Question 1
Every employee of your company has a Google account. Your operational team needs to manage a large number of instances on Compute Engine. Each member of this team needs only administrative access to the servers. Your security team wants to ensure that the deployment of credentials is operationally efficient and must be able to determine who accessed a given instance. What should you do?
A. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.
B. Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.
C. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the compute.osAdminLogin role to the Google group corresponding to this team.
D. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance
你公司的每个员工都有一个谷歌账号。你的运维团队需要管理 Compute Engine 上的大量实例。这个团队的每个成员只需要对 server 进行管理访问。你的安全团队希望确保凭证的部署在操作上是有效的,并且必须能够确定谁访问了一个特定的实例。你应该怎么做?
A. 生成一个新的SSH密钥对。把私钥给你的团队的每个成员。在每个实例的元数据中配置公钥。
B. 要求团队的每个成员生成一个新的SSH密钥对,并把他们的公钥发给你。使用配置管理工具,在每个实例上部署这些密钥。
C. 要求团队的每个成员生成一个新的SSH密钥对,并将公钥添加到他们的Google账号。给这个团队对应的Google组授予 compute.osAdminLogin 角色。
D. 生成一个新的SSH密钥对。把私钥给你的团队的每个成员。在你的 Cloud Platform 项目中,将公钥配置为项目范围内的公共SSH密钥,并在每个实例上允许项目范围内的公共SSH密钥。
正确答案:
C
参考:
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys
Question 2
You need to create a custom VPC with a single subnet. The subnetג€™s range must be as large as possible. Which range should you use?
A. 0.0.0.0/0
B. 10.0.0.0/8
C. 172.16.0.0/12
D. 192.168.0.0/16
你需要创建一个具有单个子网的自定义 VPC。该子网的范围必须尽可能的大。你应该使用哪个范围?
A. 0.0.0.0/0
B. 10.0.0.0/8
C. 172.16.0.0/12
D. 192.168.0.0/16
正确答案:
B
参考:
https://cloud.google.com/vpc/docs/vpc#manually_created_subnet_ip_ranges
Question 3
You want to select and configure a cost-effective solution for relational data on Google Cloud Platform. You are working with a small set of operational data in one geographic location. You need to support point-in-time recovery. What should you do?
A. Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected.
B. Select Cloud SQL (MySQL). Select the create failover replicas option.
C. Select Cloud Spanner. Set up your instance with 2 nodes.
D. Select Cloud Spanner. Set up your instance as multi-regional.
你想为 Google Cloud Platform 上的关系型数据选择和配置一个具有成本效益的解决方案。你所在的一个地理位置正在处理一小组运营数据。你需要支持时间点恢复。你应该怎么做?
A. 选择 Cloud SQL (MySQL)。验证是否选择了启用二进制日志选项。
B. 选择 Cloud SQL (MySQL)。选择创建故障转移副本选项。
C. 选择 Cloud Spanner。将你的实例设置为2个节点。
D. 选择 Cloud Spanner。将你的实例设置为多区域。
正确答案:
A
参考:
https://cloud.google.com/sql/docs/mysql/backup-recovery/restore
必须启用二进制日志记录才能使用时间点恢复。启用二进制日志记录会略微降低写性能。
因为二进制日志允许Cloud SQL中的点恢复
Question 4
You want to configure autohealing for network load balancing for a group of Compute Engine instances that run in multiple zones, using the fewest possible steps.You need to configure re-creation of VMs if they are unresponsive after 3 attempts of 10 seconds each. What should you do?
A. Create an HTTP load balancer with a backend configuration that references an existing instance group. Set the health check to healthy (HTTP)
B. Create an HTTP load balancer with a backend configuration that references an existing instance group. Define a balancing mode and set the maximum RPS to 10.
C. Create a managed instance group. Set the Autohealing health check to healthy (HTTP)
D. Create a managed instance group. Verify that the autoscaling setting is on.
你想为一组在多个区域运行的 Compute Engine 实例配置网络负载平衡的自动修复,并使用尽可能少的步骤。 你需要配置虚拟机的重新创建,如果它们在3次尝试后没有反应,每次10秒的尝试。你应该怎么做?
A. 创建一个 HTTP 负载均衡器,它的后台配置引用了一个现有的实例组。将健康检查设置为健康(HTTP)。
B. 创建一个 HTTP 负载均衡器,其后端配置引用一个现有的实例组。定义一个平衡模式,将最大RPS设置为10。
C. 创建一个管理的实例组。将自动修复运行状况检查设置为健康 (HTTP)。
D. 创建一个受管实例组。验证自动缩放的设置是否开启。
正确答案:
C
Question 5
You are using multiple configurations for gcloud. You want to review the configured Kubernetes Engine cluster of an inactive configuration using the fewest possible steps. What should you do?
A. Use gcloud config configurations describe to review the output.
B. Use gcloud config configurations activate and gcloud config list to review the output.
C. Use kubectl config get-contexts to review the output.
D. Use kubectl config use-context and kubectl config view to review the output.
你正在使用 gcloud 的多个配置。你想用尽可能少的步骤,审查已配置的非活动配置的 Kubernetes Engine 集群。你应该怎么做?
A. 使用 gcloud config configurations describe 来审查输出。
B. 使用 gcloud config configurations activate 和 gcloud config list 来查看输出。
C. 使用 kubectl config get-contexts 来查看输出。