CCNA Fundamental cloud concepts Questions

23 of 98 questions · Page 2/2 · Fundamental cloud concepts · Answers revealed

76
MCQeasy

A team uses Google Workspace (Gmail, Docs, Sheets) for their daily work. They do not manage any servers or software installation — Google maintains everything. Which cloud service model does Google Workspace represent?

A.Infrastructure as a Service (IaaS)
B.Platform as a Service (PaaS)
C.Software as a Service (SaaS)
D.Database as a Service (DBaaS)
AnswerC

Google Workspace delivers fully managed productivity applications over the internet. No infrastructure, OS, or application management by the user — just data and user configuration.

Why this answer

Google Workspace is a classic example of Software as a Service (SaaS) because users access applications like Gmail, Docs, and Sheets via a web browser without managing the underlying infrastructure, operating systems, or software installations. Google handles all maintenance, security patching, and uptime, which aligns with the SaaS model where the provider delivers fully functional software over the internet. Unlike IaaS or PaaS, the end-user does not control the runtime environment or deploy custom code on the platform.

Exam trap

Cisco often tests the misconception that any cloud service involving 'platform' or 'infrastructure' terms must be PaaS or IaaS, but the trap here is that Google Workspace is a fully managed application suite, not a platform for building or hosting custom code, so candidates mistakenly select PaaS when they see 'Google' and think of App Engine.

How to eliminate wrong answers

Option A is wrong because Infrastructure as a Service (IaaS) provides virtualized computing resources like virtual machines, storage, and networks, where the user manages the OS and applications — Google Workspace users do not provision or manage any virtual servers. Option B is wrong because Platform as a Service (PaaS) offers a runtime environment for developers to deploy custom applications without managing the underlying infrastructure, but Google Workspace delivers ready-to-use applications, not a development platform. Option D is wrong because Database as a Service (DBaaS) specifically provides managed database instances (e.g., Cloud SQL, Amazon RDS), whereas Google Workspace is a suite of end-user productivity applications, not a database service.

77
MCQmedium

A CTO explains to her board that moving to cloud reduces the company's 'total cost of ownership' compared to running an on-premises data center. Which cost category is most commonly underestimated in on-premises TCO calculations?

A.Hardware acquisition costs, which are typically overestimated in on-premises environments
B.IT staff labor costs for ongoing maintenance, patching, hardware replacement, and operations, which are frequently underestimated in on-premises TCO
C.Software licensing costs, which are always higher on-premises than in the cloud
D.Internet bandwidth costs, which are negligible on-premises
AnswerB

Labor is the most underestimated cost in on-premises TCO. Hardware maintenance, OS patching, firmware updates, capacity planning, hardware failure response, data center cooling management — these represent substantial ongoing costs that are often not fully attributed to infrastructure when comparing against cloud.

Why this answer

Option B is correct because on-premises TCO calculations frequently underestimate the labor costs associated with ongoing IT staff tasks such as applying security patches, performing hardware replacements, managing firmware updates, and handling day-to-day operations. These operational expenses (OpEx) accumulate over the lifecycle of the data center and often exceed the initial capital expenditure (CapEx) for hardware, making them a critical but overlooked component in total cost of ownership comparisons with cloud providers like AWS, Azure, or GCP.

Exam trap

Cisco often tests the misconception that hardware acquisition costs are the primary driver of on-premises TCO, when in reality the underestimated labor for ongoing maintenance and operations is the most common blind spot in TCO comparisons.

How to eliminate wrong answers

Option A is wrong because hardware acquisition costs are typically a well-understood and accurately estimated capital expense in on-premises TCO, not overestimated; the common mistake is underestimating ongoing operational costs, not hardware. Option C is wrong because software licensing costs are not always higher on-premises; many enterprise licenses (e.g., Microsoft SQL Server, Oracle) can be more expensive in the cloud due to bring-your-own-license (BYOL) restrictions or per-core pricing models, and the statement is an absolute that ignores licensing portability and hybrid scenarios. Option D is wrong because internet bandwidth costs are not negligible on-premises; they can be significant for data center connectivity, especially for high-throughput or geographically distributed workloads, and cloud providers often charge egress fees that make bandwidth a non-trivial cost factor.

78
MCQeasy

What does 'durability' mean for cloud storage services, and how is it different from 'availability'?

A.Durability and availability are the same thing — both measure how often data can be accessed.
B.Durability measures the probability data won't be lost; availability measures the percentage of time data can be accessed — a service can be temporarily unavailable while data remains durable.
C.Durability refers to network speed; availability refers to storage capacity.
D.High availability automatically guarantees high durability, so both terms describe the same SLA.
AnswerB

Data can be physically safe (11-nine durability) but temporarily inaccessible during maintenance or outage (lower availability). These are orthogonal properties that storage services optimize for independently.

Why this answer

Durability measures the probability that stored data will not be lost or corrupted over time, typically expressed as a percentage (e.g., 99.999999999% for Amazon S3). Availability measures the percentage of time a service is operational and accessible, often defined in SLAs (e.g., 99.99% uptime). A service can be temporarily unavailable (e.g., due to maintenance) while the data remains intact and durable, so they are distinct concepts.

Exam trap

Cisco often tests the misconception that durability and availability are interchangeable or that one automatically implies the other, so candidates must remember that a service can be down (low availability) yet still preserve all data (high durability).

How to eliminate wrong answers

Option A is wrong because it incorrectly equates durability and availability, ignoring that durability focuses on data integrity against loss/corruption while availability focuses on uptime and accessibility. Option C is wrong because durability has nothing to do with network speed; it is about data persistence, and availability is about uptime, not storage capacity. Option D is wrong because high availability does not guarantee high durability; for example, a replicated system can be highly available but still lose data if replication is asynchronous or if a catastrophic failure occurs before replication completes.

79
MCQmedium

What is 'infrastructure as code' (IaC), and what problem does it solve compared to manually configuring cloud resources through a web console?

A.IaC is a programming language specifically for writing cloud applications.
B.IaC defines infrastructure in version-controlled code files, enabling reproducible, automated, and consistent environment provisioning versus error-prone manual console configuration.
C.IaC is a tool that automatically discovers and documents existing cloud infrastructure.
D.IaC requires writing custom Python scripts for every cloud resource type.
AnswerB

IaC makes infrastructure reproducible (apply the same code to get the same result), version-controlled (track changes like software), automated (CI/CD pipelines), and consistent (no manual variation).

Why this answer

Infrastructure as Code (IaC) is the practice of managing and provisioning cloud resources through machine-readable definition files (e.g., YAML, JSON, HCL) rather than through manual processes like clicking in a web console. The core problem it solves is eliminating the error-prone, inconsistent, and non-reproducible nature of manual configuration by enabling version-controlled, automated, and repeatable deployments. Tools like Terraform, AWS CloudFormation, and Azure Resource Manager (ARM) templates are common IaC implementations that enforce desired state configuration and drift detection.

Exam trap

Google Cloud often tests the misconception that IaC is a specific tool or scripting language, rather than a methodology for reproducible infrastructure management, leading candidates to confuse it with automation scripts or discovery tools.

How to eliminate wrong answers

Option A is wrong because IaC is not a programming language for writing cloud applications; it is a methodology for defining and managing infrastructure resources using declarative or imperative configuration files. Option C is wrong because IaC does not automatically discover and document existing infrastructure; that is the function of tools like AWS Config or Terraformer, which are used for reverse-engineering or inventory, not for defining infrastructure from scratch. Option D is wrong because IaC does not require custom Python scripts for every resource type; it typically uses domain-specific languages (e.g., HCL for Terraform, YAML for CloudFormation) or configuration files that abstract away the need for scripting each resource individually.

80
Multi-Selecthard

Which THREE of the following are common benefits of adopting a cloud infrastructure compared to on-premises? (Choose 3)

Select 3 answers
A.Ability to scale globally in minutes
B.Elimination of all security vulnerabilities
C.Pay-as-you-go pricing model
D.Complete transfer of security responsibility to the provider
E.Elimination of upfront capital expenses
AnswersA, C, E

Cloud providers have global infrastructure that can be provisioned quickly.

Why this answer

Option A is correct because cloud infrastructure enables rapid global scaling by provisioning resources across multiple geographic regions within minutes, leveraging automated orchestration and APIs. This is a fundamental advantage over on-premises setups, which require lengthy procurement, shipping, and manual configuration to expand capacity.

Exam trap

Google Cloud often tests the shared responsibility model by presenting options that imply a complete transfer of security liability, leading candidates to mistakenly select Option D, when in fact the customer retains critical security duties.

81
MCQmedium

What is the difference between RTO (Recovery Time Objective) and RPO (Recovery Point Objective) in disaster recovery planning?

A.RTO is the time to back up data; RPO is the time to restore it.
B.RTO is the maximum acceptable downtime duration; RPO is the maximum acceptable data loss measured in time.
C.RTO and RPO are both measured in bytes — the maximum data that can be lost during recovery.
D.RTO is the number of replicas required; RPO is the geographic distance between backup sites.
AnswerB

RTO: 'How long can we be down?' RPO: 'How much data can we afford to lose?' These two objectives drive backup frequency and recovery architecture design.

Why this answer

Option B is correct because RTO (Recovery Time Objective) defines the maximum acceptable duration of downtime after a disaster, while RPO (Recovery Point Objective) defines the maximum acceptable amount of data loss measured in time (e.g., the age of the last backup). These are key metrics in disaster recovery planning that directly influence the choice of backup frequency, replication strategy, and failover architecture in cloud environments like GCDL.

Exam trap

Google Cloud often tests the distinction between time-based and data-based metrics, trapping candidates who confuse RTO with backup duration or RPO with recovery speed, especially when options mix units like bytes or geographic distance.

How to eliminate wrong answers

Option A is wrong because RTO is not the time to back up data; it is the target time to restore service after a disaster, and RPO is not the time to restore data but the maximum acceptable data loss window (e.g., how far back in time recovery can go). Option C is wrong because RTO and RPO are measured in time (seconds, minutes, hours), not in bytes; data loss in bytes is a separate metric (e.g., maximum tolerable data loss in volume). Option D is wrong because RTO is not the number of replicas required; replica count is a design decision influenced by RTO/RPO but not the definition, and RPO is not geographic distance; distance affects latency and replication lag but is not the objective itself.

82
MCQmedium

Refer to the exhibit. What level of access does this IAM policy grant to the members?

A.Permission to create new objects and read existing ones.
B.Full control over objects including create, read, update, and delete.
C.Full control over the bucket including listing and deleting.
D.Read-only access to objects in the bucket.
AnswerD

roles/storage.objectViewer grants read access to objects.

Why this answer

The IAM policy shown grants the `s3:GetObject` action, which provides read-only access to objects in the bucket. It does not include any write or delete permissions, so members can only read existing objects. This matches option D.

Exam trap

Google Cloud often tests the distinction between object-level and bucket-level permissions, tricking candidates into thinking `s3:GetObject` alone allows listing or full control.

How to eliminate wrong answers

Option A is wrong because it includes 'create new objects,' which requires `s3:PutObject` — not present in the policy. Option B is wrong because full control (create, read, update, delete) would require actions like `s3:PutObject`, `s3:DeleteObject`, and `s3:GetObject` — only `s3:GetObject` is granted. Option C is wrong because full bucket control, including listing and deleting, would need `s3:ListBucket` and `s3:DeleteBucket` — neither is in the policy.

83
MCQmedium

A Virtual Private Cloud (VPC) in Google Cloud provides network isolation. What does 'network isolation' mean in this context, and why is it important?

A.Network isolation means the VPC blocks all internet access — resources cannot communicate with external services.
B.VPC provides a logically isolated private network where resources are separated from other customers' networks by default, preventing unauthorized cross-customer traffic.
C.Network isolation means all traffic within the VPC is automatically encrypted.
D.A VPC requires dedicated physical hardware separate from other customers to ensure isolation.
AnswerB

VPCs create private network boundaries. Customer A's VMs and customer B's VMs cannot see each other's network traffic even though they share physical infrastructure — logical isolation is enforced at the network layer.

Why this answer

Option B is correct because a Google Cloud VPC provides a logically isolated private network within the shared Google Cloud infrastructure. This isolation ensures that resources in one customer's VPC cannot directly communicate with resources in another customer's VPC by default, preventing unauthorized cross-customer traffic. This is achieved through software-defined networking (SDN) constructs like virtual firewalls and routing tables, not through physical separation.

Exam trap

Cisco often tests the misconception that 'network isolation' implies physical separation or automatic encryption, leading candidates to choose options D or C, when in fact it refers to logical isolation via software-defined networking.

How to eliminate wrong answers

Option A is wrong because network isolation does not block all internet access; VPCs can be configured with Cloud NAT, external IP addresses, or VPNs to allow controlled outbound or inbound internet connectivity. Option C is wrong because network isolation does not automatically encrypt traffic; encryption requires additional measures like TLS/SSL or VPC Flow Logs with encryption at rest, and traffic within a VPC is not encrypted by default. Option D is wrong because a VPC does not require dedicated physical hardware; it uses logical isolation via software-defined networking on shared physical infrastructure, as per Google Cloud's multi-tenant design.

84
MCQmedium

A company has a production database running on Cloud SQL. They need to perform maintenance on the primary instance without downtime. Which feature allows this?

A.Read replicas with failover
B.Database import/export
C.Multi-region deployment
D.Automated backups
AnswerA

Read replicas can be promoted, allowing maintenance on the primary without downtime.

Why this answer

Read replicas with failover allow you to promote a read replica to a new primary instance in the event of a planned maintenance or failure, enabling zero-downtime operations. Cloud SQL uses this feature to redirect traffic seamlessly by updating the DNS record to point to the promoted replica, ensuring the database remains available during maintenance.

Exam trap

Google Cloud often tests the misconception that automated backups or multi-region deployment alone provide high availability, but the key is that only read replicas with failover offer a hot standby that can be promoted without downtime.

How to eliminate wrong answers

Option B is wrong because database import/export is a data migration tool (e.g., using mysqldump or pg_dump) that requires downtime for consistent snapshots and does not provide automatic failover or continuous availability. Option C is wrong because multi-region deployment in Cloud SQL is not a built-in feature; Cloud SQL supports regional instances only, and true multi-region failover requires external configurations like cross-region replication with additional services. Option D is wrong because automated backups create point-in-time recovery snapshots but do not provide a standby instance for failover; backups are for data restoration, not for maintaining uptime during maintenance.

85
MCQeasy

A company is deciding whether to store a large video archive (hundreds of terabytes, accessed perhaps twice per year for legal holds) in Google Cloud. Which Cloud Storage class is designed for this infrequently accessed, long-term archival use case?

A.Standard storage, which provides the lowest latency and highest availability for frequently accessed data
B.Archive storage, which offers the lowest storage cost for data accessed less than once per year, accepting higher retrieval costs and latency for infrequent access
C.Nearline storage, for data accessed approximately once per month
D.Coldline storage, for data accessed approximately once per quarter
AnswerB

Archive storage is specifically designed for the described use case: massive data volumes, very infrequent access (legal holds qualify as rare events). The trade-off — higher retrieval cost and latency — is acceptable when access is measured in times per year rather than times per day.

Why this answer

Archive storage is the correct choice because it is specifically designed for data that is accessed less than once per year, offering the lowest storage cost among Google Cloud Storage classes. This aligns perfectly with the use case of a large video archive accessed only twice per year for legal holds, where higher retrieval costs and latency are acceptable trade-offs for long-term preservation.

Exam trap

Cisco often tests the specific access frequency thresholds for each storage class (e.g., Nearline for monthly, Coldline for quarterly, Archive for yearly or less), and the trap here is that candidates may confuse Coldline (quarterly) with Archive (yearly) due to similar names implying 'cold' storage.

How to eliminate wrong answers

Option A is wrong because Standard storage is optimized for frequently accessed data with low latency and high availability, not for infrequently accessed archival data, and would incur unnecessary costs. Option C is wrong because Nearline storage is intended for data accessed approximately once per month, which does not match the twice-per-year access pattern. Option D is wrong because Coldline storage is designed for data accessed approximately once per quarter, still more frequent than the described use case, and would result in higher storage costs than Archive storage.

86
MCQeasy

A web application's homepage loads user-specific data (shopping cart, recent orders) on every visit. The data changes frequently. An engineer suggests caching this data in a Redis cache between the web tier and the database. What is the primary benefit of this caching layer?

A.Caching encrypts data in transit between the web tier and database.
B.Caching reduces database load and improves response times by serving frequently accessed data from fast in-memory storage.
C.Caching permanently stores user data so the database can be deleted.
D.Caching automatically synchronizes data between multiple database replicas.
AnswerB

Redis/Memorystore serves cache hits in microseconds vs. database queries in milliseconds. Fewer DB queries = lower DB load, faster responses, and ability to handle more concurrent users.

Why this answer

Option B is correct because caching user-specific data like shopping carts and recent orders in Redis reduces the load on the primary database by serving frequently accessed data from fast in-memory storage. This improves response times for the web application, as Redis can deliver data in microseconds compared to the millisecond latency of a typical relational database query. The caching layer acts as a temporary, high-speed buffer that offloads read-heavy traffic from the database, which is especially beneficial for data that changes frequently but is read often.

Exam trap

Google Cloud often tests the misconception that caching provides permanent storage or replaces the database, leading candidates to incorrectly select Option C, but the trap here is that caching is a temporary, performance-enhancing layer, not a durable storage solution.

How to eliminate wrong answers

Option A is wrong because caching does not inherently encrypt data in transit; encryption is a separate concern typically handled by TLS/SSL between the web tier and the database, not by the caching layer itself. Option C is wrong because caching is not a permanent storage solution; Redis is an in-memory store that can lose data on restart unless persistence is configured, and the database remains the authoritative source of truth for user data. Option D is wrong because caching does not automatically synchronize data between database replicas; that is the role of database replication mechanisms (e.g., MySQL Group Replication or PostgreSQL streaming replication), not a cache layer.

87
MCQmedium

A company's IT team is planning its network architecture for a Google Cloud deployment. They want to ensure that their development, staging, and production environments are completely isolated from each other at the network level. What is the most effective way to achieve this isolation in Google Cloud?

A.Using separate subnets within the same VPC for each environment, with firewall rules blocking cross-subnet traffic
B.Deploying each environment (dev, staging, prod) in separate VPC networks — optionally in separate Google Cloud projects — to achieve complete network isolation with no default connectivity between environments
C.Using different IP address ranges for each environment within the same network
D.Using Cloud IAM to restrict developers from accessing production resources, which achieves the same isolation as network separation
AnswerB

Separate VPCs provide true network isolation. By default, separate VPCs have no connectivity. Traffic between them requires explicit peering, VPN, or Shared VPC configuration. Using separate projects adds IAM-level access control on top of network isolation.

Why this answer

Option B is correct because deploying each environment in separate VPC networks (optionally in separate projects) provides complete network isolation by default. In Google Cloud, VPC networks are isolated entities with no inherent peering or connectivity; traffic between them requires explicit VPC peering or VPN configurations. This ensures that development, staging, and production environments cannot communicate at the network layer unless intentionally connected, meeting the requirement for complete isolation.

Exam trap

The trap here is that candidates assume firewall rules or IAM can achieve the same level of isolation as separate VPCs, but network-level isolation requires separate routing domains, not just access controls or IP address segmentation.

How to eliminate wrong answers

Option A is wrong because using separate subnets within the same VPC still allows routing between subnets by default; firewall rules can block traffic, but they are not a guarantee of complete network isolation (e.g., misconfigurations or implicit routes can bypass them). Option C is wrong because using different IP address ranges within the same network does not provide isolation; all subnets in a VPC can communicate via internal routes unless explicitly blocked, and the network itself is a single broadcast domain. Option D is wrong because Cloud IAM controls access at the identity and resource level, not at the network layer; it cannot prevent network-level connectivity between environments, such as direct IP traffic or lateral movement within the same VPC.

88
MCQeasy

What does 'high availability' mean in the context of cloud services, and how is it typically measured?

A.High availability means a system is fast — it responds to requests in under 100 milliseconds.
B.High availability means a system is operational for a very high percentage of time, typically measured as a percentage (e.g., 99.9% uptime).
C.High availability means a system stores data in multiple geographic locations for disaster recovery.
D.High availability requires manual intervention to restart failed services within 30 minutes.
AnswerB

HA is quantified as an uptime percentage over a period. 99.9% = ~8.7 hours downtime/year; 99.99% = ~53 minutes/year. Achieved through redundancy and automatic failover.

Why this answer

High availability (HA) refers to a system's ability to remain operational and accessible for an exceptionally high proportion of time, minimizing downtime. It is typically quantified as a percentage of uptime over a defined period, such as 99.9% ('three nines'), which corresponds to approximately 8.76 hours of downtime per year. This metric is fundamental in cloud service level agreements (SLAs) to guarantee service continuity.

Exam trap

Google Cloud often tests the distinction between high availability (uptime percentage) and related but distinct concepts like disaster recovery (geographic redundancy) or performance (latency), so candidates must focus on the precise definition of availability as operational uptime rather than other operational characteristics.

How to eliminate wrong answers

Option A is wrong because high availability is not about raw speed or low latency; it is about uptime and reliability, not performance metrics like sub-100ms response times. Option C is wrong because while geographic data replication supports disaster recovery, it is a specific strategy for data resilience, not the definition or measurement of high availability itself. Option D is wrong because high availability is designed to be automatic, often using failover clusters or load balancers, and requiring manual intervention within 30 minutes contradicts the goal of minimizing downtime without human action.

89
MCQmedium

A product manager asks a cloud engineer: 'What exactly is an API, and why is it important for our cloud-based application?' Which explanation is most accurate and useful for a non-technical product manager?

A.An API is a programming language used to write cloud applications, similar to Python or Java
B.An API is a defined contract that allows software components, services, and applications to communicate and exchange data with each other — enabling integration between cloud services and third-party systems without requiring knowledge of each other's internals
C.An API is a user interface that allows non-technical staff to access cloud resources through a web browser
D.An API is a security certificate that authenticates cloud services to prevent unauthorized access
AnswerB

This is accurate and useful for a product manager. APIs define how services talk to each other (what to send, what to expect back) without requiring implementation details. Cloud's power comes largely from APIs: your application can call a translation API, payment API, maps API, and ML API to compose sophisticated functionality from independent services.

Why this answer

Option B is correct because an API (Application Programming Interface) is a defined contract—typically using HTTP methods (GET, POST, PUT, DELETE) and data formats like JSON or XML—that enables software components to communicate and exchange data without exposing internal implementation details. For a cloud-based application, APIs are crucial because they allow seamless integration between cloud services (e.g., AWS Lambda, Azure Functions) and third-party systems, enabling modularity, scalability, and interoperability. This explanation is most accurate and useful for a non-technical product manager as it focuses on the functional role of APIs rather than misleading technical jargon.

Exam trap

Cisco often tests the misconception that an API is a programming language or a user interface, tempting candidates who confuse interface types (API vs. GUI) or overgeneralize from common cloud terms like 'API gateway' without understanding the core definition.

How to eliminate wrong answers

Option A is wrong because an API is not a programming language; it is an interface or protocol that allows different software components to interact, whereas Python and Java are general-purpose programming languages used to implement APIs. Option C is wrong because an API is not a user interface (UI) for non-technical staff; a web-based UI like a dashboard or console provides graphical access to cloud resources, while APIs are programmatic endpoints typically consumed by developers or automated systems. Option D is wrong because an API is not a security certificate; while APIs often use authentication mechanisms like OAuth 2.0 or API keys for secure access, the API itself is the communication contract, not a certificate.

90
MCQeasy

A business analyst needs to understand why cloud services bill differently for compute (VMs) versus object storage. Compute VMs are billed per second while they are running; Cloud Storage is billed per GB-month of data stored. Which cloud pricing principle explains why these billing units are different?

A.Cloud providers bill different resources differently to maximize revenue by charging the highest rates for the most-used services
B.Cloud resources are billed based on their natural unit of consumption: compute time for VMs (per second running) and data volume over time for storage (per GB-month) — matching billing to how each resource is actually consumed
C.Storage is charged per GB-month because cloud providers cannot measure storage usage per second accurately
D.The billing difference is a temporary situation; cloud providers are working toward a single universal billing unit for all services
AnswerB

This is the correct explanation. Billing models match consumption patterns: VMs consume CPU/memory as long as they run (time-based), while storage accumulates data that persists over time (data×time). This measured service model ensures billing is proportional to actual resource use.

Why this answer

Option B is correct because cloud providers align billing units with the natural consumption pattern of each resource. Compute VMs consume CPU and memory continuously while running, making per-second billing the most granular and fair measure of actual usage. Object storage, by contrast, incurs cost primarily from the capacity occupied over time, so billing per GB-month directly reflects the resource's persistent footprint.

This principle ensures customers pay only for what they use, in the unit that matches the resource's operational behavior.

Exam trap

The trap here is that candidates confuse pricing strategy with technical feasibility, assuming storage cannot be measured per second (Option C) or that providers are moving to a single unit (Option D), when the real principle is matching billing to the resource's natural consumption model.

How to eliminate wrong answers

Option A is wrong because it incorrectly assumes revenue maximization as the driving principle; in reality, cloud providers use cost-based pricing tied to resource consumption, not arbitrary rate-setting for popular services. Option C is wrong because cloud providers can and do measure storage usage per second (e.g., via continuous capacity monitoring), but billing per second would be impractical and not meaningful since storage cost is driven by sustained occupancy, not instantaneous access. Option D is wrong because there is no industry effort toward a single universal billing unit; different resources inherently have different consumption models (time-based vs. capacity-based), and this diversity is fundamental to cloud pricing.

91
MCQhard

Refer to the exhibit. A data processing job must complete within 2 hours. The job can be interrupted but must resume from the last checkpoint. Which two instances should be used to minimize cost while meeting the requirement?

A.worker-2 and worker-4
B.worker-1 and worker-2
C.worker-2 and worker-3
D.worker-1 and worker-3
AnswerA

Both are preemptible, offering lowest cost for interruptible workloads.

Why this answer

Worker-2 and worker-4 are preemptible (spot) instances, which are significantly cheaper than standard instances. The job can be interrupted and resume from the last checkpoint, so preemptible instances are suitable. This combination minimizes cost while meeting the 2-hour completion requirement because preemptible instances have a maximum runtime of 24 hours and can be terminated earlier, but the checkpointing allows the job to complete within the 2-hour window even if interrupted.

Exam trap

Google Cloud often tests the misconception that preemptible instances are unreliable for any time-bound job, but the key is that checkpointing allows resumption, so they are cost-effective for jobs that can tolerate interruptions within the allowed window.

How to eliminate wrong answers

Option B is wrong because worker-1 is a standard (non-preemptible) instance, which costs more than preemptible instances; using it unnecessarily increases cost. Option C is wrong because worker-3 is a standard instance, and pairing it with worker-2 (preemptible) still incurs higher cost than using two preemptible instances. Option D is wrong because both worker-1 and worker-3 are standard instances, resulting in the highest cost without any benefit for a fault-tolerant, checkpointed job.

92
MCQmedium

According to the NIST definition of cloud computing, which characteristic allows users to unilaterally provision computing resources such as server time and network storage without requiring human interaction with the service provider?

A.Broad network access
B.On-demand self-service
C.Resource pooling
D.Measured service
AnswerB

On-demand self-service allows users to provision resources (compute, storage) automatically through a portal or API without human interaction with the provider — core to the cloud experience.

Why this answer

NIST's five essential characteristics of cloud computing are: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. 'On-demand self-service' specifically describes the ability for users to provision capabilities automatically without provider interaction — using a web console or API to spin up VMs, databases, or storage instantly, without calling a salesperson or waiting for manual provisioning.

93
Multi-Selectmedium

Which TWO of the following are key characteristics of cloud computing as defined by NIST? (Choose 2)

Select 2 answers
A.Virtualization
B.Multi-tenancy
C.Measured service
D.Serverless computing
E.Rapid elasticity
AnswersC, E

Cloud systems automatically control and optimize resource use by metering.

Why this answer

Measured service is a key characteristic of cloud computing as defined by NIST (SP 800-145). It means that cloud systems automatically control and optimize resource usage by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). This allows both the provider and consumer to monitor, control, and report usage, providing transparency for billing and chargeback.

Exam trap

Google Cloud often tests the distinction between enabling technologies (like virtualization) and the official NIST essential characteristics, so candidates mistakenly select virtualization or multi-tenancy because they are commonly associated with cloud computing but are not explicitly listed in the NIST definition.

94
MCQhard

A retail company stores petabytes of customer transaction data for compliance reasons. They access data less than once a year but must retain it for 10 years. They want the lowest-cost storage. Which storage class should they choose?

A.Archive storage class
B.Coldline storage class
C.Standard storage class
D.Nearline storage class
AnswerA

Archive is the lowest-cost option for data accessed less than once a year.

Why this answer

Archive storage class is the correct choice because it is designed for data accessed less than once a year, with the lowest storage cost among Google Cloud storage classes. The customer's requirement of retaining data for 10 years with infrequent access aligns perfectly with Archive's 365-day minimum storage duration and retrieval costs that are higher but acceptable given the rare access pattern.

Exam trap

Google Cloud often tests the misconception that 'Coldline' is the lowest-cost option because of its name, but Archive is actually cheaper for data accessed less than once a year, and candidates overlook the access frequency and minimum storage duration requirements.

How to eliminate wrong answers

Option B (Coldline storage class) is wrong because it is optimized for data accessed less than once every 90 days, not less than once a year, and has higher storage costs than Archive. Option C (Standard storage class) is wrong because it is designed for frequently accessed data with no minimum storage duration and has the highest storage cost, making it unsuitable for long-term, rarely accessed compliance data. Option D (Nearline storage class) is wrong because it targets data accessed less than once every 30 days, with storage costs higher than Archive and a 30-day minimum storage duration, which does not match the yearly access pattern.

95
MCQmedium

A company is planning a cloud architecture and needs to decide between a monolithic application design and a microservices architecture. What is the most significant operational trade-off between these two approaches in a cloud environment?

A.Monoliths can only run on-premises, while microservices were designed specifically for cloud environments
B.Microservices enable independent deployment and scaling per component but introduce distributed systems complexity (network overhead, distributed tracing, service discovery, consistency challenges); monoliths are simpler to operate but scale and deploy as a unit
C.Microservices are always cheaper to operate in the cloud because each service uses fewer resources than a monolith
D.Monolithic applications cannot be scaled horizontally in cloud environments
AnswerB

This accurately captures the key trade-off. Microservices' benefits (independent scale, isolated failures, technology diversity) come with real operational costs: inter-service communication adds latency and failure modes, distributed tracing replaces simple stack traces, and data consistency across services requires careful design.

Why this answer

Monoliths are simpler to develop, test, and deploy initially but scale as a unit and create tight coupling — a change to one part requires deploying the whole application. Microservices enable independent deployment and scaling of components but introduce distributed systems complexity (network calls, service discovery, distributed tracing, eventual consistency). Neither is universally better — the trade-off depends on team size, domain complexity, and operational maturity.

96
MCQmedium

A mid-size company runs a batch processing application on a single on-premises server. The processing time varies; during month-end, the workload spikes and the server becomes overloaded, causing delays. The company wants a solution that automatically scales resources for peak times and only pays for extra capacity when used. They are considering migrating to Google Cloud. Which approach meets their needs?

A.Migrate the server to a single, larger Compute Engine instance with a static IP
B.Deploy the application on a managed instance group in Compute Engine with autoscaling
C.Rewrite the batch processing application as a Cloud Function
D.Use Cloud SQL for the database and a single Compute Engine instance for processing
AnswerB

Managed instance group with autoscaling automatically adds/removes instances based on load, and you pay only for the resources used.

Why this answer

Option C is correct because Google Cloud offers autoscaling groups in Compute Engine that can add instances during peak load and remove them when demand drops, with pay-per-second billing. Option A lacks automatic scaling. Option B provides managed services but may not directly solve scaling of their specific application.

Option D is for serverless functions, not ideal for a batch processing app that may run for hours.

97
Multi-Selecthard

Which TWO of the following are important considerations when designing a cloud solution for data residency compliance? (Choose exactly 2.)

Select 2 answers
A.Enabling Cloud Data Residency policies
B.Selecting a Cloud Storage region to store data within required jurisdiction
C.Choosing the lowest-cost storage class
D.Using a single availability zone for all data
E.Encrypting all data at rest
AnswersA, B

Policies prevent data from moving outside allowed regions.

Why this answer

Options A and D are correct. A is correct because data must stay in specific geographic boundaries. D is correct because Cloud Data Residency policies enforce location constraints.

B is incorrect because storing data in a single zone does not guarantee residency; zones are within a region. C is incorrect because encryption does not change data location. E is incorrect because storage class affects availability, not residency.

98
MCQhard

A solutions architect is designing a system that must remain available even if an entire Google Cloud region becomes unavailable due to a major disaster. Which deployment approach achieves this goal?

A.Deploying the application across multiple zones within the same Google Cloud region
B.Using a single zone but enabling automatic VM restart policies
C.Deploying the application across multiple Google Cloud regions so that if one region fails, other regions continue serving traffic
D.Enabling Cloud Backup for all VMs in the deployment to allow rapid restoration after a regional failure
AnswerC

Multi-region deployment is required to survive a full regional outage. By running active or active-passive instances in multiple distinct geographic regions, the system continues operating when any single region fails. Each region is geographically and infrastructure-independently isolated.

Why this answer

Option C is correct because deploying across multiple Google Cloud regions ensures that if an entire region becomes unavailable, traffic can be rerouted to healthy regions, achieving disaster recovery across regional failures. This approach leverages Google Cloud's global load balancing (e.g., External HTTPS Load Balancer with backend services in multiple regions) and regional managed instance groups to maintain availability even when a complete region is lost.

Exam trap

Google Cloud often tests the distinction between zonal and regional fault tolerance, and the trap here is that candidates confuse multi-zone deployment (which handles zonal failures) with multi-region deployment (which is required for regional disaster recovery).

How to eliminate wrong answers

Option A is wrong because deploying across multiple zones within the same region protects against zonal failures but does not protect against a regional disaster, as all zones in a region share the same regional control plane and can fail together. Option B is wrong because using a single zone with automatic VM restart policies only recovers from transient failures within that zone, not from a complete regional outage where the zone itself is unavailable. Option D is wrong because enabling Cloud Backup for all VMs allows data restoration after a failure but does not provide automatic failover or continuous availability; the system would still experience downtime while backups are restored, and it does not address the need for immediate traffic redirection during a regional disaster.

← PreviousPage 2 of 2 · 98 questions total

Ready to test yourself?

Try a timed practice session using only Fundamental cloud concepts questions.