← Back to exam page

Professional-Cloud-Architect Professional Cloud Architect on Google Cloud Platform

Loading demo links...

Showing 13–15 of 15 questions

Question 13 (Mixed Questions)

The operations team in your company wants to save Cloud VPN log events for one year. You need to configure the cloud infrastructure to save the logs. What should you do?

Select an option, then click Submit answer.

  • Set up a filter in Cloud Logging and a Cloud Storage bucket as an export target for the logs you want to save.

  • Enable the Compute Engine API, and then enable logging on the firewall rules that match the traffic you want to save.

  • Set up a Cloud Logging Dashboard titled Cloud VPN Logs, and then add a chart that queries for the VPN metrics over a one-year time period.

  • Set up a filter in Cloud Logging and a topic in Pub/Sub to publish the logs.
Question 14 (Case Study 2)

Mountkirk Games wants you to secure the connectivity from the new gaming application platform to Google Cloud. You want to streamline the process and follow Google-recommended practices. What should you do?

Select an option, then click Submit answer.

  • Configure Workload Identity and service accounts to be used by the application platform.

  • Use Kubernetes Secrets, which are obfuscated by default. Configure these Secrets to be used by the application platform.

  • Configure Kubernetes Secrets to store the secret, enable Application-Layer Secrets Encryption, and use Cloud Key Management Service (Cloud KMS) to manage the encryption keys. Configure these Secrets to be used by the application platform.

  • Configure HashiCorp Vault on Compute Engine, and use customer managed encryption keys and Cloud Key Management Service (Cloud KMS) to manage the encryption keys. Configure these Secrets to be used by the application platform.
Question 15 (Mixed Questions)

Your customer wants to do resilience testing of their authentication layer. This consists of a regional managed instance group serving a public REST API that reads from and writes to a Cloud SQL instance.

What should you do?

Select an option, then click Submit answer.

  • Engage with a security company to run web scrapers that look your for users’ authentication data om malicious websites and notify you if any is found.

  • Deploy intrusion detection software to your virtual machines to detect and log unauthorized access.

  • Schedule a disaster simulation exercise during which you can shut off all VMs in a zone to see how your application behaves.

  • Configure a read replica for your Cloud SQL instance in a different zone than the master, and then manually trigger a failover while monitoring KPIs for our REST API.