CCNA Data Model Mgmt Questions

57 questions · Data Model Mgmt topic · All types, answers revealed

1
MCQmedium

A company trains models using Vertex AI Training and wants to share the resulting model artifacts with a different team in another Google Cloud project. What is the most secure way to grant access?

A.Use BigQuery to copy the model artifacts and share the BigQuery dataset.
B.Share the Vertex AI model resource directly by adding the other project's members to the IAM policy on the model.
C.Set the Cloud Storage bucket containing the artifacts to 'public' access.
D.Create a new service account in the other project, then grant it the 'roles/storage.objectViewer' role on the bucket.
AnswerD

Least privilege, secure cross-project access.

Why this answer

Option D is correct because it follows the principle of least privilege and cross-project access best practices. By creating a dedicated service account in the target project and granting it the 'roles/storage.objectViewer' role on the specific Cloud Storage bucket, you avoid exposing the bucket publicly and avoid sharing the Vertex AI model resource directly, which would grant broader permissions than necessary. This approach ensures that only the service account can read the model artifacts, and the other team can use that service account to access the bucket securely.

Exam trap

The trap here is that candidates often confuse sharing the Vertex AI model resource (which controls access to the model metadata and endpoint) with sharing the underlying artifacts in Cloud Storage, leading them to choose option B, which does not grant the necessary read access to the actual model files.

How to eliminate wrong answers

Option A is wrong because BigQuery is a data warehouse service, not a mechanism for copying or sharing model artifacts; model artifacts are stored in Cloud Storage, and BigQuery cannot be used to copy or grant access to those files. Option B is wrong because sharing the Vertex AI model resource directly via IAM grants access to the model metadata and endpoints, but does not grant access to the underlying model artifacts stored in Cloud Storage; the other team would still need separate permissions on the bucket. Option C is wrong because setting the Cloud Storage bucket to 'public' access would allow anyone on the internet to read the artifacts, violating security best practices and potentially exposing proprietary or sensitive model data.

2
MCQhard

An organization uses Cloud Dataflow to preprocess training data. Dataflow jobs are often failing because of insufficient quota for certain resources. The team has requested a quota increase, but the jobs still fail with 'quota exceeded' errors for a different resource. They want to proactively monitor and manage quotas to avoid failures. What is the best approach?

A.Set up Cloud Monitoring alerts for quota usage and automate quota increase requests.
B.Configure Dataflow to use a different pipeline type that avoids the quota.
C.Use Dataflow's autoscaling feature to reduce resource usage.
D.Increase the maximum number of workers in the Dataflow job.
AnswerA

Proactive monitoring and automation allow scaling quotas as needed.

Why this answer

Option A is correct because setting up Cloud Monitoring alerts for quota usage and automating quota increase requests helps catch issues before failures occur. Option B might reduce resource consumption but does not address the root cause of quota limits. Option C is not feasible.

Option D could worsen the problem by requiring more resources.

3
MCQeasy

A company stores training data in Cloud Storage and uses Vertex AI Training for model training. They want to implement a data validation pipeline to detect data drift before retraining. Which service should they use?

A.Vertex AI Model Monitoring
B.BigQuery ML
C.Cloud Data Loss Prevention
D.Dataflow
AnswerA

Vertex AI Model Monitoring can detect data drift by comparing distributions.

Why this answer

Vertex AI Model Monitoring is designed specifically to detect data drift and feature skew in production ML models by continuously comparing prediction requests against a baseline training dataset. It provides automated alerts when statistical distributions shift beyond a defined threshold, making it the correct choice for a data validation pipeline before retraining.

Exam trap

Google Cloud often tests the distinction between a general-purpose data processing tool (Dataflow) and a specialized managed service (Vertex AI Model Monitoring), leading candidates to choose Dataflow because they think they need to build a custom pipeline, while the question asks for the service that should be used, implying the most appropriate managed solution.

How to eliminate wrong answers

Option B is wrong because BigQuery ML is used for creating and executing ML models directly in BigQuery using SQL, not for monitoring data drift in existing models. Option C is wrong because Cloud Data Loss Prevention (DLP) is focused on inspecting and classifying sensitive data (e.g., PII) for security and compliance, not for statistical drift detection. Option D is wrong because Dataflow is a stream and batch data processing service (based on Apache Beam) that could be used to build a custom drift detection pipeline, but it is not a managed service purpose-built for model monitoring like Vertex AI Model Monitoring.

4
MCQeasy

A retail company uses Vertex AI AutoML to train a product recommendation model. They have a dataset of past purchases stored in BigQuery. The data science team wants to iteratively train and improve the model. They need to track which dataset version was used for each model and preserve the exact data for reproducibility. They currently export data to CSV files and store them in Cloud Storage. However, the dataset is updated daily, and they want to ensure that models are trained on a consistent snapshot. What should they do?

A.Use Vertex AI Dataset service to create a dataset and export it to BigQuery.
B.Use BigQuery snapshots to capture a versioned dataset and reference the snapshot in the training pipeline.
C.Train the model directly on the BigQuery table and let AutoML handle versioning.
D.Export the data to a timestamped CSV file and store it in Cloud Storage before each training run.
AnswerB

Snapshots provide point-in-time consistency and are easy to manage.

Why this answer

Option B is correct because BigQuery snapshots provide a consistent, versioned view of the dataset at a specific point in time, ensuring reproducibility without duplicating data. By referencing the snapshot in the Vertex AI training pipeline, the team can train models on the exact same data snapshot, even as the source table is updated daily. This approach avoids the overhead of exporting to CSV and Cloud Storage while maintaining data integrity and lineage.

Exam trap

Google Cloud often tests the misconception that exporting to CSV or using Vertex AI Dataset is sufficient for versioning, when in fact BigQuery snapshots provide the native, scalable, and auditable mechanism for point-in-time data consistency without data duplication.

How to eliminate wrong answers

Option A is wrong because the Vertex AI Dataset service is designed for managing training data within Vertex AI, but exporting to BigQuery does not inherently create a versioned snapshot; it simply moves data back to BigQuery without preserving a consistent point-in-time copy. Option C is wrong because training directly on a live BigQuery table does not guarantee a consistent snapshot; AutoML does not handle versioning, and the table may change between training runs, breaking reproducibility. Option D is wrong because exporting to a timestamped CSV file in Cloud Storage is a manual workaround that introduces storage overhead, potential data drift from export timing, and lacks the built-in versioning and query capabilities of BigQuery snapshots.

5
Multi-Selecthard

Which TWO strategies help ensure data consistency when multiple teams are contributing features to a shared Vertex AI Feature Store?

Select 2 answers
A.Each team should create their own feature store to avoid conflicts.
B.Use only batch ingestion to keep features synchronized.
C.Define and enforce feature schemas using the Feature Store API.
D.Allow each team to independently define feature engineering logic.
E.Set up monitoring and alerting on feature value distributions to detect drift.
AnswersC, E

Schemas ensure consistent data types and values.

Why this answer

Option C is correct because defining and enforcing feature schemas using the Vertex AI Feature Store API ensures that all teams adhere to a consistent data structure (e.g., fixed feature names, data types, and value ranges). This prevents schema drift and ingestion conflicts, which are common when multiple teams independently push features to the same feature store. Without schema enforcement, one team might inadvertently change a feature's data type or add unexpected values, breaking downstream models.

Exam trap

Google Cloud often tests the misconception that 'separate stores' or 'batch-only ingestion' are valid consistency strategies, when in fact the correct approach is centralized schema governance with monitoring to detect drift.

6
MCQhard

A company uses Cloud Composer to orchestrate an ML pipeline. They notice that the pipeline occasionally fails because the Composer environment runs out of disk space on the worker nodes. The pipeline uses many large dependencies. What is the most effective long-term solution?

A.Mount a Cloud Storage bucket to the Composer workers using GCSFuse to store large artifacts externally.
B.Move the pipeline to Cloud Functions to avoid Composer's disk limitations.
C.Reduce the size of the Docker image used by the pipeline.
D.Increase the number of worker nodes in the Composer environment.
AnswerA

Keeps local disk usage low by offloading to Cloud Storage.

Why this answer

Mounting a Cloud Storage bucket via GCSFuse allows Composer workers to access large artifacts stored externally without consuming local disk space. This provides a scalable, durable, and cost-effective solution for handling large dependencies, as the pipeline can read/write directly to Cloud Storage, eliminating the disk space bottleneck on worker nodes.

Exam trap

Google Cloud often tests the misconception that scaling out (adding more nodes) solves disk space issues, but the real problem is per-node disk capacity, not overall cluster capacity.

How to eliminate wrong answers

Option B is wrong because Cloud Functions have a limited execution timeout (up to 60 minutes for HTTP functions, 540 seconds for background functions) and a maximum memory of 32GB, making them unsuitable for long-running ML pipelines with large dependencies. Option C is wrong because reducing the Docker image size only addresses the image storage, not the runtime disk space used by large artifacts during pipeline execution. Option D is wrong because increasing the number of worker nodes distributes the workload but does not increase the per-node disk capacity; each worker still has the same local disk limit, so the pipeline can still fail if a single worker runs out of space.

7
Drag & Dropmedium

Drag and drop the steps to deploy a trained TensorFlow model to Vertex AI Prediction in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Export the model, upload to GCS, register as a model, deploy to endpoint, then test.

8
MCQeasy

A team wants to share a trained model with other teams within the organization. They need to provide access to the model artifact in Vertex AI Model Registry and ensure that only authorized teams can deploy the model. What should they do?

A.Grant the other teams access to the Cloud Storage bucket where the model is stored
B.Set the model to public in Vertex AI Model Registry
C.Use Cloud Key Management Service to encrypt the model and share the decryption key
D.Use IAM to grant the 'aiplatform.models.deploy' role to the other teams on the model resource
AnswerD

IAM roles provide fine-grained access control within Vertex AI.

Why this answer

Option D is correct because Vertex AI Model Registry uses IAM to control access to model resources. By granting the 'aiplatform.models.deploy' role on the specific model resource, you ensure that only authorized teams can deploy the model, while other operations (like viewing or updating) remain restricted. This follows the principle of least privilege and avoids exposing the model artifact broadly.

Exam trap

Google Cloud often tests the misconception that sharing the storage bucket or encryption key is sufficient for controlled deployment, when in fact IAM roles on the model resource are required to enforce deployment authorization.

How to eliminate wrong answers

Option A is wrong because granting access to the Cloud Storage bucket where the model is stored would allow teams to download or modify the model artifact directly, bypassing Vertex AI's deployment controls and audit logging. Option B is wrong because setting the model to public in Vertex AI Model Registry would allow anyone in the world to deploy the model, violating security requirements. Option C is wrong because Cloud KMS encrypts data at rest but does not control access to the model resource; sharing the decryption key would not prevent unauthorized deployment, as the key only decrypts the artifact, not the deployment permission.

9
MCQmedium

Refer to the exhibit. An ML engineer in the team needs to deploy the model to an endpoint. The engineer is assigned the 'roles/aiplatform.user' role at the project level but still cannot deploy. What is the most likely reason?

A.The service account 'sa-training' is using all the model's quota.
B.Alice does not have any IAM role on the project.
C.Alice needs to be granted the 'roles/aiplatform.admin' role at the project level.
D.The model's resource-level IAM policy only grants the 'roles/aiplatform.user' role, which does not include deploy permission.
AnswerD

The resource policy overrides project-level roles and lacks deploy.

Why this answer

The 'roles/aiplatform.user' role at the project level grants permissions to use AI Platform resources, but it does not include the 'aiplatform.models.deploy' permission required to deploy a model to an endpoint. Model deployment is controlled by resource-level IAM policies, and if the model's resource-level policy only grants 'roles/aiplatform.user', the deploy action is denied. The correct role for deployment is 'roles/aiplatform.admin' or a custom role with the deploy permission.

Exam trap

Google Cloud often tests the distinction between project-level and resource-level IAM policies, where candidates assume that a project-level role automatically grants all permissions on child resources, ignoring that resource-level policies can be more restrictive.

How to eliminate wrong answers

Option A is wrong because quota usage by a service account does not affect IAM permissions; the error is about authorization, not resource limits. Option B is wrong because the question states the engineer is assigned 'roles/aiplatform.user' at the project level, so Alice does have an IAM role. Option C is wrong because while 'roles/aiplatform.admin' would grant deploy permission, the most likely reason for the failure is the model's resource-level IAM policy restricting deployment, not the project-level role.

10
MCQmedium

Refer to the exhibit. A team member complains they cannot deploy a model to Vertex AI Endpoints. What is the most likely reason?

A.The policy is missing a condition
B.The policy lacks `roles/aiplatform.deployer`
C.The policy lacks `roles/aiplatform.specialist`
D.The service account needs `roles/aiplatform.user`
AnswerB

The deployer role is required for deploying models to endpoints.

Why this answer

The correct answer is B because deploying a model to Vertex AI Endpoints requires the `roles/aiplatform.deployer` role on the service account. This role grants the necessary permissions to create and manage endpoint deployments. Without it, the deployment operation will fail with an access denied error, even if other roles are present.

Exam trap

Google Cloud often tests the distinction between read-only roles like `roles/aiplatform.user` and write roles like `roles/aiplatform.deployer`, trapping candidates who assume a general user role includes deployment permissions.

How to eliminate wrong answers

Option A is wrong because the policy missing a condition is not the most likely reason; conditions are optional and typically used for context-aware access, not for basic deployment permissions. Option C is wrong because `roles/aiplatform.specialist` is a custom role that does not exist in standard Vertex AI IAM roles; the correct role for deployment is `roles/aiplatform.deployer`. Option D is wrong because `roles/aiplatform.user` provides read-only access to view resources but does not include the write permissions needed to deploy a model to an endpoint.

11
MCQmedium

A healthcare startup is developing a diagnostic model using sensitive patient data. They use Vertex AI to manage the training pipeline. They need to ensure that the data is encrypted both at rest and in transit. Additionally, they want to prevent the ML engineers from seeing raw data but still allow them to train models. They use Cloud Storage with CMEK and VPC-SC. They plan to use Vertex AI Training with a custom service account. The data stored in Cloud Storage is encrypted with CMEK. What additional step is needed to allow Vertex AI Training to access the encrypted data?

A.Use a service account with the 'Storage Admin' role and 'Cloud KMS CryptoKey Decrypter' role.
B.Grant the Cloud Storage service agent the Cloud KMS CryptoKey Decrypter role.
C.Disable encryption for the training data to simplify access.
D.Grant the custom service account the Cloud KMS CryptoKey Decrypter role.
AnswerD

The custom service account used by Vertex AI Training must have decrypt permission to read CMEK-encrypted data.

Why this answer

The correct answer is D because Vertex AI Training must use a custom service account that has the Cloud KMS CryptoKey Decrypter role to decrypt the CMEK-encrypted data stored in Cloud Storage. The custom service account is the identity that Vertex AI jobs run as, and it needs explicit permission to decrypt the CMEK key to read the training data. Without this role, the encrypted objects remain inaccessible even if the service account has Storage Object Viewer permissions.

Exam trap

The trap here is that candidates often confuse the Cloud Storage service agent (used for default encryption) with the custom service account that Vertex AI jobs use, leading them to incorrectly grant permissions to the wrong principal.

How to eliminate wrong answers

Option A is wrong because the 'Storage Admin' role is overly permissive and unnecessary; the service account only needs 'Storage Object Viewer' to read data, and the 'Cloud KMS CryptoKey Decrypter' role is required but must be granted to the custom service account, not a generic admin account. Option B is wrong because the Cloud Storage service agent is used for server-side operations like bucket-level encryption, not for granting access to a custom service account used by Vertex AI Training; the decrypter role must be on the custom service account that runs the training job. Option C is wrong because disabling encryption violates the requirement to protect sensitive patient data at rest and in transit, and it is not a valid security practice for a healthcare startup.

12
MCQhard

A data engineering team uses Dataflow for preprocessing and wants to integrate with Vertex AI Pipelines. They need to pass the preprocessed data location to the training step. What is the best practice?

A.Store the path in Data Catalog
B.Use Cloud Pub/Sub
C.Use PipelineParam to pass the output path
D.Write the output to a fixed Cloud Storage path and hardcode it in the pipeline
AnswerC

PipelineParam allows dynamic, compile-time passing of values between steps.

Why this answer

Option C is correct because PipelineParam is the native mechanism in Vertex AI Pipelines (Kubeflow Pipelines SDK) to pass runtime outputs—such as a Cloud Storage path—between components. It creates a dependency graph that ensures the training step receives the exact output path from the preprocessing step, enabling dynamic, reproducible pipelines without hardcoding.

Exam trap

The trap here is that candidates confuse metadata services (Data Catalog) or messaging systems (Pub/Sub) with pipeline parameter passing, overlooking that Vertex AI Pipelines uses Kubeflow Pipelines' built-in component I/O for deterministic, graph-based data flow.

How to eliminate wrong answers

Option A is wrong because Data Catalog is a metadata management service for discovering and tagging assets, not designed to pass runtime pipeline parameters between steps; it would introduce unnecessary latency and coupling. Option B is wrong because Cloud Pub/Sub is an asynchronous messaging service for event-driven architectures, not a direct parameter-passing mechanism within a single pipeline execution; it would add complexity and potential ordering issues. Option D is wrong because hardcoding a fixed Cloud Storage path defeats pipeline reproducibility and scalability—if the preprocessing step changes its output location (e.g., due to timestamped folders), the training step would fail or use stale data.

13
MCQhard

Refer to the exhibit. The team wants to automatically deploy the best-performing model version to production. They have set up a Cloud Function triggered by Model Registry events. Which alias should they use in the function to get the latest champion?

A.'champion'
B.''
C.'experiment'
D.'latest'
AnswerA

The 'champion' alias conventionally indicates the best-performing production version.

Why this answer

The 'champion' alias is specifically reserved in MLflow Model Registry to denote the best-performing model version in production. By configuring the Cloud Function to trigger on the assignment of the 'champion' alias, the team ensures that only the model version promoted as the production champion is automatically deployed, aligning with MLOps best practices for staged model promotion.

Exam trap

Google Cloud often tests the distinction between 'champion' (a production alias) and 'latest' (a version number concept), leading candidates to incorrectly choose 'latest' because they confuse chronological recency with performance-based promotion.

How to eliminate wrong answers

Option B is wrong because an empty string is not a valid alias in MLflow; aliases must be non-empty strings, and using an empty string would cause the function to fail or match no events. Option C is wrong because 'experiment' is not a predefined alias in MLflow Model Registry; it refers to an MLflow Experiment, not a model version alias, and would not trigger on model promotion events. Option D is wrong because 'latest' is not a standard alias in MLflow; while MLflow can retrieve the latest model version by version number, the 'latest' alias does not exist, and using it would not capture the champion promotion event.

14
MCQeasy

A data scientist wants to share a trained model with the team for review before deployment. The model is stored in Vertex AI Model Registry. What is the recommended way to grant the team read access to the model?

A.Grant the IAM role 'roles/aiplatform.admin' to the team members.
B.Export the model as a local file and share it via a shared drive.
C.Grant the IAM role 'roles/aiplatform.viewer' to the team members on the project.
D.Add the team members to the Cloud Storage bucket ACL with 'READER' access.
AnswerC

This role allows viewing models in Vertex AI.

Why this answer

Option A is correct because Vertex AI Model Registry uses Cloud IAM, and granting the 'roles/aiplatform.viewer' role provides read access to all model versions. Option B is wrong because too broad. Option C is wrong because Cloud Storage IAM is separate and not sufficient for Vertex AI models.

Option D is wrong because the bucket ACL does not apply to Vertex AI.

15
MCQmedium

A data scientist is using Vertex AI Workbench user-managed notebooks. They need to collaborate with a colleague on the same notebook. The colleague should be able to edit the notebook simultaneously. What should they do?

A.Store the notebook in Cloud Source Repositories and have the colleague clone it
B.Share the underlying Compute Engine VM's SSH access with the colleague
C.Export the notebook to Colab and share the link
D.Share the notebook instance URL with the colleague; both can edit simultaneously
AnswerD

Vertex AI Workbench supports real-time collaboration through the same instance.

Why this answer

Vertex AI Workbench user-managed notebooks support real-time collaboration by sharing the notebook instance URL. When you share the URL with a colleague, both users can edit the notebook simultaneously because the underlying JupyterLab environment is multi-user and supports concurrent editing sessions. This is the intended method for synchronous collaboration on the same notebook instance.

Exam trap

Google Cloud often tests the misconception that version control (like Cloud Source Repositories) is the correct way to collaborate on notebooks, but the question specifically asks for simultaneous editing, which requires a real-time collaboration feature like sharing the notebook instance URL.

How to eliminate wrong answers

Option A is wrong because Cloud Source Repositories is a Git-based version control system for storing code, not a real-time collaboration tool; cloning a notebook does not allow simultaneous editing. Option B is wrong because sharing SSH access to the Compute Engine VM would give the colleague full system-level access, which is insecure and unnecessary for notebook editing, and it does not enable simultaneous editing in JupyterLab. Option C is wrong because exporting to Colab creates a separate copy of the notebook in a different environment, breaking the connection to the original Vertex AI Workbench instance and preventing simultaneous editing on the same notebook.

16
MCQhard

A large organization uses a multi-project setup with a central data lake. Different teams manage their own models. To enable cross-team sharing of features, they want to use Vertex AI Feature Store. What is the best practice to manage access?

A.Create a single Feature Store in a central project and grant fine-grained IAM roles
B.Export features to Cloud Storage
C.Create separate Feature Stores per team project
D.Use BigQuery authorized views
AnswerA

A central Feature Store with IAM enables sharing while controlling access.

Why this answer

Creating a single Feature Store in a central project with fine-grained IAM roles is the best practice because it centralizes feature management while allowing cross-team access control at the feature group or feature level. Vertex AI Feature Store supports IAM roles like `aiplatform.featureStoreAdmin` and `aiplatform.featureStoreDataViewer` to grant granular permissions, enabling teams to share features without duplicating data or exposing sensitive information. This approach avoids data silos and ensures consistent governance across the organization.

Exam trap

Google Cloud often tests the misconception that separate Feature Stores per team are needed for isolation, but the correct approach is to use a single Feature Store with fine-grained IAM to enable sharing while maintaining security.

How to eliminate wrong answers

Option B is wrong because exporting features to Cloud Storage introduces data duplication, latency, and manual synchronization overhead, defeating the purpose of a centralized feature store for real-time serving. Option C is wrong because creating separate Feature Stores per team project creates data silos, preventing cross-team sharing and requiring complex cross-project networking or data replication. Option D is wrong because BigQuery authorized views are designed for table-level access control in BigQuery, not for managing access to Vertex AI Feature Store entities like feature groups or online/offline stores, and they lack the low-latency serving capabilities of Feature Store.

17
MCQeasy

Your team is using Vertex AI Pipelines to build an automated training pipeline. You need to share the pipeline definition with another team so they can run it in their own project. Which format should you use?

A.Copy the pipeline artifacts to a Cloud Storage bucket and share the bucket.
B.Package the pipeline as a Docker container image.
C.Share the Python code that compiles the pipeline.
D.Export the pipeline as a YAML file using the Kubeflow Pipelines SDK.
AnswerD

YAML file defines the pipeline graph and components.

Why this answer

Option D is correct because Vertex AI Pipelines is built on Kubeflow Pipelines, and the standard way to share a pipeline definition is to export it as a YAML file using the Kubeflow Pipelines SDK (`kfp.compiler.Compiler().compile()`). This YAML file contains the complete pipeline specification, including all components, dependencies, and execution order, and can be uploaded and run in any Vertex AI project without requiring the original Python code or build environment.

Exam trap

Google Cloud often tests the misconception that sharing the Python code or Docker images is sufficient for pipeline portability, but the exam expects you to recognize that the compiled YAML is the portable, self-contained artifact that decouples pipeline definition from the build environment.

How to eliminate wrong answers

Option A is wrong because copying pipeline artifacts (such as intermediate outputs or model files) does not share the pipeline definition itself; the other team would need the pipeline specification to recreate the execution graph. Option B is wrong because a Docker container image packages the runtime environment and code for a single component, not the entire pipeline DAG (directed acyclic graph) definition. Option C is wrong because sharing the Python compilation code requires the other team to have the exact same dependencies, SDK versions, and build environment to reproduce the pipeline, which is error-prone and not the intended portable format.

18
MCQeasy

A data science team uses Vertex AI Workbench and wants to share notebooks with version history. Which service should they use?

A.Artifact Registry
B.Cloud Storage
C.Data Catalog
D.Cloud Source Repositories
AnswerD

Cloud Source Repositories provides Git-based version control for notebooks and code.

Why this answer

Cloud Source Repositories (CSR) is the correct choice because it provides Git-based version control for notebooks, enabling teams to track changes, collaborate, and maintain a full version history. Vertex AI Workbench integrates natively with CSR, allowing users to clone, commit, and push notebook files directly from the JupyterLab interface, which is essential for collaborative development with revision tracking.

Exam trap

Google Cloud often tests the distinction between storage services (Cloud Storage) and version control services (Cloud Source Repositories), leading candidates to choose Cloud Storage because it has object versioning, but it lacks the collaborative Git workflow required for notebook version history.

How to eliminate wrong answers

Option A is wrong because Artifact Registry is designed for storing and managing container images and ML artifacts (e.g., models, packages), not for version-controlling notebook files or providing a Git-based history. Option B is wrong because Cloud Storage is an object store for unstructured data; it supports object versioning but lacks the branching, merging, and collaborative workflow features of a Git repository, making it unsuitable for notebook version history. Option C is wrong because Data Catalog is a metadata management service for discovering and tagging assets (e.g., datasets, models), not a version control system for code or notebooks.

19
MCQmedium

An organization uses Cloud Composer to orchestrate ML workflows. A DAG that triggers Vertex AI training jobs fails because the training job exceeds the 7-day maximum runtime. What is the best way to handle long-running training jobs in Cloud Composer?

A.Increase the DAG execution timeout to 14 days in the Airflow configuration
B.Use Vertex AI Pipeline to manage the training job asynchronously
C.Refactor the training job to run on Dataflow, which supports longer runtimes
D.Set max_active_runs=1 in the DAG to prevent overlapping runs
AnswerB

Vertex AI Pipeline can handle long-running jobs independently of the DAG runtime.

Why this answer

Option B is correct because Vertex AI Pipelines natively supports asynchronous execution, allowing Cloud Composer to trigger a pipeline and monitor its status without blocking the Airflow worker for the entire duration of the training job. This decouples the DAG execution timeout from the training runtime, enabling workflows that exceed the 7-day Airflow task timeout limit.

Exam trap

The trap here is that candidates assume increasing the Airflow execution timeout is a valid solution, but the PMLE exam tests understanding that Cloud Composer's architecture imposes practical limits on synchronous task execution, and the correct approach is to use asynchronous orchestration with services like Vertex AI Pipelines.

How to eliminate wrong answers

Option A is wrong because increasing the DAG execution timeout to 14 days does not address the underlying issue: Airflow tasks have a hard-coded maximum runtime of 7 days (configurable via `default_task_retries` and `execution_timeout`, but extending it beyond 7 days is not recommended and can lead to resource exhaustion and scheduler instability). Option C is wrong because Dataflow is a stream and batch processing service, not designed for long-running ML training jobs; its default worker timeout is also limited, and refactoring to Dataflow would not solve the runtime limit issue. Option D is wrong because `max_active_runs=1` prevents overlapping DAG runs but does nothing to extend the maximum runtime of a single task; the training job would still fail after 7 days.

20
MCQeasy

You are using Cloud Datalab for collaborative data exploration with your team. However, some team members cannot access the Datalab instances. What is the most likely issue?

A.The Datalab instances have been deleted by another team member.
B.The team members need to install the Cloud Datalab SDK locally.
C.The team members have not been granted the necessary IAM roles (e.g., roles/datalab.user) on the project.
D.The Datalab instances were created using an incompatible notebook type.
AnswerC

IAM roles control access to Datalab instances.

Why this answer

Cloud Datalab uses IAM permissions to control access to instances. The most common reason team members cannot access Datalab instances is that they lack the necessary IAM role, such as `roles/datalab.user`, which grants permission to view and connect to Datalab instances. Without this role, even if the instances exist and are running, users will receive permission-denied errors when trying to access them via the Datalab UI or API.

Exam trap

Google Cloud often tests the misconception that Cloud Datalab requires local software installation or that instance deletion is the cause, when in fact the core issue is almost always IAM permissions, specifically the `roles/datalab.user` role.

How to eliminate wrong answers

Option A is wrong because if Datalab instances were deleted, all team members would lose access, not just some, and the error would be a 'not found' rather than an access-denied error. Option B is wrong because Cloud Datalab is a managed service accessed through a web browser; no local SDK installation is required—users simply need the correct IAM permissions and a browser. Option D is wrong because Datalab instances are based on Jupyter notebooks, and there is no concept of 'incompatible notebook type' that would prevent access; the instance type (e.g., machine size) does not affect authentication or authorization.

21
Multi-Selectmedium

Which THREE actions are best practices for managing ML models in production on Google Cloud? (Choose 3)

Select 3 answers
A.Manually tune hyperparameters for each retraining run.
B.Monitor model performance and data drift continuously.
C.Use a central model registry for model governance.
D.Version all model artifacts and training datasets.
E.Store all raw training data indefinitely for auditability.
AnswersB, C, D

Correct: monitoring helps detect degradation.

Why this answer

Option B is correct because continuous monitoring of model performance and data drift is essential for maintaining prediction accuracy in production. Google Cloud's Vertex AI Model Monitoring automatically detects skew and drift by comparing serving data against training data distributions, alerting you to degradation before it impacts business outcomes.

Exam trap

Google Cloud often tests the misconception that manual hyperparameter tuning is acceptable for production, when in fact automation (e.g., Vertex AI Vizier) is the recommended practice to ensure reproducibility and efficiency.

22
MCQmedium

A team is using Vertex AI Experiments to compare different hyperparameters. They want to automatically record the hyperparameters. What is the correct way?

A.Manually log to console
B.Use the `aiplatform.start_run()` context manager
C.Write to a CSV file
D.Use BigQuery
AnswerB

This context manager automatically logs hyperparameters and metrics to Vertex AI Experiments.

Why this answer

Option B is correct because Vertex AI Experiments provides a native `aiplatform.start_run()` context manager that automatically captures hyperparameters passed as key-value arguments, logging them to the experiment run metadata without manual intervention. This integrates directly with the Vertex AI SDK, ensuring consistency and traceability across runs.

Exam trap

Google Cloud often tests the misconception that any logging method (console, CSV, BigQuery) is equivalent to native SDK integration, but the key requirement is automatic, structured recording tied to the experiment run, which only the SDK's context manager provides.

How to eliminate wrong answers

Option A is wrong because manually logging to console only outputs data to stdout, which is not persisted in Vertex AI Experiments and cannot be queried or compared programmatically. Option C is wrong because writing to a CSV file requires custom I/O code, lacks integration with Vertex AI's experiment tracking, and does not associate the hyperparameters with a specific experiment run. Option D is wrong because BigQuery is a data warehouse for analytics, not a mechanism for automatically recording hyperparameters during model training; it would require additional infrastructure to capture and store the parameters.

23
MCQhard

A company uses a Cloud Composer DAG to run a daily ML pipeline that includes Dataflow jobs and model training on Vertex AI. The pipeline frequently fails due to insufficient permissions when the Dataflow worker accesses data in Cloud Storage. What is the most efficient way to resolve this issue?

A.Create a custom service account with required permissions and assign it to the Dataflow job.
B.Grant the 'roles/storage.objectViewer' role to 'allUsers' on the Cloud Storage bucket.
C.Use the Composer environment's service account for all pipeline components.
D.Move the Dataflow job to run after the pipeline so that data is already processed.
AnswerA

Lets the Dataflow worker access the data securely.

Why this answer

The most efficient way to resolve insufficient permissions for Dataflow workers accessing Cloud Storage is to create a custom service account with the required roles (e.g., roles/storage.objectViewer) and assign it to the Dataflow job via the --serviceAccount option. This follows the principle of least privilege and ensures that only the Dataflow workers have the necessary permissions, without affecting other pipeline components or exposing the bucket publicly.

Exam trap

Google Cloud often tests the misconception that using a single service account for all components (like the Composer environment's service account) is simpler and sufficient, but this ignores the principle of least privilege and can cause security vulnerabilities or permission conflicts in distributed pipelines.

How to eliminate wrong answers

Option B is wrong because granting roles/storage.objectViewer to 'allUsers' makes the Cloud Storage bucket publicly readable, which is a severe security risk and violates least privilege principles. Option C is wrong because the Composer environment's service account typically has broader permissions than needed for Dataflow workers, and using it for all components can lead to over-privileging and potential security issues; moreover, Dataflow workers require a separate identity to access resources independently. Option D is wrong because moving the Dataflow job to run after the pipeline does not address the root cause of insufficient permissions; the Dataflow job will still fail when it tries to access Cloud Storage data, regardless of when it runs.

24
MCQeasy

A team uses Vertex AI Feature Store for storing features. They want to share feature definitions with other teams in a collaborative manner. What is the best way to collaborate on feature definitions?

A.Use a shared repository with feature definition files and CI/CD to update the feature store.
B.Grant all teams write access to the same feature store so they can modify definitions directly.
C.Export the feature definitions as CSV and email them to the other teams.
D.Use a wiki page to document feature definitions and update it manually.
AnswerA

Using a shared repo with CI/CD provides version control and automated updates, ensuring consistency and traceability.

Why this answer

Option A is correct because using a shared repository with feature definition files and CI/CD pipelines enables version control, peer review, and automated deployment to Vertex AI Feature Store. This approach ensures consistency, traceability, and collaboration without risking direct, uncoordinated changes to the production feature store.

Exam trap

The trap here is that candidates may assume direct write access (Option B) is efficient for collaboration, but the exam tests understanding that feature stores require controlled, versioned updates to maintain data integrity and avoid breaking downstream models.

How to eliminate wrong answers

Option B is wrong because granting all teams write access to the same feature store allows uncoordinated, direct modifications to feature definitions, which can lead to conflicts, data corruption, and lack of version control. Option C is wrong because exporting feature definitions as CSV and emailing them is error-prone, lacks versioning, and does not provide a single source of truth for collaboration. Option D is wrong because using a wiki page for manual documentation is static, easily outdated, and does not integrate with the feature store's actual schema or deployment process.

25
MCQeasy

A data scientist wants to track the lineage of a dataset used in a training run. Which Vertex AI feature should they use?

A.Vertex ML Metadata
B.Vertex AI Feature Store
C.Vertex AI Experiments
D.Vertex AI Model Registry
AnswerA

ML Metadata tracks data lineage and artifact relationships.

Why this answer

Vertex ML Metadata is the correct choice because it is specifically designed to track the lineage of datasets, models, and other artifacts throughout the ML lifecycle. It records metadata about each step in a pipeline, including the source dataset used for a training run, enabling full provenance tracking. This allows data scientists to trace back which data was used, how it was transformed, and which model version it produced.

Exam trap

The trap here is that candidates often confuse Vertex AI Experiments (which tracks run metrics and parameters) with lineage tracking, but Experiments does not capture the full artifact-to-execution graph that ML Metadata provides for dataset provenance.

How to eliminate wrong answers

Option B is wrong because Vertex AI Feature Store is a centralized repository for storing, serving, and sharing feature values for ML models, not for tracking dataset lineage. Option C is wrong because Vertex AI Experiments is used to track and compare model training runs, hyperparameters, and metrics, but it does not natively capture the lineage of the dataset itself beyond run-level parameters. Option D is wrong because Vertex AI Model Registry is a version control system for trained models, managing model deployments and versions, but it does not track the provenance of the training data used to create those models.

26
MCQhard

A company has multiple teams working on different models. They want to enforce consistent data preprocessing steps across all teams. Which approach should they take?

A.Use Cloud Composer to orchestrate preprocessing
B.Write shared Python packages in Artifact Registry
C.Use Cloud Dataflow templates
D.Create shared Vertex AI Pipelines components
AnswerD

Shared components can be reused across pipelines, enforcing consistent preprocessing.

Why this answer

Vertex AI Pipelines components allow teams to define reusable, versioned, and parameterized preprocessing steps that can be shared across models and pipelines. This ensures consistent execution of data transformations because each component encapsulates the exact code and environment, and pipelines enforce the same DAG of steps regardless of which team triggers them.

Exam trap

Google Cloud often tests the distinction between 'sharing code' (e.g., packages) and 'sharing executable, environment-encapsulated pipeline steps' (e.g., components), leading candidates to choose a code-sharing option like Artifact Registry instead of the pipeline component approach that enforces consistency.

How to eliminate wrong answers

Option A is wrong because Cloud Composer is an orchestration service for workflows (based on Apache Airflow) and does not inherently enforce consistent preprocessing logic across teams; it only schedules and monitors tasks, leaving the actual preprocessing code to be defined separately and potentially inconsistently. Option B is wrong because writing shared Python packages in Artifact Registry provides a way to distribute code, but it does not enforce a standardized execution environment or pipeline structure; teams could still call the packages with different parameters or in different orders, leading to inconsistency. Option C is wrong because Cloud Dataflow templates are used for batch and stream data processing jobs (based on Apache Beam), but they are not designed to be shared as reusable, composable steps across multiple ML pipelines; they lack the pipeline-level DAG enforcement and versioning that Vertex AI Pipelines components provide.

27
MCQhard

An ML team uses Vertex AI Pipelines to automate model retraining. The pipeline includes a step that queries BigQuery to create a training dataset. The team notices that the pipeline fails intermittently with a '403 Exceeded rate limits' error. What is the most likely cause and solution?

A.The pipeline is issuing too many concurrent queries; use a BigQuery reservation to guarantee slot capacity
B.The training dataset is too large; partition the table and query only the latest partition
C.The pipeline step timeout is too short; increase the timeout to 30 minutes
D.The SQL query is inefficient; rewrite it using materialized views
AnswerA

Reservations provide dedicated slots, avoiding API rate limits.

Why this answer

The 403 'Exceeded rate limits' error in BigQuery indicates that the project is hitting the concurrent query rate limit or the rate of bytes read per second. Using a BigQuery reservation guarantees dedicated slot capacity, which prevents rate-limit errors by ensuring the pipeline has consistent compute resources regardless of other workloads in the project. This is the most direct solution because rate limits are enforced at the project level based on available slots, and a reservation provides a fixed number of slots that bypass those limits.

Exam trap

The trap here is that candidates confuse rate-limit errors with performance or timeout issues, and they choose options that optimize query cost or size (B, D) or adjust timeouts (C), instead of recognizing that a 403 error specifically points to a quota or rate-limit violation that requires resource allocation like a reservation.

How to eliminate wrong answers

Option B is wrong because a large dataset does not cause a 403 rate-limit error; it would cause a 'resources exceeded' or timeout error, not a rate-limit error. Partitioning and querying only the latest partition could reduce bytes processed but does not address the rate limit on concurrent queries or slot usage. Option C is wrong because a timeout error would manifest as a deadline exceeded or 504 error, not a 403 rate-limit error; increasing the timeout does not resolve rate-limiting.

Option D is wrong because an inefficient SQL query would cause high slot consumption or slow performance, but the error is specifically about rate limits, not query efficiency; materialized views could reduce query cost but do not change the project-level rate limit enforcement.

28
MCQmedium

A team uses Vertex AI Feature Store for online serving. They notice high latency during peak hours. They have configured the feature store with Bigtable as the online serving store. What is the most likely cause of the high latency?

A.The Bigtable cluster has too many nodes.
B.Feature data is stored as Avro files.
C.The online serving node count is insufficient for the QPS.
D.Feature values are not pre-cached.
AnswerC

Insufficient nodes cause queuing and higher latency under load.

Why this answer

Option C is correct because Vertex AI Feature Store uses Bigtable as the online serving store, and during peak hours, high query-per-second (QPS) loads can overwhelm the serving nodes if they are under-provisioned. Insufficient node count leads to queuing and increased latency, as Bigtable's performance scales linearly with the number of nodes for read throughput. The most direct remedy is to increase the number of Bigtable nodes to match the QPS demand.

Exam trap

The trap here is that candidates may confuse Bigtable's scaling model with caching solutions (like Redis or Memorystore) and incorrectly assume that pre-caching (Option D) is the fix, when in fact the root cause is insufficient node count for the QPS load.

How to eliminate wrong answers

Option A is wrong because having too many Bigtable nodes would reduce latency, not increase it, as more nodes provide higher read throughput and lower queue depth. Option B is wrong because Avro files are used for offline batch storage or export, not for the online serving store, which uses Bigtable's native storage format; Avro files do not affect online latency. Option D is wrong because Bigtable does not support pre-caching of feature values in the same way as an in-memory cache; the latency issue is due to insufficient node count, not a missing caching mechanism.

29
Multi-Selectmedium

Which TWO tools can be used to collaborate on feature definitions across teams?

Select 2 answers
A.Cloud Storage
B.Vertex AI Feature Store
C.Cloud Logging
D.Cloud Build
E.Data Catalog
AnswersB, E

Feature Store provides a central repository for features that teams can share.

Why this answer

Options A and C are correct. Vertex AI Feature Store (A) allows sharing features, and Data Catalog (C) can catalog feature definitions. B (Cloud Storage) is not a collaboration tool.

D (Cloud Build) is for CI/CD. E (Cloud Logging) is for logs.

30
MCQhard

A financial services company uses Vertex AI to build credit risk models. They have a team of 10 data scientists and 3 ML engineers. They use multiple notebooks in Vertex AI Workbench, storing data in Cloud Storage and BigQuery. The team reports that training jobs sometimes fail with 'Permission denied' errors when reading from certain Cloud Storage buckets. The error occurs intermittently and only for some users. The team uses custom service accounts for each user's notebook instance, but the permissions seem inconsistent. The IT security team has enforced that all service accounts must have least privilege. What is the most effective course of action to resolve the permission issues while maintaining security?

A.Create a single service account with broad permissions for all notebook instances and have users impersonate it.
B.Implement resource-level IAM policies on the specific Cloud Storage buckets used, and audit the existing service account permissions.
C.Grant all data scientists the 'Storage Admin' role on the project to ensure they can access any bucket.
D.Move all training data to BigQuery to avoid Cloud Storage permission issues.
AnswerB

Resource-level policies allow fine-grained control while maintaining least privilege.

Why this answer

Option C is correct because implementing resource-level IAM policies on the specific Cloud Storage buckets used will provide the necessary permissions without overgranting. Auditing current permissions helps identify gaps. Option A grants too broad access.

Option B reduces security by using a single powerful account. Option D changes the data architecture unnecessarily.

31
MCQeasy

When distributing training across multiple workers using Vertex AI Training, how should the team share the training dataset?

A.Copy the dataset to each worker's local disk
B.Use NFS
C.Use Cloud Storage
D.Use Google Drive
AnswerC

Cloud Storage provides scalable, shared access to training data.

Why this answer

Vertex AI Training workers need shared, concurrent read access to the training dataset without manual replication. Cloud Storage (GCS) is the recommended and fully integrated solution because it provides a distributed, highly available object store that all workers can read from in parallel via the `tf.io.gfile` API or GCS connector, eliminating data duplication and ensuring consistency across the cluster.

Exam trap

The trap here is that candidates confuse 'shared storage' with 'local copies' or 'user-friendly sync tools,' assuming NFS or Drive are viable for distributed ML, when Vertex AI explicitly requires a cloud-native object store like GCS for scalability and fault tolerance.

How to eliminate wrong answers

Option A is wrong because copying the dataset to each worker's local disk introduces data duplication, increases startup latency, and risks inconsistency if workers are preempted or auto-scaled; Vertex AI does not manage local disk replication. Option B is wrong because NFS (Network File System) is not natively supported in Vertex AI Training; it would require manual setup of an NFS server, introduces a single point of failure, and adds network latency that GCS avoids with its native parallel read capabilities. Option D is wrong because Google Drive is a user-facing file sync service, not designed for high-throughput, concurrent access by distributed training jobs; it lacks the necessary IAM integration, access controls, and performance guarantees for ML workloads.

32
MCQhard

A financial services company uses Vertex AI to deploy multiple models for fraud detection. The ML team has set up a CI/CD pipeline using Cloud Build and Cloud Deploy. The pipeline builds a custom container with the trained model, pushes it to Artifact Registry, and deploys it to a Vertex AI Endpoint. Recently, a new regulation requires that all model deployments be audited and approved by the compliance team before going live. The compliance team wants to review the model's evaluation metrics and approve the deployment via a ticketing system. Currently, the CI/CD pipeline automatically deploys after the container is built. The team needs to implement a gating process without slowing down the development cycle. What should they do?

A.Use Cloud Composer to orchestrate the deployment and add a sensor that waits for approval from the ticketing system via a custom operator.
B.Use Cloud Build's built-in approval gate feature to require compliance team sign-off before deployment.
C.Modify the CI/CD pipeline to use Cloud Deploy's approval gate feature, requiring a manual approval from the compliance team before the deployment step.
D.Store the model artifacts in Cloud Storage and have the compliance team deploy manually using the gcloud command.
AnswerC

Cloud Deploy supports manual approval gates integrated with the pipeline.

Why this answer

Option C is correct because Cloud Deploy provides a native approval gate feature that can be inserted into a delivery pipeline to require manual sign-off before a deployment proceeds. This allows the compliance team to review model evaluation metrics and approve via a ticketing system without modifying the CI/CD pipeline's build process, thus maintaining development velocity. The approval gate pauses the deployment at a specific stage, waiting for an external approval signal, which integrates seamlessly with Cloud Deploy's rollout management.

Exam trap

The trap here is confusing Cloud Build's approval gates (which operate at the build stage) with Cloud Deploy's approval gates (which operate at the deployment stage), leading candidates to incorrectly select Option B despite it not addressing the deployment gating requirement.

How to eliminate wrong answers

Option A is wrong because Cloud Composer (based on Apache Airflow) is an orchestration tool for workflows, but adding a sensor for ticketing approval introduces unnecessary complexity and overhead, slowing down the development cycle compared to a native approval gate. Option B is wrong because Cloud Build's built-in approval gate feature is designed for build-level approvals (e.g., before pushing an image), not for deployment-stage gating; it would require restructuring the pipeline to pause the build process, which is not aligned with the requirement to gate deployment after the container is built. Option D is wrong because manual deployment via gcloud commands bypasses automation entirely, reintroducing delays and human error, contradicting the goal of not slowing down the development cycle.

33
Multi-Selectmedium

Which TWO actions are recommended for collaborating on machine learning models using Vertex AI Model Registry?

Select 2 answers
A.Use Cloud Storage object labels to store model descriptions.
B.Use version aliases such as 'champion' and 'challenger' to manage model lifecycle.
C.Deploy all model versions to a single endpoint for comparison.
D.Attach custom metadata (e.g., training dataset, hyperparameters) to each model version.
E.Create a separate model entry for each training run.
AnswersB, D

Aliases enable controlled promotion of models.

Why this answer

Option B is correct because Vertex AI Model Registry supports version aliases like 'champion' and 'challenger' to designate which model version should serve as the production candidate and which is under evaluation, enabling controlled lifecycle management and A/B testing without manual version tracking.

Exam trap

Google Cloud often tests the distinction between a single model entry with multiple versions versus separate model entries per run, and candidates mistakenly think separate entries provide better traceability, but the registry's versioning and alias system is specifically designed to avoid that fragmentation.

34
MCQmedium

Your team is using Vertex AI Feature Store for online predictions. You notice that feature values for some entities are missing in production, leading to failed predictions. Upon investigation, you find that the ingestion pipeline has been failing intermittently. What is the best immediate course of action to prevent prediction failures?

A.Configure default values for missing features in the feature store so that the model can fall back on them.
B.Set up monitoring alerts on the ingestion pipeline to get notified of failures.
C.Change the prediction request to ignore missing features.
D.Manually re-ingest all missing features by running the ingestion pipeline again.
AnswerA

Ensures predictions can be made even when features are not available.

Why this answer

Option D is correct because using default values in the serving layer ensures predictions can still be made when features are missing. Option A is wrong because recreating features takes time and does not fix the ingestion issue. Option B is wrong because it does not address the missing values.

Option C is wrong because monitoring alone does not prevent failures.

35
MCQhard

A data science team uses Vertex AI Pipelines to orchestrate ML training. They notice that some pipeline runs are failing because of inconsistent data schemas. They want to enforce schema validation as a gate before the training step executes. Which approach should they implement?

A.Use Cloud Dataflow to validate schema during data ingestion before the pipeline starts.
B.Use BigQuery schema enforcement when importing data.
C.Add a pipeline component that runs schema validation using the TensorFlow Data Validation library.
D.Use TFX ExampleGen with schema_gen to automatically generate and enforce schemas.
AnswerC

A custom component using TFDV can validate schema inside the pipeline and fail early if mismatched.

Why this answer

Option C is correct because the TensorFlow Data Validation (TFDV) library is specifically designed for ML pipeline schema validation. By adding a custom pipeline component that uses TFDV, the team can validate incoming data schemas against a predefined schema directly within the Vertex AI Pipelines orchestration, acting as a gate before the training step executes. This approach integrates seamlessly with the pipeline's component-based architecture and provides detailed anomaly reports.

Exam trap

Google Cloud often tests the distinction between tools that are part of the TFX ecosystem (like ExampleGen) versus standalone libraries (like TFDV) that can be used independently in custom pipeline components, leading candidates to choose D because they associate schema validation with TFX without realizing the integration requirements.

How to eliminate wrong answers

Option A is wrong because Cloud Dataflow is a batch/stream processing service for data transformation, not a schema validation tool; validating schema during ingestion outside the pipeline does not enforce the gate within the pipeline orchestration. Option B is wrong because BigQuery schema enforcement only validates data at the table level during import, but it is not a pipeline component that can be placed as a gate before a training step in Vertex AI Pipelines. Option D is wrong because TFX ExampleGen with schema_gen is part of the TFX framework, which is not directly compatible with Vertex AI Pipelines' custom component model; it would require significant adaptation and does not provide a simple gate component within the pipeline.

36
Multi-Selectmedium

Which THREE practices improve collaboration when using Cloud Composer for ML pipelines?

Select 3 answers
A.Keep all pipeline logic in a single large DAG for simplicity.
B.Use a shared Cloud Storage bucket for intermediate artifacts with appropriate permissions.
C.Store DAGs in a version-controlled repository and use CI/CD to deploy them.
D.Embed service account keys directly in DAG code for authentication.
E.Use Airflow variables and connections to parameterize DAGs.
AnswersB, C, E

Facilitates handoff between pipeline steps and teams.

Why this answer

Option B is correct because Cloud Composer workflows often require sharing intermediate data (e.g., transformed datasets, model checkpoints) across multiple DAGs or team members. A shared Cloud Storage bucket with fine-grained IAM permissions enables secure, centralized artifact exchange without duplicating data or exposing it to unauthorized users. This practice avoids hard-coded paths and ensures that all pipeline stages can reliably access the same artifacts, which is critical for reproducibility and collaboration in ML pipelines.

Exam trap

Google Cloud often tests the misconception that a single monolithic DAG simplifies collaboration, when in fact it creates bottlenecks and merge conflicts; the trap is that candidates confuse 'simplicity' with 'ease of collaboration' without considering modularity and CI/CD practices.

37
MCQhard

A team of ML engineers is building a real-time fraud detection system. They use Cloud Pub/Sub to stream transactions, Dataflow for feature engineering, and Vertex AI to get predictions. They want to ensure that the data used for training matches the data used for serving to avoid training-serving skew. Which approach should they take?

A.Use a batch processing system for both training and serving to ensure identical feature calculations.
B.Implement separate feature engineering pipelines for training and serving, but document them carefully.
C.Use Vertex AI Feature Store to store features computed during training and retrieve them in the serving pipeline.
D.Ensure that both training and serving read from the same Cloud Storage location.
AnswerC

Feature Store provides a consistent feature definition and computation.

Why this answer

Vertex AI Feature Store ensures that the same feature engineering logic is applied consistently during both training and serving. By storing precomputed features in the Feature Store, the serving pipeline retrieves the exact same feature values that were used during training, eliminating the risk of training-serving skew. This approach is specifically designed for real-time systems where streaming data (via Pub/Sub and Dataflow) must be served with identical transformations.

Exam trap

The trap here is that candidates confuse data consistency (same raw source) with feature consistency (same computed values), leading them to pick Option D, which only addresses raw data location, not the transformation logic.

How to eliminate wrong answers

Option A is wrong because batch processing introduces latency that is incompatible with real-time fraud detection, and it does not guarantee identical feature calculations if the batch and streaming codebases diverge. Option B is wrong because separate pipelines inevitably lead to implementation differences, documentation drift, and training-serving skew — the opposite of the desired outcome. Option D is wrong because reading from the same Cloud Storage location only ensures raw data consistency, not that the feature engineering transformations (e.g., aggregations, windowing, encoding) are identical between training and serving.

38
MCQhard

A team uses Vertex AI Pipelines with CustomJob components that pull training code from a Cloud Source Repository. The pipeline fails with a 'Permission denied' error when trying to access the repository. The service account used by the pipeline has the 'Source Repository Viewer' role. What is the likely issue?

A.The training code contains a dependency that is not available in the custom container
B.The 'Source Repository Viewer' role is insufficient; the service account needs 'Source Repository Reader' or higher
C.The pipeline is running in a different project than the repository; cross-project access is not supported
D.The repository URL is incorrectly formatted; use the SSH URL instead of HTTPS
AnswerB

Reader role allows cloning and fetching, while Viewer only allows browsing.

Why this answer

The 'Source Repository Viewer' role only allows listing and viewing repository metadata, not reading the actual source code. To clone or pull code from a Cloud Source Repository, the service account needs the 'Source Repository Reader' role (or higher), which grants the `source.repos.get` and `source.repos.read` permissions required for Git operations. The pipeline's CustomJob component fails because the service account lacks these permissions when attempting to access the repository.

Exam trap

Google Cloud often tests the distinction between IAM roles that grant read-only access to metadata versus those that grant actual data access, leading candidates to assume 'Viewer' is sufficient for reading source code.

How to eliminate wrong answers

Option A is wrong because a missing dependency would cause a runtime error during training, not a 'Permission denied' error when accessing the repository. Option C is wrong because cross-project access to Cloud Source Repositories is fully supported as long as the service account has the appropriate IAM roles on the repository's project. Option D is wrong because both HTTPS and SSH URLs are supported for Cloud Source Repositories; the error is a permissions issue, not a URL format issue.

39
Multi-Selecthard

Which THREE actions should be taken to manage model versions effectively?

Select 3 answers
A.Delete old versions immediately
B.Use Vertex AI Model Registry
C.Set up model evaluation alerts
D.Use the same model name for all versions
E.Assign version aliases like 'champion' and 'experiment'
AnswersB, C, E

Model Registry provides versioning and deployment control.

Why this answer

Vertex AI Model Registry is a centralized repository that tracks, versions, and manages ML models. It enables you to organize models, assign aliases (like 'champion' or 'experiment'), and control deployment, ensuring reproducibility and governance across the model lifecycle.

Exam trap

Google Cloud often tests the misconception that deleting old versions is a best practice for storage optimization, when in reality versioning requires retaining history for reproducibility and rollback, and that aliases are the correct mechanism for labeling model stages.

40
MCQmedium

A team of ML engineers is collaborating on a project using Vertex AI. They want to ensure that only approved models are deployed to production. Which approach should they use?

A.Store all models in a Cloud Storage bucket and manually control access via IAM permissions.
B.Deploy models directly from training jobs to an endpoint without version tracking.
C.Use Vertex AI Model Registry with version aliases to manage model versions and promote them after approval.
D.Use Cloud Dataflow to transform raw predictions and then store them in BigQuery for analysis.
AnswerC

Model Registry provides version control, staging, and alias-based deployment.

Why this answer

Vertex AI Model Registry provides a centralized repository for managing model versions, with support for version aliases (e.g., 'champion', 'challenger') that allow teams to promote models to production only after approval. This ensures governance and traceability, meeting the requirement that only approved models are deployed.

Exam trap

The trap here is that candidates may confuse storage access control (IAM) with model lifecycle governance, or assume that any data pipeline tool (Dataflow) can manage model approvals, when in fact only a dedicated model registry with version aliases provides the required approval workflow and traceability.

How to eliminate wrong answers

Option A is wrong because storing models in Cloud Storage with manual IAM control lacks version tracking, approval workflows, and integration with Vertex AI's deployment services, making it error-prone and unscalable for production governance. Option B is wrong because deploying directly from training jobs without version tracking bypasses model validation, approval gates, and rollback capabilities, violating the requirement for controlled production deployments. Option D is wrong because Cloud Dataflow is a data processing service for stream/batch pipelines, not a model management or approval mechanism; it is irrelevant to controlling which models are deployed.

41
Multi-Selectmedium

Which TWO of the following are best practices for managing data in a collaborative machine learning environment on Google Cloud?

Select 2 answers
A.Always replicate data across multiple regions to ensure low latency.
B.Implement fine-grained access control using IAM conditions.
C.Use Cloud Data Catalog to discover and annotate datasets.
D.Store all raw data in a single Cloud Storage bucket for easy access.
E.Use data versioning with tools like DVC or Dataflow to track changes.
AnswersC, E

Data Catalog aids in data governance and collaboration.

Why this answer

Option C is correct because Cloud Data Catalog provides a managed metadata management service that allows teams to discover, annotate, and manage datasets across Google Cloud. It enables data scientists to search for datasets by tags, descriptions, and schema, which is essential for collaboration and data governance in a multi-user ML environment.

Exam trap

Google Cloud often tests the misconception that 'replication equals performance' or that 'single bucket simplicity is best,' when in reality collaborative ML requires discoverability (Data Catalog) and reproducibility (versioning) over raw storage or access control alone.

42
MCQmedium

An MLOps team needs to automatically retrain a model when new training data becomes available. They use Vertex AI Pipelines. What is the recommended way to trigger the pipeline?

A.Use Model Evaluation to decide
B.Set up a trigger in Vertex AI Pipelines
C.Cloud Functions triggered by Cloud Storage events
D.Cloud Scheduler on a daily basis
AnswerC

Cloud Functions can listen for object finalize events in Cloud Storage and start the pipeline.

Why this answer

Option C is correct because Vertex AI Pipelines does not natively support event-driven triggers. The recommended pattern is to use Cloud Functions, which can be triggered by Cloud Storage events (e.g., object finalize/create) when new training data is uploaded. The Cloud Function then programmatically submits the pipeline run via the Vertex AI Pipelines client library or REST API, enabling an automated retraining workflow.

Exam trap

The trap here is that candidates assume Vertex AI Pipelines has a built-in trigger mechanism (Option B) because many CI/CD tools do, but Google Cloud's recommended pattern relies on external event-driven services like Cloud Functions.

How to eliminate wrong answers

Option A is wrong because Model Evaluation is a post-training assessment step, not a trigger mechanism; it cannot initiate pipeline execution. Option B is wrong because Vertex AI Pipelines itself does not provide a built-in trigger; triggers must be implemented externally via Cloud Functions, Cloud Scheduler, or similar services. Option D is wrong because Cloud Scheduler on a daily basis is a time-based trigger, not an event-driven one; it would retrain on a fixed schedule regardless of whether new data has arrived, leading to unnecessary runs or missed retraining opportunities.

43
Multi-Selecteasy

Which TWO statements about Vertex AI Feature Store are correct? (Choose 2)

Select 2 answers
A.Feature Store automatically applies feature engineering transformations.
B.Feature Store can only store numerical features.
C.Feature Store can only be used with Vertex AI models.
D.Feature Store provides a centralized repository for feature data.
E.Feature Store supports both online and offline serving.
AnswersD, E

Correct: it centralizes features for reuse.

Why this answer

Option D is correct because Vertex AI Feature Store is designed as a centralized repository that organizes, stores, and serves feature data consistently across different models and pipelines. This centralization ensures feature reuse, consistency, and governance, preventing data silos and duplication across the ML lifecycle.

Exam trap

Google Cloud often tests the misconception that Vertex AI Feature Store is tightly coupled to Vertex AI models or that it performs automatic feature engineering, when in fact it is a decoupled storage and serving layer that supports any ML framework and requires explicit feature engineering steps.

44
MCQhard

A large e-commerce company deploys multiple ML models on Vertex AI Endpoints. They use Vertex AI Model Registry to manage model versions. Recently, a team accidentally deployed an unvalidated model to production, causing a service outage. They want to implement a governance process where models must pass certain validation checks before deployment. The validation includes unit tests, fairness checks, and performance benchmarks. They use CI/CD pipelines (Cloud Build). They also need to allow manual approval for critical models. Which combination of Vertex AI features and Cloud Build steps would enforce the required governance?

A.Use Vertex AI Experiments to log validation results and require manual checks before deployment.
B.Set up Cloud Armor to block deployment of unvalidated models.
C.Implement Cloud Build triggers that run validation steps, then use Vertex AI Model Registry 'state' to mark models as 'validated' before allowing deployment to endpoints.
D.Use Vertex AI Continuous Monitoring to automatically detect issues and roll back deployments.
AnswerC

This enforces a gate where only models with appropriate state can be deployed.

Why this answer

Option C is correct because it combines Cloud Build triggers to run validation steps (unit tests, fairness checks, performance benchmarks) and uses Vertex AI Model Registry's 'state' field to mark models as 'validated' only after passing those checks. This state then acts as a gate in the deployment pipeline, ensuring that only validated models can be deployed to Vertex AI Endpoints. The manual approval for critical models can be integrated as a Cloud Build approval step before the state is set to 'validated'.

Exam trap

The trap here is confusing reactive monitoring (Continuous Monitoring) or unrelated security services (Cloud Armor) with proactive deployment governance, while overlooking that Vertex AI Model Registry's state field is the correct mechanism to enforce pre-deployment validation gates.

How to eliminate wrong answers

Option A is wrong because Vertex AI Experiments is designed for tracking and comparing ML experiments, not for enforcing deployment governance or blocking deployments; it cannot prevent an unvalidated model from being deployed. Option B is wrong because Cloud Armor is a web application firewall for protecting against DDoS and OWASP attacks, not a service for validating or blocking ML model deployments. Option D is wrong because Vertex AI Continuous Monitoring detects prediction drift and data quality issues after deployment, but it does not prevent the initial deployment of an unvalidated model; it is a reactive, not proactive, governance tool.

45
Matchingmedium

Match each regularization technique to its effect.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Adds absolute value of weights to loss, induces sparsity

Adds squared magnitude of weights to loss, prevents overfitting

Randomly drops units during training to prevent co-adaptation

Stops training when validation performance stops improving

Increases training data diversity through transformations

Why these pairings

Regularization helps generalize models.

46
MCQmedium

A healthcare organization is building a machine learning model to predict patient readmission risk. They have sensitive data stored in BigQuery that includes protected health information (PHI). The data science team uses Vertex AI Workbench notebooks to explore the data and develop models. The organization's security policy requires that all PHI data must be encrypted at rest and in transit, and that access to the data is logged and audited. They also need to ensure that the data used for model training is de-identified to remove direct identifiers such as patient names and SSNs. The team wants to automate the de-identification process as part of the data pipeline. Which approach meets these requirements?

A.Create a Dataflow pipeline that reads from the original BigQuery table, applies Cloud DLP de-identification transforms, and writes to a new BigQuery table. Grant the data science team access to the de-identified table.
B.Enable Shielded VM on Vertex AI Workbench notebooks and use VPC-SC to restrict data access.
C.Use Cloud Key Management Service to encrypt the PHI columns in BigQuery, and share the encryption key with the data science team.
D.Use BigQuery row-level security to mask PHI columns for the data science team, and train the model directly on the original table.
AnswerA

Dataflow with DLP automates de-identification and creates a safe dataset.

Why this answer

Option A is correct because it uses Cloud DLP within a Dataflow pipeline to automatically de-identify PHI data as it is read from the original BigQuery table and written to a new, de-identified table. This satisfies the requirement for automated de-identification, while the original table remains encrypted at rest (BigQuery default) and in transit (TLS), and access to the original data can be logged via Cloud Audit Logs. The data science team only gets access to the de-identified table, ensuring PHI is not exposed during model development.

Exam trap

Google Cloud often tests the distinction between data masking/encryption (which still exposes PHI to authorized users) and true de-identification (which removes or transforms PHI so it is no longer considered protected health information).

How to eliminate wrong answers

Option B is wrong because Shielded VM and VPC-SC provide infrastructure security (integrity, network perimeter) but do not de-identify PHI data; the data science team would still see raw PHI in the notebooks. Option C is wrong because Cloud KMS encryption protects data at rest but does not remove or mask PHI columns; sharing the encryption key with the data science team would give them access to the raw PHI, violating the de-identification requirement. Option D is wrong because BigQuery row-level security masks columns at query time but does not de-identify the underlying data; the model training would still use the original table with PHI present in the masked columns, and the masking is not a permanent de-identification suitable for an automated pipeline.

47
MCQeasy

Refer to the exhibit. The team notices that the pipeline fails to read data from the specified Cloud Storage path. What is the most likely issue?

A.The bucket does not exist
B.The pipeline runner is incorrect
C.The region is mismatched
D.The service account lacks `storage.objectViewer` permission
AnswerD

The Dataflow service account needs read access to Cloud Storage.

Why this answer

The pipeline fails to read data from Cloud Storage because the service account lacks the `storage.objectViewer` IAM role, which grants the `storage.objects.get` and `storage.objects.list` permissions required to read objects. Without this role, the pipeline cannot authenticate or authorize the read operation, even if the bucket and path are correct.

Exam trap

Google Cloud often tests the distinction between bucket-level permissions (like `storage.objectViewer`) and project-level roles, leading candidates to overlook that the service account must have the specific IAM role on the bucket or project, not just any storage role.

How to eliminate wrong answers

Option A is wrong because if the bucket did not exist, the error would typically be a 404 'Bucket not found' or a similar explicit message, not a generic read failure. Option B is wrong because the pipeline runner (e.g., Dataflow, Apache Beam) is responsible for executing the pipeline logic, not for authenticating to Cloud Storage; a runner mismatch would cause execution errors, not permission-related read failures. Option C is wrong because Cloud Storage bucket access is global and region-mismatch errors occur only for specific operations like writing to a regional bucket from a different region, but reading is allowed across regions; a region mismatch would not block read access.

48
Multi-Selecthard

Which TWO factors should you consider when choosing between BigQuery and Cloud Storage for storing training data? (Choose 2)

Select 2 answers
A.The format of the data: structured vs. unstructured.
B.The need for SQL-based transformations and analysis on the data.
C.The requirement for data encryption at rest.
D.The need for fine-grained access control at the row level.
E.The maximum size of the dataset (BigQuery limit 1 TB).
AnswersA, B

Correct: Cloud Storage is better for unstructured data.

Why this answer

Option A is correct because BigQuery is optimized for structured, tabular data (e.g., CSV, Avro, Parquet) and supports SQL queries, while Cloud Storage is a better fit for unstructured data (e.g., images, videos, raw text files) that does not require schema enforcement. Choosing the right storage depends on whether the training data has a fixed schema and requires relational querying or is blob-based and needs high-throughput access.

Exam trap

Google Cloud often tests the misconception that BigQuery has a hard 1 TB storage limit, when in reality the limit is much higher (default 10 TB for free, and no hard cap for paid tiers), leading candidates to incorrectly choose option E.

49
MCQmedium

Refer to the exhibit. A user receives the error shown when trying to upload a model to Vertex AI. What is the most likely cause?

A.The container image 'gcr.io/cloud-aiplatform/prediction/tf2-cpu.2-12:latest' is not accessible.
B.The user does not have the 'roles/aiplatform.admin' or the 'aiplatform.models.upload' permission on the project.
C.The user specified an incorrect region (us-central1) that does not support Vertex AI.
D.The Cloud Storage bucket 'gs://my-model-artifacts/fraud-detection/v2/' does not exist.
AnswerB

Permission denied errors typically indicate missing IAM roles.

Why this answer

The error message indicates a permission issue during model upload. The user lacks the 'aiplatform.models.upload' permission or the broader 'roles/aiplatform.admin' role on the project. Vertex AI requires these IAM permissions to authorize the upload action, regardless of other resource accessibility.

Exam trap

Google Cloud often tests the distinction between permission errors and resource availability errors, trapping candidates who assume the error is due to a missing bucket or container image rather than IAM misconfiguration.

How to eliminate wrong answers

Option A is wrong because if the container image were inaccessible, the error would typically occur during deployment or prediction, not during the upload step, and the error message would reference image pull failures (e.g., 'ImagePullBackOff'). Option C is wrong because us-central1 is a fully supported region for Vertex AI; the error does not mention region unavailability. Option D is wrong because if the Cloud Storage bucket did not exist, the error would be a 404 or 'bucket not found' message, not a permission-denied error.

50
Multi-Selecthard

Which THREE of the following are recommended practices for model governance and lineage in Vertex AI?

Select 3 answers
A.Enable Vertex AI ML Metadata to track artifacts, executions, and contexts.
B.Use Vertex AI Experiments to log parameters and metrics.
C.Store model artifacts in Cloud Storage with metadata in a database.
D.Manually record model lineage in a spreadsheet.
E.Use Vertex AI Model Registry to manage model versions and stages.
AnswersA, B, E

ML Metadata provides automated lineage tracking.

Why this answer

Vertex AI ML Metadata is a fully managed service that automatically tracks artifacts, executions, and contexts across the ML workflow. By enabling it, you create a lineage graph that records every step from data preparation to model deployment, which is essential for auditability and reproducibility. This is a core recommended practice for model governance because it provides an immutable, queryable history of all model-related activities.

Exam trap

Google Cloud often tests the distinction between using native Vertex AI services (like ML Metadata, Experiments, and Model Registry) versus ad-hoc or manual methods (like spreadsheets or custom databases) that lack automated governance and audit trails.

51
MCQmedium

A data science team uses BigQuery to store raw data and Vertex AI for model training. They want to ensure that only authorized users can access training data, and that model artifacts are automatically versioned and tracked. Which combination of Google Cloud services should they use?

A.Dataflow for data access control and Vertex AI Experiments for model tracking
B.Cloud Storage with bucket-level IAM and Cloud Build for versioning
C.Cloud Composer for data access control and Cloud Source Repositories for model versioning
D.Vertex AI Feature Store with access control and Vertex AI ML Metadata for model versioning
AnswerD

Vertex AI Feature Store provides controlled access to features, and ML Metadata tracks model artifacts and versions.

Why this answer

Vertex AI Feature Store provides fine-grained access control to training data, ensuring only authorized users can access it. Vertex AI ML Metadata automatically tracks and versions model artifacts, lineage, and parameters, which aligns with the requirement for automated versioning and tracking.

Exam trap

Google Cloud often tests the distinction between services that handle data processing (Dataflow, Cloud Composer) versus those that handle access control and metadata management (Feature Store, ML Metadata), leading candidates to confuse orchestration or CI/CD tools with versioning and access control solutions.

How to eliminate wrong answers

Option A is wrong because Dataflow is a data processing service, not an access control mechanism; it does not provide data access control for training data in BigQuery or Vertex AI. Option B is wrong because Cloud Storage with bucket-level IAM can control access to stored objects, but Cloud Build is a CI/CD service for building and deploying applications, not for versioning model artifacts automatically. Option C is wrong because Cloud Composer is a workflow orchestration service (based on Apache Airflow), not a data access control solution, and Cloud Source Repositories is a Git repository for source code, not designed for model versioning or tracking.

52
MCQmedium

A team uses Vertex AI Pipelines. They need to ensure that only certain team members can deploy models to production. What is the best approach?

A.Use Vertex AI Experiments to track models
B.Store model artifacts in a bucket with bucket-level permissions
C.Use IAM roles with custom permissions on the Vertex AI Model Registry
D.Create separate projects for dev and prod
AnswerC

Model Registry integrates with IAM to grant specific deployment permissions.

Why this answer

Option C is correct because Vertex AI Model Registry supports IAM roles with custom permissions, allowing fine-grained access control over who can promote or deploy models to production. By assigning specific roles (e.g., `roles/aiplatform.modelDeployer`) to only authorized team members, you can restrict deployment actions while still permitting others to view or register models. This approach directly addresses the need to control production deployments without affecting other pipeline stages.

Exam trap

The trap here is that candidates often confuse artifact storage permissions (bucket-level IAM) with deployment permissions (model registry IAM), leading them to choose Option B, even though bucket permissions do not control the Vertex AI deployment API call.

How to eliminate wrong answers

Option A is wrong because Vertex AI Experiments is designed for tracking and comparing model training runs (e.g., hyperparameters, metrics), not for controlling access or permissions to deploy models. Option B is wrong because bucket-level permissions control access to the storage location of model artifacts, but they do not govern the deployment action itself within Vertex AI Pipelines; a user with bucket access could still lack deployment permissions, or vice versa. Option D is wrong because creating separate projects for dev and prod is an organizational boundary that can help with isolation, but it does not provide granular control over which specific team members can deploy within the same project; it also introduces overhead in managing multiple projects and does not leverage Vertex AI's native IAM capabilities for model registry operations.

53
Multi-Selecteasy

Which TWO practices help ensure reproducible ML experiments?

Select 2 answers
A.Store all artifacts in a temporary bucket
B.Use a random seed for each run
C.Use Vertex AI Experiments to track parameters and metrics
D.Version control training code with Cloud Source Repositories
E.Use preemptible VMs
AnswersC, D

Experiments record the exact configuration and results.

Why this answer

Vertex AI Experiments automatically logs parameters, metrics, and artifacts for each run, creating a complete lineage that enables exact reproduction of results. By tracking these details alongside the code version, you can recreate the exact environment and configuration that produced a given outcome, which is essential for reproducibility.

Exam trap

Google Cloud often tests the distinction between practices that improve reproducibility (like tracking parameters and versioning code) versus practices that improve cost efficiency or speed (like using preemptible VMs or temporary storage), leading candidates to conflate operational convenience with scientific reproducibility.

54
MCQhard

A team uses Vertex AI Feature Store to serve features for real-time predictions. They notice that feature values are frequently updated from multiple source systems, leading to inconsistencies. They need to ensure that feature values are consistent across all serving endpoints. What should they do?

A.Use batch ingestion with weekly updates to reduce update frequency
B.Increase the offline storage TTL to retain historical feature values
C.Implement a manual approval process for feature updates
D.Use a streaming ingestion pipeline with exactly-once semantics
AnswerD

Exactly-once streaming ensures each update is applied exactly once, maintaining consistency.

Why this answer

Option D is correct because streaming ingestion with exactly-once semantics ensures that each feature update is applied precisely once, preventing duplicates or missed updates that cause inconsistencies. This approach synchronizes feature values across all serving endpoints in near real-time, directly addressing the problem of frequent updates from multiple source systems.

Exam trap

The trap here is that candidates may confuse consistency with data freshness or retention, leading them to choose batch ingestion or TTL adjustments, when the core issue is update semantics in a distributed streaming context.

How to eliminate wrong answers

Option A is wrong because reducing update frequency with batch ingestion does not resolve inconsistencies from frequent updates; it merely delays them and can lead to stale features. Option B is wrong because increasing offline storage TTL retains historical values but does not affect consistency of current feature values across serving endpoints. Option C is wrong because a manual approval process introduces latency and is impractical for real-time predictions, and it does not guarantee consistency across distributed endpoints.

55
MCQeasy

A data scientist wants to share a trained model with colleagues for evaluation. The model is stored as a Vertex AI Model resource. What is the recommended way to share the model without exposing the underlying project?

A.Share the model ID and grant colleagues the 'vertex.ai.models.get' permission.
B.Create a new project and copy the model.
C.Upload the model to a public Cloud Storage bucket.
D.Export the model artifact and email it.
AnswerA

This provides secure, traceable access without exposing the project.

Why this answer

Option A is correct because Vertex AI Model resources are managed within a single Google Cloud project, and the recommended way to share a model without exposing the underlying project is to grant the IAM role 'roles/aiplatform.user' or the specific permission 'vertex.ai.models.get' to the colleagues' Google accounts. This allows them to access the model via the model ID (a fully qualified resource name like 'projects/{project}/locations/{region}/models/{model}') without needing to copy or expose the project's infrastructure or credentials.

Exam trap

Google Cloud often tests the misconception that sharing a model requires copying or exporting the artifact, when in fact IAM-based access control on the managed resource is the secure and recommended approach.

How to eliminate wrong answers

Option B is wrong because creating a new project and copying the model is unnecessary overhead and still exposes the model artifact to another project, which does not inherently prevent exposure of the original project's identity; it also violates the principle of least privilege by duplicating resources. Option C is wrong because uploading the model to a public Cloud Storage bucket would expose the model artifact to the entire internet, violating security best practices and potentially leaking proprietary data; it also bypasses Vertex AI's access control mechanisms. Option D is wrong because exporting the model artifact and emailing it is insecure, as email is not encrypted at rest by default and exposes the model to unauthorized interception; it also loses the managed model resource's metadata and versioning.

56
MCQhard

Refer to the exhibit. A user is trying to upload a Vertex AI pipeline definition. The error indicates an invalid dependency order. What should the user do to fix this?

A.Reorder the tasks in the YAML so that task1 is defined before task2.
B.Rename task1 to a name that comes alphabetically before task2.
C.Change the dependency of task2 to be independent of task1.
D.Remove the dependentTasks field from task2 and rely on implicit ordering.
AnswerA

YAML ordering determines execution order when dependencies are declared.

Why this answer

Option A is correct because Vertex AI pipeline definitions require that tasks be declared in the order they appear in the dependency graph. The YAML parser validates the `dependentTasks` field by checking that referenced tasks are already defined. Defining `task1` before `task2` ensures that when `task2` declares a dependency on `task1`, `task1` is already in scope, resolving the invalid dependency order error.

Exam trap

Google Cloud often tests the misconception that alphabetical naming or implicit ordering can resolve dependency declaration errors, when in fact the YAML parser strictly requires tasks to be defined in topological order.

How to eliminate wrong answers

Option B is wrong because renaming tasks alphabetically does not affect the order of definition in the YAML file; Vertex AI pipelines rely on the sequence of task declarations, not lexical ordering of names. Option C is wrong because removing the dependency between task2 and task1 would change the pipeline logic, potentially breaking the intended workflow, and the error is about declaration order, not about whether the dependency is valid. Option D is wrong because implicit ordering is not supported in Vertex AI pipelines; the `dependentTasks` field is required to explicitly define dependencies, and removing it would cause the pipeline to run tasks in an undefined order, likely leading to runtime failures.

57
MCQmedium

A company uses BigQuery to store feature data for ML training. A data engineer notices that a Vertex AI Training job is failing with 'Access Denied' errors when reading from a BigQuery table. The training job uses a custom service account that has been granted the 'bigquery.dataViewer' role on the dataset. What is the most likely cause of the failure?

A.The service account is not in the same project as the BigQuery dataset.
B.The BigQuery table is partitioned and requires row-level access.
C.The service account lacks the 'bigquery.jobs.create' permission in the project.
D.The training job does not have the required network access to BigQuery.
AnswerC

Reading from BigQuery via Vertex AI Training requires the ability to submit a query job, which requires 'bigquery.jobs.create'.

Why this answer

The 'bigquery.dataViewer' role grants permissions to read BigQuery data (e.g., bigquery.tables.getData), but it does not include the 'bigquery.jobs.create' permission. When a Vertex AI training job reads from BigQuery, it must first create a BigQuery job (a query job) to retrieve the data. Without 'bigquery.jobs.create' at the project level, the service account cannot initiate the read operation, resulting in an 'Access Denied' error even though it has data-level access.

Exam trap

The trap here is that candidates often assume 'bigquery.dataViewer' is sufficient for all read operations, overlooking the requirement for 'bigquery.jobs.create' to initiate the query job that actually reads the data.

How to eliminate wrong answers

Option A is wrong because the service account does not need to be in the same project as the BigQuery dataset; cross-project access is supported as long as IAM permissions are granted at the dataset or table level. Option B is wrong because partitioned tables do not require row-level access by default; row-level access is controlled via BigQuery row-level security policies, which are not automatically required for partitioned tables. Option D is wrong because Vertex AI training jobs run within Google Cloud's internal network and have built-in access to BigQuery via the Cloud API; network access is not a common cause of 'Access Denied' errors for BigQuery reads.

Ready to test yourself?

Try a timed practice session using only Data Model Mgmt questions.