Quiz IT certification exam

Question 1

Your organization is using Helm to package containerized applications Your applications reference both public and private charts Your security team flagged that using a public Helm repository as a dependency is a risk You want to manage all charts uniformly, with native access control and VPC Service Controls What should you do?

Become a Premium Member for full access

Unlock Premium Member

Accepted Answer

Store public and private charts in OCI format by using Artifact Registry

Answer

Store public and private charts by using GitHub Enterprise with Google Workspace as the identity provider

Answer

Store public and private charts by using Git repository Configure Cloud Build to synchronize contents of the repository into a Cloud Storage bucket Connect Helm to the bucket by using https: // [bucket] .srorage.googleapis.com/ [holnchart] as the Helm repository

Answer

Configure a Helm chart repository server to run in Google Kubernetes Engine (GKE) with Cloud Storage bucket as the storage backend

Question 2

You use Terraform to manage an application deployed to a Google Cloud environment The application runs on instances deployed by a managed instance group The Terraform code is deployed by using a CI/CD pipeline When you change the machine type on the instance template used by the managed instance group, the pipeline fails at the terraform apply stage with the following error message<img alt="Google Professional Cloud DevOps Engineer image Question 122 29065 09182024191337000000"   width="1110" height="139" src="https://examgecko.com/getfile/3fa82a6f-eb96-4823-bb0f-e1f67d77067b">You need to update the instance template and minimize disruption to the application and the number of pipeline runs What should you do?

Accepted Answer

Set the create_bef ore_destroy meta-argument to true in the lifecycle block on the instance template

Answer

Delete the managed instance group and recreate it after updating the instance template

Answer

Add a new instance template update the managed instance group to use the new instance template and delete the old instance template

Answer

Remove the managed instance group from the Terraform state file update the instance template and reimport the managed instance group.

Question 3

You are performing a semi-annual capacity planning exercise for your flagship service You expect a service user growth rate of 10% month-over-month for the next six months Your service is fully containerized and runs on a Google Kubemetes Engine (GKE) standard cluster across three zones with cluster autoscaling enabled You currently consume about 30% of your total deployed CPU capacity and you require resilience against the failure of a zone. You want to ensure that your users experience minimal negative impact as a result of this growth o' as a result of zone failure while you avoid unnecessary costs How should you prepare to handle the predicted growth?

Accepted Answer

Verify the maximum node pool size enable a Horizontal Pod Autoscaler and then perform a load lest to verify your expected resource needs

Answer

Because you deployed the service on GKE and are using a cluster autoscaler your GKE cluster will scale automatically regardless of growth rate

Answer

Because you are only using 30% of deployed CPU capacity there is significant headroom and you do not need to add any additional capacity for this rate of growth

Answer

Proactively add 80% more node capacity to account for six months of 10% growth rate and then perform a load test to ensure that you have enough capacity

Question 4

Your company operates in a highly regulated domain that requires you to store all organization logs for seven years You want to minimize logging infrastructure complexity by using managed services You need to avoid any future loss of log capture or stored logs due to misconfiguration or human error What should you do?

Accepted Answer

Use Cloud Logging to configure an aggregated sink at the organization level to export all logs into Cloud Storage with a seven-year retention policy and Bucket Lock

Answer

Use Cloud Logging to configure an aggregated sink at the organization level to export all logs into a BigQuery dataset

Answer

Use Cloud Logging to configure an export sink at each project level to export all logs into a BigQuery dataset

Answer

Use Cloud Logging to configure an export sink at each project level to export all logs into Cloud Storage with a seven-year retention policy and Bucket Lock

Question 5

You are building the Cl/CD pipeline for an application deployed to Google Kubernetes Engine (GKE) The application is deployed by using a Kubernetes Deployment, Service, and Ingress The application team asked you to deploy the application by using the blue'green deployment methodology You need to implement the rollback actions What should you do?

Accepted Answer

Update the Kubernetes Service to point to the previous Kubernetes Deployment

Answer

Run the kubectl rollout undo command

Answer

Delete the new container image, and delete the running Pods

Answer

Scale the new Kubernetes Deployment to zero

Question 6

You are building and running client applications in Cloud Run and Cloud Functions Your client requires that all logs must be available for one year so that the client can import the logs into their logging service You must minimize required code changes What should you do?

Accepted Answer

Create a logs bucket and logging sink. Set the retention on the logs bucket to 365 days Configure the logging sink to send logs to the bucket Give your client access to the bucket to retrieve the logs

Answer

Update all images in Cloud Run and all functions in Cloud Functions to send logs to both Cloud Logging and the client's logging service Ensure that all the ports required to send logs are open in the VPC firewall

Answer

Create a Pub/Sub topic subscription and logging sink Configure the logging sink to send all logs into the topic Give your client access to the topic to retrieve the logs

Answer

Create a storage bucket and appropriate VPC firewall rules Update all images in Cloud Run and all functions in Cloud Functions to send logs to a file within the storage bucket

Question 7

Your team is building a service that performs compute-heavy processing on batches of data The data is processed faster based on the speed and number of CPUs on the machine These batches of data vary in size and may arrive at any time from multiple third-party sources You need to ensure that third parties are able to upload their data securely. You want to minimize costs while ensuring that the data is processed as quickly as possible What should you do?

Accepted Answer

* Provide a Cloud Storage bucket so that third parties can upload batches of data, and provide appropriate identity and Access Management (1AM) access to the bucket * Create a Cloud Function with a google, storage, object .finalise Cloud Storage trigger Write code so that the function can scale up a Compute Engine autoscaling managed instance group * Use an image pre-loaded with the data processing software that terminates the instances when processing completes

Answer

* Provide a secure file transfer protocol (SFTP) server on a Compute Engine instance so that third parties can upload batches of data and provide appropriate credentials to the server * Create a Cloud Function with a google.storage, object, finalize Cloud Storage trigger Write code so that the function can scale up a Compute Engine autoscaling managed instance group * Use an image pre-loaded with the data processing software that terminates the instances when processing completes

Answer

* Provide a Cloud Storage bucket so that third parties can upload batches of data, and provide appropriate Identity and Access Management (1AM) access to the bucket * Use a standard Google Kubernetes Engine (GKE) cluster and maintain two services one that processes the batches of data and one that monitors Cloud Storage for new batches of data * Stop the processing service when there are no batches of data to process

Answer

* Provide a Cloud Storage bucket so that third parties can upload batches of data, and provide appropriate Identity and Access Management (1AM) access to the bucket * Use Cloud Monitoring to detect new batches of data in the bucket and trigger a Cloud Function that processes the data * Set a Cloud Function to use the largest CPU possible to minimize the runtime of the processing

Question 8

You are reviewing your deployment pipeline in Google Cloud Deploy You must reduce toil in the pipeline and you want to minimize the amount of time it takes to complete an end-to-end deployment What should you do?Choose 2 answers

Accepted Answer

Create a trigger to notify the required team to complete the next step when manual intervention is required

Accepted Answer

Automate promotion approvals from the development environment to the test environment

Answer

Divide the automation steps into smaller tasks

Answer

Use a script to automate the creation of the deployment pipeline in Google Cloud Deploy

Answer

Add more engineers to finish the manual steps.

Question 9

You work for a global organization and are running a monolithic application on Compute Engine You need to select the machine type for the application to use that optimizes CPU utilization by using the fewest number of steps You want to use historical system metncs to identify the machine type for the application to use You want to follow Google-recommended practices What should you do?

Accepted Answer

Use the Recommender API and apply the suggested recommendations

Answer

Create an Agent Policy to automatically install Ops Agent in all VMs

Answer

Install the Ops Agent in a fleet of VMs by using the gcloud CLI

Answer

Review the Cloud Monitoring dashboard for the VM and choose the machine type with the lowest CPU utilization

Question 10

You are configuring Cloud Logging for a new application that runs on a Compute Engine instance with a public IP address. A user-managed service account is attached to the instance. You confirmed that the necessary agents are running on the instance but you cannot see any log entries from the instance in Cloud Logging. You want to resolve the issue by following Google-recommended practices. What should you do?

Accepted Answer

Add the Logs Writer role to the service account.

Answer

Enable Private Google Access on the subnet that the instance is in.

Answer

Update the instance to use the default Compute Engine service account.

Answer

Export the service account key and configure the agents to use the key.

Question 11

Your organization is starting to containerize with Google Cloud. You need a fully managed storage solution for container images and Helm charts. You need to identify a storage solution that has native integration into existing Google Cloud services, including Google Kubernetes Engine (GKE), Cloud Run, VPC Service Controls, and Identity and Access Management (IAM). What should you do?

Accepted Answer

Configure Artifact Registry as an OCI-based container registry for both Helm charts and container images.

Answer

Use Docker to configure a Cloud Storage driver pointed at the bucket owned by your organization.

Answer

Configure Container Registry as an OCI-based container registry for container images.

Answer

Configure an open source container registry server to run in GKE with a restrictive role-based access control (RBAC) configuration.

Question 12

You are developing reusable infrastructure as code modules. Each module contains integration tests that launch the module in a test project. You are using GitHub for source control. You need to Continuously test your feature branch and ensure that all code is tested before changes are accepted. You need to implement a solution to automate the integration tests. What should you do?

Accepted Answer

Use Cloud Build to run tests in a specific folder. Trigger Cloud Build for every GitHub pull request.

Answer

Use a Jenkins server for Cl/CD pipelines. Periodically run all tests in the feature branch.

Answer

Use Cloud Build to run the tests. Trigger all tests to run after a pull request is merged.

Answer

Ask the pull request reviewers to run the integration tests before approving the code.

Question 13

You are deploying an application to Cloud Run. The application requires a password to start. Your organization requires that all passwords are rotated every 24 hours, and your application must have the latest password. You need to deploy the application with no downtime. What should you do?

Accepted Answer

Store the password in Secret Manager and mount the secret as a volume within the application.

Answer

Store the password in Secret Manager and send the secret to the application by using environment variables.

Answer

Use Cloud Build to add your password into the application container at build time. Ensure that Artifact Registry is secured from public access.

Answer

Store the password directly in the code. Use Cloud Build to rebuild and deploy the application each time the password changes.

Question 14

You are designing a system with three different environments: development, quality assurance (QA), and production.Each environment will be deployed with Terraform and has a Google Kubemetes Engine (GKE) cluster created so that application teams can deploy their applications. Anthos Config Management will be used and templated to deployinfrastructure level resources in each GKE cluster. All users (for example, infrastructure operators and application owners) will use GitOps. How should you structure your source control repositories for both Infrastructure as Code (laC) and application code?

Accepted Answer

Cloud Infrastructure (Terraform) repository is shared: different directories are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repositories are separated: different branches are different environments Application (app source code) repositories are separated: different branches are different features

Answer

Cloud Infrastructure (Terraform) repository is shared: different directories are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repository is shared: different overlay directories are different environments Application (app source code) repositories are separated: different branches are different features

Answer

Cloud Infrastructure (Terraform) repository is shared: different branches are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repository is shared: different overlay directories are different environments Application (app source code) repository is shared: different directories are different features

Answer

Cloud Infrastructure (Terraform) repositories are separated: different branches are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repositories are separated: different overlay directories are different environments Application (app source code) repositories are separated: different branches are different features

Question 15

Your Cloud Run application writes unstructured logs as text strings to Cloud Logging. You want to convert the unstructured logs to JSON-based structured logs. What should you do?

Accepted Answer

Modify the application to use Cloud Logging software development kit (SDK), and send log entries with a jsonPay10ad field.

Answer

A Install a Fluent Bit sidecar container, and use a JSON parser.

Answer

Install the log agent in the Cloud Run container image, and use the log agent to forward logs to Cloud Logging.

Answer

Configure the log agent to convert log text payload to JSON payload.

Question 16

You are the Operations Lead for an ongoing incident with one of your services. The service usually runs at around 70% capacity. You notice that one node is returning 5xx errors for all requests. There has also been a noticeable increase in support cases from customers. You need to remove the offending node from the load balancer pool so that you can isolate and investigate the node. You want to follow Google-recommended practices to manage the incident and reduce the impact on users. What should you do?

Accepted Answer

1. Communicate your intent to the incident team. 2. Perform a load analysis to determine if the remaining nodes can handle the increase in traffic offloaded from the removed node, and scale appropriately. 3. When any new nodes report healthy, drain traffic from the unhealthy node, and remove the unhealthy node from service.

Answer

1. Communicate your intent to the incident team. 2. Add a new node to the pool, and wait for the new node to report as healthy. 3. When traffic is being served on the new node, drain traffic from the unhealthy node, and remove the old node from service.

Answer

1 . Drain traffic from the unhealthy node and remove the node from service. 2. Monitor traffic to ensure that the error is resolved and that the other nodes in the pool are handling the traffic appropriately. 3. Scale the pool as necessary to handle the new load. 4. Communicate your actions to the incident team.

Answer

1 . Drain traffic from the unhealthy node and remove the old node from service. 2. Add a new node to the pool, wait for the new node to report as healthy, and then serve traffic to the new node. 3. Monitor traffic to ensure that the pool is healthy and is handling traffic appropriately. 4. Communicate your actions to the incident team.

Question 17

You recently migrated an ecommerce application to Google Cloud. You now need to prepare the application for the upcoming peak traffic season. You want to follow Google-recommended practices. What should you do first to prepare for the busy season?

Accepted Answer

Load test the application to profile its performance for scaling.

Answer

Migrate the application to Cloud Run, and use autoscaling.

Answer

Create a Terraform configuration for the application's underlying infrastructure to quickly deploy to additional regions.

Answer

Pre-provision the additional compute power that was used last season, and expect growth.

Question 18

Your company runs applications in Google Kubernetes Engine (GKE) that are deployed following a GitOps methodology.Application developers frequently create cloud resources to support their applications. You want to give developers the ability to manage infrastructure as code, while ensuring that you follow Google-recommended practices. You need to ensure that infrastructure as code reconciles periodically to avoid configuration drift. What should you do?

Accepted Answer

Install and configure Config Connector in Google Kubernetes Engine (GKE).

Answer

Configure Cloud Build with a Terraform builder to execute plan and apply commands.

Answer

Create a Pod resource with a Terraform docker image to execute terraform plan and terraform apply commands.

Answer

Create a Job resource with a Terraform docker image to execute terraforrm plan and terraform apply commands.

Question 19

Your company runs services by using Google Kubernetes Engine (GKE). The GKE clusters in the development environment run applications with verbose logging enabled. Developers view logs by using the kubect1 logscommand and do not use Cloud Logging. Applications do not have a uniform logging structure defined. You need to minimize the costs associated with application logging while still collecting GKE operational logs. What should you do?

Accepted Answer

Run the gcloud container clusters update --logging---SYSTEM command for the development cluster.

Answer

Run the gcloud container clusters update logging=WORKLOAD command for the development cluster.

Answer

Run the gcloud logging sinks update _Defau1t --disabled command in the project associated with the development environment.

Answer

Add the severity >= DEBUG resource. type 'k83 container' exclusion filter to the Default logging sink in the project associated with the development environment.

Question 20

You are the Site Reliability Engineer responsible for managing your company's data services and products. You regularly navigate operational challenges, such as unpredictable data volume and high cost, with your company's data ingestion processes. You recently learned that a new data ingestion product will be developed in Google Cloud. You need to collaborate with the product development team to provide operational input on the new product. What should you do?

Accepted Answer

Review the design of the product with the product development team to provide feedback early in the design phase.

Answer

Deploy the prototype product in a test environment, run a load test, and share the results with the product development team.

Answer

When the initial product version passes the quality assurance phase and compliance assessments, deploy the product to a staging environment. Share error logs and performance metrics with the product development team.

Answer

When the new product is used by at least one internal customer in production, share error logs and monitoring metrics with the product development team.

Question 21

You are designing a deployment technique for your applications on Google Cloud. As part Of your deployment planning, you want to use live traffic to gather performance metrics for new versions Of your applications. You need to test against the full production load before your applications are launched. What should you do?

Accepted Answer

Use shadow testing with continuous deployment.

Answer

Use A/B testing with blue/green deployment.

Answer

Use canary testing with continuous deployment.

Answer

Use canary testing with rolling updates deployment,

Question 22

As a Site Reliability Engineer, you support an application written in GO that runs on Google Kubernetes Engine (GKE) in production. After releasing a new version Of the application, you notice the application runs for about 15 minutes and then restarts. You decide to add Cloud Profiler to your application and now notice that the heap usage grows constantly until the application restarts. What should you do?

Accepted Answer

Increase the memory limit in the application deployment.

Answer

Add high memory compute nodes to the cluster.

Answer

Add Cloud Trace to the application, and redeploy.

Answer

Increase the CPU limit in the application deployment.

Question 23

You need to create a Cloud Monitoring SLO for a service that will be published soon. You want to verify that requests to the service will be addressed in fewer than 300 ms at least 90% Of the time per calendar month. You need to identify the metric and evaluation method to use. What should you do?

Accepted Answer

Select a latency metric for a request-based method of evaluation.

Answer

Select a latency metric for a window-based method of evaluation.

Answer

Select an availability metric for a request-based method of evaluation.

Answer

Select an availability metric for a window-based method Of evaluation.

Question 24

Your company runs applications in Google Kubernetes Engine (GKE). Several applications rely on ephemeral volumes. You noticed some applications were unstable due to the DiskPressure node condition on the worker nodes. You need to identify which Pods are causing the issue, but you do not have execute access to workloads and nodes. What should you do?

Accepted Answer

Check the node/ephemeral_storage/used_bytes metric by using Metrics Explorer.

Answer

Check the metric by using Metrics Explorer.

Answer

Locate all the Pods with emptyDir volumes. use the df-h command to measure volume disk usage.

Answer

Locate all the Pods with emptyDir volumes. Use the du -sh * command to measure volume disk usage.

Question 25

You are configuring your CI/CD pipeline natively on Google Cloud. You want builds in a pre-production Google Kubernetes Engine (GKE) environment to be automatically load-tested before being promoted to the production GKE environment. You need to ensure that only builds that have passed this test are deployed to production. You want to follow Google-recommended practices. How should you configure this pipeline with Binary Authorization?

Accepted Answer

Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) authenticated through Workload Identity.

Answer

Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using a key stored in Cloud Key Management Service (Cloud KMS).

Answer

Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) with a service account JSON key stored as a Kubernetes Secret.

Answer

Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using their personal private key.

Question 26

You recently noticed that one Of your services has exceeded the error budget for the current rolling window period. Your company's product team is about to launch a new feature. You want to follow Site Reliability Engineering (SRE) practices.What should you do?

Accepted Answer

Notify the team that their error budget is used up. Negotiate with the team for a launch freeze or tolerate a slightly worse user experience.

Answer

Look through other metrics related to the product and find SLOs with remaining error budget. Reallocate the error budgets and allow the feature launch.

Answer

Escalate the situation and request additional error budget.

Answer

Notify the team about the lack of error budget and ensure that all their tests are successful so the launch will not further risk the error budget.

Question 27

You are monitoring a service that uses n2-standard-2 Compute Engine instances that serve large files. Users have reported that downloads are slow. Your Cloud Monitoring dashboard shows that your VMS are running at peak network throughput. You want to improve the network throughput performance. What should you do?

Accepted Answer

Change the machine type for your VMS to n2-standard-8.

Answer

Deploy a Cloud NAT gateway and attach the gateway to the subnet of the VMS.

Answer

Add additional network interface controllers (NICs) to your VMS.

Answer

Deploy the Ops Agent to export additional monitoring metrics.

Question 28

You are designing a new Google Cloud organization for a client. Your client is concerned with the risks associated with long-lived credentials created in Google Cloud. You need to design a solution to completely eliminate the risks associated with the use of JSON service account keys while minimizing operational overhead. What should you do?

Accepted Answer

Apply the constraints/iam.disableserviceAccountKeycreation constraint to the organization.

Answer

Use custom versions of predefined roles to exclude all iam.serviceAccountKeys. * service account role permissions.

Answer

Apply the constraints/iam.disableServiceAccountKeyUp10ad constraint to the organization.

Answer

Grant the roles/ iam.serviceAccountKeyAdmin IAM role to organization administrators only.

Question 29

You have deployed a fleet Of Compute Engine instances in Google Cloud. You need to ensure that monitoring metrics and logs for the instances are visible in Cloud Logging and Cloud Monitoring by your company's operations and cyber security teams. You need to grant the required roles for the Compute Engine service account by using Identity and Access Management (IAM) while following the principle of least privilege. What should you do?

Accepted Answer

Grant the logging.editor and monitoring.metricwriter roles to the Compute Engine service accounts.

Answer

Grant the Logging. admin and monitoring . editor roles to the Compute Engine service accounts.

Answer

Grant the logging. logwriter and monitoring. editor roles to the Compute Engine service accounts.

Answer

Grant the logging. logWriter and monitoring. metricWriter roles to the Compute Engine service accounts.

Question 30

You are investigating issues in your production application that runs on Google Kubernetes Engine (GKE). You determined that the source Of the issue is a recently updated container image, although the exact change in code was not identified. The deployment is currently pointing to the latest tag. You need to update your cluster to run a version of the container that functions as intended. What should you do?

Accepted Answer

Alter the deployment to point to the sha2 56 digest of the previously working container.

Answer

Create a new tag called stable that points to the previously working container, and change the deployment to point to the new tag.

Answer

Apply the latest tag to the previous container image, and do a rolling update on the deployment.

Answer

Build a new container from a previous Git tag, and do a rolling update on the deployment to the new container.

Question 31

You are leading a DevOps project for your organization. The DevOps team is responsible for managing the service infrastructure and being on-call for incidents. The Software Development team is responsible for writing, submitting, and reviewing code. Neither team has any published SLOs. You want to design a new joint-ownership model for a service between the DevOps team and the Software Development team. Which responsibilities should be assigned to each team in the new joint-ownership model?<img alt="Google Professional Cloud DevOps Engineer image Question 151 29094 09182024191337000000"   width="820" height="691" src="https://examgecko.com/getfile/ca14e3f2-26eb-4f94-9c23-2f24cb483476">

Accepted Answer

Option D

Answer

Option A

Answer

Option B

Answer

Option C

Question 32

You are deploying a Cloud Build job that deploys Terraform code when a Git branch is updated. While testing, you noticed that the job fails. You see the following error in the build logs:Initializing the backend. ..Error: Failed to get existing workspaces : querying Cloud Storage failed: googleapi : Error403You need to resolve the issue by following Google-recommended practices. What should you do?

Accepted Answer

Grant the roles/ storage. objectAdmin Identity and Access Management (IAM) role to the Cloud Build service account on the state file bucket.

Answer

Change the Terraform code to use local state.

Answer

Create a storage bucket with the name specified in the Terraform configuration.

Answer

Grant the roles/ owner Identity and Access Management (IAM) role to the Cloud Build service account on the project.

Question 33

Your company processes IOT data at scale by using Pub/Sub, App Engine standard environment, and an application written in GO. You noticed that the performance inconsistently degrades at peak load. You could not reproduce this issue on your workstation. You need to continuously monitor the application in production to identify slow paths in the code. You want to minimize performance impact and management overhead. What should you do?

Accepted Answer

Configure Cloud Profiler, and initialize the cloud.go@gle.com/go/profiler library in the application.

Answer

Install a continuous profiling tool into Compute Engine. Configure the application to send profiling data to the tool.

Answer

Periodically run the go tool pprof command against the application instance. Analyze the results by using flame graphs.

Answer

Use Cloud Monitoring to assess the App Engine CPU utilization metric.

Question 34

You need to define SLOs for a high-traffic web application. Customers are currently happy with the application performance and availability. Based on current measurement, the 90th percentile Of latency is 160 ms and the 95th percentile of latency is 300 ms over a 28-day window. What latency SLO should you publish?

Accepted Answer

90th percentile - 160 ms 95th percentile - 300 ms

Answer

90th percentile - 150 ms 95th percentile - 290 ms

Answer

90th percentile - 190 ms 95th percentile - 330 ms

Answer

90th percentile - 300 ms 95th percentile - 450 ms

Question 35

You need to enforce several constraint templates across your Google Kubernetes Engine (GKE) clusters. The constraints include policy parameters, such as restricting the Kubernetes API. You must ensure that the policy parameters are stored in a GitHub repository and automatically applied when changes occur. What should you do?

Accepted Answer

Configure Anthos Config Management with the GitHub repository. When there is a change in the repository, use Anthos Config Management to apply the change.

Answer

Set up a GitHub action to trigger Cloud Build when there is a parameter change. In Cloud Build, run a gcloud CLI command to apply the change.

Answer

When there is a change in GitHub, use a web hook to send a request to Anthos Service Mesh, and apply the change.

Answer

Configure Config Connector with the GitHub repository. When there is a change in the repository, use Config Connector to apply the change.

Question 36

Your company recently migrated to Google Cloud. You need to design a fast, reliable, and repeatable solution for your company to provision new projects and basic resources in Google Cloud. What should you do?

Accepted Answer

Use the Terraform repositories from the Cloud Foundation Toolkit. Apply the code with appropriate parameters to create the Google Cloud project and related resources.

Answer

Use the Google Cloud console to create projects.

Answer

Write a script by using the gcloud CLI that passes the appropriate parameters from the request. Save the script in a Git repository.

Answer

Write a Terraform module and save it in your source control repository. Copy and run the apply command to create the new project.

Question 37

You are configuring a Cl pipeline. The build step for your Cl pipeline integration testing requires access to APIs inside your private VPC network. Your security team requires that you do not expose API traffic publicly. You need to implement a solution that minimizes management overhead. What should you do?

Accepted Answer

Use Cloud Build private pools to connect to the private VPC.

Answer

Use Spinnaker for Google Cloud to connect to the private VPC.

Answer

Use Cloud Build as a pipeline runner. Configure Internal HTTP(S) Load Balancing for API access.

Answer

Use Cloud Build as a pipeline runner. Configure External HTTP(S) Load Balancing with a Google Cloud Armor policy for API access.

Question 38

Your organization stores all application logs from multiple Google Cloud projects in a central Cloud Logging project. Your security team wants to enforce a rule that each project team can only view their respective logs, and only the operations team can view all the logs. You need to design a solution that meets the security team's requirements, while minimizing costs. What should you do?

Accepted Answer

Create log views for each project team, and only show each project team their application logs. Grant the operations team access to the _ Al Il-jogs View in the central logging project.

Answer

Export logs to BigQuery tables for each project team. Grant project teams access to their tables. Grant logs writer access to the operations team in the central logging project.

Answer

Grant each project team access to the project _ Default view in the central logging project. Grant logging viewer access to the operations team in the central logging project.

Answer

Create Identity and Access Management (IAM) roles for each project team and restrict access to the _ Default log view in their individual Google Cloud project. Grant viewer access to the operations team in the central logging project.

Question 39

Your CTO has asked you to implement a postmortem policy on every incident for internal use. You want to define what a good postmortem is to ensure that the policy is successful at your company. What should you do?Choose 2 answers

Accepted Answer

Ensure that all postmortems include what caused the incident, how the incident could have been worse, and how to prevent a future occurrence of the incident.

Accepted Answer

Ensure that all postmortems include all incident participants in postmortem authoring and share postmortems as widely as possible,

Answer

Ensure that all postmortems include what caused the incident, identify the person or team responsible for causing the incident. and how to prevent a future occurrence of the incident.

Answer

Ensure that all postmortems include the severity of the incident, how to prevent a future occurrence of the incident. and what caused the incident without naming internal system components.

Answer

Ensure that all postmortems include how the incident was resolved and what caused the incident without naming customer information.

Question 40

Your uses Jenkins running on Google Cloud VM instances for CI/CD. You need to extend the functionality to use infrastructure as code automation by using Terraform. You must ensure that the Terraform Jenkins instance is authorized to create Google Cloud resources. You want to follow Google-recommended practices- What should you do?

Accepted Answer

Confirm that the Jenkins VM instance has an attached service account with the appropriate Identity and Access Management (IAM) permissions. use the Terraform module so that Secret Manager can retrieve credentials.

Answer

Add the auth application-default command as a step in Jenkins before running the Terraform commands.

Answer

Create a dedicated service account for the Terraform instance. Download and copy the secret key value to the GOOGLE environment variable on the Jenkins server.

Google Professional Cloud DevOps Engineer Practice Test 4

Google Professional Cloud DevOps Engineer Practice Tests