CertsTopics Logo

Weekend Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Selected Associate-Cloud-Engineer Google Cloud Certified Questions Answers

Page: 7 / 24
Total 325 questions
Get Associate-Cloud-Engineer Full Access Download Associate-Cloud-Engineer PDF

Google Cloud Certified - Associate Cloud Engineer Questions and Answers

Question 25

Your management has asked an external auditor to review all the resources in a specific project. The security team has enabled the Organization Policy called Domain Restricted Sharing on the organization node by specifying only your Cloud Identity domain. You want the auditor to only be able to view, but not modify, the resources in that project. What should you do?

Options:

A.

Ask the auditor for their Google account, and give them the Viewer role on the project.

B.

Ask the auditor for their Google account, and give them the Security Reviewer role on the project.

C.

Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.

D.

Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project.

Question 26

You are using Container Registry to centrally store your company’s container images in a separate project. In another project, you want to create a Google Kubernetes Engine (GKE) cluster. You want to ensure that Kubernetes can download images from Container Registry. What should you do?

Options:

A.

In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

B.

When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ‘Access scopes’.

C.

Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.

D.

Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

Question 27

You need to grant access for three users so that they can view and edit table data on a Cloud Spanner instance. What should you do?

Options:

A.

Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to the role.

B.

Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to a new group. Add the group to the role.

C.

Run gcloud iam roles describe roles/spanner.viewer --project my-project. Add the users to the role.

D.

Run gcloud iam roles describe roles/spanner.viewer --project my-project. Add the users to a new group. Add the group to the role.

Question 28

An external member of your team needs list access to compute images and disks in one of your projects. You want to follow Google-recommended practices when you grant the required permissions to this user. What should you do?

Options:

A.

Create a custom role, and add all the required compute.disks.list and compute, images.list permissions as includedPermissions. Grant the custom role to the user at the project level.

B.

Create a custom role based on the Compute Image User role Add the compute.disks, list to theincludedPermissions field Grant the custom role to the user at the project level

C.

Grant the Compute Storage Admin role at the project level.

D.

Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.

Page: 7 / 24
Total 325 questions
Get Associate-Cloud-Engineer Full Access Download Associate-Cloud-Engineer PDF