Common Technical Interview Questions and Answers Update on July 30, 2021

Exam Question 61

You are the Security Officer for an area hospital. Upper management wants to save CAPEX by migrating to SaaS solutions whenever possible. What type of attack will this increase your risk exposure to?

A. Supply chain attack.
B. SQL injection attack.
C. Man-in-the-middle attack.
D. Eavesdropping attack.
Correct Answer:
A. Supply chain attack.
Answer Description:
upply chain attacks are carried out through a third party such as a cloud service provider that has access to your systems and data. SaaS providers are high value targets for hackers as they can attack multiple companies through a single attack avenue.

Exam Question 62

As the CIO of your company, you are concerned that the company is not realizing the true savings potential of your SaaS application portfolio. What are two ways in which a SaaS Management system could help reduce costs?

A. It can identify application that have overlapping or redundant features.
B. It can identify SaaS applications that are no longer or infrequently utilized.
C. It can throttle heavy users who over utilize their assigned SaaS applications.
D. It can lower maintenance costs through automated patching and updating.
Correct Answer:
A. It can identify application that have overlapping or redundant features.
B. It can identify SaaS applications that are no longer or infrequently utilized.
Answer Description:
Many organizations are surprised at how much money is wasted on duplicate licenses and redundant SaaS contracts. A SaaS Management system gives you complete visibility into your SaaS workloads, helping you identify these problems and identify Shadow IT occurrences as well. An SaaS Management system can reduce your SaaS costs.

Exam Question 63

Your company is considering investing in a SaaS Management System to obtain greater control of its SaaS application portfolio. What are two primary security benefits to expect from this proposed solution?

A. Give internal IT real-time complete visibility into their SaaS environment.
B. Track and manage vendor compliance to your organization’s cybersecurity policies.
C. Identify and remediate malicious code contained with your SaaS applications.
D. Identify and eradicate zero-day vulnerabilities in your SaaS applications.
Correct Answer:
A. Give internal IT real-time complete visibility into their SaaS environment.
B. Track and manage vendor compliance to your organization’s cybersecurity policies.
Answer Description:
A SaaS Management System can give your IT team complete visibility into the entire SaaS stack through a single pane of glass. It can also help identify which SaaS vendors are meeting their compliance obligations, thus reducing your own risk exposure

Exam Question 64

You have been tasked with budgeting a new project that will be deployed on Google App Engine. What is the best strategy for keeping tabs on the project and helping you mitigate cloud overages?

A. Set up budget alerts for different thresholds to help monitor excessive spending, such as 25%, 50% and 90% of total budget.
B. Use a credit card configured with a limit that corresponds to your monthly budget.
C. Set up a billing query that automatically generates a summary of the spending.
D. Set up a daily budget in Google App Engine settings that corresponds to 1/30 of your monthly budget.
Correct Answer:
A. Set up budget alerts for different thresholds to help monitor excessive spending, such as 25%, 50% and 90% of total budget.
Answer Description:
Set up budget alerts for different thresholds to help monitor excessive spending, such as 25%, 50% and 90% of total budget. B is incorrect because you will still be billed for it and be responsible for the total even if the payment does not go through. C will not necessarily give you enough notice if you accidentally run up a large charge in a short period of time. D is not correct because you may be billed for other services outside of App Engine that could cause you to exceed your budget.

Exam Question 65

You are onboarding a new developer involved in deploying apps to your Google infrastructure. What kind of security IAM role would be best suited for them?

A. App Engine Code Viewer
B. App Engine Service Admin
C. Project Editor
D. App Engine Deployer
Correct Answer:
D. App Engine Deployer
Answer Description:
App Engine Deployer. App Engine Code Viewer provides read-only access. App Engine Service Admin would allow them to make updates, but not deploy a new version. A Project Editor role would grant them full access, but it is preferable to grant the least privilege required for a role.

Exam Question 66

You are tasked with estimating the cost of a new application. What approach will work best?

A. Send the configuration settings to Google Cloud billing support and ask for an estimate.
B. Generate a YAML file detailing the configuration settings for the app and process it using the “gcloud app estimate” command.
C. Manually generate an estimate using the app engine pricing calculator.
D. Calculate the estimated number of users and then multiply this by what it costs for a single user.
Correct Answer:
C. Manually generate an estimate using the app engine pricing calculator.
Answer Description:
Manually generate an estimate using the app engine pricing calculator. D is not correct because billing support manages the payment process and not estimates. B will generate an error. Also, B does not consider the intricacies of scaling different services and will not be accurate.

Exam Question 67

What is the best data storage to use with a high-volume IoT streaming data application?

A. Cloud Bigtable
B. BigQuery
C. Cloud data store
D. Cloud storage
Correct Answer:
A. Cloud Bigtable
Answer Description:
Cloud Bigtable provides the best performance-to-cost ratio appropriate for time-series data. BigQuery is much slower. Cloud data store is not as performant and not the best choice for time-series data. Cloud storage keeps the data in a format that is not easy to query and update.

Exam Question 68

What is the best way to ensure the right permissions have been configured for a new IAM role?

A. Check the API section of the GCP console.
B. Explore the security section in the GCP console.
C. Check the IAM section of the GCP console.
D. Use the “gcloud IAM” command to automate the process.
Correct Answer:
C. Check the IAM section of the GCP console.
Answer Description:
Check the IAM section of the GCP console. The information is not found in A and B. D will generate an error.

Exam Question 69

What is the best way to grant everyone on a small team the ability to view all resources for a project?

A. Set up a new Google Group specific to the project and add everyone to this group. Then use the “gcloud projects add-iam-policy-binding” command to add the group’s email address with the Project Viewer role.
B. Set up a new Google Group specific to the project and add everyone to this group. Then use the “gcloud iam roles create” command to add the group’s email address with the Project Viewer role.
C. Use a script that includes all the email addresses that runs the “gcloud iam roles create” command.
D. Use a script that includes all the email addresses that runs the “gcloud projects add-iam-policy-binding” command.
Correct Answer:
A. Set up a new Google Group specific to the project and add everyone to this group. Then use the “gcloud projects add-iam-policy-binding” command to add the group’s email address with the Project Viewer role.
Answer Description:
Set up a new Google Group specific to the project and add everyone to this group. Then use the “gcloud projects add-iam-policy-binding” command to add the group’s email address with the Project Viewer role. B and C will only create the roles and not add everyone. D is not recommended because it is easier to remove and add people to one group that can be shared across different permissions than doing so for each permission setting.

Exam Question 70

What is the best storage option for allowing international users to share files for an application?

A. A Filestore managed instance
B. A Cloud data store database
C. SSD attached to a virtual machine instance
D. A multi-regional Cloud storage bucket
Correct Answer:
D. A multi-regional Cloud storage bucket
Answer Description:
A multi-regional Cloud storage bucket. A Filestore instance would be restricted to one region. A Cloud data store is does not work well for files. The SSD storage would go away if a problem emerged with the virtual machine instance.