Halloween Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: chrismas

Professional-Cloud-DevOps-Engineer Google Cloud Certified - Professional Cloud DevOps Engineer Exam Questions and Answers

Questions 4

Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to the production environment. A recent security audit alerted your team that the code pushed to production could contain vulnerabilities and that the existing tooling around virtual machine (VM) vulnerabilities no longer applies to the containerized environment. You need to ensure the security and patch level of all code running through the pipeline. What should you do?

Options:

A.

Set up Container Analysis to scan and report Common Vulnerabilities and Exposures.

B.

Configure the containers in the build pipeline to always update themselves before release.

C.

Reconfigure the existing operating system vulnerability software to exist inside the container.

D.

Implement static code analysis tooling against the Docker files used to create the containers.

Buy Now
Questions 5

You are creating and assigning action items in a postmodern for an outage. The outage is over, but you need to address the root causes. You want to ensure that your team handles the action items quickly and efficiently. How should you assign owners and collaborators to action items?

Options:

A.

Assign one owner for each action item and any necessary collaborators.

B.

Assign multiple owners for each item to guarantee that the team addresses items quickly

C.

Assign collaborators but no individual owners to the items to keep the postmortem blameless.

D.

Assign the team lead as the owner for all action items because they are in charge of the SRE team.

Buy Now
Questions 6

Your company recently migrated to Google Cloud. You need to design a fast, reliable, and repeatable solution for your company to provision new projects and basic resources in Google Cloud. What should you do?

Options:

A.

Use the Google Cloud console to create projects.

B.

Write a script by using the gcloud CLI that passes the appropriate parameters from the request. Save the script in a Git repository.

C.

Write a Terraform module and save it in your source control repository. Copy and run the apply command to create the new project.

D.

Use the Terraform repositories from the Cloud Foundation Toolkit. Apply the code with appropriate parameters to create the Google Cloud project and related resources.

Buy Now
Questions 7

You are responsible for creating and modifying the Terraform templates that define your Infrastructure. Because two new engineers will also be working on the same code, you need to define a process and adopt a tool that will prevent you from overwriting each other's code. You also want to ensure that you capture all updates in the latest version. What should you do?

Options:

A.

• Store your code in a Git-based version control system.

• Establish a process that allows developers to merge their own changes at the end of each day.

• Package and upload code lo a versioned Cloud Storage bucket as the latest master version.

B.

• Store your code in a Git-based version control system.

• Establish a process that includes code reviews by peers and unit testing to ensure integrity and functionality before integration of code.

• Establish a process where the fully integrated code in the repository becomes the latest master version.

C.

• Store your code as text files in Google Drive in a defined folder structure that organizes the files.

• At the end of each day. confirm that all changes have been captured in the files within the folder structure.

• Rename the folder structure with a predefined naming convention that increments the version.

D.

• Store your code as text files in Google Drive in a defined folder structure that organizes the files.

• At the end of each day, confirm that all changes have been captured in the files within the folder structure and create a new .zip archive with a predefined naming convention.

• Upload the .zip archive to a versioned Cloud Storage bucket and accept it as the latest version.

Buy Now
Questions 8

You are building an application that runs on Cloud Run The application needs to access a third-party API by using an API key You need to determine a secure way to store and use the API key in your application by following Google-recommended practices What should you do?

Options:

A.

Save the API key in Secret Manager as a secret Reference the secret as an environment variable in the Cloud Run application

B.

Save the API key in Secret Manager as a secret key Mount the secret key under the /sys/api_key directory and decrypt the key in the Cloud Run application

C.

Save the API key in Cloud Key Management Service (Cloud KMS) as a key Reference the key as an environment variable in the Cloud Run application

D.

Encrypt the API key by using Cloud Key Management Service (Cloud KMS) and pass the key to Cloud Run as an environment variable Decrypt and use the key in Cloud Run

Buy Now
Questions 9

You need to run a business-critical workload on a fixed set of Compute Engine instances for several months. The workload is stable with the exact amount of resources allocated to it. You want to lower the costs for this workload without any performance implications. What should you do?

Options:

A.

Purchase Committed Use Discounts.

B.

Migrate the instances to a Managed Instance Group.

C.

Convert the instances to preemptible virtual machines.

D.

Create an Unmanaged Instance Group for the instances used to run the workload.

Buy Now
Questions 10

You manage an application that runs in Google Kubernetes Engine (GKE) and uses the blue/green deployment methodology Extracts of the Kubernetes manifests are shown below

Professional-Cloud-DevOps-Engineer Question 10

The Deployment app-green was updated to use the new version of the application During post-deployment monitoring you notice that the majority of user requests are failing You did not observe this behavior in the testing environment You need to mitigate the incident impact on users and enable the developers to troubleshoot the issue What should you do?

Options:

A.

Update the Deployment app-blue to use the new version of the application

B.

Update the Deployment ape-green to use the previous version of the application

C.

Change the selector on the Service app-2vc to app: my-app.

D.

Change the selector on the Service app-svc to app: my-app, version: blue

Buy Now
Questions 11

You need to define Service Level Objectives (SLOs) for a high-traffic multi-region web application. Customers expect the application to always be available and have fast response times. Customers are currently happy with the application performance and availability. Based on current measurement, you observe that the 90th percentile of latency is 120ms and the 95th percentile of latency is 275ms over a 28-day window. What latency SLO would you recommend to the team to publish?

Options:

A.

90th percentile – 100ms

95th percentile – 250ms

B.

90th percentile – 120ms

95th percentile – 275ms

C.

90th percentile – 150ms

95th percentile – 300ms

D.

90th percentile – 250ms

95th percentile – 400ms

Buy Now
Questions 12

The new version of your containerized application has been tested and is ready to be deployed to production on Google Kubernetes Engine (GKE) You could not fully load-test the new version in your pre-production environment and you need to ensure that the application does not have performance problems after deployment Your deployment must be automated What should you do?

Options:

A.

Deploy the application through a continuous delivery pipeline by using canary deployments Use Cloud Monitoring to look for performance issues, and ramp up traffic as supported by the metrics

B.

Deploy the application through a continuous delivery pipeline by using blue/green deployments Migrate traffic to the new version of the application and use Cloud Monitoring to look for performance issues

C.

Deploy the application by using kubectl and use Config Connector to slowly ramp up traffic between versions. Use Cloud Monitoring to look for performance issues

D.

Deploy the application by using kubectl and set the spec. updatestrategy. type field to RollingUpdate Use Cloud Monitoring to look for performance issues, and run the kubectl rollback command if there are any issues.

Buy Now
Questions 13

You have a CI/CD pipeline that uses Cloud Build to build new Docker images and push them to Docker Hub. You use Git for code versioning. After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline. You need to resolve the issue following Site Reliability Engineering practices. What should you do?

Options:

A.

Disable the CI pipeline and revert to manually building and pushing the artifacts.

B.

Change the CI pipeline to push the artifacts to Container Registry instead of Docker Hub.

C.

Upload the configuration YAML file to Cloud Storage and use Error Reporting to identify and fix the issue.

D.

Run a Git compare between the previous and current Cloud Build Configuration files to find and fix the bug.

Buy Now
Questions 14

Your organization is starting to containerize with Google Cloud. You need a fully managed storage solution for container images and Helm charts. You need to identify a storage solution that has native integration into existing Google Cloud services, including Google Kubernetes Engine (GKE), Cloud Run, VPC Service Controls, and Identity and Access Management (IAM). What should you do?

Options:

A.

Use Docker to configure a Cloud Storage driver pointed at the bucket owned by your organization.

B.

Configure Container Registry as an OCI-based container registry for container images.

C.

Configure Artifact Registry as an OCI-based container registry for both Helm charts and container images.

D.

Configure an open source container registry server to run in GKE with a restrictive role-based access control (RBAC) configuration.

Buy Now
Questions 15

You have deployed a fleet Of Compute Engine instances in Google Cloud. You need to ensure that monitoring metrics and logs for the instances are visible in Cloud Logging and Cloud Monitoring by your company's operations and cyber

security teams. You need to grant the required roles for the Compute Engine service account by using Identity and Access Management (IAM) while following the principle of least privilege. What should you do?

Options:

A.

Grant the logging.editor and monitoring.metricwriter roles to the Compute Engine service accounts.

B.

Grant the Logging. admin and monitoring . editor roles to the Compute Engine service accounts.

C.

Grant the logging. logwriter and monitoring. editor roles to the Compute Engine service accounts.

D.

Grant the logging. logWriter and monitoring. metricWriter roles to the Compute Engine service accounts.

Buy Now
Questions 16

You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?

Options:

A.

Grant the team members the IAM role of logging.configWriter on Cloud IAM.

B.

Configure Access Context Manager to allow only these members to export logs.

C.

Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.

D.

Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.

Buy Now
Questions 17

You created a Stackdriver chart for CPU utilization in a dashboard within your workspace project. You want to share the chart with your Site Reliability Engineering (SRE) team only. You want to ensure you follow the principle of least privilege. What should you do?

Options:

A.

Share the workspace Project ID with the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.

B.

Share the workspace Project ID with the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.

C.

Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.

D.

Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.

Buy Now
Questions 18

You are developing reusable infrastructure as code modules. Each module contains integration tests that launch the module in a test project. You are using GitHub for source control. You need to Continuously test your feature branch and ensure that all code is tested before changes are accepted. You need to implement a solution to automate the integration tests. What should you do?

Options:

A.

Use a Jenkins server for Cl/CD pipelines. Periodically run all tests in the feature branch.

B.

Use Cloud Build to run the tests. Trigger all tests to run after a pull request is merged.

C.

Ask the pull request reviewers to run the integration tests before approving the code.

D.

Use Cloud Build to run tests in a specific folder. Trigger Cloud Build for every GitHub pull request.

Buy Now
Questions 19

You are performing a semi-annual capacity planning exercise for your flagship service You expect a service user growth rate of 10% month-over-month for the next six months Your service is fully containerized and runs on a Google Kubemetes Engine (GKE) standard cluster across three zones with cluster autoscaling enabled You currently consume about 30% of your total deployed CPU capacity and you require resilience against the failure of a zone. You want to ensure that your users experience minimal negative impact as a result of this growth o' as a result of zone failure while you avoid unnecessary costs How should you prepare to handle the predicted growth?

Options:

A.

Verify the maximum node pool size enable a Horizontal Pod Autoscaler and then perform a load lest to verify your expected resource needs

B.

Because you deployed the service on GKE and are using a cluster autoscaler your GKE cluster will scale automatically regardless of growth rate

C.

Because you are only using 30% of deployed CPU capacity there is significant headroom and you do not need to add any additional capacity for this rate of growth

D.

Proactively add 80% more node capacity to account for six months of 10% growth rate and then perform a load test to ensure that you have enough capacity

Buy Now
Questions 20

You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (Pll) is leaking into certain log entry fields. All Pll entries begin with the text userinfo. You want to capture these log entries in a secure location for later review and prevent them from leaking to Stackdriver Logging. What should you do?

Options:

A.

Create a basic log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.

B.

Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, and then copy the entries to a Cloud Storage bucket.

C.

Create an advanced log filter matching userinfo, configure a log export in the Stackdriver console with Cloud Storage as a sink, and then configure a tog exclusion with userinfo as a filter.

D.

Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, create an advanced log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.

Buy Now
Questions 21

You are deploying an application to Cloud Run. The application requires a password to start. Your organization requires that all passwords are rotated every 24 hours, and your application must have the latest password. You need to deploy the application with no downtime. What should you do?

Options:

A.

Store the password in Secret Manager and send the secret to the application by using environment variables.

B.

Store the password in Secret Manager and mount the secret as a volume within the application.

C.

Use Cloud Build to add your password into the application container at build time. Ensure that Artifact Registry is secured from public access.

D.

Store the password directly in the code. Use Cloud Build to rebuild and deploy the application each time the password changes.

Buy Now
Questions 22

Your Cloud Run application writes unstructured logs as text strings to Cloud Logging. You want to convert the unstructured logs to JSON-based structured logs. What should you do?

Options:

A.

A Install a Fluent Bit sidecar container, and use a JSON parser.

B.

Install the log agent in the Cloud Run container image, and use the log agent to forward logs to Cloud Logging.

C.

Configure the log agent to convert log text payload to JSON payload.

D.

Modify the application to use Cloud Logging software development kit (SDK), and send log entries with a jsonPay10ad field.

Buy Now
Questions 23

You support a large service with a well-defined Service Level Objective (SLO). The development team deploys new releases of the service multiple times a week. If a major incident causes the service to miss its SLO, you want the development team to shift its focus from working on features to improving service reliability. What should you do before a major incident occurs?

Options:

A.

Develop an appropriate error budget policy in cooperation with all service stakeholders.

B.

Negotiate with the product team to always prioritize service reliability over releasing new features.

C.

Negotiate with the development team to reduce the release frequency to no more than once a week.

D.

Add a plugin to your Jenkins pipeline that prevents new releases whenever your service is out of SLO.

Buy Now
Questions 24

Your organization is using Helm to package containerized applications Your applications reference both public and private charts Your security team flagged that using a public Helm repository as a dependency is a risk You want to manage all charts uniformly, with native access control and VPC Service Controls What should you do?

Options:

A.

Store public and private charts in OCI format by using Artifact Registry

B.

Store public and private charts by using GitHub Enterprise with Google Workspace as the identity provider

C.

Store public and private charts by using Git repository Configure Cloud Build to synchronize contents of the repository into a Cloud Storage bucket Connect Helm to the bucket by using https: // [bucket] .srorage.googleapis.com/ [holnchart] as the Helm repository

D.

Configure a Helm chart repository server to run in Google Kubernetes Engine (GKE) with Cloud Storage bucket as the storage backend

Buy Now
Questions 25

Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach. What should you do?

Options:

A.

Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.

B.

Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.

C.

Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.

D.

Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it

Buy Now
Questions 26

You currently store the virtual machine (VM) utilization logs in Stackdriver. You need to provide an easy-to-share interactive VM utilization dashboard that is updated in real time and contains information aggregated on a quarterly basis. You want to use Google Cloud Platform solutions. What should you do?

Options:

A.

1. Export VM utilization logs from Stackdriver to BigOuery.

2. Create a dashboard in Data Studio.

3. Share the dashboard with your stakeholders.

B.

1. Export VM utilization logs from Stackdriver to Cloud Pub/Sub.

2. From Cloud Pub/Sub, send the logs to a Security Information and Event Management (SIEM) system.

3. Build the dashboards in the SIEM system and share with your stakeholders.

C.

1. Export VM utilization logs (rom Stackdriver to BigQuery.

2. From BigQuery. export the logs to a CSV file.

3. Import the CSV file into Google Sheets.

4. Build a dashboard in Google Sheets and share it with your stakeholders.

D.

1. Export VM utilization logs from Stackdriver to a Cloud Storage bucket.

2. Enable the Cloud Storage API to pull the logs programmatically.

3. Build a custom data visualization application.

4. Display the pulled logs in a custom dashboard.

Buy Now
Questions 27

Your company follows Site Reliability Engineering practices. You are the person in charge of Communications for a large, ongoing incident affecting your customer-facing applications. There is still no estimated time for a resolution of the outage. You are receiving emails from internal stakeholders who want updates on the outage, as well as emails from customers who want to know what is happening. You want to efficiently provide updates to everyone affected by the outage. What should you do?

Options:

A.

Focus on responding to internal stakeholders at least every 30 minutes. Commit to "next update" times.

B.

Provide periodic updates to all stakeholders in a timely manner. Commit to a "next update" time in all communications.

C.

Delegate the responding to internal stakeholder emails to another member of the Incident Response Team. Focus on providing responses directly to customers.

D.

Provide all internal stakeholder emails to the Incident Commander, and allow them to manage internal communications. Focus on providing responses directly to customers.

Buy Now
Questions 28

You are creating a CI/CD pipeline to perform Terraform deployments of Google Cloud resources Your CI/CD tooling is running in Google Kubernetes Engine (GKE) and uses an ephemeral Pod for each pipeline run You must ensure that the pipelines that run in the Pods have the appropriate Identity and Access Management (1AM) permissions to perform the Terraform deployments You want to follow Google-recommended practices for identity management What should you do?

Choose 2 answers

Options:

A.

Create a new Kubernetes service account, and assign the service account to the Pods Use Workload Identity to authenticate as the Google service account

B.

Create a new JSON service account key for the Google service account store the key as a Kubernetes secret, inject the key into the Pods, and set the boogle_application_credentials environment variable

C.

Create a new Google service account, and assign the appropriate 1AM permissions

D.

Create a new JSON service account key for the Google service account store the key in the secret management store for the CI/CD tool and configure Terraform to use this key for authentication

E.

Assign the appropriate 1AM permissions to the Google service account associated with the Compute Engine VM instances that run the Pods

Buy Now
Questions 29

You work for a global organization and are running a monolithic application on Compute Engine You need to select the machine type for the application to use that optimizes CPU utilization by using the fewest number of steps You want to use historical system metncs to identify the machine type for the application to use You want to follow Google-recommended practices What should you do?

Options:

A.

Use the Recommender API and apply the suggested recommendations

B.

Create an Agent Policy to automatically install Ops Agent in all VMs

C.

Install the Ops Agent in a fleet of VMs by using the gcloud CLI

D.

Review the Cloud Monitoring dashboard for the VM and choose the machine type with the lowest CPU utilization

Buy Now
Questions 30

Your company is using HTTPS requests to trigger a public Cloud Run-hosted service accessible at the https://booking-engine-abcdef .a.run.app URL You need to give developers the ability to test the latest revisions of the service before the service is exposed to customers What should you do?

Options:

A.

Runthegcioud run deploy booking-engine —no-traffic —-ag dev command Use the https://dev----booking-engine-abcdef. a. run. app URL for testing

B.

Runthegcioud run services update-traffic booking-engine —to-revisions LATEST*! command Use the ht tps: //booking-engine-abcdef. a. run. ape URL for testing

C.

Pass the curl -K "Authorization: Hearer S(gclcud auth print-identity-token)" auth token Use the https: / /booking-engine-abcdef. a. run. app URL to test privately

D.

Grant the roles/run. invoker role to the developers testing the booking-engine service Use the https: //booking-engine-abcdef. private. run. app URL for testing

Buy Now
Questions 31

Your organization uses a change advisory board (CAB) to approve all changes to an existing service You want to revise this process to eliminate any negative impact on the software delivery performance What should you do?

Choose 2 answers

Options:

A.

Replace the CAB with a senior manager to ensure continuous oversight from development to deployment

B.

Let developers merge their own changes but ensure that the team's deployment platform can roll back changes if any issues are discovered

C.

Move to a peer-review based process for individual changes that is enforced at code check-in time and supported by automated tests

D.

Batch changes into larger but less frequent software releases

E.

Ensure that the team's development platform enables developers to get fast feedback on the impact of their changes

Buy Now
Questions 32

You support an application that stores product information in cached memory. For every cache miss, an entry is logged in Stackdriver Logging. You want to visualize how often a cache miss happens over time. What should you do?

Options:

A.

Link Stackdriver Logging as a source in Google Data Studio. Filler (he logs on the cache misses.

B.

Configure Stackdriver Profiler to identify and visualize when the cache misses occur based on the logs.

C.

Create a logs-based metric in Stackdriver Logging and a dashboard for that metric in Stackdriver Monitoring.

D.

Configure BigOuery as a sink for Stackdriver Logging. Create a scheduled query to filter the cache miss logs and write them to a separate table

Buy Now
Questions 33

You are running an application in a virtual machine (VM) using a custom Debian image. The image has the Stackdriver Logging agent installed. The VM has the cloud-platform scope. The application is logging information via syslog. You want to use Stackdriver Logging in the Google Cloud Platform Console to visualize the logs. You notice that syslog is not showing up in the "All logs" dropdown list of the Logs Viewer. What is the first thing you should do?

Options:

A.

Look for the agent's test log entry in the Logs Viewer.

B.

Install the most recent version of the Stackdriver agent.

C.

Verify the VM service account access scope includes the monitoring.write scope.

D.

SSH to the VM and execute the following commands on your VM: ps ax I grep fluentd

Buy Now
Questions 34

You support a Node.js application running on Google Kubernetes Engine (GKE) in production. The application makes several HTTP requests to dependent applications. You want to anticipate which dependent applications might cause performance issues. What should you do?

Options:

A.

Instrument all applications with Stackdriver Profiler.

B.

Instrument all applications with Stackdriver Trace and review inter-service HTTP requests.

C.

Use Stackdriver Debugger to review the execution of logic within each application to instrument all applications.

D.

Modify the Node.js application to log HTTP request and response times to dependent applications. Use Stackdriver Logging to find dependent applications that are performing poorly.

Buy Now
Questions 35

You are managing an application that exposes an HTTP endpoint without using a load balancer. The latency of the HTTP responses is important for the user experience. You want to understand what HTTP latencies all of your users are experiencing. You use Stackdriver Monitoring. What should you do?

Options:

A.

• In your application, create a metric with a metricKind set to DELTA and a valueType set to DOUBLE.

• In Stackdriver's Metrics Explorer, use a Slacked Bar graph to visualize the metric.

B.

• In your application, create a metric with a metricKind set to CUMULATIVE and a valueType set to DOUBLE.

• In Stackdriver's Metrics Explorer, use a Line graph to visualize the metric.

C.

• In your application, create a metric with a metricKind set to gauge and a valueType set to distribution.

• In Stackdriver's Metrics Explorer, use a Heatmap graph to visualize the metric.

D.

• In your application, create a metric with a metricKind. set toMETRlc_KIND_UNSPECIFIEDanda valueType set to INT64.

• In Stackdriver's Metrics Explorer, use a Stacked Area graph to visualize the metric.

Buy Now
Questions 36

You encounter a large number of outages in the production systems you support. You receive alerts for all the outages that wake you up at night. The alerts are due to unhealthy systems that are automatically restarted within a minute. You want to set up a process that would prevent staff burnout while following Site Reliability Engineering practices. What should you do?

Options:

A.

Eliminate unactionable alerts.

B.

Create an incident report for each of the alerts.

C.

Distribute the alerts to engineers in different time zones.

D.

Redefine the related Service Level Objective so that the error budget is not exhausted.

Buy Now
Questions 37

You are configuring connectivity across Google Kubernetes Engine (GKE) clusters in different VPCs You notice that the nodes in Cluster A are unable to access the nodes in Cluster B You suspect that the workload access issue is due to the network configuration You need to troubleshoot the issue but do not have execute access to workloads and nodes You want to identify the layer at which the network connectivity is broken What should you do?

Options:

A.

Install a toolbox container on the node in Cluster A Confirm that the routes to Cluster B are configured appropriately

B.

Use Network Connectivity Center to perform a Connectivity Test from Cluster A to Cluster

C.

Use a debug container to run the traceroute command from Cluster A to Cluster B and from Cluster B to Cluster A Identify the common failure point

D.

Enable VPC Flow Logs in both VPCs and monitor packet drops

Buy Now
Questions 38

You support an application running on App Engine. The application is used globally and accessed from various device types. You want to know the number of connections. You are using Stackdriver Monitoring for App Engine. What metric should you use?

Options:

A.

flex/connections/current

B.

tcp_ssl_proxy/new_connections

C.

tcp_ssl_proxy/open_connections

D.

flex/instance/connections/current

Buy Now
Questions 39

Your application images are built using Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What should you do when you push the image?

Options:

A.

Reference the image digest in the source control tag.

B.

Supply the source control tag as a parameter within the image name.

C.

Use Cloud Build to include the release version tag in the application image.

D.

Use GCR digest versioning to match the image to the tag in source control.

Buy Now
Questions 40

You use a multiple step Cloud Build pipeline to build and deploy your application to Google Kubernetes Engine (GKE). You want to integrate with a third-party monitoring platform by performing a HTTP POST of the build information to a webhook. You want to minimize the development effort. What should you do?

Options:

A.

Add logic to each Cloud Build step to HTTP POST the build information to a webhook.

B.

Add a new step at the end of the pipeline in Cloud Build to HTTP POST the build information to a webhook.

C.

Use Stackdriver Logging to create a logs-based metric from the Cloud Buitd logs. Create an Alert with a Webhook notification type.

D.

Create a Cloud Pub/Sub push subscription to the Cloud Build cloud-builds PubSub topic to HTTP POST the build information to a webhook.

Buy Now
Questions 41

You are on-call for an infrastructure service that has a large number of dependent systems. You receive an alert indicating that the service is failing to serve most of its requests and all of its dependent systems with hundreds of thousands of users are affected. As part of your Site Reliability Engineering (SRE) incident management protocol, you declare yourself Incident Commander (IC) and pull in two experienced people from your team as Operations Lead (OLJ and Communications Lead (CL). What should you do next?

Options:

A.

Look for ways to mitigate user impact and deploy the mitigations to production.

B.

Contact the affected service owners and update them on the status of the incident.

C.

Establish a communication channel where incident responders and leads can communicate with each other.

D.

Start a postmortem, add incident information, circulate the draft internally, and ask internal stakeholders for input.

Buy Now
Questions 42

Your company's security team needs to have read-only access to Data Access audit logs in the _Required bucket You want to provide your security team with the necessary permissions following the principle of least privilege and Google-recommended practices. What should you do?

Options:

A.

Assign the roles/logging, viewer role to each member of the security team

B.

Assign the roles/logging. viewer role to a group with all the security team members

C.

Assign the roles/logging.privateLogViewer role to each member of the security team

D.

Assign the roles/logging.privateLogviewer role to a group with all the security team members

Buy Now
Questions 43

Your company runs applications in Google Kubernetes Engine (GKE) that are deployed following a GitOps methodology.

Application developers frequently create cloud resources to support their applications. You want to give developers the ability to manage infrastructure as code, while ensuring that you follow Google-recommended practices. You need to ensure that infrastructure as code reconciles periodically to avoid configuration drift. What should you do?

Options:

A.

Install and configure Config Connector in Google Kubernetes Engine (GKE).

B.

Configure Cloud Build with a Terraform builder to execute plan and apply commands.

C.

Create a Pod resource with a Terraform docker image to execute terraform plan and terraform apply commands.

D.

Create a Job resource with a Terraform docker image to execute terraforrm plan and terraform apply commands.

Buy Now
Questions 44

You are managing an application that runs in Compute Engine The application uses a custom HTTP server to expose an API that is accessed by other applications through an internal TCP/UDP load balancer A firewall rule allows access to the API port from 0.0.0-0/0. You need to configure Cloud Logging to log each IP address that accesses the API by using the fewest number of steps What should you do Bret?

Options:

A.

Enable Packet Mirroring on the VPC

B.

Install the Ops Agent on the Compute Engine instances.

C.

Enable logging on the firewall rule

D.

Enable VPC Flow Logs on the subnet

Buy Now
Questions 45

You are the on-call Site Reliability Engineer for a microservice that is deployed to a Google Kubernetes Engine (GKE) Autopilot cluster. Your company runs an online store that publishes order messages to Pub/Sub and a microservice receives these messages and updates stock information in the warehousing system. A sales event caused an increase in orders, and the stock information is not being updated quickly enough. This is causing a large number of orders to be accepted for products that are out of stock You check the metrics for the microservice and compare them to typical levels.

Professional-Cloud-DevOps-Engineer Question 45

You need to ensure that the warehouse system accurately reflects product inventory at the time orders are placed and minimize the impact on customers What should you do?

Options:

A.

Decrease the acknowledgment deadline on the subscription

B.

Add a virtual queue to the online store that allows typical traffic levels

C.

Increase the number of Pod replicas

D.

Increase the Pod CPU and memory limits

Buy Now
Questions 46

You support the backend of a mobile phone game that runs on a Google Kubernetes Engine (GKE) cluster. The application is serving HTTP requests from users. You need to implement a solution that will reduce the network cost. What should you do?

Options:

A.

Configure the VPC as a Shared VPC Host project.

B.

Configure your network services on the Standard Tier.

C.

Configure your Kubernetes duster as a Private Cluster.

D.

Configure a Google Cloud HTTP Load Balancer as Ingress.

Buy Now
Exam Name: Google Cloud Certified - Professional Cloud DevOps Engineer Exam
Last Update: Oct 26, 2024
Questions: 162

PDF + Testing Engine

$48  $159.99

Testing Engine

$36  $119.99
buy now Professional-Cloud-DevOps-Engineer testing engine

PDF (Q&A)

$30  $99.99
buy now Professional-Cloud-DevOps-Engineer pdf