Professional-Cloud-Developer Google Certified Professional - Cloud Developer Questions and Answers

Use the current single instance MySQL on Compute Engine and several read-only MySQL servers on

Compute Engine.

Use the current single instance MySQL on Compute Engine, and replicate the data to Cloud SQL in an

external master configuration.

Replace the current single instance MySQL instance with Cloud SQL, and configure high availability.

Replace the current single instance MySQL instance with Cloud SQL, and Google provides redundancy

without further configuration.

Block all traffic on port 443.

Allow all traffic into the network.

Allow traffic on port 443 for a specific tag.

Allow all traffic on port 443 into the network.

Migrate the database to Bigtable and use it to serve all global user traffic.

Migrate the database to Cloud Spanner and use it to serve all global user traffic.

Migrate the database to Firestore in Datastore mode and use it to serve all global user traffic.

Migrate the services to Google Kubernetes Engine and use a load balancer service to better scale the application.

Cloud VPN

Cloud Armor

Virtual Private Cloud

Cloud Identity-Aware Proxy

Set the asynchronous option for your requests to the API to false and omit the widget displaying the API

results when a timeout or error is encountered.

Set the asynchronous option for your request to the API to true and omit the widget displaying the API

results when a timeout or error is encountered.

Catch timeout or error exceptions from the API call and keep trying with exponential backoff until the API

response is successful.

Catch timeout or error exceptions from the API call and display the error response in the UI widget.

Grant the service account BigQuery Data Viewer and BigQuery Job User roles.

Grant the service account BigQuery Data Editor and BigQuery Data Viewer roles.

Create a view in BigQuery from the SQL query and SELECT* from the view in the CLI.

Create a new dataset in BigQuery, and copy the source table to the new dataset Query the new dataset and table from the CLI.

Use a text editor and the Git command line to send your source code updates as pull requests from a public computer.

Use a text editor and the Git command line to send your source code updates as pull requests from a virtual machine running on a public computer.

Use Cloud Shell and the built-in code editor for development. Send your source code updates as pull requests.

Use a Cloud Storage bucket to store the source code that you need to edit. Mount the bucket to a public computer as a drive, and use a code editor to update the code. Turn on versioning for the bucket, and point it to the team’s Git repository.

Create one Pub/Sub topic. Create one pull subscription to allow the audit services to share the messages.

Create one Pub/Sub topic. Create one pull subscription per audit service instance to allow the services to share the messages.

Create one Pub/Sub topic. Create one push subscription with the endpoint pointing to a load balancer in front of the audit services.

Create one Pub/Sub topic per authentication service. Create one pull subscription per topic to be used by one audit service.

Create one Pub/Sub topic per authentication service. Create one push subscription per topic, with the endpoint pointing to one audit service.

Enable Binary Authorization, and configure it to attest that no vulnerabilities exist in a container image.

Enable the Container Scanning API in Artifact Registry, and scan the built container images for vulnerabilities.

Upload the built container images to your Docker Hub instance, and scan them for vulnerabilities.

Add Artifact Registry to your Aqua Security instance, and scan the built container images for vulnerabilities

Assign the Google Cloud service account to your GKE Pod using Workload Identity.

Export the Google Cloud service account, and share it with the Pod as a Kubernetes Secret.

Export the Google Cloud service account, and embed it in the source code of the application.

Export the Google Cloud service account, and upload it to HashiCorp Vault to generate a dynamic service account for your application.

Deploy your application on Cloud Run. Use traffic splitting to direct a subset of user traffic to the new version based on the revision tag.

Deploy your application on Google Kubernetes Engine with Anthos Service Mesh. Use traffic splitting to direct a subset of user traffic to the new version based on the user-agent header.

Deploy your application on App Engine. Use traffic splitting to direct a subset of user traffic to the new version based on the IP address.

Deploy your application on Compute Engine. Use Traffic Director to direct a subset of user traffic to the new version based on predefined weights.

Create two jobs: one that checks whether the container can connect to the database, and another that runs the shutdown script if the Pod is failing.

Create the Deployment with a livenessProbe for the container that will fail if the container can't connect to the database. Configure a Prestop lifecycle handler that runs the shutdown script if the container is failing.

Create the Deployment with a PostStart lifecycle handler that checks the service availability. Configure a PreStop lifecycle handler that runs the shutdown script if the container is failing.

Create the Deployment with an initContainer that checks the service availability. Configure a Prestop lifecycle handler that runs the shutdown script if the Pod is failing.

Use the gcloud CLI to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.

Enable Container Analysis, and upload new container images to Artifact Registry. Review the vulnerability results before each deployment.

Enable Container Analysis, and upload new container images to Artifact Registry. Review the critical vulnerability results before each deployment.

Use the Container Analysis REST API to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.

Remove the step that pushes the container to Artifact Registry.

Add the —cache-from argument to the Docker build step in your build config file.

Store image artifacts in a Cloud Storage bucket in the same region as the Cloud Run instance.

Deploy a new Docker registry in a VPC and use Cloud Build worker pools inside the VPC to run the build pipeline.

Use Cloud Functions to deploy the microservice.

Use Cloud Build to create the container, and deploy it on Cloud Run.

Use Cloud Shell to containerize your microservice. and deploy it on GKE Standard.

Use Cloud Shell to containerize your microservice. and deploy it on a Container-Optimized OS Compute Engine instance.

gsutil cp [LOCAL_OBJECT] gs://[DESTINATION_BUCKET_NAME]/

gcloud cp [LOCAL_OBJECT] gs://[DESTINATION_BUCKET_NAME]/

hadoop fs cp [LOCAL_OBJECT] gs://[DESTINATION_BUCKET_NAME]/

gcloud dataproc cp [LOCAL_OBJECT] gs://[DESTINATION_BUCKET_NAME]/

Add RUN commands in the Dockerfile to execute unit and integration tests.

Create a Cloud Build build config file with a single build step to compile unit and integration tests.

Create a Cloud Build build config file that will spawn a separate cloud build pipeline for unit and integration

tests.

Create a Cloud Build build config file with separate cloud builder steps to compile and execute unit and

integration tests.

Use Memorystore to cache frequently accessed PII data from the on-premises MySQL database

Use Istio to create a service mesh that includes the microservices on GKE and the on-premises services

Increase the number of Cloud VPN tunnels for the connection between Google Cloud and the on-premises services

Decrease the network layer packet size by decreasing the Maximum Transmission Unit (MTU) value from its default value on Cloud VPN

Blue/green deployment

Canary deployment

Rolling deployment

Recreate deployment

Smoke tests

Stackdriver uptime checks

Cloud Load Balancing - heath checks

Managed instance group - heath checks

Run the gclcud config set api_endpoint_overrides/pubsub https: / 'pubsubemulator.googleapi3.com. coin/ command to change the Pub/Sub endpoint prior to starting the application

In the Google Cloud console, navigate to the API Library and enable the Pub/Sub API When developing locally, configure your application to call pubsub.googleapis com

Install Cloud Code on the integrated development environment (IDE) Navigate to Cloud APIs, and enable Pub/Sub against a valid Google Project ID. When developing locally, configure your application to call pubsub.googleapis com

Install the Pub/Sub emulator using gcloud and start the emulator with a valid Google Project ID. When developing locally, configure your application to use the local emulator by exporting the fuhsub emulator Host variable

Change your application s logging library to the Cloud Logging library and configure your application to export logs to Cloud Logging

Update your application to output logs in CSV format, and add the necessary metadata to the CSV.

Install the Fluent Bit agent on each of your GKE nodes, and have the agent export all logs from /var/ log.

Update your application to output logs in JSON format, and add the necessary metadata to the JSON

Configure Cloud SQL to host the database, and import the schema into Cloud SQL.

Deploy MySQL from the Google Cloud Marketplace to the database using a client, and import the schema.

Configure Bigtable to host the database, and import the data into Bigtable.

Configure Cloud Spanner to host the database, and import the schema into Cloud Spanner.

Configure Firestore to host the database, and import the data into Firestore.

Use Carrier Peering

Use VPC Network Peering

Use Shared VPC networks

Use Private Google Access

Install the Stackdriver Logging Agent and configure it to send the application logs.

Use a Stackdriver Logging Library to log directly from the application to Stackdriver Logging.

Provide the log file folder path in the metadata of the instance to configure it to send the application logs.

Change the application to log to /var/log so that its logs are automatically sent to Stackdriver Logging.

Create a new project with a random name for every build. Load the required data. Delete the project after the test is run.

Create a new Cloud Spanner instance for every build. Load the required data. Delete the Cloud Spanner instance after the test is run.

Create a project with a Cloud Spanner instance and the required data. Adjust the Cloud Build build file to automatically restore the data to its previous state after the test is run.

Start the Cloud Spanner emulator locally. Load the required data. Shut down the emulator after the test is run.

Stackdriver Trace

Stackdriver Monitoring

Stackdriver Debug Snapshots

Stackdriver Debug Logpoints

Create a custom jndex over the products

Modify the query that returns the product list using cursors with limits

Modify the Cloud Run configuration to increase the memory limits

Modify the query that returns the product list using integer offsets

Manually trigger the build for new releases.

Create a build trigger on a Git tag pattern. Use a Git tag convention for new releases.

Create a build trigger on a Git branch name pattern. Use a Git branch naming convention for new releases.

Commit your source code to a second Cloud Source Repositories repository with a second Cloud Build trigger. Use this repository for new releases only.

Replace your entire monitoring platform with Stackdriver.

Install the Stackdriver agents on your Compute Engine instances.

Use Stackdriver to capture and alert on logs, then ship them to your existing platform.

Migrate some traffic back to your old platform and perform AB testing on the two platforms concurrently.

Add a public IP address to your instance, and restrict access to the instance using firewall rules. Allow your company’s proxy as the only source IP address.

Add an HTTP(S) load balancer in front of the instance, and set up Identity-Aware Proxy (IAP). Configure the IAP settings to allow your company domain to access the website.

Set up a VPN tunnel between your company network and your instance’s VPC location on Google Cloud. Configure the required firewall rules and routing information to both the on-premises and Google Cloud networks.

Add a public IP address to your instance, and allow traffic from the internet. Generate a random hash, and create a subdomain that includes this hash and points to your instance. Distribute this DNS address to your company’s employees.

Deploy from a source code repository and grant users the roles/cloudfunctions.viewer role.

Deploy from a source code repository and grant users the roles/cloudfunctions.invoker role

Deploy from your local machine using gcloud and grant users the roles/cloudfunctions.admin role

Deploy from your local machine using gcloud and grant users the roles/cloudfunctions.developer role

Leave the original Cloud Function as-is and deploy a second Cloud Function with the new API. Use a load balancer to distribute calls between the versions.

Leave the original Cloud Function as-is and deploy a second Cloud Function that includes only the changed API. Calls are automatically routed to the correct function.

Leave the original Cloud Function as-is and deploy a second Cloud Function with the new API. Use Cloud Endpoints to provide an API gateway that exposes a versioned API.

Re-deploy the Cloud Function after making code changes to support the new API. Requests for both versions of the API are fulfilled based on a version identifier included in the call.

Reboot the machine.

Enable and check the serial port output.

Delete the machine and create a new one.

Take a snapshot of the disk and attach it to a new machine.

 Create a collection for the rooms. For each room, create a document that lists the contents of the messages

 Create a collection for the rooms. For each room, create a collection that contains a document for each message

 Create a collection for the rooms. For each room, create a document that contains a collection for documents, each of which contains a message.

 Create a collection for the rooms, and create a document for each room. Create a separate collection for messages, with one document per message. Each room’s document contains a list of references to the messages.

Use the HBase API, Redis API, and MySQL connection to retrieve database lists. Combine the results, and then apply the filter to display the results

Use the HBase API, Redis API, and MySQL connection to retrieve database lists. Filter the results individually, and then combine them to display the results

Run gcloud bigtable instances list, gcloud redis instances list, and gcloud sql databases list. Use a filter within the application, and then display the results

Run gcloud bigtable instances list, gcloud redis instances list, and gcloud sql databases list. Use --filter flag with each command, and then display the results

Your Memorystore for Redis instance was deployed without a public IP address.

You configured your Serverless VPC Access connector in a different region than your App Engine instance.

The firewall rule allowing a connection between App Engine and Memorystore was removed during an infrastructure update by the DevOps team.

You configured your application to use a Serverless VPC Access connector on a different subnet in a different availability zone than your App Engine instance.

Vertical Pod Autoscaler in Auto mode

Vertical Pod Autoscaler in Recommendation mode

Horizontal Pod Autoscaler based on an external metric

Horizontal Pod Autoscaler based on resources utilization

Use Traffic Director with a sidecar proxy to connect the application to the service.

Use a proxyless Traffic Director configuration to connect the application to the service.

Configure the legacy service's firewall to allow health checks originating from the proxy.

Configure the legacy service's firewall to allow health checks originating from the application.

Configure the legacy service's firewall to allow health checks originating from the Traffic Director control plane.

Create an object with the name of the subdirectory ending with a trailing slash ('/') that is zero bytes in length.

Create an object with the name of the subdirectory, and then immediately delete the object within that subdirectory.

Create an object with the name of the subdirectory that is zero bytes in length and has WRITER access control list permission.

Create an object with the name of the subdirectory that is zero bytes in length. Set the Content-Type metadata to CLOUDSTORAGE_FOLDER.

Option A

Option B

Option C

Option D

Option E

Enable Identity-Aware Proxy in your project. Secure function access using its permissions.

Create a service account with the Cloud Functions Viewer role. Use that service account to invoke the function.

Create a service account with the Cloud Functions Invoker role. Use that service account to invoke the function.

Create an OAuth 2.0 client ID for your calling service in the same project as the function you want to secure. Use those credentials to invoke the function.

Option A

Option B

Option C

Option D

Deploy each microservice as a Deployment. Expose the Deployment in the cluster using a Service, and use the Service DNS name to address it from other microservices within the cluster.

Deploy each microservice as a Deployment. Expose the Deployment in the cluster using an Ingress, and use the Ingress IP address to address the Deployment from other microservices within the cluster.

Deploy each microservice as a Pod. Expose the Pod in the cluster using a Service, and use the Service DNS name to address the microservice from other microservices within the cluster.

Deploy each microservice as a Pod. Expose the Pod in the cluster using an Ingress, and use the Ingress IP address name to address the Pod from other microservices within the cluster.

Take frequent snapshots of all of the VMs.

Install the Stackdriver Logging agent on the VMs.

Install the Stackdriver Monitoring agent on the VMs.

Use Stackdriver Trace to look for performance bottlenecks.

Create an API key. Use the API key to interact with Google Cloud.

Use the default compute service account to interact with Google Cloud.

Create a service account for the application. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.

Create a service account for the application and for each Google Cloud API used by the application. Export and deploy the private keys used by the application. Use the service account with one Google Cloud API to interact with Google Cloud.

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

Cloud Spanner

Cloud Datastore

Cloud Memorystore as a cache

Separate Cloud SQL clusters for each region

Use local SSDs to store state.

Put a memcache layer in front of MySQL.

Move the state storage to Cloud Spanner.

Replace the MySQL instance with Cloud SQL.

Use Google App Engine services.

Use serverless Google Cloud Functions.

Use Knative to build and deploy serverless applications.

Use Google Kubernetes Engine for automated deployments.

Use a large Google Compute Engine cluster for deployments.

Create new Cloud SQL instances in Europe and North America for testing and deployment. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Bigtable. Instruct the development teams to use the Cloud SDK to emulate a local Bigtable development environment.

Move from Cloud SQL to MySQL hosted on Compute Engine. Replicate hosts across regions in the Americas and Europe. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Firestore in Native mode and set up instan

Create manual subnets.

Create an auto mode subnet.

Create multiple peered VPCs.

Provision a single instance for NAT.

Cloud Armor

Cloud Functions

Cloud Endpoints

Shielded Virtual Machines

Use Google Kubernetes Engine (GKE) to run the application as a microservice. Run the MySQL database on a dedicated GKE node.

Use multiple Compute Engine instances to run MySQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use Memorystore to store session information and CloudSQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use a Cloud Storage bucket to serve the application as a static website, and use another Cloud Storage bucket to store user state information.

Use App Engine for autoscaling.

Use Cloud Functions for autoscaling.

Use a Compute Engine cluster for the service.

Use a dedicated Compute Engine virtual machine instance for the service.