Google Cloud Certified - Professional Cloud Architect (PR000213)

For this question, refer to the KnightMotives Automotive case study. KnightMotives is managing supplier data and pricing in a central MySQL database at headquarters (HO). Only personnel at HQ are allowed to change the data. Each local plant stores a copy of the data in their own MySQL database, ++ften using a different database schema or version, Every night a batch job

exports any product or price updates in XML format from the central database at HQ and stores the updated data on a central FTP server. Each local plant must download this XML file and update their local system with the new information. The local data kept by some plants has become inconsistent with the source data due to XML parsing issues. HQ wants to easily verify that all changes are applied correctly at each plant.

For this question, refer to the KnightMotives Automotive case study. KnightMotives has developed and deployed a model on Vertex Al that can provide personalized recommendations in the new car configuration application. Customers will receive optional equipment recommendations that best suit their persona. Previous usage data from the car configuration application has been used for model training features. You know from past experience that customer behaviour can change over time. For example, in times of economic certainty and rising stock markets, customers tend to purchase more expensive options. You

want to detect when customer behaviour gradually changes over time so you can adjust the model.

For this question, refer to the KnightMotives Automotive case study. KnightMotives has developed a new car configurator application to enhance both the dealer and customer experience. The new application will be deployed on Google Kubernetes Engine (GKE). KnightMotives wants you to replicate the deployment of the application across multiple locations to ensure this critical application is always available over the internet, even during regional outages. What should you do?

For this question, refer to the KnightMotives Automotive case study. KnightMotives management wants to upskill their engineering teams. They want each team to experiment with one specific technology at a time in a sandbox environment in Google Cloud. KnightMotives management also wants to prevent any experimental projects from going into production and creating shadow IT. They want you to design a solution that supports these training objectives and follows Google-recommended practices. What should you do?

For this question, refer to the Altostrat Media case study. Altostrat stores a large library of media content, including sensitive interviews and documentaries, in Cloud Storage. They are concerned about the confidentiality of this content and want to protect it from unauthorized access. You need to implement a Google-recommended solution that is easy to integrate and provides Altostrat with control and auditability of the encryption keys. What should you do?

For this question, refer to the Altostrat Media case study. You are part of Altostrat's security team. You want to analyze the security posture in Altostrat Google Cloud environment by using Gemini in Security Command Center.

What should you do?

For this question, refer to the Altostrat Media case study. Altostrat is experiencing fluctuating computational demands for its batch processing jobs. These jobs are not time-critical and can tolerate occasional interruptions. You want to optimize cloud costs and address batch processing needs.

What should you do?

For this question, refer to the Altostrat Media case study. Altostrat is concerned about sophisticated, multi-vector Distributed Denial of Service (DDoS) attacks targeting various layers of their infrastructure. DDoS attacks could potentially disrupt video streaming and cause financial losses. You need to mitigate this risk.

What should you do?

For this question, refer to the Altostrat Media case study. Altostrat needs to analyze the performance of its media processing pipeline running on Java-based Cloud Run function. You need to select the most effective tool for the task, What should you?

For this question, refer to the Altostrat Media case study. Altostrat is using Apigee for API management and wants to ensure their APIs are protected from overuse and abuse. You need to implement an Apigee feature to control the total number of API calls for cost management. What should you do?

For this question, refer to the Altostrat Media case study. Altostrat's development team is using a microservices architecture for their application. You need to select the most suitable testing approach to ensure that individual microservices function correctly in isolation.

What should you do?

Your team plans to use Vertex Al to develop and deploy machine learning models for various use cases for fraud detection, product recommendations, and customer churn prediction. You want to enhance the security posture of the Vertex Al and Workbench environment by restricting data exfiltration.

What should you do?

You have an application that uses Vertex Al Feature Store to manage and serve product features for real-time recommendations. You want to monitor the performance and health of the application. You need to understand the overall duration of a request.

What should you do?

A large healthcare provider's primary electronic health record (EHR) application runs on Compute Engine instances with a Cloud SOL for PostgreSQL database, all located in the us-west1 region. A new regulatory mandate requires you to implement and document a business continuity plan (BCP). This plan must ensure that the EHR application can be fully recovered and operational in a different geographical region with a recovery time objective (RTO) of two hours and a recovery point objective (RPO) of 15 minutes. You need to design a disaster recovery strategy that meets these strict BCP requirements.

What should you do?

A financial services company is decommissioning one of its on-premises data centers. As part of this initiative, the company needs to perform a one-time migration of 500 TB of historical transaction archives to a Cloud Storage bucket for long-term retention. The data centers internet egress is 1 Gbps, which is shared with critical business operations. You must complete the secure data transfer within a 60-day window to meet the decommissioning deadline.

What should you do?

A retail company's most critical application is its online payment processing system. The business has a requirement that the system must be able to survive a complete zonal outage while minimizing cost. You need a design solution that can handle a zonal failure.

What should you do?

A global media company is launching a new web application. The application backend is hosted on Compute Engine in us-centrall and serves both static assets (images, CSS, and JavaScript) and dynamic, user-specific content from a Cloud SQL database in the same region. Early user feedback from Europe and Asia indicates significant page load delays due to slow loading static content. You need to design a solution that minimizes latency for all global users accessing the static content.

What should you do?

Choose 2 answers

You are developing a deep learning model that requires high-performance access to large volumes of media data currently stored in Cloud Storage. Model training will be executed on multiple VM instances with GPUs attached, but your application must interact with the data as if it were on the local file system. You need to minimize complexity and cost.

What should you do?

Your company is expanding its Al-powered operations nationwide and has chosen accelerator-based compute for the Al workloads. The batch image processing workloads are not time-sensitive and can tolerate interruptions. You need to rapidly deploy cost-effective accelerator nodes for these batch tasks, ensuring rapid deployment and data persistence when necessary.

What should you do?

A large, multinational corporation is migrating to Google Cloud. The company has several distinct business units: Finance, Marketing, and Research and Development (R&

Your organization is going to migrate applications to Kubernetes and use managed cloud services to deploy applications. Your team is new to Kubernetes and wants to quickly onboard engineers. You want to reduce operational overhead, so the engineering team can focus on developing consumer requirements instead of maintaining the infrastructure. What should you do?

Your company runs a critical, revenue-generating ecommerce application that is served by a regional managed instance group (MIG) behind an external HTTP(S) Load Balancer. The operations team is currently overwhelmed with low-priority notifications and is starting to ignore alerts. Your team's service level objective (SLO) is to maintain 99.9% availability, which is measured by the ratio of successful requests (2xx status codes) to total requests. You want to minimize noise from non-critical events and ensure that the team is only notified of issues that are actionable and threaten the SLO.

What should you do?

You manage a highly distributed, hybrid- and multi-cloud IT environment, and your developers rely heavily on Prometheus for their workflows. You need a cloud- based, highly scalable, low-maintenance enterprise solution that supports Prometheus Query Language (PromQL) queries, quick metric viewing, and efficient issue diagnosis. What should you do?

Your organization uses Google Kubernetes Engine (GKE) and Amazon Elastic Kubernetes Service (EKS) to manage a complex Kubernetes environment across multiple cloud providers. You need to deploy a solution that streamlines configuration management, enforces security policies, and ensures consistent application deployment across all of the environments. You want to follow Google-recommended practices. What should you do?

Your company is rapidly deploying containerized microservices on Google Kubernetes Engine (GKE) using a robust CI/CD pipeline. Security is a top priority, and you need to implement a comprehensive and efficient strategy to prevent container image vulnerabilities from reaching your GKE production environment. What should you do?

Choose 2 answers

Your organization is implementing a new cloud-native application on Google Cloud and needs to ensure compliance with the ISO/IEC 27001 framework. You want to leverage Google Cloud's security reports and documentation to support your ISO/IEC 27001 audit process. What should you do?

Your company is a global financial services provider that processes and analyzes a high volume of credit card transactions in real time for fraud detection. Your analytics team must run complex batch queries on the same transaction data for daily reporting. You need to design a data processing solution that can handle both real-time and batch processing of the transaction data while minimizing operational overhead and infrastructure management.

What should you do?

Choose 2 answers

Your company uses a custom-built application running on a Compute Engine virtual machine (VM). This application processes real-time sales data and writes it to a zonal Persistent Disk. A recent internal audit requires that you implement a backup and recovery plan to protect against zonal failures. Your company has a strict policy that all backup data must be retained for at least 90 days and stored in a separate project with limited access. You need to implement a fully automated backup solution that meets these requirements with minimal operational overhead.

What should you do?

You are architecting a new application feature for a healthcare provider based in The feature needs to summarize sensitive patient notes that are submitted by clinicians. A critical requirement is that the content of these patient notes must never be processed outside of Qataris borders. You want to use a powerful, pre-trained generative model for the summarization task while strictly adhering to the data residency constraint.

What should you do?

Your ecommerce web application includes many products with pictures and videos. You need to improve the application's page load speed and reduce the latency for customer requests. What should you do?

Choose 2 answers

You need to build and deploy a containerized web application to Google Cloud. The application is very write-heavy and requires a relational database as its data store. The application needs to be highly available in multiple cloud regions. You want to minimize operational overhead while following Google-recommended practices. What should you do?

Your team is running applications on a Google Kubernetes Engine (GKE) cluster with a private endpoint. You've set up a Cloud Deploy pipeline, but deployments to the GKE cluster are failing. You need to resolve the issue. What should you do?

You need to build a continuous delivery pipeline for a containerized application in Google Cloud. You want to run all your tests in the pipeline to improve your application's quality. What should you do?

You are deploying a critical application with a stateliest containerized frontend on Cloud Run and a Cloud SQL for PostgreSQL backend. The application experiences unpredictable traffic spikes, and the business requires the ability to immediately roll back a failed deployment to the last known good state. You need to apply a deployment strategy that aligns with Site Reliability Engineering (SRE) principles for both the application code and the database schema updates, while meeting the business's requirements.

What should you do?

You are monitoring Google Kubernetes Engine (GKE) clusters in a Cloud Monitoring workspace. As a Site Reliability Engineer (SRE), you need to triage incidents quickly.

What should you do?

Your company wants to optimize Google Cloud costs for their development and staging environments. These environments are workstations used by developers Monday through Friday, 9:00 AM to 6:00 PM local time. Currently, the environments run on a fleet of n1-standard-4 Compute Engine instances that operate 24/7, leading to a high monthly cost for resources that are idle more than 70% of the time. You need to implement a solution that significantly reduces the monthly cost of these non-production environments without impacting the development team's productivity during work hours. What should you do?

You are designing a new insurance claims processing application that will be deployed on Google Kubernetes Engine (GKE). Your company's compliance team requires a complete and non-repudiable audit trail for all administrative actions from day one. Your application must capture who deploys a new container image, who modifies the GKE cluster's configuration, and who interacts with running pods or Kubernetes secrets using kubectl. What should you do?

Your machine learning (ML) engineers use self-hosted Jupyter notebooks for tasks such as data preparation, model training, and fine-tuning. The operations team then deploys these models in various environments. You want to provide maximum flexibility for ML engineers, promote collaboration with a common toolset, and leverage Google Cloud's scalability, while following Google-recommended practices.

What should you do?

You are using a GitHub repository for your application's source code. You want to set up an efficient and secure continuous deployment process to automatically build and deploy the application to Cloud Run whenever a pull request is merged.

What should you do?

You are designing a central, automated infrastructure deployment process for your organization using Terraform and Cloud Build. The security team prohibits the use of long-lived, static service account keys in any CI/CD pipeline. Additionally, while developers can propose infrastructure changes for peer review, they must not have permissions to directly apply changes in the production project. You need to design a secure and automated workflow for applying Terraform changes that meets the security team's requirements and ensures proper governance. What should you do?

For this question, refer to the TerramEarth case study. You start to build a new application that uses a few Cloud Functions for the backend. One use case requires a Cloud Function func_display to invoke another Cloud Function func_query. You want func_query only to accept invocations from func_display. You also want to follow Google's recommended best practices. What should you do?

For this question, refer to the TerramEarth case study. You have broken down a legacy monolithic application into a few containerized RESTful microservices. You want to run those microservices on Cloud Run. You also want to make sure the services are highly available with low latency to your customers. What should you do?

For this question, refer to the TerramEarth case study. You are migrating a Linux-based application from your private data center to Google Cloud. The TerramEarth security team sent you several recent Linux vulnerabilities published by Common Vulnerabilities and Exposures (CVE). You need assistance in understanding how these vulnerabilities could impact your migration. What should you do? (Choose two.)

For this question, refer to the TerramEarth case study. TerramEarth has a legacy web application that you cannot migrate to cloud. However, you still want to build a cloud-native way to monitor the application. If the application goes down, you want the URL to point to a "Site is unavailable" page as soon as possible. You also want your Ops team to receive a notification for the issue. You need to build a reliable solution for minimum cost. What should you do?

For this question, refer to the TerramEarth case study. You are building a microservice-based application for TerramEarth. The application is based on Docker containers. You want to follow Google-recommended practices to build the application continuously and store the build artifacts. What should you do?

For this question, refer to the TerramEarth case study. TerramEarth has about 1 petabyte (PB) of vehicle testing data in a private data center. You want to move the data to Cloud Storage for your machine learning team. Currently, a 1-Gbps interconnect link is available for you. The machine learning team wants to start using the data in a month. What should you do?

For this question, refer to the Helicopter Racing League (HRL) case study. Your team is in charge of creating a payment card data vault for card numbers used to bill tens of thousands of viewers, merchandise consumers, and season ticket holders. You need to implement a custom card tokenization service that meets the following requirements:

• It must provide low latency at minimal cost.
• It must be able to identify duplicate credit cards and must not store plaintext card numbers.
• It should support annual key rotation.

Which storage approach should you adopt for your tokenization service?

For this question, refer to the Helicopter Racing League (HRL) case study. Recently HRL started a new regional racing league in Cape Town, South Africa. In an effort to give customers in Cape Town a better user experience, HRL has partnered with the Content Delivery Network provider, Fastly. HRL needs to allow traffic coming from all of the Fastly IP address ranges into their Virtual Private Cloud network (VPC network). You are a member of the HRL security team and you need to configure the update that will allow only the Fastly IP address ranges through the External HTTP(S) load balancer. Which command should you use?

For this question, refer to the Helicopter Racing League (HRL) case study. The HRL development team releases a new version of their predictive capability application every Tuesday evening at 3 a.m. UTC to a repository. The security team at HRL has developed an in-house penetration test Cloud Function called Airwolf. The security team wants to run Airwolf against the predictive capability application as soon as it is released every Tuesday. You need to set up Airwolf to run at the recurring weekly cadence. What should you do?

For this question, refer to the Helicopter Racing League (HRL) case study. HRL wants better prediction accuracy from their ML prediction models. They want you to use Google’s AI Platform so HRL can understand and interpret the predictions. What should you do?