Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

DumpsWrap Logo

Google Professional-Cloud-Developer Dumps

Page: 1 / 27
Total 265 questions
Get Professional-Cloud-Developer Full Access Download Professional-Cloud-Developer PDF

Google Certified Professional - Cloud Developer Questions and Answers

Question 1

For this question, refer to the HipLocal case study.

A recent security audit discovers that HipLocal’s database credentials for their Compute Engine-hosted MySQL databases are stored in plain text on persistent disks. HipLocal needs to reduce the risk of these credentials being stolen. What should they do?

Options:

A.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

B.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

C.

Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

D.

Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

Question 2

For this question refer to the HipLocal case study.

HipLocal wants to reduce the latency of their services for users in global locations. They have created read replicas of their database in locations where their users reside and configured their service to read traffic using those replicas. How should they further reduce latency for all database interactions with the least amount of effort?

Options:

A.

Migrate the database to Bigtable and use it to serve all global user traffic.

B.

Migrate the database to Cloud Spanner and use it to serve all global user traffic.

C.

Migrate the database to Firestore in Datastore mode and use it to serve all global user traffic.

D.

Migrate the services to Google Kubernetes Engine and use a load balancer service to better scale the application.

Question 3

For this question, refer to the HipLocal case study.

Which Google Cloud product addresses HipLocal’s business requirements for service level indicators and objectives?

Options:

A.

Cloud Profiler

B.

Cloud Monitoring

C.

Cloud Trace

D.

Cloud Logging

Question 4

HipLocal's.net-based auth service fails under intermittent load.

What should they do?

Options:

A.

Use App Engine for autoscaling.

B.

Use Cloud Functions for autoscaling.

C.

Use a Compute Engine cluster for the service.

D.

Use a dedicated Compute Engine virtual machine instance for the service.

Question 5

In order for HipLocal to store application state and meet their stated business requirements, which database service should they migrate to?

Options:

A.

Cloud Spanner

B.

Cloud Datastore

C.

Cloud Memorystore as a cache

D.

Separate Cloud SQL clusters for each region

Question 6

HipLocal's APIs are showing occasional failures, but they cannot find a pattern. They want to collect some

metrics to help them troubleshoot.

What should they do?

Options:

A.

Take frequent snapshots of all of the VMs.

B.

Install the Stackdriver Logging agent on the VMs.

C.

Install the Stackdriver Monitoring agent on the VMs.

D.

Use Stackdriver Trace to look for performance bottlenecks.

Question 7

HipLocal wants to reduce the number of on-call engineers and eliminate manual scaling.

Which two services should they choose? (Choose two.)

Options:

A.

Use Google App Engine services.

B.

Use serverless Google Cloud Functions.

C.

Use Knative to build and deploy serverless applications.

D.

Use Google Kubernetes Engine for automated deployments.

E.

Use a large Google Compute Engine cluster for deployments.

Question 8

Which database should HipLocal use for storing user activity?

Options:

A.

BigQuery

B.

Cloud SQL

C.

Cloud Spanner

D.

Cloud Datastore

Question 9

For this question, refer to the HipLocal case study.

How should HipLocal redesign their architecture to ensure that the application scales to support a large increase in users?

Options:

A.

Use Google Kubernetes Engine (GKE) to run the application as a microservice. Run the MySQL database on a dedicated GKE node.

B.

Use multiple Compute Engine instances to run MySQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

C.

Use Memorystore to store session information and CloudSQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

D.

Use a Cloud Storage bucket to serve the application as a static website, and use another Cloud Storage bucket to store user state information.

Question 10

Which service should HipLocal use for their public APIs?

Options:

A.

Cloud Armor

B.

Cloud Functions

C.

Cloud Endpoints

D.

Shielded Virtual Machines

Question 11

Which service should HipLocal use to enable access to internal apps?

Options:

A.

Cloud VPN

B.

Cloud Armor

C.

Virtual Private Cloud

D.

Cloud Identity-Aware Proxy

Question 12

HipLocal has connected their Hadoop infrastructure to GCP using Cloud Interconnect in order to query data stored on persistent disks.

Which IP strategy should they use?

Options:

A.

Create manual subnets.

B.

Create an auto mode subnet.

C.

Create multiple peered VPCs.

D.

Provision a single instance for NAT.

Question 13

For this question, refer to the HipLocal case study.

How should HipLocal increase their API development speed while continuing to provide the QA team with a stable testing environment that meets feature requirements?

Options:

A.

Include unit tests in their code, and prevent deployments to QA until all tests have a passing status.

B.

Include performance tests in their code, and prevent deployments to QA until all tests have a passing status.

C.

Create health checks for the QA environment, and redeploy the APIs at a later time if the environment is unhealthy.

D.

Redeploy the APIs to App Engine using Traffic Splitting. Do not move QA traffic to the new versions if errors are found.

Question 14

For this question, refer to the HipLocal case study.

HipLocal is expanding into new locations. They must capture additional data each time the application is launched in a new European country. This is causing delays in the development process due to constant schema changes and a lack of environments for conducting testing on the application changes. How should they resolve the issue while meeting the business requirements?

Options:

A.

Create new Cloud SQL instances in Europe and North America for testing and deployment. Provide developers with local MySQL instances to conduct testing on the application changes.

B.

Migrate data to Bigtable. Instruct the development teams to use the Cloud SDK to emulate a local Bigtable development environment.

C.

Move from Cloud SQL to MySQL hosted on Compute Engine. Replicate hosts across regions in the Americas and Europe. Provide developers with local MySQL instances to conduct testing on the application changes.

D.

Migrate data to Firestore in Native mode and set up instan

Question 15

For this question, refer to the HipLocal case study.

HipLocal's application uses Cloud Client Libraries to interact with Google Cloud. HipLocal needs to configure authentication and authorization in the Cloud Client Libraries to implement least privileged access for the application. What should they do?

Options:

A.

Create an API key. Use the API key to interact with Google Cloud.

B.

Use the default compute service account to interact with Google Cloud.

C.

Create a service account for the application. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.

D.

Create a service account for the application and for each Google Cloud API used by the application. Export and deploy the private keys used by the application. Use the service account with one Google Cloud API to interact with Google Cloud.

Question 16

HipLocal is configuring their access controls.

Which firewall configuration should they implement?

Options:

A.

Block all traffic on port 443.

B.

Allow all traffic into the network.

C.

Allow traffic on port 443 for a specific tag.

D.

Allow all traffic on port 443 into the network.

Question 17

HipLocal’s data science team wants to analyze user reviews.

How should they prepare the data?

Options:

A.

Use the Cloud Data Loss Prevention API for redaction of the review dataset.

B.

Use the Cloud Data Loss Prevention API for de-identification of the review dataset.

C.

Use the Cloud Natural Language Processing API for redaction of the review dataset.

D.

Use the Cloud Natural Language Processing API for de-identification of the review dataset.

Question 18

HipLocal wants to improve the resilience of their MySQL deployment, while also meeting their business and technical requirements.

Which configuration should they choose?

Options:

A.

Use the current single instance MySQL on Compute Engine and several read-only MySQL servers on

Compute Engine.

B.

Use the current single instance MySQL on Compute Engine, and replicate the data to Cloud SQL in an

external master configuration.

C.

Replace the current single instance MySQL instance with Cloud SQL, and configure high availability.

D.

Replace the current single instance MySQL instance with Cloud SQL, and Google provides redundancy

without further configuration.

Question 19

In order to meet their business requirements, how should HipLocal store their application state?

Options:

A.

Use local SSDs to store state.

B.

Put a memcache layer in front of MySQL.

C.

Move the state storage to Cloud Spanner.

D.

Replace the MySQL instance with Cloud SQL.

Question 20

You need to migrate an internal file upload API with an enforced 500-MB file size limit to App Engine.

What should you do?

Options:

A.

Use FTP to upload files.

B.

Use CPanel to upload files.

C.

Use signed URLs to upload files.

D.

Change the API to be a multipart file upload API.

Question 21

You are developing a microservice-based application that will run on Google Kubernetes Engine (GKE). Some of the services need to access different Google Cloud APIs. How should you set up authentication of these services in the cluster following Google-recommended best practices? (Choose two.)

Options:

A.

Use the service account attached to the GKE node.

B.

Enable Workload Identity in the cluster via the gcloud command-line tool.

C.

Access the Google service account keys from a secret management service.

D.

Store the Google service account keys in a central secret management service.

E.

Use gcloud to bind the Kubernetes service account and the Google service account using roles/iam.workloadIdentity.

Question 22

You are designing an application that uses a microservices architecture. You are planning to deploy the application in the cloud and on-premises. You want to make sure the application can scale up on demand and also use managed services as much as possible. What should you do?

Options:

A.

Deploy open source Istio in a multi-cluster deployment on multiple Google Kubernetes Engine (GKE) clusters managed by Anthos.

B.

Create a GKE cluster in each environment with Anthos, and use Cloud Run for Anthos to deploy your application to each cluster.

C.

Install a GKE cluster in each environment with Anthos, and use Cloud Build to create a Deployment for your application in each cluster.

D.

Create a GKE cluster in the cloud and install open-source Kubernetes on-premises. Use an external load balancer service to distribute traffic across the two environments.

Question 23

You have an application deployed in Google Kubernetes Engine (GKE) that reads and processes Pub/Sub messages. Each Pod handles a fixed number of messages per minute. The rate at which messages are published to the Pub/Sub topic varies considerably throughout the day and week, including occasional large batches of messages published at a single moment.

You want to scale your GKE Deployment to be able to process messages in a timely manner. What GKE feature should you use to automatically adapt your workload?

Options:

A.

Vertical Pod Autoscaler in Auto mode

B.

Vertical Pod Autoscaler in Recommendation mode

C.

Horizontal Pod Autoscaler based on an external metric

D.

Horizontal Pod Autoscaler based on resources utilization

Question 24

You are writing from a Go application to a Cloud Spanner database. You want to optimize your application’s performance using Google-recommended best practices. What should you do?

Options:

A.

Write to Cloud Spanner using Cloud Client Libraries.

B.

Write to Cloud Spanner using Google API Client Libraries

C.

Write to Cloud Spanner using a custom gRPC client library.

D.

Write to Cloud Spanner using a third-party HTTP client library.

Question 25

Your company has deployed a new API to App Engine Standard environment. During testing, the API is not behaving as expected. You want to monitor the application over time to diagnose the problem within the application code without redeploying the application.

Which tool should you use?

Options:

A.

Stackdriver Trace

B.

Stackdriver Monitoring

C.

Stackdriver Debug Snapshots

D.

Stackdriver Debug Logpoints

Question 26

Your API backend is running on multiple cloud providers. You want to generate reports for the network latency of your API.

Which two steps should you take? (Choose two.)

Options:

A.

Use Zipkin collector to gather data.

B.

Use Fluentd agent to gather data.

C.

Use Stackdriver Trace to generate reports.

D.

Use Stackdriver Debugger to generate report.

E.

Use Stackdriver Profiler to generate report.

Question 27

Your application is controlled by a managed instance group. You want to share a large read-only data set

between all the instances in the managed instance group. You want to ensure that each instance can start

quickly and can access the data set via its filesystem with very low latency. You also want to minimize the total

cost of the solution.

What should you do?

Options:

A.

Move the data to a Cloud Storage bucket, and mount the bucket on the filesystem using Cloud Storage

FUSE.

B.

Move the data to a Cloud Storage bucket, and copy the data to the boot disk of the instance via a startup

script.

C.

Move the data to a Compute Engine persistent disk, and attach the disk in read-only mode to multiple

Compute Engine virtual machine instances.

D.

Move the data to a Compute Engine persistent disk, take a snapshot, create multiple disks from the

snapshot, and attach each disk to its own instance.

Question 28

Your company’s development teams want to use various open source operating systems in their Docker builds. When images are created in published containers in your company’s environment, you need to scan them for Common Vulnerabilities and Exposures (CVEs). The scanning process must not impact software development agility. You want to use managed services where possible. What should you do?

Options:

A.

Enable the Vulnerability scanning setting in the Container Registry.

B.

Create a Cloud Function that is triggered on a code check-in and scan the code for CVEs.

C.

Disallow the use of non-commercially supported base images in your development environment.

D.

Use Cloud Monitoring to review the output of Cloud Build to determine whether a vulnerable version has been used.

Question 29

Your company stores their source code in a Cloud Source Repositories repository. Your company wants to build and test their code on each source code commit to the repository and requires a solution that is managed and has minimal operations overhead.

Which method should they use?

Options:

A.

Use Cloud Build with a trigger configured for each source code commit.

B.

Use Jenkins deployed via the Google Cloud Platform Marketplace, configured to watch for source code commits.

C.

Use a Compute Engine virtual machine instance with an open source continuous integration tool, configured to watch for source code commits.

D.

Use a source code commit trigger to push a message to a Cloud Pub/Sub topic that triggers an App Engine service to build the source code.

Question 30

You are a developer working with the CI/CD team to troubleshoot a new feature that your team introduced. The CI/CD team used HashiCorp Packer to create a new Compute Engine image from your development branch. The image was successfully built, but is not booting up. You need to investigate the issue with the CI/CD team. What should you do?

Options:

A.

Create a new feature branch, and ask the build team to rebuild the image.

B.

Shut down the deployed virtual machine, export the disk, and then mount the disk locally to access the boot logs.

C.

Install Packer locally, build the Compute Engine image locally, and then run it in your personal Google Cloud project.

D.

Check Compute Engine OS logs using the serial port, and check the Cloud Logging logs to confirm access to the serial port.

Question 31

You have an on-premises application that authenticates to the Cloud Storage API using a user-managed service account with a user-managed key. The application connects to Cloud Storage using Private Google Access over a Dedicated Interconnect link. You discover that requests from the application to access objects in the Cloud Storage bucket are failing with a 403 Permission Denied error code. What is the likely cause of this issue?

Options:

A.

The folder structure inside the bucket and object paths have changed.

B.

The permissions of the service account’s predefined role have changed.

C.

The service account key has been rotated but not updated on the application server.

D.

The Interconnect link from the on-premises data center to Google Cloud is experiencing a temporary outage.

Question 32

Your team develops stateless services that run on Google Kubernetes Engine (GKE). You need to deploy a new service that will only be accessed by other services running in the GKE cluster. The service will need to scale as quickly as possible to respond to changing load. What should you do?

Options:

A.

Use a Vertical Pod Autoscaler to scale the containers, and expose them via a ClusterIP Service.

B.

Use a Vertical Pod Autoscaler to scale the containers, and expose them via a NodePort Service.

C.

Use a Horizontal Pod Autoscaler to scale the containers, and expose them via a ClusterIP Service.

D.

Use a Horizontal Pod Autoscaler to scale the containers, and expose them via a NodePort Service.

Question 33

Your website is deployed on Compute Engine. Your marketing team wants to test conversion rates between 3

different website designs.

Which approach should you use?

Options:

A.

Deploy the website on App Engine and use traffic splitting.

B.

Deploy the website on App Engine as three separate services.

C.

Deploy the website on Cloud Functions and use traffic splitting.

D.

Deploy the website on Cloud Functions as three separate functions.

Question 34

Your teammate has asked you to review the code below. Its purpose is to efficiently add a large number of small rows to a BigQuery table.

as

Which improvement should you suggest your teammate make?

Options:

A.

Include multiple rows with each request.

B.

Perform the inserts in parallel by creating multiple threads.

C.

Write each row to a Cloud Storage object, then load into BigQuery.

D.

Write each row to a Cloud Storage object in parallel, then load into BigQuery.

Question 35

You are a developer at a large organization. You are deploying a web application to Google Kubernetes Engine (GKE). The DevOps team has built a CI/CD pipeline that uses Cloud Deploy to deploy the application to Dev Test, and Prod clusters in GKE. After Cloud Deploy successfully deploys the application to the Dev cluster you want to automatically promote it to the Test Cluster. How should you configure this process following Google-recommended best practices?

Options:

A.

1 Create a Cloud Build trigger that listens for SUCCEEDED Pub/Sub messages from the clouddeploy-operations topic.

2 Configure Cloud Build to include a step that promotes the application to the Test cluster

B.

1 Create a Cloud Function that calls the Google Cloud Deploy API to promote the application to the Test cluster

2 Configure this function to be triggered by SUCCEEDED Pub/Sub messages from the cloud-builds topic

C.

1 Create a Cloud Function that calls the Google Cloud Deploy API to promote the application to the Test cluster

2 Configure this function to be triggered by SUCCEEDED Pub/Sub messages from the clouddeploy operations topic

D.

1 Create a Cloud Build pipeline that uses the gke-deploy builder

2 Create a Cloud Build trigger that listens to SUCCEEDED Pub/Sub messages from the cloud-builds topic

3 Configure this pipeline to run a deployment step to the Test cluster

Question 36

You are a developer at a large corporation You manage three Google Kubernetes Engine clusters. Your team’s developers need to switch from one cluster to another regularly without losing access to their preferred development tools. You want to configure access to these clusters using the fewest number of steps while following Google-recommended best practices. What should you do?

Options:

A.

Ask the developers to use Cloud Shell and run gcloud container clusters get-credentials to switch to another cluster.

B.

Ask the developers to open three terminals on their workstation and use kubecrt1 config to configure access to each cluster.

C.

Ask the developers to install the gcloud CLI on their workstation and run gcloud container clusters get-credentials to switch to another cluster

D.

In a configuration file, define the clusters users, and contexts Email the file to the developers and ask them to use kubect1 config to add cluster, user and context details.

Question 37

You have deployed an HTTP(s) Load Balancer with the gcloud commands shown below.

as

Health checks to port 80 on the Compute Engine virtual machine instance are failing and no traffic is sent to your instances. You want to resolve the problem.

Which commands should you run?

Options:

A.

gcloud compute instances add-access-config ${NAME}-backend-instance-1

B.

gcloud compute instances add-tags ${NAME}-backend-instance-1 --tags http-server

C.

gcloud compute firewall-rules create allow-lb --network load-balancer --allow

tcp --source-ranges 130.211.0.0/22,35.191.0.0/16 --direction INGRESS

D.

gcloud compute firewall-rules create allow-lb --network load-balancer --allow

tcp --destination-ranges 130.211.0.0/22,35.191.0.0/16 --direction EGRESS

Question 38

Your company has deployed a new API to a Compute Engine instance. During testing, the API is not behaving as expected. You want to monitor the application over 12 hours to diagnose the problem within the application code without redeploying the application. Which tool should you use?

Options:

A.

Cloud Trace

B.

Cloud Monitoring

C.

Cloud Debugger logpoints

D.

Cloud Debugger snapshots

Question 39

Your development team has been asked to refactor an existing monolithic application into a set of composable microservices. Which design aspects should you implement for the new application? (Choose two.)

Options:

A.

Develop the microservice code in the same programming language used by the microservice caller.

B.

Create an API contract agreement between the microservice implementation and microservice caller.

C.

Require asynchronous communications between all microservice implementations and microservice callers.

D.

Ensure that sufficient instances of the microservice are running to accommodate the performance requirements.

E.

Implement a versioning scheme to permit future changes that could be incompatible with the current interface.

Question 40

You are a SaaS provider deploying dedicated blogging software to customers in your Google Kubernetes Engine (GKE) cluster. You want to configure a secure multi-tenant platform to ensure that each customer has access to only their own blog and can’t affect the workloads of other customers. What should you do?

Options:

A.

Enable Application-layer Secrets on the GKE cluster to protect the cluster.

B.

Deploy a namespace per tenant and use Network Policies in each blog deployment.

C.

Use GKE Audit Logging to identify malicious containers and delete them on discovery.

D.

Build a custom image of the blogging software and use Binary Authorization to prevent untrusted image deployments.

Load More Professional-Cloud-Developer Questions
Page: 1 / 27
Total 265 questions
Get Professional-Cloud-Developer Full Access Download Professional-Cloud-Developer PDF