28/02/24, 15:03 Google Cloud Skills Boost

Diagnostic questions
Your score: 90% Passing score: 75% Retake

Congratulations! You passed this assessment.

check1. Cymbal Direct's user account management app allows users to

delete their accounts whenever they like. Cymbal Direct also has a
very generous 60-day return policy for users. The customer
service team wants to make sure that they can still refund or
replace items for a customer even if the customer’s account has
been deleted. What can you do to ensure that the customer
service team has access to relevant account information?

Restore a previous copy of the user information database

from a snapshot. Have a database administrator capture
needed information about the customer.
Disable the account. Export account information to Cloud
Storage. Have the customer service team permanently
delete the data after 30 days.
Ensure that the user clearly understands that after they
delete their account, all their information will also be deleted.
Remind them to download a copy of their order history and
account information before deleting their account. Have the
support agent copy any open or recent orders to a shared
spreadsheet.

https://googlecloud.qwiklabs.com/course_sessions/11721394/quizzes/437203 1/11
28/02/24, 15:03 Google Cloud Skills Boost

Temporarily disable the account for 30 days. Export

check
account information to Cloud Storage, and enable
lifecycle management to delete the data in 60 days.

Correct! This takes a lazy deletion approach and allows support

or administrators to restore data later if necessary.

check2. Cymbal Direct must meet compliance requirements. You need to

ensure that employees with valid accounts cannot access their
VPC network from locations outside of its secure corporate
network, including from home. You also want a high degree of
visibility into network traffic for auditing and forensics purposes.
What should you do?

Enable VPC Service Controls, and use Google Cloud’s

operations suite to view audit logs for the networks you need
to monitor.
Enable VPC Service Controls, define a network
check
perimeter to restrict access to authorized networks, and
enable VPC Flow Logs for the networks you need to
monitor.
Enable Identity-Aware Proxy (IAP) to allow users to access
services securely. Use Google Cloud’s operations suite to
view audit logs for the networks you need to monitor.
Ensure that all users install Cloud VPN. Enable VPC Flow
Logs for the networks you need to monitor.
https://googlecloud.qwiklabs.com/course_sessions/11721394/quizzes/437203 2/11
28/02/24, 15:03 Google Cloud Skills Boost

Correct! Enabling VPC Service Controls lets you define a

network perimeter. VPC Flow Logs lets you log network-level
communication to Compute Engine instances.

check3. Cymbal Direct needs to use a tool to deploy its infrastructure. You
want something that allows for repeatable deployment processes,
uses a declarative language, and allows parallel deployment. You
also want to deploy infrastructure as code on Google Cloud and
other cloud providers. What should you do?

Use Google Kubernetes Engine (GKE) to create

deployments and manifests for your applications.

Automate the deployment with Cloud Deployment Manager.

check Automate the deployment with Terraform scripts.

Develop in Docker containers for portability and ease of

deployment.

Correct! Terraform lets you automate and manage resources in

multiple clouds.

https://googlecloud.qwiklabs.com/course_sessions/11721394/quizzes/437203 3/11
28/02/24, 15:03 Google Cloud Skills Boost

check4. Cymbal Direct wants to allow partners to make orders

programmatically, without having to speak on the phone with an
agent. What should you consider when designing the API?

The API backend should be tightly coupled. Clients should

know a significant amount about the services they use.
REST APIs using gRPC should be used for all external APIs.

The API backend should be loosely coupled. Clients should

not be required to know too many details of the services they
use. REST APIs using gRPC should be used for all external
APIs.

The API backend should be tightly coupled. Clients should

know a significant amount about the services they use. For
REST APIs, HTTP(S) is the most common protocol used.

The API backend should be loosely coupled. Clients

check
should not be required to know too many details of the
services they use. For REST APIs, HTTP(S) is the most
common protocol.

Correct! Loose coupling has several benefits, including

maintainability, versioning, and reduced complexity. Clients not
knowing the backend systems means that these systems can
be more easily replaced or modified, and HTTP(S) is the most
common protocol used for external REST APIs.

https://googlecloud.qwiklabs.com/course_sessions/11721394/quizzes/437203 4/11
28/02/24, 15:03 Google Cloud Skills Boost

check5. Your existing application runs on Ubuntu Linux VMs in an on-

premises hypervisor. You want to deploy the application to Google
Cloud with minimal refactoring. What should you do?

Use a Dedicated or Partner Interconnect to connect the on-

premises network where your application is running to your
VPC: Configure an endpoint for a global external HTTP(S)
load balancer that connects to the existing VMs.

Write Terraform scripts to deploy the application as

check
Compute Engine instances.

Isolate the core features that the application provides. Use

App Engine to deploy each feature independently as a
microservice.

Set up a Google Kubernetes Engine (GKE) cluster, and then

create a deployment with an autoscaler.

Correct! Terraform lets you manage how you deploy and

manage a variety of services in Google Cloud, such as
Compute Engine. You can also use Cloud Deployment Manager
for this purpose.

https://googlecloud.qwiklabs.com/course_sessions/11721394/quizzes/437203 5/11
28/02/24, 15:03 Google Cloud Skills Boost

check6. Cymbal Direct wants to create a pipeline to automate the building

of new application releases. What sequence of steps should you
use?

Set up a source code repository. Run unit tests. Check in

code. Deploy. Build a Docker container.

Set up a source code repository. Check in code. Run

check
unit tests. Build a Docker container. Deploy.

Check in code. Set up a source code repository. Run unit

tests. Deploy. Build a Docker container.

Run unit tests. Deploy. Build a Docker container. Check in

code. Set up a source code repository.

Correct! Each step is dependent on the previous step. These

are in the right order.

https://googlecloud.qwiklabs.com/course_sessions/11721394/quizzes/437203 6/11
28/02/24, 15:03 Google Cloud Skills Boost

check7. You are working with a client who has built a secure messaging
application. The application is open source and consists of two
components. The first component is a web app, written in Go,
which is used to register an account and authorize the user’s IP
address. The second is an encrypted chat protocol that uses TCP
to talk to the backend chat servers running Debian. If the client's
IP address doesn't match the registered IP address, the
application is designed to terminate their session. The number of
clients using the service varies greatly based on time of day, and
the client wants to be able to easily scale as needed. What should
you do?

Deploy the web application using the App Engine standard

environment with a global external HTTP(S) load balancer
and a network endpoint group. Use a managed instance
group for the backend chat servers. Use a global SSL proxy
load balancer to load-balance traffic across the backend chat
servers.

Deploy the web application using the App Engine flexible

environment with a global external HTTP(S) load balancer
and a network endpoint group. Use an unmanaged instance
group for the backend chat servers. Use an external network
load balancer to load-balance traffic across the backend chat
servers.

https://googlecloud.qwiklabs.com/course_sessions/11721394/quizzes/437203 7/11
28/02/24, 15:03 Google Cloud Skills Boost

Deploy the web application using the App Engine standard

environment with a global external HTTP(S) load balancer
and a network endpoint group. Use an unmanaged instance
group for the backend chat servers. Use an external network
load balancer to load-balance traffic across the backend chat
servers.

Deploy the web application using the App Engine

check
standard environment with a global external HTTP(S)
load balancer and a network endpoint group. Use a
managed instance group for the backend chat servers.
Use an external network load balancer to load-balance
traffic across the backend chat servers.

Correct! Using App Engine allows for dynamic scaling based on

demand, as does a managed instance group. Using an external
network load balancer preserves the client's IP address.

close8. You have deployed your frontend web application in Kubernetes.

Based on historical use, you need three pods to handle normal
demand. Occasionally your load will roughly double. A load
balancer is already in place. How could you configure your
environment to efficiently meet that demand?

Use the "kubectl autoscale" command to change the pod's

maximum number of instances to six.

https://googlecloud.qwiklabs.com/course_sessions/11721394/quizzes/437203 8/11
28/02/24, 15:03 Google Cloud Skills Boost

Edit your deployment's configuration file and change the

number of replicas to six.
Edit your pod's configuration file and change the number
close
of replicas to six.
Use the "kubectl autoscale" command to change the
deployment’s maximum number of instances to six.

Incorrect. A deployment specifies the number of pods, not a pod

itself, and setting the number to six means running additional
instances when you don’t need them.

check9. Cymbal Direct wants a layered approach to security when setting

up Compute Engine instances. What are some options you could
use to make your Compute Engine instances more secure?

Use network tags to allow traffic only from certain

check
sources and ports. Turn on Secure boot and vTPM.
Use network tags to allow traffic only from certain sources
and ports. Use a Compute Engine service account.
Use labels to allow traffic only from certain sources and
ports. Use a Compute Engine service account.

Use labels to allow traffic only from certain sources and

ports. Turn on Secure boot and vTPM.

https://googlecloud.qwiklabs.com/course_sessions/11721394/quizzes/437203 9/11
28/02/24, 15:03 Google Cloud Skills Boost

Correct! You can use network tags with firewall rules to

automatically associate instances when they are created.
Secure boot and vTPM protect the OS from being
compromised.

check10. You need to deploy a load balancer for a web-based application

with multiple backends in different regions. You want to direct
traffic to the backend closest to the end user, but also to different
backends based on the URL the user is accessing. Which of the
following could be used to implement this?

The request is received by the global external HTTP(S)

check
load balancer. A global forwarding rule sends the request
to a target proxy, which checks the URL map and selects
the backend service. The backend service sends the
request to Compute Engine instance groups in multiple
regions.

The request is matched by a URL map and then sent to a

SSL proxy load balancer. A global forwarding rule sends the
request to a target proxy, which selects a backend service
and sends the request to Compute Engine instance groups in
multiple regions.

https://googlecloud.qwiklabs.com/course_sessions/11721394/quizzes/437203 10/11
28/02/24, 15:03 Google Cloud Skills Boost

The request is received by the SSL proxy load balancer,

which uses a global forwarding rule to check the URL map,
then sends the request to a backend service. The request is
processed by Compute Engine instance groups in multiple
regions.

The request is matched by a URL map and then sent to a

global external HTTP(S) load balancer. A global forwarding
rule sends the request to a target proxy, which selects a
backend service. The backend service sends the request to
Compute Engine instance groups in multiple regions.

Correct! This is the right order of operations.

https://googlecloud.qwiklabs.com/course_sessions/11721394/quizzes/437203 11/11