New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Google Professional-Cloud-DevOps-Engineer Google Cloud Certified - Professional Cloud DevOps Engineer Exam Exam Practice Test

Google Cloud Certified - Professional Cloud DevOps Engineer Exam Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

A third-party application needs to have a service account key to work properly When you try to export the key from your cloud project you receive an error "The organization policy constraint larn.disableServiceAccountKeyCreation is enforcedM You need to make the third-party application work while following Google-recommended security practices What should you do?

Options:

A.

Enable the default service account key. and download the key

B.

Remove the iam.disableServiceAccountKeyCreation policy at the organization level, and create a key.

C.

Disable the service account key creation policy at the project's folder, and download the default key

D.

Add a rule to set the iam.disableServiceAccountKeyCreation policy to off in your project and create a key.

Question 2

You have an application running in Google Kubernetes Engine. The application invokes multiple services per request but responds too slowly. You need to identify which downstream service or services are causing the delay. What should you do?

Options:

A.

Analyze VPC flow logs along the path of the request.

B.

Investigate the Liveness and Readiness probes for each service.

C.

Create a Dataflow pipeline to analyze service metrics in real time.

D.

Use a distributed tracing framework such as OpenTelemetry or Stackdriver Trace.

Question 3

You need to define Service Level Objectives (SLOs) for a high-traffic multi-region web application. Customers expect the application to always be available and have fast response times. Customers are currently happy with the application performance and availability. Based on current measurement, you observe that the 90th percentile of latency is 120ms and the 95th percentile of latency is 275ms over a 28-day window. What latency SLO would you recommend to the team to publish?

Options:

A.

90th percentile – 100ms

95th percentile – 250ms

B.

90th percentile – 120ms

95th percentile – 275ms

C.

90th percentile – 150ms

95th percentile – 300ms

D.

90th percentile – 250ms

95th percentile – 400ms

Question 4

Your company runs applications in Google Kubernetes Engine (GKE) that are deployed following a GitOps methodology.

Application developers frequently create cloud resources to support their applications. You want to give developers the ability to manage infrastructure as code, while ensuring that you follow Google-recommended practices. You need to ensure that infrastructure as code reconciles periodically to avoid configuration drift. What should you do?

Options:

A.

Install and configure Config Connector in Google Kubernetes Engine (GKE).

B.

Configure Cloud Build with a Terraform builder to execute plan and apply commands.

C.

Create a Pod resource with a Terraform docker image to execute terraform plan and terraform apply commands.

D.

Create a Job resource with a Terraform docker image to execute terraforrm plan and terraform apply commands.

Question 5

Your product is currently deployed in three Google Cloud Platform (GCP) zones with your users divided between the zones. You can fail over from one zone to another, but it causes a 10-minute service disruption for the affected users. You typically experience a database failure once per quarter and can detect it within five minutes. You are cataloging the reliability risks of a new real-time chat feature for your product. You catalog the following information for each risk:

• Mean Time to Detect (MUD} in minutes

• Mean Time to Repair (MTTR) in minutes

• Mean Time Between Failure (MTBF) in days

• User Impact Percentage

The chat feature requires a new database system that takes twice as long to successfully fail over between zones. You want to account for the risk of the new database failing in one zone. What would be the values for the risk of database failover with the new system?

Options:

A.

MTTD: 5

MTTR: 10

MTBF: 90

Impact: 33%

B.

MTTD:5

MTTR: 20

MTBF: 90

Impact: 33%

C.

MTTD:5

MTTR: 10

MTBF: 90

Impact 50%

D.

MTTD:5

MTTR: 20

MTBF: 90

Impact: 50%

Question 6

You are on-call for an infrastructure service that has a large number of dependent systems. You receive an alert indicating that the service is failing to serve most of its requests and all of its dependent systems with hundreds of thousands of users are affected. As part of your Site Reliability Engineering (SRE) incident management protocol, you declare yourself Incident Commander (IC) and pull in two experienced people from your team as Operations Lead (OLJ and Communications Lead (CL). What should you do next?

Options:

A.

Look for ways to mitigate user impact and deploy the mitigations to production.

B.

Contact the affected service owners and update them on the status of the incident.

C.

Establish a communication channel where incident responders and leads can communicate with each other.

D.

Start a postmortem, add incident information, circulate the draft internally, and ask internal stakeholders for input.

Question 7

Your applications performance in Google Cloud has degraded since the last release You suspect that downstream dependencies might be causing some requests to take longer to complete You need to investigate the issue with your application to determine the cause What should you do?

Options:

A.

Configure Error Reporting in your application

B.

Configure Google Cloud Managed Service for Prometheus in your application

C.

Configure Cloud Profiler in your application

D.

Configure Cloud Trace in your application

Question 8

Your organization stores all application logs from multiple Google Cloud projects in a central Cloud Logging project. Your security team wants to enforce a rule that each project team can only view their respective logs, and only the operations team can view all the logs. You need to design a solution that meets the security team's requirements, while minimizing costs. What should you do?

Options:

A.

Export logs to BigQuery tables for each project team. Grant project teams access to their tables. Grant logs writer access to the operations team in the central logging project.

B.

Create log views for each project team, and only show each project team their application logs. Grant the operations team access to the _ Al Il-jogs View in the central logging project.

C.

Grant each project team access to the project _ Default view in the central logging project. Grant logging viewer access to the operations team in the central logging project.

D.

Create Identity and Access Management (IAM) roles for each project team and restrict access to the _ Default log view in their individual Google Cloud project. Grant viewer access to the operations team in the central logging project.

Question 9

You support a service that recently had an outage. The outage was caused by a new release that exhausted the service memory resources. You rolled back the release successfully to mitigate the impact on users. You are now in charge of the post-mortem for the outage. You want to follow Site Reliability Engineering practices when developing the post-mortem. What should you do?

Options:

A.

Focus on developing new features rather than avoiding the outages from recurring.

B.

Focus on identifying the contributing causes of the incident rather than the individual responsible for the cause.

C.

Plan individual meetings with all the engineers involved. Determine who approved and pushed the new release to production.

D.

Use the Git history to find the related code commit. Prevent the engineer who made that commit from working on production services.

Question 10

Your team is designing a new application for deployment into Google Kubernetes Engine (GKE). You need to set up monitoring to collect and aggregate various application-level metrics in a centralized location. You want to use Google Cloud Platform services while minimizing the amount of work required to set up monitoring. What should you do?

Options:

A.

Publish various metrics from the application directly to the Slackdriver Monitoring API, and then observe these custom metrics in Stackdriver.

B.

Install the Cloud Pub/Sub client libraries, push various metrics from the application to various topics, and then observe the aggregated metrics in Stackdriver.

C.

Install the OpenTelemetry client libraries in the application, configure Stackdriver as the export destination for the metrics, and then observe the application's metrics in Stackdriver.

D.

Emit all metrics in the form of application-specific log messages, pass these messages from the containers to the Stackdriver logging collector, and then observe metrics in Stackdriver.

Question 11

You need to define SLOs for a high-traffic web application. Customers are currently happy with the application performance and availability. Based on current measurement, the 90th percentile Of latency is 160 ms and the 95th

percentile of latency is 300 ms over a 28-day window. What latency SLO should you publish?

Options:

A.

90th percentile - 150 ms

95th percentile - 290 ms

B.

90th percentile - 160 ms

95th percentile - 300 ms

C.

90th percentile - 190 ms

95th percentile - 330 ms

D.

90th percentile - 300 ms

95th percentile - 450 ms

Question 12

Your team of Infrastructure DevOps Engineers is growing, and you are starting to use Terraform to manage infrastructure. You need a way to implement code versioning and to share code with other team members. What should you do?

Options:

A.

Store the Terraform code in a version-control system. Establish procedures for pushing new versions and merging with the master.

B.

Store the Terraform code in a network shared folder with child folders for each version release. Ensure that everyone works on different files.

C.

Store the Terraform code in a Cloud Storage bucket using object versioning. Give access to the bucket to every team member so they can download the files.

D.

Store the Terraform code in a shared Google Drive folder so it syncs automatically to every team member’s computer. Organize files with a naming convention that identifies each new version.

Question 13

You recently noticed that one Of your services has exceeded the error budget for the current rolling window period. Your company's product team is about to launch a new feature. You want to follow Site Reliability Engineering (SRE) practices.

What should you do?

Options:

A.

Notify the team that their error budget is used up. Negotiate with the team for a launch freeze or tolerate a slightly worse user experience.

B.

Look through other metrics related to the product and find SLOs with remaining error budget. Reallocate the error budgets and allow the feature launch.

C.

Escalate the situation and request additional error budget.

D.

Notify the team about the lack of error budget and ensure that all their tests are successful so the launch will not further risk the error budget.

Question 14

Your application images are built using Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What should you do when you push the image?

Options:

A.

Reference the image digest in the source control tag.

B.

Supply the source control tag as a parameter within the image name.

C.

Use Cloud Build to include the release version tag in the application image.

D.

Use GCR digest versioning to match the image to the tag in source control.

Question 15

Your company processes IOT data at scale by using Pub/Sub, App Engine standard environment, and an application written in GO. You noticed that the performance inconsistently degrades at peak load. You could not reproduce this issue on your workstation. You need to continuously monitor the application in production to identify slow paths in the code. You want to minimize performance impact and management overhead. What should you do?

  • Install a continuous profiling tool into Compute Engine. Configure the application to send profiling data to the tool.

Options:

A.

Periodically run the go tool pprof command against the application instance. Analyze the results by using flame graphs.

B.

Configure Cloud Profiler, and initialize the cloud.go@gle.com/go/profiler library in the application.

C.

Use Cloud Monitoring to assess the App Engine CPU utilization metric.

Question 16

You are using Terraform to manage infrastructure as code within a Cl/CD pipeline You notice that multiple copies of the entire infrastructure stack exist in your Google Cloud project, and a new copy is created each time a change to the existing infrastructure is made You need to optimize your cloud spend by ensuring that only a single instance of your infrastructure stack exists at a time. You want to follow Google-recommended practices What should you do?

Options:

A.

Create a new pipeline to delete old infrastructure stacks when they are no longer needed

B.

Confirm that the pipeline is storing and retrieving the terraform. if state file from Cloud Storage with the Terraform gcs backend

C.

Verify that the pipeline is storing and retrieving the terrafom.tfstat* file from a source control

D.

Update the pipeline to remove any existing infrastructure before you apply the latest configuration

Question 17

You support a service with a well-defined Service Level Objective (SLO). Over the previous 6 months, your service has consistently met its SLO and customer satisfaction has been consistently high. Most of your service’s operations tasks are automated and few repetitive tasks occur frequently. You want to optimize the balance between reliability and deployment velocity while following site reliability engineering best practices. What should you do? (Choose two.)

Options:

A.

Make the service’s SLO more strict.

B.

Increase the service’s deployment velocity and/or risk.

C.

Shift engineering time to other services that need more reliability.

D.

Get the product team to prioritize reliability work over new features.

E.

Change the implementation of your Service Level Indicators (SLIs) to increase coverage.

Question 18

You are developing reusable infrastructure as code modules. Each module contains integration tests that launch the module in a test project. You are using GitHub for source control. You need to Continuously test your feature branch and ensure that all code is tested before changes are accepted. You need to implement a solution to automate the integration tests. What should you do?

Options:

A.

Use a Jenkins server for Cl/CD pipelines. Periodically run all tests in the feature branch.

B.

Use Cloud Build to run the tests. Trigger all tests to run after a pull request is merged.

C.

Ask the pull request reviewers to run the integration tests before approving the code.

D.

Use Cloud Build to run tests in a specific folder. Trigger Cloud Build for every GitHub pull request.

Question 19

You are configuring a Cl pipeline. The build step for your Cl pipeline integration testing requires access to APIs inside your private VPC network. Your security team requires that you do not expose API traffic publicly. You need to implement a solution that minimizes management overhead. What should you do?

Options:

A.

Use Cloud Build private pools to connect to the private VPC.

B.

Use Spinnaker for Google Cloud to connect to the private VPC.

C.

Use Cloud Build as a pipeline runner. Configure Internal HTTP(S) Load Balancing for API access.

D.

Use Cloud Build as a pipeline runner. Configure External HTTP(S) Load Balancing with a Google Cloud Armor policy for API access.

Question 20

You manage several production systems that run on Compute Engine in the same Google Cloud Platform (GCP) project. Each system has its own set of dedicated Compute Engine instances. You want to know how must it costs to run each of the systems. What should you do?

Options:

A.

In the Google Cloud Platform Console, use the Cost Breakdown section to visualize the costs per system.

B.

Assign all instances a label specific to the system they run. Configure BigQuery billing export and query costs per label.

C.

Enrich all instances with metadata specific to the system they run. Configure Stackdriver Logging to export to BigQuery, and query costs based on the metadata.

D.

Name each virtual machine (VM) after the system it runs. Set up a usage report export to a Cloud Storage bucket. Configure the bucket as a source in BigQuery to query costs based on VM name.

Question 21

Your company runs services by using Google Kubernetes Engine (GKE). The GKE clusters in the development environment run applications with verbose logging enabled. Developers view logs by using the kubect1 logs

command and do not use Cloud Logging. Applications do not have a uniform logging structure defined. You need to minimize the costs associated with application logging while still collecting GKE operational logs. What should you do?

Options:

A.

Run the gcloud container clusters update --logging—SYSTEM command for the development cluster.

B.

Run the gcloud container clusters update logging=WORKLOAD command for the development cluster.

C.

Run the gcloud logging sinks update _Defau1t --disabled command in the project associated with the development environment.

D.

Add the severity >= DEBUG resource. type "k83 container" exclusion filter to the Default logging sink in the project associated with the development environment.

Question 22

You need to deploy a new service to production. The service needs to automatically scale using a Managed Instance Group (MIG) and should be deployed over multiple regions. The service needs a large number of resources for each instance and you need to plan for capacity. What should you do?

Options:

A.

Use the n1-highcpu-96 machine type in the configuration of the MIG.

B.

Monitor results of Stackdriver Trace to determine the required amount of resources.

C.

Validate that the resource requirements are within the available quota limits of each region.

D.

Deploy the service in one region and use a global load balancer to route traffic to this region.

Question 23

Your team is writing a postmortem after an incident on your external facing application Your team wants to improve the postmortem policy to include triggers that indicate whether an incident requires a postmortem Based on Site Reliability Engineenng (SRE) practices, what triggers should be defined in the postmortem policy?

Choose 2 answers

Options:

A.

An external stakeholder asks for a postmortem

B.

Data is lost due to an incident

C.

An internal stakeholder requests a postmortem

D.

The monitoring system detects that one of the instances for your application has failed

E.

The CD pipeline detects an issue and rolls back a problematic release.

Question 24

As part of your company's initiative to shift left on security, the infoSec team is asking all teams to implement guard rails on all the Google Kubernetes Engine (GKE) clusters to only allow the deployment of trusted and approved images You need to determine how to satisfy the InfoSec teams goal of shifting left on security. What should you do?

Options:

A.

Deploy Falco or Twistlock on GKE to monitor for vulnerabilities on your running Pods

B.

Configure Identity and Access Management (1AM) policies to create a least privilege model on your GKE clusters

C.

Use Binary Authorization to attest images during your CI CD pipeline

D.

Enable Container Analysis in Artifact Registry, and check for common vulnerabilities and exposures (CVEs) in your container images

Question 25

You work for a global organization and are running a monolithic application on Compute Engine You need to select the machine type for the application to use that optimizes CPU utilization by using the fewest number of steps You want to use historical system metncs to identify the machine type for the application to use You want to follow Google-recommended practices What should you do?

Options:

A.

Use the Recommender API and apply the suggested recommendations

B.

Create an Agent Policy to automatically install Ops Agent in all VMs

C.

Install the Ops Agent in a fleet of VMs by using the gcloud CLI

D.

Review the Cloud Monitoring dashboard for the VM and choose the machine type with the lowest CPU utilization

Question 26

You are creating a CI/CD pipeline to perform Terraform deployments of Google Cloud resources Your CI/CD tooling is running in Google Kubernetes Engine (GKE) and uses an ephemeral Pod for each pipeline run You must ensure that the pipelines that run in the Pods have the appropriate Identity and Access Management (1AM) permissions to perform the Terraform deployments You want to follow Google-recommended practices for identity management What should you do?

Choose 2 answers

Options:

A.

Create a new Kubernetes service account, and assign the service account to the Pods Use Workload Identity to authenticate as the Google service account

B.

Create a new JSON service account key for the Google service account store the key as a Kubernetes secret, inject the key into the Pods, and set the boogle_application_credentials environment variable

C.

Create a new Google service account, and assign the appropriate 1AM permissions

D.

Create a new JSON service account key for the Google service account store the key in the secret management store for the CI/CD tool and configure Terraform to use this key for authentication

E.

Assign the appropriate 1AM permissions to the Google service account associated with the Compute Engine VM instances that run the Pods

Question 27

You are running a web application deployed to a Compute Engine managed instance group Ops Agent is installed on all instances You recently noticed suspicious activity from a specific IP address You need to configure Cloud Monitoring to view the number of requests from that specific IP address with minimal operational overhead. What should you do?

Options:

A.

Configure the Ops Agent with a logging receiver Create a logs-based metric

B.

Create a script to scrape the web server log Export the IP address request metrics to the Cloud Monitoring API

C.

Update the application to export the IP address request metrics to the Cloud Monitoring API

D.

Configure the Ops Agent with a metrics receiver

Question 28

You are investigating issues in your production application that runs on Google Kubernetes Engine (GKE). You determined that the source Of the issue is a recently updated container image, although the exact change in code was not identified. The deployment is currently pointing to the latest tag. You need to update your cluster to run a version of the container that functions as intended. What should you do?

Options:

A.

Create a new tag called stable that points to the previously working container, and change the deployment to point to the new tag.

B.

Apply the latest tag to the previous container image, and do a rolling update on the deployment.

C.

Build a new container from a previous Git tag, and do a rolling update on the deployment to the new container.

D.

Alter the deployment to point to the sha2 56 digest of the previously working container.

Question 29

Your application images are built and pushed to Google Container Registry (GCR). You want to build an automated pipeline that deploys the application when the image is updated while minimizing the development effort. What should you do?

Options:

A.

Use Cloud Build to trigger a Spinnaker pipeline.

B.

Use Cloud Pub/Sub to trigger a Spinnaker pipeline.

C.

Use a custom builder in Cloud Build to trigger a Jenkins pipeline.

D.

Use Cloud Pub/Sub to trigger a custom deployment service running in Google Kubernetes Engine (GKE).

Question 30

You are performing a semiannual capacity planning exercise for your flagship service. You expect a service user growth rate of 10% month-over-month over the next six months. Your service is fully containerized and runs on Google Cloud Platform (GCP). using a Google Kubernetes Engine (GKE) Standard regional cluster on three zones with cluster autoscaler enabled. You currently consume about 30% of your total deployed CPU capacity, and you require resilience against the failure of a zone. You want to ensure that your users experience minimal negative impact as a result of this growth or as a result of zone failure, while avoiding unnecessary costs. How should you prepare to handle the predicted growth?

Options:

A.

Verity the maximum node pool size, enable a horizontal pod autoscaler, and then perform a load test to verity your expected resource needs.

B.

Because you are deployed on GKE and are using a cluster autoscaler. your GKE cluster will scale automatically, regardless of growth rate.

C.

Because you are at only 30% utilization, you have significant headroom and you won't need to add any additional capacity for this rate of growth.

D.

Proactively add 60% more node capacity to account for six months of 10% growth rate, and then perform a load test to make sure you have enough capacity.

Question 31

You support an e-commerce application that runs on a large Google Kubernetes Engine (GKE) cluster deployed on-premises and on Google Cloud Platform. The application consists of microservices that run in containers. You want to identify containers that are using the most CPU and memory. What should you do?

Options:

A.

Use Stackdriver Kubernetes Engine Monitoring.

B.

Use Prometheus to collect and aggregate logs per container, and then analyze the results in Grafana.

C.

Use the Stackdriver Monitoring API to create custom metrics, and then organize your containers using groups.

D.

Use Stackdriver Logging to export application logs to BigOuery. aggregate logs per container, and then analyze CPU and memory consumption.

Question 32

You are configuring the frontend tier of an application deployed in Google Cloud The frontend tier is hosted in ngmx and deployed using a managed instance group with an Envoy-based external HTTP(S) load balancer in front The application is deployed entirely within the europe-west2 region: and only serves users based in the United Kingdom. You need to choose the most cost-effective network tier and load balancing configuration What should you use?

Options:

A.

Premium Tier with a global load balancer

B.

Premium Tier with a regional load balancer

C.

Standard Tier with a global load balancer

D.

Standard Tier with a regional load balancer

Question 33

You are deploying an application to Cloud Run. The application requires a password to start. Your organization requires that all passwords are rotated every 24 hours, and your application must have the latest password. You need to deploy the application with no downtime. What should you do?

Options:

A.

Store the password in Secret Manager and send the secret to the application by using environment variables.

B.

Store the password in Secret Manager and mount the secret as a volume within the application.

C.

Use Cloud Build to add your password into the application container at build time. Ensure that Artifact Registry is secured from public access.

D.

Store the password directly in the code. Use Cloud Build to rebuild and deploy the application each time the password changes.

Question 34

You recently deployed your application in Google Kubernetes Engine (GKE) and now need to release a new version of the application You need the ability to instantly roll back to the previous version of the application in case there are issues with the new version Which deployment model should you use?

Options:

A.

Perform a rolling deployment and test your new application after the deployment is complete

B.

Perform A. B testing, and test your application periodically after the deployment is complete

C.

Perform a canary deployment, and test your new application periodically after the new version is deployed

D.

Perform a blue/green deployment and test your new application after the deployment is complete

Question 35

Your company has a Google Cloud resource hierarchy with folders for production test and development Your cyber security team needs to review your company's Google Cloud security posture to accelerate security issue identification and resolution You need to centralize the logs generated by Google Cloud services from all projects only inside your production folder to allow for alerting and near-real time analysis. What should you do?

Options:

A.

Enable the Workflows API and route all the logs to Cloud Logging

B.

Create a central Cloud Monitoring workspace and attach all related projects

C.

Create an aggregated log sink associated with the production folder that uses a Pub Sub topic as the destination

D.

Create an aggregated log sink associated with the production folder that uses a Cloud Logging bucket as the destination

Question 36

You support an application deployed on Compute Engine. The application connects to a Cloud SQL instance to store and retrieve data. After an update to the application, users report errors showing database timeout messages. The number of concurrent active users remained stable. You need to find the most probable cause of the database timeout. What should you do?

Options:

A.

Check the serial port logs of the Compute Engine instance.

B.

Use Stackdriver Profiler to visualize the resources utilization throughout the application.

C.

Determine whether there is an increased number of connections to the Cloud SQL instance.

D.

Use Cloud Security Scanner to see whether your Cloud SQL is under a Distributed Denial of Service (DDoS) attack.

Question 37

You use a multiple step Cloud Build pipeline to build and deploy your application to Google Kubernetes Engine (GKE). You want to integrate with a third-party monitoring platform by performing a HTTP POST of the build information to a webhook. You want to minimize the development effort. What should you do?

Options:

A.

Add logic to each Cloud Build step to HTTP POST the build information to a webhook.

B.

Add a new step at the end of the pipeline in Cloud Build to HTTP POST the build information to a webhook.

C.

Use Stackdriver Logging to create a logs-based metric from the Cloud Buitd logs. Create an Alert with a Webhook notification type.

D.

Create a Cloud Pub/Sub push subscription to the Cloud Build cloud-builds PubSub topic to HTTP POST the build information to a webhook.

Question 38

You are deploying a Cloud Build job that deploys Terraform code when a Git branch is updated. While testing, you noticed that the job fails. You see the following error in the build logs:

Initializing the backend. ..

Error: Failed to get existing workspaces : querying Cloud Storage failed: googleapi : Error

403

You need to resolve the issue by following Google-recommended practices. What should you do?

Options:

A.

Change the Terraform code to use local state.

B.

Create a storage bucket with the name specified in the Terraform configuration.

C.

Grant the roles/ owner Identity and Access Management (IAM) role to the Cloud Build service account on the project.

D.

Grant the roles/ storage. objectAdmin Identity and Access Management (IAM) role to the Cloud Build service account on the state file bucket.

Question 39

You are developing a strategy for monitoring your Google Cloud Platform (GCP) projects in production using Stackdriver Workspaces. One of the requirements is to be able to quickly identify and react to production environment issues without false alerts from development and staging projects. You want to ensure that you adhere to the principle of least privilege when providing relevant team members with access to Stackdriver Workspaces. What should you do?

Options:

A.

Grant relevant team members read access to all GCP production projects. Create Stackdriver workspaces inside each project.

B.

Grant relevant team members the Project Viewer IAM role on all GCP production projects. Create Slackdriver workspaces inside each project.

C.

Choose an existing GCP production project to host the monitoring workspace. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.

D.

Create a new GCP monitoring project, and create a Stackdriver Workspace inside it. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.

Question 40

You are creating a CI/CD pipeline in Cloud Build to build an application container image The application code is stored in GitHub Your company requires thai production image builds are only run against the main branch and that the change control team approves all pushes to the main branch You want the image build to be as automated as possible What should you do?

Choose 2 answers

Options:

A.

Create a trigger on the Cloud Build job Set the repository event setting to Pull request'

B.

Add the owners file to the Included files filter on the trigger

C.

Create a trigger on the Cloud Build job Set the repository event setting to Push to a branch

D.

Configure a branch protection rule for the main branch on the repository

E.

Enable the Approval option on the trigger

Question 41

You are managing an application that runs in Compute Engine The application uses a custom HTTP server to expose an API that is accessed by other applications through an internal TCP/UDP load balancer A firewall rule allows access to the API port from 0.0.0-0/0. You need to configure Cloud Logging to log each IP address that accesses the API by using the fewest number of steps What should you do Bret?

Options:

A.

Enable Packet Mirroring on the VPC

B.

Install the Ops Agent on the Compute Engine instances.

C.

Enable logging on the firewall rule

D.

Enable VPC Flow Logs on the subnet

Question 42

You support a Node.js application running on Google Kubernetes Engine (GKE) in production. The application makes several HTTP requests to dependent applications. You want to anticipate which dependent applications might cause performance issues. What should you do?

Options:

A.

Instrument all applications with Stackdriver Profiler.

B.

Instrument all applications with Stackdriver Trace and review inter-service HTTP requests.

C.

Use Stackdriver Debugger to review the execution of logic within each application to instrument all applications.

D.

Modify the Node.js application to log HTTP request and response times to dependent applications. Use Stackdriver Logging to find dependent applications that are performing poorly.

Question 43

You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (Pll) is leaking into certain log entry fields. All Pll entries begin with the text userinfo. You want to capture these log entries in a secure location for later review and prevent them from leaking to Stackdriver Logging. What should you do?

Options:

A.

Create a basic log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.

B.

Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, and then copy the entries to a Cloud Storage bucket.

C.

Create an advanced log filter matching userinfo, configure a log export in the Stackdriver console with Cloud Storage as a sink, and then configure a tog exclusion with userinfo as a filter.

D.

Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, create an advanced log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.

Question 44

You support an application running on App Engine. The application is used globally and accessed from various device types. You want to know the number of connections. You are using Stackdriver Monitoring for App Engine. What metric should you use?

Options:

A.

flex/connections/current

B.

tcp_ssl_proxy/new_connections

C.

tcp_ssl_proxy/open_connections

D.

flex/instance/connections/current

Question 45

You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?

Options:

A.

Grant the team members the IAM role of logging.configWriter on Cloud IAM.

B.

Configure Access Context Manager to allow only these members to export logs.

C.

Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.

D.

Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.

Question 46

You are configuring your CI/CD pipeline natively on Google Cloud. You want builds in a pre-production Google Kubernetes Engine (GKE) environment to be automatically load-tested before being promoted to the production GKE environment. You need to ensure that only builds that have passed this test are deployed to production. You want to follow Google-recommended practices. How should you configure this pipeline with Binary Authorization?

Options:

A.

Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using a key stored in Cloud Key Management Service (Cloud KMS).

B.

Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) authenticated through Workload Identity.

C.

Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) with a service account JSON key stored as a Kubernetes Secret.

D.

Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using their personal private key.

Question 47

You are responsible for the reliability of a high-volume enterprise application. A large number of users report that an important subset of the application’s functionality – a data intensive reporting feature – is consistently failing with an HTTP 500 error. When you investigate your application’s dashboards, you notice a strong correlation between the failures and a metric that represents the size of an internal queue used for generating reports. You trace the failures to a reporting backend that is experiencing high I/O wait times. You quickly fix the issue by resizing the backend’s persistent disk (PD). How you need to create an availability Service Level Indicator (SLI) for the report generation feature. How would you define it?

Options:

A.

As the I/O wait times aggregated across all report generation backends

B.

As the proportion of report generation requests that result in a successful response

C.

As the application’s report generation queue size compared to a known-good threshold

D.

As the reporting backend PD throughout capacity compared to a known-good threshold