March Sale Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Google Professional-Cloud-Developer Google Certified Professional - Cloud Developer Exam Practice Test

Page: 1 / 25
Total 254 questions

Google Certified Professional - Cloud Developer Questions and Answers

Question 1

Which service should HipLocal use for their public APIs?

Options:

A.

Cloud Armor

B.

Cloud Functions

C.

Cloud Endpoints

D.

Shielded Virtual Machines

Question 2

HipLocal's APIs are showing occasional failures, but they cannot find a pattern. They want to collect some

metrics to help them troubleshoot.

What should they do?

Options:

A.

Take frequent snapshots of all of the VMs.

B.

Install the Stackdriver Logging agent on the VMs.

C.

Install the Stackdriver Monitoring agent on the VMs.

D.

Use Stackdriver Trace to look for performance bottlenecks.

Question 3

For this question, refer to the HipLocal case study.

HipLocal's application uses Cloud Client Libraries to interact with Google Cloud. HipLocal needs to configure authentication and authorization in the Cloud Client Libraries to implement least privileged access for the application. What should they do?

Options:

A.

Create an API key. Use the API key to interact with Google Cloud.

B.

Use the default compute service account to interact with Google Cloud.

C.

Create a service account for the application. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.

D.

Create a service account for the application and for each Google Cloud API used by the application. Export and deploy the private keys used by the application. Use the service account with one Google Cloud API to interact with Google Cloud.

Question 4

In order to meet their business requirements, how should HipLocal store their application state?

Options:

A.

Use local SSDs to store state.

B.

Put a memcache layer in front of MySQL.

C.

Move the state storage to Cloud Spanner.

D.

Replace the MySQL instance with Cloud SQL.

Question 5

For this question, refer to the HipLocal case study.

How should HipLocal redesign their architecture to ensure that the application scales to support a large increase in users?

Options:

A.

Use Google Kubernetes Engine (GKE) to run the application as a microservice. Run the MySQL database on a dedicated GKE node.

B.

Use multiple Compute Engine instances to run MySQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

C.

Use Memorystore to store session information and CloudSQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

D.

Use a Cloud Storage bucket to serve the application as a static website, and use another Cloud Storage bucket to store user state information.

Question 6

For this question, refer to the HipLocal case study.

Which Google Cloud product addresses HipLocal’s business requirements for service level indicators and objectives?

Options:

A.

Cloud Profiler

B.

Cloud Monitoring

C.

Cloud Trace

D.

Cloud Logging

Question 7

For this question, refer to the HipLocal case study.

How should HipLocal increase their API development speed while continuing to provide the QA team with a stable testing environment that meets feature requirements?

Options:

A.

Include unit tests in their code, and prevent deployments to QA until all tests have a passing status.

B.

Include performance tests in their code, and prevent deployments to QA until all tests have a passing status.

C.

Create health checks for the QA environment, and redeploy the APIs at a later time if the environment is unhealthy.

D.

Redeploy the APIs to App Engine using Traffic Splitting. Do not move QA traffic to the new versions if errors are found.

Question 8

HipLocal is configuring their access controls.

Which firewall configuration should they implement?

Options:

A.

Block all traffic on port 443.

B.

Allow all traffic into the network.

C.

Allow traffic on port 443 for a specific tag.

D.

Allow all traffic on port 443 into the network.

Question 9

Which service should HipLocal use to enable access to internal apps?

Options:

A.

Cloud VPN

B.

Cloud Armor

C.

Virtual Private Cloud

D.

Cloud Identity-Aware Proxy

Question 10

Which database should HipLocal use for storing user activity?

Options:

A.

BigQuery

B.

Cloud SQL

C.

Cloud Spanner

D.

Cloud Datastore

Question 11

HipLocal’s data science team wants to analyze user reviews.

How should they prepare the data?

Options:

A.

Use the Cloud Data Loss Prevention API for redaction of the review dataset.

B.

Use the Cloud Data Loss Prevention API for de-identification of the review dataset.

C.

Use the Cloud Natural Language Processing API for redaction of the review dataset.

D.

Use the Cloud Natural Language Processing API for de-identification of the review dataset.

Question 12

For this question, refer to the HipLocal case study.

A recent security audit discovers that HipLocal’s database credentials for their Compute Engine-hosted MySQL databases are stored in plain text on persistent disks. HipLocal needs to reduce the risk of these credentials being stolen. What should they do?

Options:

A.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

B.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

C.

Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

D.

Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

Question 13

For this question, refer to the HipLocal case study.

HipLocal is expanding into new locations. They must capture additional data each time the application is launched in a new European country. This is causing delays in the development process due to constant schema changes and a lack of environments for conducting testing on the application changes. How should they resolve the issue while meeting the business requirements?

Options:

A.

Create new Cloud SQL instances in Europe and North America for testing and deployment. Provide developers with local MySQL instances to conduct testing on the application changes.

B.

Migrate data to Bigtable. Instruct the development teams to use the Cloud SDK to emulate a local Bigtable development environment.

C.

Move from Cloud SQL to MySQL hosted on Compute Engine. Replicate hosts across regions in the Americas and Europe. Provide developers with local MySQL instances to conduct testing on the application changes.

D.

Migrate data to Firestore in Native mode and set up instan

Question 14

HipLocal's.net-based auth service fails under intermittent load.

What should they do?

Options:

A.

Use App Engine for autoscaling.

B.

Use Cloud Functions for autoscaling.

C.

Use a Compute Engine cluster for the service.

D.

Use a dedicated Compute Engine virtual machine instance for the service.

Question 15

HipLocal has connected their Hadoop infrastructure to GCP using Cloud Interconnect in order to query data stored on persistent disks.

Which IP strategy should they use?

Options:

A.

Create manual subnets.

B.

Create an auto mode subnet.

C.

Create multiple peered VPCs.

D.

Provision a single instance for NAT.

Question 16

HipLocal wants to improve the resilience of their MySQL deployment, while also meeting their business and technical requirements.

Which configuration should they choose?

Options:

A.

Use the current single instance MySQL on Compute Engine and several read-only MySQL servers on

Compute Engine.

B.

Use the current single instance MySQL on Compute Engine, and replicate the data to Cloud SQL in an

external master configuration.

C.

Replace the current single instance MySQL instance with Cloud SQL, and configure high availability.

D.

Replace the current single instance MySQL instance with Cloud SQL, and Google provides redundancy

without further configuration.

Question 17

HipLocal wants to reduce the number of on-call engineers and eliminate manual scaling.

Which two services should they choose? (Choose two.)

Options:

A.

Use Google App Engine services.

B.

Use serverless Google Cloud Functions.

C.

Use Knative to build and deploy serverless applications.

D.

Use Google Kubernetes Engine for automated deployments.

E.

Use a large Google Compute Engine cluster for deployments.

Question 18

In order for HipLocal to store application state and meet their stated business requirements, which database service should they migrate to?

Options:

A.

Cloud Spanner

B.

Cloud Datastore

C.

Cloud Memorystore as a cache

D.

Separate Cloud SQL clusters for each region

Question 19

For this question refer to the HipLocal case study.

HipLocal wants to reduce the latency of their services for users in global locations. They have created read replicas of their database in locations where their users reside and configured their service to read traffic using those replicas. How should they further reduce latency for all database interactions with the least amount of effort?

Options:

A.

Migrate the database to Bigtable and use it to serve all global user traffic.

B.

Migrate the database to Cloud Spanner and use it to serve all global user traffic.

C.

Migrate the database to Firestore in Datastore mode and use it to serve all global user traffic.

D.

Migrate the services to Google Kubernetes Engine and use a load balancer service to better scale the application.

Question 20

You are planning to add unit tests to your application. You need to be able to assert that published Pub/Sub messages are processed by your subscriber in order. You want the unit tests to be cost-effective and reliable. What should you do?

Options:

A.

Implement a mocking framework.

B.

Create a topic and subscription for each tester.

C.

Add a filter by tester to the subscription.

D.

Use the Pub/Sub emulator.

Question 21

Your team is setting up a build pipeline for an application that will run in Google Kubernetes Engine (GKE). For security reasons, you only want images produced by the pipeline to be deployed to your GKE cluster. Which combination of Google Cloud services should you use?

Options:

A.

Google Cloud Deploy. Artifact Registry, and Google Cloud Armor

B.

Google Cloud Deploy, Cloud Storage and Google Cloud Armor

C.

Cloud Build, Cloud Storage, and Binary Authorization

D.

Cloud Build. Artifact Registry and Binary Authorization

Question 22

Your security team is auditing all deployed applications running in Google Kubernetes Engine. After completing the audit, your team discovers that some of the applications send traffic within the cluster in clear text. You need to ensure that all application traffic is encrypted as quickly as possible while minimizing changes to your applications and maintaining support from Google. What should you do?

Options:

A.

Use Network Policies to block traffic between applications.

B.

Install Istio, enable proxy injection on your application namespace, and then enable mTLS.

C.

Define Trusted Network ranges within the application, and configure the applications to allow traffic only from those networks.

D.

Use an automated process to request SSL Certificates for your applications from Let’s Encrypt and add them to your applications.

Question 23

You are developing a web application that contains private images and videos stored in a Cloud Storage bucket. Your users are anonymous and do not have Google Accounts. You want to use your application-specific logic to control access to the images and videos. How should you configure access?

Options:

A.

Cache each web application user's IP address to create a named IP table using Google Cloud Armor. Create a Google Cloud Armor security policy that allows users to access the backend bucket.

B.

Grant the Storage Object Viewer IAM role to allUsers. Allow users to access the bucket after authenticating through your web application.

C.

Configure Identity-Aware Proxy (IAP) to authenticate users into the web application. Allow users to access the bucket after authenticating through IAP.

D.

Generate a signed URL that grants read access to the bucket. Allow users to access the URL after authenticating through your web application.

Question 24

You are using Cloud Build for your CI/CD pipeline to complete several tasks, including copying certain files to Compute Engine virtual machines. Your pipeline requires a flat file that is generated in one builder in the pipeline to be accessible by subsequent builders in the same pipeline. How should you store the file so that all the builders in the pipeline can access it?

Options:

A.

Store and retrieve the file contents using Compute Engine instance metadata.

B.

Output the file contents to a file in /workspace. Read from the same /workspace file in the subsequent build step.

C.

Use gsutil to output the file contents to a Cloud Storage object. Read from the same object in the subsequent build step.

D.

Add a build argument that runs an HTTP POST via curl to a separate web server to persist the value in one builder. Use an HTTP GET via curl from the subsequent build step to read the value.

Question 25

You are working on a new application that is deployed on Cloud Run and uses Cloud Functions Each time new features are added, new Cloud Functions and Cloud Run services are deployed You use ENV variables to keep track of the services and enable interservice communication but the maintenance of the ENV variables has become difficult. You want to implement dynamic discovery in a scalable way. What should you do?

Options:

A.

Create a Service Directory Namespace Use API calls to register the services during deployment, and query during runtime.

B.

Configure your microservices to use the Cloud Run Admin and Cloud Functions APIs to query for deployed Cloud Run services and Cloud Functions in the Google Cloud project.

C.

Deploy Hashicorp Consul on a single Compute Engine Instance Register the services with Consul during deployment and query during runtime

D.

Rename the Cloud Functions and Cloud Run services endpoints using a well-documented naming

convention

Question 26

Your development team has built several Cloud Functions using Java along with corresponding integration and service tests. You are building and deploying the functions and launching the tests using Cloud Build. Your Cloud Build job is reporting deployment failures immediately after successfully validating the code. What should you do?

Options:

A.

Check the maximum number of Cloud Function instances.

B.

Verify that your Cloud Build trigger has the correct build parameters.

C.

Retry the tests using the truncated exponential backoff polling strategy.

D.

Verify that the Cloud Build service account is assigned the Cloud Functions Developer role.

Question 27

Your application is logging to Stackdriver. You want to get the count of all requests on all /api/alpha/*

endpoints.

What should you do?

Options:

A.

Add a Stackdriver counter metric for path:/api/alpha/.

B.

Add a Stackdriver counter metric for endpoint:/api/alpha/*.

C.

Export the logs to Cloud Storage and count lines matching /api/alphA.

D.

Export the logs to Cloud Pub/Sub and count lines matching /api/alphA.

Question 28

You plan to make a simple HTML application available on the internet. This site keeps information about FAQs for your application. The application is static and contains images, HTML, CSS, and Javascript. You want to make this application available on the internet with as few steps as possible.

What should you do?

Options:

A.

Upload your application to Cloud Storage.

B.

Upload your application to an App Engine environment.

C.

Create a Compute Engine instance with Apache web server installed. Configure Apache web server to

host the application.

D.

Containerize your application first. Deploy this container to Google Kubernetes Engine (GKE) and assign

an external IP address to the GKE pod hosting the application.

Question 29

Your application performs well when tested locally, but it runs significantly slower when you deploy it to App Engine standard environment. You want to diagnose the problem. What should you do?

Options:

A.

File a ticket with Cloud Support indicating that the application performs faster locally.

B.

Use Stackdriver Debugger Snapshots to look at a point-in-time execution of the application.

C.

Use Stackdriver Trace to determine which functions within the application have higher latency.

D.

Add logging commands to the application and use Stackdriver Logging to check where the latency problem occurs.

Question 30

You have written a Cloud Function that accesses other Google Cloud resources. You want to secure the environment using the principle of least privilege. What should you do?

Options:

A.

Create a new service account that has Editor authority to access the resources. The deployer is given permission to get the access token.

B.

Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to get the access token.

C.

Create a new service account that has Editor authority to access the resources. The deployer is given permission to act as the new service account.

D.

Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to act as the new service account.

Question 31

You are developing a new application that has the following design requirements:

Creation and changes to the application infrastructure are versioned and auditable.

The application and deployment infrastructure uses Google-managed services as much as possible.

The application runs on a serverless compute platform.

How should you design the application’s architecture?

Options:

A.

1. Store the application and infrastructure source code in a Git repository.

2. Use Cloud Build to deploy the application infrastructure with Terraform.

3. Deploy the application to a Cloud Function as a pipeline step.

B.

1. Deploy Jenkins from the Google Cloud Marketplace, and define a continuous integration pipeline in Jenkins.

2. Configure a pipeline step to pull the application source code from a Git repository.

3. Deploy the application source code to App Engine as a pipeline step.

C.

1. Create a continuous integration pipeline on Cloud Build, and configure the pipeline to deploy the application infrastructure using Deployment Manager templates.

2. Configure a pipeline step to create a container with the latest application source code.

3. Deploy the container to a Compute Engine instance as a pipeline step.

D.

1. Deploy the application infrastructure using gcloud commands.

2. Use Cloud Build to define a continuous integration pipeline for changes to the application source code.

3. Configure a pipeline step to pull the application source code from a Git repository, and create a containerized application.

4. Deploy the new container on Cloud Run as a pipeline step.

Question 32

Your team develops services that run on Google Kubernetes Engine. You need to standardize their log data using Google-recommended practices and make the data more useful in the fewest number of steps. What should you do? (Choose two.)

Options:

A.

Create aggregated exports on application logs to BigQuery to facilitate log analytics.

B.

Create aggregated exports on application logs to Cloud Storage to facilitate log analytics.

C.

Write log output to standard output (stdout) as single-line JSON to be ingested into Cloud Logging as structured logs.

D.

Mandate the use of the Logging API in the application code to write structured logs to Cloud Logging.

E.

Mandate the use of the Pub/Sub API to write structured data to Pub/Sub and create a Dataflow streaming pipeline to normalize logs and write them to BigQuery for analytics.

Question 33

You are deploying a microservices application to Google Kubernetes Engine (GKE). The application will receive daily updates. You expect to deploy a large number of distinct containers that will run on the Linux operating system (OS). You want to be alerted to any known OS vulnerabilities in the new containers. You want to follow Google-recommended best practices. What should you do?

Options:

A.

Use the gcloud CLI to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.

B.

Enable Container Analysis, and upload new container images to Artifact Registry. Review the vulnerability results before each deployment.

C.

Enable Container Analysis, and upload new container images to Artifact Registry. Review the critical vulnerability results before each deployment.

D.

Use the Container Analysis REST API to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.

Question 34

You are designing a deployment technique for your new applications on Google Cloud. As part of your deployment planning, you want to use live traffic to gather performance metrics for both new and existing applications. You need to test against the full production load prior to launch. What should you do?

Options:

A.

Use canary deployment

B.

Use blue/green deployment

C.

Use rolling updates deployment

D.

Use A/B testing with traffic mirroring during deployment

Question 35

You are deploying your application to a Compute Engine virtual machine instance. Your application is

configured to write its log files to disk. You want to view the logs in Stackdriver Logging without changing the

application code.

What should you do?

Options:

A.

Install the Stackdriver Logging Agent and configure it to send the application logs.

B.

Use a Stackdriver Logging Library to log directly from the application to Stackdriver Logging.

C.

Provide the log file folder path in the metadata of the instance to configure it to send the application logs.

D.

Change the application to log to /var/log so that its logs are automatically sent to Stackdriver Logging.

Question 36

Your application is deployed on hundreds of Compute Engine instances in a managed instance group (MIG) in multiple zones. You need to deploy a new instance template to fix a critical vulnerability immediately but must avoid impact to your service. What setting should be made to the MIG after updating the instance template?

Options:

A.

Set the Max Surge to 100%.

B.

Set the Update mode to Opportunistic.

C.

Set the Maximum Unavailable to 100%.

D.

Set the Minimum Wait time to 0 seconds.

Question 37

You are developing an application that needs to store files belonging to users in Cloud Storage. You want each user to have their own subdirectory in Cloud Storage. When a new user is created, the corresponding empty subdirectory should also be created. What should you do?

Options:

A.

Create an object with the name of the subdirectory ending with a trailing slash ('/') that is zero bytes in length.

B.

Create an object with the name of the subdirectory, and then immediately delete the object within that subdirectory.

C.

Create an object with the name of the subdirectory that is zero bytes in length and has WRITER access control list permission.

D.

Create an object with the name of the subdirectory that is zero bytes in length. Set the Content-Type metadata to CLOUDSTORAGE_FOLDER.

Page: 1 / 25
Total 254 questions