GOOGLE-PROFESSIONAL-CLOUD-ARCHITECT

Google's Professional Cloud Architect You are architecting a new application feature for a healthcare provider based in Qatar. The feature needs to summarize sensitive patient notes that are submitted by clinicians. A critical requirement is that the content of these patient notes must never be processed outside of Qatar's borders. You want to use a powerful, pre-trained generative model for the summarization task while strictly adhering to the data residency constraint. What should you do?

Google's Professional Cloud Architect You are migrating a critical on-premises inventory management application to Google Cloud. The application is a monolith with a traditional relational database, and the immediate business goal is a rapid data center exit. The monolith is exposing an API to other business critical applications.The long-term vision is to modernize the application into globally distributed, cloud-native services to support the company’s expansion. You need to design the initial cloud architecture to ensure that future modernization causes the least possible disruption to other applications that depend on inventory data. The future modernization might require the API to change structure. What should you do?

Google's Professional Cloud Architect Your organization uses separate Google Cloud projects for shared services, development, testing, and production.• The shared services project hosts your private CI/CD runners and a central Artifact Registry• The development, testing, and production projects host the GKE clusters where applications are deployed.You need to design an architecture that allows the CI/CD runners to connect to the GKE clusters and the clusters to pull images from Artifact Registry, all using private IP addresses. However, direct network traffic between the development, testing, and production environments must be strictly prohibited. What should you do?

Google's Professional Cloud Architect You are designing the network architecture for a public-facing, containerized web application deployed on Cloud Run. All incoming traffic must be inspected by a Cloud Armor web application firewall (WAF) before reaching the application You plan to use an Application Load Balancer, which will have the Cloud Armor policy attached. You must ensure that all public requests pass through the load balancer and any attempt to access the Cloud Run service directly through its default *.run.app URL is blocked. What should you do?

Google's Professional Cloud Architect To improve governance and security, your organization has structured the Google Cloud environment using folders for different business units. Each business unit folder has subfolders for development, staging, and production environments, which must comply with internal security controls:• Production workloads must be protected from direct internet ingress by default unless explicitly tagged.• The application must be accessible to customers over HTTPS.You need to design a scalable and enforceable model that blocks internet ingress traffic to the production folders while selectively allowing direct HTTPS traffic to the necessary virtual machines. You must also ensure that individual project teams cannot overwrite these controls once they are implemented for all current and future production projects. What should you do?

Google's Professional Cloud Architect You are designing a new insurance claims processing application that will be deployed on Google Kubernetes Engine (GKE) Your company’s compliance team requires a complete and non-repudiable audit trail for all administrative actions from day one. Your application must capture who deploys a new container image, who modifies the GKE cluster's configuration, and who interacts with running pods or Kubernetes secrets using kubectl. What should you do?

Google's Professional Cloud Architect Your product team is building a critical, customer-facing application on Google Cloud. The development team wants to use Spanner for their database to take advantage of its horizontal scalability and low operational overhead However, the FinOps team is concerned about the direct monthly cost of Spanner and proposed using a self-managed PostgreSQL database on Compute Engine VMs instead. You need to resolve this conflict and ensure the project moves forward with an architecturally sound database choice that balances technical requirements with financial constraints. What should you do?

Google's Professional Cloud Architect You are deploying a critical application with a stateless, containerized frontend on Cloud Run and a Cloud SQL for PostgreSQL backend. The application experiences unpredictable traffic spikes, and the business requires the ability to immediately roll back a failed deployment to the last known good state. You need to apply a deployment strategy that aligns with Site Reliability Engineering (SRE) principles for both the application code and the database schema updates, while meeting the business's requirements. What should you do?

Google's Professional Cloud Architect The JencoMart security team requires that all Google Cloud Platform infrastructure is deployed using a least privilege model with separation of duties for administration between production and development resources.What Google domain and project structure should you recommend?

Google's Professional Cloud Architect A few days after JencoMart migrates the user credentials database to Google Cloud Platform and shuts down the old server, the new database server stops responding to SSH connections. It is still serving database requests to the application servers correctly.What three steps should you take to diagnose the problem? (Choose three.) E. Connect the machine to another network with very simple firewall rules and investigate F. Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate

Google's Professional Cloud Architect JencoMart has decided to migrate user profile storage to Google Cloud Datastore and the application servers to Google Compute Engine (GCE). During the migration, the existing infrastructure will need access to Datastore to upload the data.What service account key-management strategy should you recommend?

Google's Professional Cloud Architect JencoMart has built a version of their application on Google Cloud Platform that serves traffic to Asia. You want to measure success against their business and technical goals.Which metrics should you track? E. The number of character sets present in the database

Google's Professional Cloud Architect The migration of JencoMart's application to Google Cloud Platform (GCP) is progressing too slowly. The infrastructure is shown in the diagram. You want to maximize throughput.What are three potential bottlenecks? (Choose three.) E. A separate storage layer outside the VMs, which is not suited for this task F. Complicated internet connectivity between the on-premises infrastructure and GCP

Google's Professional Cloud Architect JencoMart wants to move their User Profiles database to Google Cloud Platform.Which Google Database should they use?

Google's Professional Cloud Architect For this question, refer to the Helicopter Racing League (HRL) case study. Your team is in charge of creating a payment card data vault for card numbers used to bill tens of thousands of viewers, merchandise consumers, and season ticket holders. You need to implement a custom card tokenization service that meets the following requirements:* It must provide low latency at minimal cost.* It must be able to identify duplicate credit cards and must not store plaintext card numbers.* It should support annual key rotation.Which storage approach should you adopt for your tokenization service?

Google's Professional Cloud Architect For this question, refer to the Helicopter Racing League (HRL) case study. The HRL development team releases a new version of their predictive capability application every Tuesday evening at 3 a.m. UTC to a repository. The security team at HRL has developed an in-house penetration test Cloud Function calledAirwolf. The security team wants to run Airwolf against the predictive capability application as soon as it is released every Tuesday. You need to set up Airwolf to run at the recurring weekly cadence. What should you do?

Google's Professional Cloud Architect For this question, refer to the Helicopter Racing League (HRL) case study. HRL wants better prediction accuracy from their ML prediction models. They want you to use Google's AI Platform so HRL can understand and interpret the predictions. What should you do?

Google's Professional Cloud Architect For this question, refer to the Helicopter Racing League (HRL) case study. HRL is looking for a cost-effective approach for storing their race data such as telemetry. They want to keep all historical records, train models using only the previous season's data, and plan for data growth in terms of volume and information collected. You need to propose a data solution. Considering HRL business requirements and the goals expressed by CEO S. Hawke, what should you do?

Google's Professional Cloud Architect For this question, refer to the Helicopter Racing League (HRL) case study. A recent finance audit of cloud infrastructure noted an exceptionally high number ofCompute Engine instances are allocated to do video encoding and transcoding. You suspect that these Virtual Machines are zombie machines that were not deleted after their workloads completed. You need to quickly get a list of which VM instances are idle. What should you do?

Google's Professional Cloud Architect For this question, refer to the EHR Healthcare case study. You are responsible for ensuring that EHR's use of Google Cloud will pass an upcoming privacy compliance audit. What should you do? (Choose two.) E. Use GKE private clusters for all Kubernetes workloads.

Google's Professional Cloud Architect For this question, refer to the EHR Healthcare case study. You need to define the technical architecture for securely deploying workloads to Google Cloud. You also need to ensure that only verified containers are deployed using Google Cloud services. What should you do? (Choose two.)

Google's Professional Cloud Architect You need to upgrade the EHR connection to comply with their requirements. The new connection design must support business-critical needs and meet the same network and security policy requirements. What should you do?

Google's Professional Cloud Architect For this question, refer to the EHR Healthcare case study. You need to define the technical architecture for hybrid connectivity between EHR's on-premises systems and Google Cloud. You want to follow Google's recommended practices for production-level applications. Considering the EHR Healthcare business and technical requirements, what should you do?

Google's Professional Cloud Architect For this question, refer to the EHR Healthcare case study. You are a developer on the EHR customer portal team. Your team recently migrated the customer portal application to Google Cloud. The load has increased on the application servers, and now the application is logging many timeout errors. You recently incorporated Pub/Sub into the application architecture, and the application is not logging any Pub/Sub publishing errors. You want to improve publishing latency.What should you do?

Google's Professional Cloud Architect For this question, refer to the EHR Healthcare case study. In the past, configuration errors put public IP addresses on backend servers that should not have been accessible from the Internet. You need to ensure that no one can put external IP addresses on backend Compute Engine instances and that external IP addresses can only be configured on frontend Compute Engine instances. What should you do?

Google's Professional Cloud Architect For this question, refer to the EHR Healthcare case study. You are responsible for designing the Google Cloud network architecture for Google KubernetesEngine. You want to follow Google best practices. Considering the EHR Healthcare business and technical requirements, what should you do to reduce the attack surface?

Google's Professional Cloud Architect Mountkirk Games wants you to design their new testing strategy. How should the test coverage differ from their existing backends on the other platforms?

Google's Professional Cloud Architect Mountkirk Games has deployed their new backend on Google Cloud Platform (GCP). You want to create a through testing process for new versions of the backend before they are released to the public. You want the testing environment to scale in an economical way. How should you design the process?

Google's Professional Cloud Architect Mountkirk Games wants to set up a continuous delivery pipeline. Their architecture includes many small services that they want to be able to update and roll back quickly. Mountkirk Games has the following requirements:✑ Services are deployed redundantly across multiple regions in the US and Europe✑ Only frontend services are exposed on the public internet✑ They can provide a single frontend IP for their fleet of services✑ Deployment artifacts are immutableWhich set of products should they use?

Google's Professional Cloud Architect Mountkirk Games' gaming servers are not automatically scaling properly. Last month, they rolled out a new feature, which suddenly became very popular. A record number of users are trying to use the service, but many of them are getting 503 errors and very slow response times. What should they investigate first?