- Home
- Google Associate Cloud Engineer Exam
- Google.Associate-Cloud-Engineer.v2024-02-22.q150
- Question 118
Valid Associate-Cloud-Engineer Dumps shared by ExamDiscuss.com for Helping Passing Associate-Cloud-Engineer Exam! ExamDiscuss.com now offer the newest Associate-Cloud-Engineer exam dumps, the ExamDiscuss.com Associate-Cloud-Engineer exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com Associate-Cloud-Engineer dumps with Test Engine here:
Access Associate-Cloud-Engineer Dumps Premium Version
(328 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 118/150
You recently discovered that your developers are using many service account keys during their development process. While you work on a long term improvement, you need to quickly implement a process to enforce short-lived service account credentials in your company. You have the following requirements:
* All service accounts that require a key should be created in a centralized project called pj-sa.
* Service account keys should only be valid for one day.
You need a Google-recommended solution that minimizes cost. What should you do?
* All service accounts that require a key should be created in a centralized project called pj-sa.
* Service account keys should only be valid for one day.
You need a Google-recommended solution that minimizes cost. What should you do?
Correct Answer: C
According to the Google Cloud documentation, you can use organization policy constraints to control the creation and expiration of service account keys. The constraints are:
* constraints/iam.allowServiceAccountKeyCreation: This constraint allows you to specify which projects or folders can create service account keys. You can set the value to true or false, or use a condition to apply the constraint to specific service accounts. By setting this constraint to false for the organization and adding an exception for the pj-sa project, you can prevent developers from creating service account keys in other projects.
* constraints/iam.serviceAccountKeyMaxLifetime: This constraint allows you to specify the maximum lifetime of service account keys. You can set the value to a duration in seconds, such as 86400 for one day. By setting this constraint to 86400 for the organization, you can ensure that all service account keys
* expire after one day.
These constraints are recommended by Google Cloud as best practices to minimize the risk of service account key misuse or compromise. They also help you reduce the cost of managing service account keys, as you do not need to implement a custom solution to rotate or delete them.
References:
* 1: Associate Cloud Engineer Certification Exam Guide | Learn - Google Cloud
* 5: Create and delete service account keys - Google Cloud
* Organization policy constraints for service accounts
* constraints/iam.allowServiceAccountKeyCreation: This constraint allows you to specify which projects or folders can create service account keys. You can set the value to true or false, or use a condition to apply the constraint to specific service accounts. By setting this constraint to false for the organization and adding an exception for the pj-sa project, you can prevent developers from creating service account keys in other projects.
* constraints/iam.serviceAccountKeyMaxLifetime: This constraint allows you to specify the maximum lifetime of service account keys. You can set the value to a duration in seconds, such as 86400 for one day. By setting this constraint to 86400 for the organization, you can ensure that all service account keys
* expire after one day.
These constraints are recommended by Google Cloud as best practices to minimize the risk of service account key misuse or compromise. They also help you reduce the cost of managing service account keys, as you do not need to implement a custom solution to rotate or delete them.
References:
* 1: Associate Cloud Engineer Certification Exam Guide | Learn - Google Cloud
* 5: Create and delete service account keys - Google Cloud
* Organization policy constraints for service accounts
- Question List (150q)
- Question 1: Users of your application are complaining of slowness when l...
- Question 2: You have an application that runs on Compute Engine VM insta...
- Question 3: You are using Deployment Manager to create a Google Kubernet...
- Question 4: Your organization needs to grant users access to query datas...
- Question 5: You are deploying an application to a Compute Engine VM in a...
- Question 6: You have downloaded and installed the gcloud command line in...
- Question 7: Your company has a large quantity of unstructured data in di...
- Question 8: Your company is moving its continuous integration and delive...
- Question 9: Your projects incurred more costs than you expected last mon...
- Question 10: You built an application on your development laptop that use...
- Question 11: Your company is moving its entire workload to Compute Engine...
- Question 12: You are working in a team that has developed a new applicati...
- Question 13: Your organization has strict requirements to control access ...
- Question 14: You are performing a monthly security check of your Google C...
- Question 15: You need to deploy an application, which is packaged in a co...
- Question 16: You have a website hosted on App Engine standard environment...
- Question 17: You are running an application on multiple virtual machines ...
- Question 18: Your finance team wants to view the billing report for your ...
- Question 19: You are running multiple microservices in a Kubernetes Engin...
- Question 20: You need to create a custom IAM role for use with a GCP serv...
- Question 21: You are running a data warehouse on BigQuery. A partner comp...
- Question 22: Your company wants to migrate their on-premises workloads to...
- Question 23: Your web application has been running successfully on Cloud ...
- Question 24: You want to configure autohealing for network load balancing...
- Question 25: Your company requires all developers to have the same permis...
- Question 26: You have a Compute Engine instance hosting an application us...
- 2 commentQuestion 27: You are building a multi-player gaming application that will...
- Question 28: You want to select and configure a cost-effective solution f...
- 1 commentQuestion 29: You are migrating a business critical application from your ...
- Question 30: A team of data scientists infrequently needs to use a Google...
- Question 31: You deployed an application on a managed instance group in C...
- Question 32: You recently deployed a new version of an application to App...
- Question 33: You have one project called proj-sa where you manage all you...
- Question 34: A colleague handed over a Google Cloud project for you to ma...
- Question 35: A colleague handed over a Google Cloud Platform project for ...
- Question 36: You installed the Google Cloud CLI on your workstation and s...
- Question 37: You manage three Google Cloud projects with the Cloud Monito...
- 1 commentQuestion 38: You have developed an application that consists of multiple ...
- 1 commentQuestion 39: Your team is using Linux instances on Google Cloud. You need...
- 1 commentQuestion 40: Your company completed the acquisition of a startup and is n...
- Question 41: You are the project owner of a GCP project and want to deleg...
- 1 commentQuestion 42: Your team is running an on-premises ecommerce application. T...
- Question 43: You are setting up a Windows VM on Compute Engine and want t...
- Question 44: You are developing a financial trading application that will...
- Question 45: You are responsible for a web application on Compute Engine....
- Question 46: You have a number of compute instances belonging to an unman...
- Question 47: Your managed instance group raised an alert stating that new...
- Question 48: Your company has a Google Cloud Platform project that uses B...
- Question 49: You are operating a Google Kubernetes Engine (GKE) cluster f...
- Question 50: You have a number of applications that have bursty workloads...
- Question 51: You have been asked to set up Object Lifecycle Management fo...
- Question 52: You need to create a copy of a custom Compute Engine virtual...
- Question 53: You are deploying an application to App Engine. You want the...
- Question 54: You created an instance of SQL Server 2017 on Compute Engine...
- Question 55: You are designing an application that lets users upload and ...
- 1 commentQuestion 56: You need to deploy an application in Google Cloud using savo...
- Question 57: Your company developed a mobile game that is deployed on Goo...
- Question 58: You want to permanently delete a Pub/Sub topic managed by Co...
- 1 commentQuestion 59: You need to run an important query in BigQuery but expect it...
- Question 60: You are building a new version of an application hosted in a...
- Question 61: You have a web application deployed as a managed instance gr...
- Question 62: An application generates daily reports in a Compute Engine v...
- Question 63: You need to add a group of new users to Cloud Identity. Some...
- Question 64: Your continuous integration and delivery (CI/CD) server can'...
- Question 65: You have a Google Cloud Platform account with access to both...
- Question 66: You have one GCP account running in your default region and ...
- Question 67: Your team maintains the infrastructure for your organization...
- Question 68: The core business of your company is to rent out constructio...
- Question 69: You are hosting an application on bare-metal servers in your...
- Question 70: Your customer has implemented a solution that uses Cloud Spa...
- Question 71: You are assisting a new Google Cloud user who just installed...
- Question 72: During a recent audit of your existing Google Cloud resource...
- Question 73: You are analyzing Google Cloud Platform service costs from t...
- Question 74: Your development team needs a new Jenkins server for their p...
- Question 75: You have a single binary application that you want to run on...
- Question 76: You received a JSON file that contained a private key of a S...
- Question 77: You need to create a custom VPC with a single subnet. The su...
- Question 78: You are using multiple configurations for gcloud. You want t...
- Question 79: You have 32 GB of data in a single file that you need to upl...
- Question 80: You are using Google Kubernetes Engine with autoscaling enab...
- Question 81: You will have several applications running on different Comp...
- Question 82: You need to provide a cost estimate for a Kubernetes cluster...
- Question 83: You have a managed instance group comprised of preemptible V...
- Question 84: An external member of your team needs list access to compute...
- Question 85: You need to configure IAM access audit logging in BigQuery f...
- Question 86: You need to verify that a Google Cloud Platform service acco...
- Question 87: You want to send and consume Cloud Pub/Sub messages from you...
- Question 88: You need to immediately change the storage class of an exist...
- Question 89: You have developed a containerized web application that will...
- Question 90: You are working for a startup that was officially registered...
- Question 91: You need to manage multiple Google Cloud Platform (GCP) proj...
- Question 92: You have been asked to create robust Virtual Private Network...
- Question 93: You need to update a deployment in Deployment Manager withou...
- Question 94: You are migrating a production-critical on-premises applicat...
- Question 95: You have deployed an application on a Compute Engine instanc...
- Question 96: You have a large 5-TB AVRO file stored in a Cloud Storage bu...
- Question 97: Your coworker has helped you set up several configurations f...
- Question 98: Several employees at your company have been creating project...
- Question 99: You are the team lead of a group of 10 developers. You provi...
- Question 100: You need to enable traffic between multiple groups of Comput...
- Question 101: You want to deploy an application on Cloud Run that processe...
- Question 102: You create a Deployment with 2 replicas in a Google Kubernet...
- Question 103: Your company is moving from an on-premises environment to Go...
- Question 104: You have an application on a general-purpose Compute Engine ...
- Question 105: You need to set a budget alert for use of Compute Engineer s...
- Question 106: For analysis purposes, you need to send all the logs from al...
- Question 107: You have a batch workload that runs every night and uses a l...
- Question 108: You are building an application that processes data files up...
- Question 109: You are building a data lake on Google Cloud for your Intern...
- 1 commentQuestion 110: Your application development team has created Docker images ...
- Question 111: You want to configure a solution for archiving data in a Clo...
- Question 112: Your company has a single sign-on (SSO) identity provider th...
- Question 113: Your customer wants you to create a secure website with auto...
- 1 commentQuestion 114: Your organization uses G Suite for communication and collabo...
- Question 115: You want to run a single caching HTTP reverse proxy on GCP f...
- Question 116: The sales team has a project named Sales Data Digest that ha...
- Question 117: You need to reduce GCP service costs for a division of your ...
- Question 118: You recently discovered that your developers are using many ...
- Question 119: Your company runs one batch process in an on-premises server...
- Question 120: You want to permanently delete a Pub/Sub topic managed by Co...
- Question 121: Your organization is a financial company that needs to store...
- Question 122: You have been asked to set up the billing configuration for ...
- Question 123: You need a dynamic way of provisioning VMs on Compute Engine...
- Question 124: You are asked to set up application performance monitoring o...
- Question 125: You have deployed an application on a single Compute Engine ...
- Question 126: You have an application that receives SSL-encrypted TCP traf...
- Question 127: Your company developed an application to deploy on Google Ku...
- Question 128: You just installed the Google Cloud CLI on your new corporat...
- Question 129: Your organization uses Active Directory (AD) to manage user ...
- Question 130: Your company set up a complex organizational structure on Go...
- Question 131: You need to manage a Cloud Spanner Instance for best query p...
- Question 132: You have an instance group that you want to load balance. Yo...
- Question 133: You need to create a new billing account and then link it wi...
- Question 134: You are developing a new web application that will be deploy...
- Question 135: You have experimented with Google Cloud using your own credi...
- Question 136: You are developing a new application and are looking for a J...
- Question 137: Your company has an internal application for managing transa...
- Question 138: Your existing application running in Google Kubernetes Engin...
- Question 139: You created a Kubernetes deployment by running kubectl run n...
- Question 140: You have a Compute Engine instance hosting a production appl...
- Question 141: You have been asked to migrate a docker application from dat...
- Question 142: You want to host your video encoding software on Compute Eng...
- Question 143: You created several resources in multiple Google Cloud proje...
- Question 144: Your company's infrastructure is on-premises, but all machin...
- Question 145: Your company is using Google Workspace to manage employee ac...
- Question 146: You've deployed a microservice called myapp1 to a Google Kub...
- Question 147: You create a new Google Kubernetes Engine (GKE) cluster and ...
- Question 148: You significantly changed a complex Deployment Manager templ...
- Question 149: You need to set up permissions for a set of Compute Engine i...
- Question 150: You have created a code snippet that should be triggered whe...
[×]
Download PDF File
Enter your email address to download Google.Associate-Cloud-Engineer.v2024-02-22.q150.pdf