Free Practice Questions for Google Associate-Cloud-Engineer Exam

Given that the new instance wants to access the application on the existing compute engine instance, these applications seem to be related so they should be within the same VPC. It is possible to have them in different VPCs and peer the VPCs but this is a lot of additional work and we can simplify this by choosing the option below (which is the answer)

1. Create a subnet in the same VPC, in europe-west1.

2. Create the new instance in the new subnet and use the first instance subnets private address as the endpoint. is the right answer.

We can create another subnet in the same VPC and this subnet is located in europe-west1. We can then spin up a new instance in this subnet. We also have to set up a firewall rule to allow communication between the two subnets. All instances in the two subnets with the same VPC can communicate through the internal IP Address

Ref: https://cloud.google.com/vpc

Autopilot is more reliable and stable release gives more time to fix issues in new version of GKE

`gcloud services list --available` returns not only the enabled services in the project but also services that CAN be enabled.

https://cloud.google.com/sdk/gcloud/reference/services/list#--available

Run the following command to list the enabled APIs and services in your current project:

gcloud services list

whereas, Run the following command to list the APIs and services available to you in your current project:

gcloud services list –available

https://cloud.google.com/sdk/gcloud/reference/services/list#--available

--available

Return the services available to the project to enable. This list will include any services that the project has already enabled.

To list the services the current project has enabled for consumption, run:

gcloud services list --enabled

To list the services the current project can enable for consumption, run:

gcloud services list –available

Google Cloud Storage Triggers

Cloud Functions can respond to change notifications emerging from Google Cloud Storage. These notifications can be configured to trigger in response to various events inside a bucket—object creation, deletion, archiving and metadata updates.

Note: Cloud Functions can only be triggered by Cloud Storage buckets in the same Google Cloud Platform project.

Event types

Cloud Storage events used by Cloud Functions are based on Cloud Pub/Sub Notifications for Google Cloud Storage and can be configured in a similar way.

Supported trigger type values are:

google.storage.object.finalize

google.storage.object.delete

google.storage.object.archive

google.storage.object.metadataUpdate

Object Finalize

Trigger type value: google.storage.object.finalize

This event is sent when a new object is created (or an existing object is overwritten, and a new generation of that object is created) in the bucket.

https://cloud.google.com/functions/docs/calling/storage#event_types

Authorizing with a service account

gcloud auth activate-service-account authorizes access using a service account. As with gcloud init and gcloud auth login, this command saves the service account credentials to the local system on successful completion and sets the specified account as the active account in your Cloud SDK configuration.

https://cloud.google.com/sdk/docs/authorizing#authorizing_with_a_service_account

A simple approach would be to use the command flags available when listing all the IAM policy for a given project. For instance, the following command: `gcloud projects get-iam-policy $PROJECT_ID --flatten="bindings[].members" --format="table(bindings.members)" --filter="bindings.role:roles/owner"` outputs all the users and service accounts associatedwith the role ‘roles/owner’ in the project in question.https://groups.google.com/g/google-cloud-dev/c/Z6sZs7TvygQ?pli=1

For a web application (typically using HTTP/HTTPS), an Application Load Balancer is the recommended choice as it operates at Layer 7, providing features like content-based routing, SSL termination, and improved security. To expose the application publicly, you would need to use a public DNS zone. An A record in a public DNS zone maps a domain name to the public IP address of the Application Load Balancer. Using a CNAME record would also work but is generally recommended for aliasing one domain name to another, not directly to an IP address.

Option A & B: Network Load Balancers operate at Layer 4 (TCP/UDP) and lack the application-level features of an Application Load Balancer. Private DNS zones are for internal name resolution within your VPC, not for public access.

Option C: While an Application Load Balancer is the correct type, using a private DNS zone wouldn't make the web application publicly accessible.

Reference to Google Cloud Certified - Associate Cloud Engineer Documents:

The best practices for load balancing web applications on Google Cloud, including the use of Application Load Balancers for Layer 7 traffic and the configuration of public DNS records (A or CNAME) for public access, are detailed in the Google Cloud Load Balancing and Cloud DNS documentation, both important for the Associate Cloud Engineer certification.