Free Access Google.Associate-Cloud-Engineer.v2025-08-21.q142 Practice Test (Page 14)

Question 61

You recently discovered that your developers are using many service account keys during their development process. While you work on a long term improvement, you need to quickly implement a process to enforce short-lived service account credentials in your company. You have the following requirements:
* All service accounts that require a key should be created in a centralized project called pj-sa.
* Service account keys should only be valid for one day.
You need a Google-recommended solution that minimizes cost. What should you do?

A.Implement a Cloud Run job to rotate all service account keys periodically in pj-sa. Enforce an org policy to deny service account key creation with an exception to pj-sa.

B.Implement a Kubernetes Cronjob to rotate all service account keys periodically. Disable attachment ofservice accounts to resources in all projects with an exception to pj-sa.

C.Enforce an org policy constraint allowing the lifetime of service account keys to be 24 hours. Enforce an org policy constraint denying service account key creation with an exception on pj-sa.

D.Enforce a DENY org policy constraint over the lifetime of service account keys for 24 hours. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

Question 62

&. You are working for a hospital that stores Its medical images in an on-premises data room. The hospital wants to use Cloud Storage for archival storage of these images. The hospital wants an automated process to upload any new medical images to Cloud Storage. You need to design and implement a solution. What should you do?

A.In the Cloud Console, go to Cloud Storage Upload the relevant images to the appropriate bucket

B.Deploy a Dataflow job from the batch template "Datastore lo Cloud Storage" Schedule the batch job on the desired interval

C.Create a Pub/Sub topic, and enable a Cloud Storage trigger for the Pub/Sub topic. Create an application that sends all medical images to the Pub/Sub lope

D.Create a script that uses the gsutil command line interface to synchronize the on-premises storage with Cloud Storage Schedule the script as a cron job

Question 63

You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google-recommended practices. What should you do?

A.Add the auditors group to the `logging.viewer' and `bigQuery.dataViewer' predefined IAM roles.

B.Add the auditors group to two new custom IAM roles.

C.Add the auditor user accounts to the `logging.viewer' and `bigQuery.dataViewer' predefined IAM roles.

D.Add the auditor user accounts to two new custom IAM roles.

Question 64

An employee was terminated, but their access to Google Cloud Platform (GCP) was not removed until 2 weeks later. You need to find out this employee accessed any sensitive customer information after their termination. What should you do?

A.View System Event Logs in Stackdriver. Search for the user's email as the principal.

B.View System Event Logs in Stackdriver. Search for the service account associated with the user.

C.View Data Access audit logs in Stackdriver. Search for the user's email as the principal.

D.View the Admin Activity log in Stackdriver. Search for the service account associated with the user.

Question 65

You are working with a Cloud SQL MySQL database at your company. You need to retain a month-end copy of the database for three years for audit purposes. What should you do?

A.Save file automatic first-of-the- month backup for three years Store the backup file in an Archive class Cloud Storage bucket

B.Convert the automatic first-of-the-month backup to an export file Write the export file to a Coldline class Cloud Storage bucket

C.Set up an export job for the first of the month Write the export file to an Archive class Cloud Storage bucket

D.Set up an on-demand backup tor the first of the month Write the backup to an Archive class Cloud Storage bucket

Other Version: 2763Google.Associate-Cloud-Engineer.v2025-07-09.q185; 1863Google.Associate-Cloud-Engineer.v2024-12-02.q208; 2333Google.Associate-Cloud-Engineer.v2023-07-15.q135; 1791Google.Associate-Cloud-Engineer.v2023-04-01.q81; 2089Google.Associate-Cloud-Engineer.v2023-02-27.q85; 1805Google.Associate-Cloud-Engineer.v2023-02-04.q73; 5705Google.Associate-Cloud-Engineer.v2022-07-24.q230; 8225Google.Associate-Cloud-Engineer.v2022-04-13.q194; 81Google.Trainingdump.Associate-Cloud-Engineer.v2021-10-18.by.alvis.136q.pdf

Latest Upload: 200PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 290Nokia.4A0-113.v2026-05-01.q69; 246EC-COUNCIL.312-49v11.v2026-04-30.q214; 226Microsoft.MB-820.v2026-04-30.q101; 204Salesforce.MC-202.v2026-04-30.q57; 203BICSI.INSTC_V8.v2026-04-29.q53; 332NMLS.MLO.v2026-04-28.q82; 241NCARB.Project-Management.v2026-04-28.q27; 454EMC.D-AV-DY-23.v2026-04-27.q184; 1107ServiceNow.CSA.v2026-04-27.q483

Question 61

Question 62

Question 63

Question 64

Question 65

Download PDF File