless platform for containers that automatically scales and charges only for resources used. It fits the requirements perfectly.

30
MCQhard

A DevOps engineer notices that a Cloud Function is timing out after 9 minutes. The function performs a long-running data transformation. They need to increase the timeout. What is the maximum timeout they can set for a Cloud Function (1st gen)?

A.15 minutes
B.9 minutes
C.30 minutes
D.60 minutes
AnswerB

9 minutes (540 seconds) is the maximum timeout for 1st gen Cloud Functions.

Why this answer

Cloud Functions (1st gen) have a maximum timeout of 9 minutes (540 seconds). For longer timeouts, they would need to use Cloud Functions (2nd gen) which supports up to 60 minutes, or use Cloud Run.

31
MCQmedium

An e-commerce company is experiencing traffic spikes during flash sales. They need their application to automatically scale up and down based on CPU utilization, without manual intervention. Their application runs on a managed platform. Which feature should they enable?

A.Schedule regular snapshots
B.Set up VPC peering
C.Configure a load balancer
D.Enable autoscaling
AnswerD

Autoscaling automatically adjusts the number of instances based on load, ensuring performance during spikes.

Why this answer

Autoscaling is the correct feature to automatically adjust the number of instances based on metrics like CPU utilization. Load balancing distributes traffic, snapshots are for backups, and VPC peering connects networks.

32
MCQeasy

What is a key benefit of using a Platform as a Service (PaaS) offering like App Engine compared to Infrastructure as a Service (IaaS) like Compute Engine?

A.Lower cost for always-on workloads
B.No need to manage the underlying OS or runtime environment
C.Full control over the operating system and hardware
D.Ability to install custom software on the server
AnswerB

PaaS provides a managed runtime; the customer only deploys code.

Why this answer

PaaS abstracts away the underlying OS and runtime, so developers only manage their code. IaaS requires managing OS, patches, and middleware. PaaS also typically includes built-in scaling and load balancing.

33
MCQmedium

A data analytics team processes large datasets using Apache Spark. They want a fully managed service that allows them to run Spark jobs without provisioning clusters. Which Google Cloud service should they use?

A.BigQuery
B.Dataflow
C.Dataproc
D.Cloud Dataprep
AnswerC

Dataproc (especially Dataproc Serverless) allows running Spark jobs without managing clusters.

Why this answer

Dataproc is a managed Spark and Hadoop service. With Dataproc, you can create clusters quickly, but the fully managed serverless option is Dataproc Serverless, which runs Spark jobs without cluster management.

34
MCQhard

A company has deployed a web application on Compute Engine instances behind a regional Internal HTTPS Load Balancer. The application servers need to perform TLS termination and serve traffic only from within the VPC. The security team insists that no traffic should traverse the public internet. Which type of load balancer should be used to meet these requirements?

A.Internal HTTPS Load Balancer
B.External SSL Proxy Load Balancer
C.External HTTPS Load Balancer
D.Internal TCP/UDP Load Balancer
AnswerA

Internal HTTPS Load Balancer is regional, internal-only, and supports TLS termination.

Why this answer

An internal HTTPS Load Balancer is regional and only accessible from within the VPC, providing internal TLS termination without internet exposure. The external HTTPS Load Balancer is internet-facing. The internal TCP/UDP Load Balancer does not support HTTPS termination.

The external SSL Proxy Load Balancer is for non-HTTPS traffic and is internet-facing.

35
Multi-Selectmedium

A company is designing a disaster recovery strategy for a critical application. They need to ensure that if an entire Google Cloud region becomes unavailable, the application can still serve traffic from another region with minimal data loss. Which TWO strategies should they implement? (Choose 2.)

Select 2 answers
A.Deploy the application in multiple regions
B.Use synchronous replication for the database
C.Deploy the application in multiple zones within a single region
D.Use asynchronous replication for the database
E.Use a single load balancer
AnswersA, B

Multi-region deployment ensures availability if one region fails.

Why this answer

Multi-region deployment across at least two regions provides region-level failure protection. To minimize data loss, synchronous replication (e.g., using Cloud Spanner or multi-region Cloud Storage) ensures data consistency across regions.

36
MCQeasy

Which of the following is a characteristic of the cloud according to the NIST definition?

A.Measured service
B.Manual scaling
C.Limited network access
D.Single tenancy
AnswerA

Measured service is a key characteristic where usage is monitored and billed.

Why this answer

Measured service is one of the five essential characteristics of cloud computing as defined by NIST.

37
MCQeasy

According to the shared responsibility model, which of the following is the customer responsible for?

A.Physical security of data centers
B.Network infrastructure security
C.Data encryption and access control (IAM)
D.Hypervisor security
AnswerC

Customers manage encryption of their data and IAM policies.

Why this answer

Customers are responsible for securing their data, applications, and identity (IAM). Google is responsible for physical infrastructure, networks, and hypervisor security.

38
MCQmedium

A company is migrating its on-premises data warehouse to Google Cloud. The data warehouse contains structured relational data (sales transactions, customer records) and is queried using standard SQL. The company wants to separate compute and storage costs and automatically scale compute resources up and down based on query load. Which Google Cloud service is most appropriate?

A.Cloud SQL
B.BigQuery
C.Dataproc
D.Cloud Spanner
AnswerB

BigQuery is a serverless data warehouse with automatic scaling and pay-per-query pricing.

Why this answer

BigQuery is a serverless data warehouse that separates compute and storage, scales automatically, and supports standard SQL. Cloud SQL is for OLTP, not data warehousing. Spanner is globally distributed OLTP.

Dataproc is for Hadoop/Spark workloads, not directly for SQL warehousing.

39
MCQmedium

A company wants to use Google Cloud for a workload that requires compliance with PCI DSS. Which of the following is a Google responsibility under the shared model?

A.Configuring firewall rules to protect cardholder data
B.Managing access keys for cardholder data
C.Encrypting cardholder data at rest
D.Patching the hypervisor
AnswerD

Google patches the hypervisor as part of infrastructure security.

Why this answer

Google is responsible for maintaining the security of the infrastructure, including the hypervisor, network, and physical security, which are part of PCI DSS compliance scope for the cloud provider.

40
MCQhard

A global gaming company needs to serve low-latency content to players worldwide. They want to cache static assets (images, videos) at edge locations closest to users. Which Google Cloud product should they use?

A.Cloud Storage
B.Cloud CDN
C.Compute Engine with global load balancer
D.Cloud Spanner
AnswerB

Cloud CDN caches content at edge locations for low-latency delivery.

Why this answer

Cloud CDN uses Google's global edge network Points of Presence (PoPs) to cache content, reducing latency for users worldwide.

41
Multi-Selectmedium

A data engineer needs to process a large dataset stored in Cloud Storage using Apache Spark. They want to minimize cluster management overhead. Which TWO Google Cloud services can be used together to achieve this? (Choose 2.)

Select 2 answers
A.Cloud SQL
B.BigQuery
C.Dataflow
D.Dataproc
E.Cloud Storage
AnswersD, E

Dataproc is the managed Spark service.

Why this answer

Dataproc is the managed Spark service. Cloud Storage can be used as a data source. Dataproc can read directly from Cloud Storage without needing HDFS.

42
Multi-Selectmedium

A company wants to deploy a multi-tier web application on Google Cloud that requires high availability across zones. The application consists of a stateless web frontend and a stateful database backend. Which TWO actions should the company take to meet the high availability requirement? (Select two.)

Select 2 answers
A.Place all resources in the same zone to simplify management
B.Use a regional managed instance group for the web frontend
C.Use a Cloud SQL for PostgreSQL instance with cross-zone replication
D.Configure the database as a single large instance with automatic backups
E.Deploy the web frontend in a single zone to reduce network latency
AnswersB, C

Regional MIG distributes instances across multiple zones.

Why this answer

To achieve high availability across zones, the frontend should be deployed in multiple zones behind a load balancer, and the database should be configured with replication across zones. Using a single large instance for the database creates a single point of failure. Regional managed instance groups distribute instances across zones.

43
MCQeasy

An organization wants to reduce latency for users in Europe. They plan to deploy their application in a Google Cloud region located in Europe. Which region should they choose?

A.us-central1
B.asia-east1
C.australia-southeast1
D.europe-west1
AnswerD

europe-west1 is in Europe, reducing latency for European users.

Why this answer

europe-west1 is located in Belgium, Europe, providing low latency for European users.

44
MCQmedium

A security administrator needs to grant a developer the minimum permissions to create and delete Cloud Storage buckets in a specific project, but NOT allow them to modify the contents of those buckets (e.g., upload or delete objects). Which IAM role should they assign?

A.Storage Admin (roles/storage.admin)
B.Storage Object Admin (roles/storage.objectAdmin)
C.Custom role with storage.buckets.* permissions
D.Project Editor (roles/editor)
AnswerC

A custom role with permissions like storage.buckets.create, storage.buckets.delete, and storage.buckets.get allows bucket management without object access.

Why this answer

Storage Admin (roles/storage.admin) grants full control over buckets and objects, which is too permissive. The correct approach is to create a custom role with only storage.buckets.* permissions, or use predefined roles like Storage Object Admin? Actually, Storage Object Admin allows object management. The question requires bucket management only.

A custom role with storage.buckets.create and storage.buckets.delete (and maybe storage.buckets.get) is necessary; predefined roles do not separate bucket and object permissions perfectly. But among standard roles, 'Storage Admin' is too broad; there is no predefined role that only allows bucket management without object access. So the answer must be a custom role.

45
MCQhard

A company is using Cloud SQL for MySQL and notices that read queries are becoming slow as the application scales. They want to offload read traffic from the primary instance to improve performance. Which Cloud SQL feature should they enable?

A.Automatic failover replicas
B.Connection pooling
C.Point-in-time recovery
D.Read replicas
AnswerD

Read replicas allow distributing read queries to replicas, improving scalability.

Why this answer

Cloud SQL read replicas are read-only copies of the primary instance that can serve read traffic, reducing load on the primary and improving query performance.

46
MCQeasy

A company wants to ensure that their customer data stored in BigQuery is encrypted at rest using customer-managed encryption keys (CMEK). Which Google Cloud service should they use to manage these keys?

A.Cloud HSM
B.Identity-Aware Proxy (IAP)
C.Cloud Key Management Service (Cloud KMS)
D.Secret Manager
AnswerC

Cloud KMS is the key management service for CMEK, allowing customers to control encryption keys.

Why this answer

Cloud Key Management Service (Cloud KMS) allows customers to create, manage, and use encryption keys, including CMEK for BigQuery and other GCP services.

47
Multi-Selectmedium

A company is migrating a legacy monolithic application to Google Cloud. They want to break it into microservices without managing underlying servers or container orchestration. Which TWO Google Cloud services allow them to deploy containerized applications serverlessly?

Select 2 answers
A.Cloud Run
B.Cloud Functions
C.Compute Engine
D.App Engine flexible environment
E.Google Kubernetes Engine (GKE)
AnswersA, D

Cloud Run runs stateless containers in a serverless environment.

Why this answer

Cloud Run and App Engine flexible environment are serverless compute platforms that support containerized applications. Compute Engine and GKE require server/container management. Cloud Functions is serverless but for event-driven functions, not containers.

48
MCQmedium

A developer needs to deploy a containerized microservice that scales to zero when not in use and automatically scales up on incoming traffic. The microservice uses a custom container image that listens on port 8080. Which Google Cloud compute service is BEST suited for this requirement?

A.Cloud Functions
B.Cloud Run
C.Google Kubernetes Engine (GKE) with Horizontal Pod Autoscaler
D.App Engine standard environment
AnswerB

Cloud Run fully managed runs containers, scales to zero, and scales up based on requests.

Why this answer

Cloud Run is a managed compute platform that runs stateless containers, automatically scales (including to zero), and charges only for resources used during request processing. It fits the requirement perfectly. GKE requires managing a cluster and doesn't scale to zero by default; App Engine standard environment has a sandbox that may not support custom containers; Cloud Functions is limited to specific runtimes.

49
MCQmedium

An organization wants to use Google Cloud to analyze large-scale genomic data. The data is stored in Cloud Storage in a compressed format. They need to run a custom Python pipeline that preprocesses the data and then uses a GPU-intensive algorithm for alignment. The preprocessing is CPU-bound and takes 30 minutes per sample, while the alignment takes 1 hour per sample on a GPU. They have thousands of samples. Which compute approach is MOST cost-effective?

A.Use committed use discounts for 1 year on GPU instances
B.Use regular VMs with both CPU and GPU on the same instance
C.Use preemptible VMs with CPU for preprocessing and preemptible VMs with GPU for alignment, with checkpointing
D.Use sole-tenant nodes for data isolation
AnswerC

Preemptible VMs offer large cost savings and the batch workload can handle interruptions.

Why this answer

Using preemptible VMs for both steps can significantly reduce costs, especially for large batches. However, GPU preemptible pricing is also lower. The workload is batch and fault-tolerant if checkpointing is implemented.

Committed use discounts require 1-year commitment; sole-tenant nodes are for isolation; independent scaling of CPU and GPU is not directly available without separate instance groups.

50
MCQmedium

A company is migrating a legacy monolithic application to Google Cloud. The application currently runs on a single physical server with a custom Linux distribution. The team wants to minimize changes to the application while gaining the benefits of cloud infrastructure. Which migration strategy should they use?

A.Rehost the application on Compute Engine using a custom image of the current OS
B.Rebuild the application from scratch on Cloud Run
C.Re-platform the application to a supported OS version
D.Refactor the application into microservices and deploy on GKE
AnswerA

Rehosting (lift and shift) moves the application with minimal changes.

Why this answer

Lift and shift (rehosting) moves the application as-is to the cloud, often by creating a custom image to run on Compute Engine. This minimizes changes. Refactoring (rearchitecting) involves code changes; re-platforming modifies the OS/platform; rebuilding is a full rewrite.

51
MCQmedium

A company has deployed a web application on Compute Engine in us-central1-a. Users in Europe report high latency. The company wants to reduce latency by serving traffic from a location closer to European users. However, they currently use a zonal managed instance group. What is the MOST cost-effective and operationally simple approach to reduce latency for European users?

A.Create a new zonal instance group in europe-west1-a and use a round-robin DNS
B.Keep the instance group in us-central1 but enable Cloud CDN
C.Change the managed instance group to regional, and use an HTTP(S) load balancer with the backend in europe-west1
D.Move the application to Cloud Run and deploy in europe-west1
AnswerC

Regional groups spread across zones in a European region; global load balancer routes users to the closest backend.

Why this answer

A regional managed instance group across multiple zones in a European region (e.g., europe-west1) with a global load balancer will route users to the nearest backend, reducing latency. Recreating in a different zone in the same region doesn't help. Moving to Cloud Run might help but requires containerising the app.

Using a single zone in Europe is not as resilient.

52
Multi-Selectmedium

A company is building a real-time chat application that requires low-latency messaging across multiple regions. The application needs to store user profiles and chat history. Which TWO Google Cloud services should the company consider for storing this data?

Select 2 answers
A.Cloud Memorystore
B.Cloud SQL
C.Cloud Datastore
D.Cloud Bigtable
E.Cloud Firestore
AnswersA, E

Memorystore (Redis) can be used for real-time pub/sub and caching to reduce latency.

Why this answer

Cloud Firestore offers real-time synchronization and is suitable for chat messages and user profiles. Cloud Memorystore is a managed Redis/Memcached service that can be used for caching and real-time data. Cloud SQL is not designed for real-time multi-region sync.

Bigtable is not ideal for chat history with complex queries. Datastore is the older version of Firestore.

53
Multi-Selectmedium

A company is building a data lake on Google Cloud. They need to store both structured and unstructured data, and process it using batch and streaming jobs. Which TWO Google Cloud services should they use? (Choose 2)

Select 2 answers
A.Cloud Storage
B.Cloud SQL
C.Firestore
D.Cloud Pub/Sub
E.BigQuery
AnswersA, E

Cloud Storage is ideal for storing any type of data (structured/unstructured) as objects.

Why this answer

Cloud Storage is the primary storage for the data lake (unstructured data, raw files), and BigQuery serves as the query layer for structured analytics. Dataflow could be a processing engine, but the question asks for storage and processing? Actually, the stem says 'store both structured and unstructured data' and 'process it using batch and streaming jobs'. The best combination is Cloud Storage (for storage) and Dataflow (for processing).

But BigQuery also stores structured data. However, the question likely expects Cloud Storage for raw data and BigQuery for structured querying. But processing is also mentioned.

The correct pair is Cloud Storage and Dataflow/BigQuery? Let's see options.

54
MCQhard

A financial services firm must store customer transaction logs for 7 years to comply with regulatory requirements. The data must be immutable after writing, and access should be restricted to authorized auditors only. Which storage solution and configuration should they use?

A.Cloud Storage with object versioning enabled
B.Cloud Storage with object lifecycle management to delete objects after 7 years
C.Cloud Storage with object holds placed on each object
D.Cloud Storage with a retention policy set to 7 years
AnswerD

Retention policy (Bucket Lock) makes objects immutable for the specified duration, satisfying compliance.

Why this answer

Cloud Storage with a retention policy (e.g., using Bucket Lock) makes objects immutable for a fixed period. Lifecycle management deletes objects, object versioning maintains versions, and object holds prevent deletion but allow overwrites.

55
MCQeasy

Which Google Cloud tool allows customers to measure the gross carbon emissions associated with their Google Cloud usage?

A.Google Cloud's Sustainability API
B.Carbon Footprint dashboard in the Google Cloud Console
C.Cloud Monitoring
D.Cloud Audit Logs
AnswerB

Cloud Carbon Footprint reports carbon emissions of GCP usage.

Why this answer

The Cloud Carbon Footprint tool provides visibility into the gross carbon emissions associated with a customer's Google Cloud usage.

56
MCQmedium

A financial services company is required to keep all data within a specific geographic region for regulatory compliance. They plan to deploy a globally distributed application using Cloud Spanner. How should they configure Cloud Spanner to meet this compliance requirement?

A.Use a multi-region configuration with a write region in the required region
B.Use a multi-region configuration but restrict access to only one region
C.Use a single-region configuration in the required region
D.Use a dual-region configuration
AnswerC

Single-region configuration keeps all replicas within one region, satisfying data residency.

Why this answer

Cloud Spanner allows you to choose specific regions for your instance, and replicas are placed only within that region. Multi-region configurations span multiple geographic areas and would violate the data residency requirement. Therefore, a single-region configuration is required.

57
MCQeasy

A startup needs to migrate an on-premises web application to the cloud with minimal operational overhead. The application runs on a custom runtime that is difficult to containerize. The team wants to focus only on code, not infrastructure management. Which Google Cloud service is MOST appropriate?

A.Compute Engine
B.Google Kubernetes Engine (GKE)
C.App Engine
D.Cloud Run
AnswerC

App Engine is a PaaS that manages the runtime, letting developers focus solely on code.

Why this answer

App Engine is a PaaS offering that fully manages the runtime environment, allowing developers to deploy code without managing servers or containers. Cloud Run requires containerization, Compute Engine is IaaS (more overhead), and GKE requires managing Kubernetes clusters.

58
MCQhard

A company stores sensitive healthcare data in Google Cloud and must comply with HIPAA. They are using Cloud Storage and BigQuery. Which of the following is the customer responsible for under the shared responsibility model?

A.Physical security of data centers
B.Implementing IAM policies to restrict access to healthcare data
C.Hardware maintenance of storage servers
D.Network infrastructure security
AnswerB

Customer controls IAM policies for access management.

Why this answer

Under the shared responsibility model, the customer is responsible for access management (IAM), encryption of data at rest and in transit, and configuring firewall rules. Google is responsible for the physical security of data centers, hypervisor, and network infrastructure.

59
Multi-Selecthard

An organization needs to collect and analyze real-time clickstream data from millions of users. The data is ingested via HTTP POST requests. The solution must be serverless, scale automatically, and allow for real-time analytics with sub-second latency. Which THREE Google Cloud services should be combined to achieve this? (Select three.)

Select 3 answers
A.BigQuery
B.Cloud Storage
C.Cloud Load Balancing
D.Cloud Run
E.Cloud Pub/Sub
AnswersC, D, E

Distributes incoming HTTP requests.

Why this answer

Cloud Load Balancing distributes incoming HTTP requests across Cloud Run instances, which process the data and publish to Pub/Sub. Dataflow can read from Pub/Sub for real-time streaming analytics. Cloud Storage is not suitable for real-time analytics.

BigQuery is for near-real-time but not sub-second; Dataflow provides sub-second latency for streaming.

60
MCQmedium

A company wants to run a batch job that processes large files (up to 100 TB each) using a custom Linux executable. The job runs once a month and takes about 12 hours. They want to minimise cost. Which compute option should they choose?

A.Compute Engine with preemptible VMs
B.Compute Engine with standard VMs
C.Cloud Run
D.App Engine Flexible Environment
AnswerA

Preemptible VMs are cost-effective for fault-tolerant batch jobs that can handle interruptions.

Why this answer

Compute Engine Preemptible VMs offer deep discounts (up to 60-90% off) and are suitable for fault-tolerant batch jobs. Preemptible VMs can be terminated at any time, but since the job can be restarted, it's cost-effective. Persistent disks are required for data.

Cloud Run has a timeout limit of 60 minutes. GKE with Spot VMs is also an option but adds overhead. Standard Compute Engine is more expensive.

61
Multi-Selectmedium

A company is deploying a microservices architecture on Google Cloud and wants to ensure secure communication between services. Which THREE measures should they implement? (Choose THREE.)

Select 3 answers
A.Configure firewall rules to allow only necessary traffic
B.Enable VPC Flow Logs to capture network metadata
C.Assign public IP addresses to all services
D.Use a service mesh with mutual TLS (mTLS) between services
E.Use the same service account for all services
AnswersA, B, D

Firewall rules enforce network segmentation.

Why this answer

Using service mesh (e.g., Anthos Service Mesh) enables mTLS between services. Configuring firewall rules restricts network traffic. Enabling VPC Flow Logs helps monitor and audit traffic.

62
MCQmedium

An e-commerce company experiences unpredictable traffic spikes. They need to ensure their web application automatically scales out during high demand and scales in when demand drops, paying only for resources used. Which cloud benefit best describes this?

A.Economies of scale
B.Broad network access
C.Elasticity
D.Reliability
AnswerC

Elasticity is the ability to scale resources up/down automatically.

Why this answer

Elasticity allows resources to automatically scale up and down based on demand, optimizing cost and performance.

63
MCQmedium

An organization needs to comply with HIPAA for storing healthcare data in Google Cloud. Which of the following is a customer responsibility?

A.Implementing IAM policies to control access to PHI
B.Physical security of Google data centers
C.Patching the hypervisor
D.Obtaining SOC 2 certification for Google Cloud
AnswerA

IAM configuration is the customer's responsibility.

Why this answer

Under the shared responsibility model, the customer is responsible for configuring access controls (IAM) and encrypting PHI appropriately.

64
MCQhard

A multinational corporation must store and process data subject to GDPR. They need to ensure that personal data of EU residents remains within the EU. Which Google Cloud feature should they use?

A.Organization policies with location restrictions
B.Cloud Audit Logs
C.Cloud KMS
D.VPC Service Controls
AnswerA

Organization policies can restrict resource creation to specific regions (e.g., EU) to enforce data residency.

Why this answer

Data residency constraints in Google Cloud allow organizations to specify where data is stored by using organization policies and choosing specific regions. This ensures data does not leave the EU.

65
MCQhard

A financial services company must store and process sensitive customer data that is subject to GDPR and PCI DSS. They need to ensure that data is encrypted at rest and in transit, and that encryption keys are managed by a hardware security module (HSM) that is FIPS 140-2 Level 3 certified. Which Google Cloud service should they use for key management?

A.Cloud Hardware Security Module (Cloud HSM)
B.Cloud External Key Manager (Cloud EKM)
C.Secret Manager
D.Cloud Key Management Service (Cloud KMS)
AnswerA

Cloud HSM offers dedicated HSM, FIPS 140-2 Level 3, and customer-managed keys.

Why this answer

Cloud HSM provides dedicated HSM hardware, FIPS 140-2 Level 3 certification, and allows customers to manage their own keys. Cloud KMS is software-based and only offers Level 1 validation. Cloud EKM uses external key management but the question asks for a Google-managed HSM option.

Secret Manager is for storing secrets, not key management with HSM.

66
MCQhard

An organization is designing a multi-region deployment for disaster recovery. They require that the primary and secondary regions be at least 500 miles apart to comply with regulatory requirements. Which pair of Google Cloud regions would satisfy this requirement?

A.asia-east1 and asia-northeast1
B.europe-west1 and europe-west4
C.us-east1 and us-east4
D.us-west1 and us-central1
AnswerD

The distance between Oregon and Iowa exceeds 500 miles.

Why this answer

us-central1 (Iowa) and us-west1 (Oregon) are approximately 1,500 miles apart, meeting the distance requirement.

67
Multi-Selectmedium

A healthcare organization must store patient health records (PHI) in the cloud and comply with HIPAA. They need to ensure data is encrypted at rest by default, maintain access logs, and restrict access to authorized personnel. Which THREE Google Cloud features or services should they use?

Select 3 answers
A.Cloud Audit Logs
B.Identity and Access Management (IAM)
C.VPC Flow Logs
D.Cloud NAT
E.Cloud Key Management Service (Cloud KMS)
AnswersA, B, E

Audit logs track access to resources, required for HIPAA compliance.

Why this answer

HIPAA requires encryption at rest (Cloud KMS provides managed keys), audit logs (Cloud Audit Logs), and access control (IAM). Cloud NAT provides outbound internet access, VPC Flow Logs capture network metadata, not access logs.

68
MCQmedium

A financial institution is deploying a sensitive workload on Compute Engine and needs to meet PCI DSS compliance. The security team wants to ensure that the virtual machines run on dedicated, single-tenant hardware and that no other customer's VMs share the same host. Which Compute Engine feature should they enable?

A.Confidential VMs
B.Preemptible VMs
C.Sole-tenant nodes
D.Shielded VMs
AnswerC

Sole-tenant nodes guarantee dedicated hardware, meeting PCI DSS requirements for physical separation.

Why this answer

Sole-tenant nodes ensure that VMs from that project are the only ones running on the underlying hardware, providing physical isolation and meeting compliance requirements for dedicated infrastructure.

69
Multi-Selecthard

A company with a global user base wants to deploy a web application on Google Cloud that is highly available and resilient to zone failures. The application runs on Compute Engine and uses a stateful backend (e.g., a database). Which THREE design elements should they implement?

Select 3 answers
A.Use a managed database service with automatic failover across zones (e.g., Cloud SQL High Availability)
B.Use a single zone to keep data consistent
C.Use a global HTTP(S) load balancer with the backend configured as a regional (multi-zone) instance group
D.Use preemptible VMs to reduce costs
E.Deploy Compute Engine instances across multiple zones within a region
AnswersA, C, E

Managed HA database replicates data synchronously across zones for failover.

Why this answer

To survive zone failures, deploy across multiple zones, use a regional load balancer to distribute traffic, and use a managed database service like Cloud SQL with high availability (which replicates across zones). A single zone cannot survive failure. Cloud CDN is for static content, not for zone failure resilience.

Preemptible VMs are not suitable for stateful applications.

70
Multi-Selecthard

A company wants to minimize its carbon footprint in the cloud. They are evaluating Google Cloud sustainability features. Which THREE practices help reduce environmental impact?

Select 3 answers
A.Use committed use discounts to reserve resources
B.Shift non-urgent compute loads to times when low-carbon energy is available
C.Choose regions with lower carbon intensity
D.Provision VMs with GPUs for general workloads
E.Use the Cloud Carbon Footprint tool to track emissions
AnswersB, C, E

Carbon-intelligent load shifting moves tasks to times with cleaner energy.

Why this answer

Using regional carbon-intelligent load shifting, Cloud Carbon Footprint for reporting, and choosing low-carbon regions align with Google's sustainability goals. VMs with GPUs increase energy use, and committed use discounts encourage resource usage but do not directly reduce carbon.

71
MCQeasy

A startup wants to run a containerized web application on Google Cloud without managing the underlying servers or Kubernetes clusters. They expect traffic to vary significantly, and they want to only pay for the resources consumed during request processing. Which Google Cloud compute option should they choose?

A.Compute Engine
B.Google Kubernetes Engine (GKE)
C.App Engine Standard
D.Cloud Run
AnswerD

Cloud Run is serverless, scales to zero, and charges only for request processing time.

Why this answer

Cloud Run is a fully managed serverless platform that runs containers in response to events or HTTP requests, scales to zero, and charges only for resources used during request processing. It abstracts away all infrastructure management.

72
Multi-Selectmedium

A company is designing a disaster recovery (DR) strategy. Their primary site is in the us-central1 region. They need to minimize data loss (low RPO) and restore quickly (low RTO) for a critical database. Which TWO approaches should they consider?

Select 2 answers
A.Use multi-homing to route traffic to multiple regions
B.Take periodic snapshots and restore in another region
C.Use active-active setup across two regions with synchronous replication
D.Set up a warm standby replica in a secondary region
E.Configure a global load balancer with failover
AnswersC, D

Synchronous replication provides low RPO, and active-active allows failover with minimal downtime.

Why this answer

A warm standby replica in another region provides low RPO (data loss) and low RTO (restore time) because the database is continuously replicated and can be promoted quickly. Scheduled backups have higher RPO (data loss between backups) and RTO (time to restore). Multi-homing DNS and static IP association do not address database DR.

73
MCQmedium

An organization wants to enforce that all Compute Engine VMs in a project are created with a specific set of tags (e.g., 'env=prod') and with a specific service account. Which Google Cloud policy tool should they use?

A.Organization policies (constraints)
B.Cloud Audit Logs
C.Cloud Asset Inventory
D.Cloud IAM conditions
AnswerA

Organization policies allow you to set constraints on resource creation, such as required labels or service accounts.

Why this answer

Organization policies (using constraints) can enforce rules on resource creation, such as requiring certain labels or service accounts. For example, a constraint can require that all VMs have a specific label or use a specific service account.

74
Multi-Selecthard

A company wants to comply with GDPR and needs to ensure that personal data stored in Cloud Storage is encrypted at rest using customer-managed keys (CMEK). They also want to control access at the bucket level using IAM conditions. Which THREE steps should they take? (Choose 3)

Select 3 answers
A.Create a key ring and encryption key in Cloud KMS
B.Create the bucket with the default encryption type set to 'Customer-managed key' and specify the key
C.Use gsutil iam to set bucket-level IAM conditions
D.Enable Data Loss Prevention (DLP) API
E.Grant the Cloud Storage service account the Cloud KMS CryptoKey Encrypter/Decrypter role
AnswersA, B, E

CMEK requires a customer-managed key in Cloud KMS.

Why this answer

To use CMEK, you need to create a key ring and key in Cloud KMS, then configure the bucket to use that key. IAM conditions can be used to restrict access based on attributes. Also, you need to grant the Cloud Storage service account the Encrypter/Decrypter role.

75
MCQeasy

Which characteristic of cloud computing allows a user to provision virtual machines without needing to interact with Google Cloud support or create a ticket?

A.Broad network access
B.Measured service
C.Resource pooling
D.On-demand self-service
AnswerD

On-demand self-service allows users to provision resources automatically without human interaction.

Why this answer

On-demand self-service means users can provision resources automatically without human interaction. The other options are also NIST characteristics but do not specifically address provisioning without manual intervention.

Page 1 of 2 · 84 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Fundamental Cloud Concepts questions.

CCNA Fundamental Cloud Concepts Questions — Page 1 of 2 | Courseiva