Professional-Cloud-Developer Exam Dumps - Google Certified Professional - Cloud Developer

Question # 4

You are deploying a microservices application to Google Kubernetes Engine (GKE). The application will receive daily updates. You expect to deploy a large number of distinct containers that will run on the Linux operating system (OS). You want to be alerted to any known OS vulnerabilities in the new containers. You want to follow Google-recommended best practices. What should you do?

Use the gcloud CLI to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.

Enable Container Analysis, and upload new container images to Artifact Registry. Review the vulnerability results before each deployment.

Enable Container Analysis, and upload new container images to Artifact Registry. Review the critical vulnerability results before each deployment.

Use the Container Analysis REST API to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.

Full Access

Question # 5

Your web application is deployed to the corporate intranet. You need to migrate the web application to Google Cloud. The web application must be available only to company employees and accessible to employees as they travel. You need to ensure the security and accessibility of the web application while minimizing application changes. What should you do?

Configure the application to check authentication credentials for each HTTP(S) request to the application.

Configure Identity-Aware Proxy to allow employees to access the application through its public IP address.

Configure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine instance forwards requests to and from the web application.

Configure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine issues an HTTP redirect to a public IP address hosting the web application.

Full Access

Question # 6

You are using Cloud Build for your CI/CD pipeline to complete several tasks, including copying certain files to Compute Engine virtual machines. Your pipeline requires a flat file that is generated in one builder in the pipeline to be accessible by subsequent builders in the same pipeline. How should you store the file so that all the builders in the pipeline can access it?

Store and retrieve the file contents using Compute Engine instance metadata.

Output the file contents to a file in /workspace. Read from the same /workspace file in the subsequent build step.

Use gsutil to output the file contents to a Cloud Storage object. Read from the same object in the subsequent build step.

Add a build argument that runs an HTTP POST via curl to a separate web server to persist the value in one builder. Use an HTTP GET via curl from the subsequent build step to read the value.

Full Access

Question # 7

You have recently instrumented a new application with OpenTelemetry, and you want to check the latency of your application requests in Trace. You want to ensure that a specific request is always traced. What should you do?

Wait 10 minutes, then verify that Trace captures those types of requests automatically.

Write a custom script that sends this type of request repeatedly from your dev project.

Use the Trace API to apply custom attributes to the trace.

Add the X-Cloud-Trace-Context header to the request with the appropriate parameters.

Full Access

Question # 8

For this question, refer to the HipLocal case study.

How should HipLocal redesign their architecture to ensure that the application scales to support a large increase in users?

Use Google Kubernetes Engine (GKE) to run the application as a microservice. Run the MySQL database on a dedicated GKE node.

Use multiple Compute Engine instances to run MySQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use Memorystore to store session information and CloudSQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use a Cloud Storage bucket to serve the application as a static website, and use another Cloud Storage bucket to store user state information.

Full Access

Question # 9

For this question, refer to the HipLocal case study.

HipLocal's application uses Cloud Client Libraries to interact with Google Cloud. HipLocal needs to configure authentication and authorization in the Cloud Client Libraries to implement least privileged access for the application. What should they do?

Create an API key. Use the API key to interact with Google Cloud.

Use the default compute service account to interact with Google Cloud.

Create a service account for the application. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.

Create a service account for the application and for each Google Cloud API used by the application. Export and deploy the private keys used by the application. Use the service account with one Google Cloud API to interact with Google Cloud.

Full Access

Question # 10

In order for HipLocal to store application state and meet their stated business requirements, which database service should they migrate to?

Cloud Spanner

Cloud Datastore

Cloud Memorystore as a cache

Separate Cloud SQL clusters for each region

Full Access

Question # 11

HipLocal wants to improve the resilience of their MySQL deployment, while also meeting their business and technical requirements.

Which configuration should they choose?

Use the current single instance MySQL on Compute Engine and several read-only MySQL servers on

Compute Engine.

Use the current single instance MySQL on Compute Engine, and replicate the data to Cloud SQL in an

external master configuration.

Replace the current single instance MySQL instance with Cloud SQL, and configure high availability.

Replace the current single instance MySQL instance with Cloud SQL, and Google provides redundancy

without further configuration.

Full Access

Question # 12

In order to meet their business requirements, how should HipLocal store their application state?

Use local SSDs to store state.

Put a memcache layer in front of MySQL.

Move the state storage to Cloud Spanner.

Replace the MySQL instance with Cloud SQL.

Full Access

Question # 13

You have an analytics application that runs hundreds of queries on BigQuery every few minutes using BigQuery API. You want to find out how much time these queries take to execute. What should you do?

Use Stackdriver Monitoring to plot slot usage.

Use Stackdriver Trace to plot API execution time.

Use Stackdriver Trace to plot query execution time.

Use Stackdriver Monitoring to plot query execution times.

Full Access

Question # 14

HipLocalâ€™s data science team wants to analyze user reviews.

How should they prepare the data?

Use the Cloud Data Loss Prevention API for redaction of the review dataset.

Use the Cloud Data Loss Prevention API for de-identification of the review dataset.

Use the Cloud Natural Language Processing API for redaction of the review dataset.

Use the Cloud Natural Language Processing API for de-identification of the review dataset.

Full Access

Question # 15

Which service should HipLocal use for their public APIs?

Cloud Armor

Cloud Functions

Cloud Endpoints

Shielded Virtual Machines

Full Access

Question # 16

HipLocal wants to reduce the number of on-call engineers and eliminate manual scaling.

Which two services should they choose? (Choose two.)

Use Google App Engine services.

Use serverless Google Cloud Functions.

Use Knative to build and deploy serverless applications.

Use Google Kubernetes Engine for automated deployments.

Use a large Google Compute Engine cluster for deployments.

Full Access

Question # 17

Which database should HipLocal use for storing user activity?

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

Full Access

Question # 18

Which service should HipLocal use to enable access to internal apps?

Cloud VPN

Cloud Armor

Virtual Private Cloud

Cloud Identity-Aware Proxy

Full Access

Question # 19

For this question, refer to the HipLocal case study.

Which Google Cloud product addresses HipLocalâ€™s business requirements for service level indicators and objectives?

Cloud Profiler

Cloud Monitoring

Cloud Trace

Cloud Logging

Full Access

Question # 20

For this question, refer to the HipLocal case study.

A recent security audit discovers that HipLocalâ€™s database credentials for their Compute Engine-hosted MySQL databases are stored in plain text on persistent disks. HipLocal needs to reduce the risk of these credentials being stolen. What should they do?

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

Full Access

Question # 21

For this question, refer to the HipLocal case study.

HipLocal is expanding into new locations. They must capture additional data each time the application is launched in a new European country. This is causing delays in the development process due to constant schema changes and a lack of environments for conducting testing on the application changes. How should they resolve the issue while meeting the business requirements?

Create new Cloud SQL instances in Europe and North America for testing and deployment. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Bigtable. Instruct the development teams to use the Cloud SDK to emulate a local Bigtable development environment.

Move from Cloud SQL to MySQL hosted on Compute Engine. Replicate hosts across regions in the Americas and Europe. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Firestore in Native mode and set up instan

Full Access

Question # 22

For this question refer to the HipLocal case study.

HipLocal wants to reduce the latency of their services for users in global locations. They have created read replicas of their database in locations where their users reside and configured their service to read traffic using those replicas. How should they further reduce latency for all database interactions with the least amount of effort?

Migrate the database to Bigtable and use it to serve all global user traffic.

Migrate the database to Cloud Spanner and use it to serve all global user traffic.

Migrate the database to Firestore in Datastore mode and use it to serve all global user traffic.

Migrate the services to Google Kubernetes Engine and use a load balancer service to better scale the application.

Full Access

Question # 23

HipLocal has connected their Hadoop infrastructure to GCP using Cloud Interconnect in order to query data stored on persistent disks.

Which IP strategy should they use?

Create manual subnets.

Create an auto mode subnet.

Create multiple peered VPCs.

Provision a single instance for NAT.

Full Access

Question # 24

HipLocal's.net-based auth service fails under intermittent load.

What should they do?

Use App Engine for autoscaling.

Use Cloud Functions for autoscaling.

Use a Compute Engine cluster for the service.

Use a dedicated Compute Engine virtual machine instance for the service.

Full Access

Question # 25

For this question, refer to the HipLocal case study.

How should HipLocal increase their API development speed while continuing to provide the QA team with a stable testing environment that meets feature requirements?

Include unit tests in their code, and prevent deployments to QA until all tests have a passing status.

Include performance tests in their code, and prevent deployments to QA until all tests have a passing status.

Create health checks for the QA environment, and redeploy the APIs at a later time if the environment is unhealthy.

Redeploy the APIs to App Engine using Traffic Splitting. Do not move QA traffic to the new versions if errors are found.

Full Access

Question # 26

HipLocal's APIs are showing occasional failures, but they cannot find a pattern. They want to collect some

metrics to help them troubleshoot.

What should they do?

Take frequent snapshots of all of the VMs.

Install the Stackdriver Logging agent on the VMs.

Install the Stackdriver Monitoring agent on the VMs.

Use Stackdriver Trace to look for performance bottlenecks.

Full Access

Question # 27

HipLocal is configuring their access controls.

Which firewall configuration should they implement?

Block all traffic on port 443.

Allow all traffic into the network.

Allow traffic on port 443 for a specific tag.

Allow all traffic on port 443 into the network.

Full Access

Question # 28

You migrated your applications to Google Cloud Platform and kept your existing monitoring platform. You now

find that your notification system is too slow for time critical problems.

What should you do?

Replace your entire monitoring platform with Stackdriver.

Install the Stackdriver agents on your Compute Engine instances.

Use Stackdriver to capture and alert on logs, then ship them to your existing platform.

Migrate some traffic back to your old platform and perform AB testing on the two platforms concurrently.

Full Access

Question # 29

Your development team is using Cloud Build to promote a Node.js application built on App Engine from your staging environment to production. The application relies on several directories of photos stored in a Cloud Storage bucket named webphotos-staging in the staging environment. After the promotion, these photos must be available in a Cloud Storage bucket named webphotos-prod in the production environment. You want to automate the process where possible. What should you do?

Manually copy the photos to webphotos-prod.

Add a startup script in the applicationâ€™s app.yami file to move the photos from webphotos-staging to webphotos-prod.

Add a build step in the cloudbuild.yaml file before the promotion step with the arguments:

Option A

Option B

Option C

Option D

Full Access

Question # 30

You are deploying a microservices application to Google Kubernetes Engine (GKE) that will broadcast livestreams. You expect unpredictable traffic patterns and large variations in the number of concurrent users. Your application must meet the following requirements:

â€¢ Scales automatically during popular events and maintains high availability

â€¢ Is resilient in the event of hardware failures

How should you configure the deployment parameters? (Choose two.)

Distribute your workload evenly using a multi-zonal node pool.

Distribute your workload evenly using multiple zonal node pools.

Use cluster autoscaler to resize the number of nodes in the node pool, and use a Horizontal Pod Autoscaler to scale the workload.

Create a managed instance group for Compute Engine with the cluster nodes. Configure autoscaling rules for the managed instance group.

Create alerting policies in Cloud Monitoring based on GKE CPU and memory utilization. Ask an on-duty engineer to scale the workload by executing a script when CPU and memory usage exceed predefined thresholds.

Full Access

Question # 31

You want to migrate an on-premises container running in Knative to Google Cloud. You need to make sure that the migration doesn't affect your application's deployment strategy, and you want to use a fully managed service. Which Google Cloud service should you use to deploy your container?

Cloud Run

Compute Engine

Google Kubernetes Engine

App Engine flexible environment

Full Access

Question # 32

You want to use the Stackdriver Logging Agent to send an application's log file to Stackdriver from a Compute Engine virtual machine instance.

After installing the Stackdriver Logging Agent, what should you do first?

Enable the Error Reporting API on the project.

Grant the instance full access to all Cloud APIs.

Configure the application log file as a custom source.

Create a Stackdriver Logs Export Sink with a filter that matches the application's log entries.

Full Access

Question # 33

You have an application deployed in Google Kubernetes Engine (GKE). You need to update the application to make authorized requests to Google Cloud managed services. You want this to be a one-time setup, and you need to follow security best practices of auto-rotating your security keys and storing them in an encrypted store. You already created a service account with appropriate access to the Google Cloud service. What should you do next?

Assign the Google Cloud service account to your GKE Pod using Workload Identity.

Export the Google Cloud service account, and share it with the Pod as a Kubernetes Secret.

Export the Google Cloud service account, and embed it in the source code of the application.

Export the Google Cloud service account, and upload it to HashiCorp Vault to generate a dynamic service account for your application.

Full Access

Question # 34

Your companyâ€™s corporate policy states that there must be a copyright comment at the very beginning of all source files. You want to write a custom step in Cloud Build that is triggered by each source commit. You need the trigger to validate that the source contains a copyright and add one for subsequent steps if not there. What should you do?

Build a new Docker container that examines the files in /workspace and then checks and adds a copyright for each source file. Changed files are explicitly committed back to the source repository.

Build a new Docker container that examines the files in /workspace and then checks and adds a copyright for each source file. Changed files do not need to be committed back to the source repository.

Build a new Docker container that examines the files in a Cloud Storage bucket and then checks and adds a copyright for each source file. Changed files are written back to the Cloud Storage bucket.

Build a new Docker container that examines the files in a Cloud Storage bucket and then checks and adds a copyright for each source file. Changed files are explicitly committed back to the source repository.

Full Access

Question # 35

Your team develops services that run on Google Cloud. You want to process messages sent to a Pub/Sub topic, and then store them. Each message must be processed exactly once to avoid duplication of data and any data conflicts. You need to use the cheapest and most simple solution. What should you do?

Process the messages with a Dataproc job, and write the output to storage.

Process the messages with a Dataflow streaming pipeline using Apache Beam's PubSubIO package, and write the output to storage.

Process the messages with a Cloud Function, and write the results to a BigQuery location where you can run a job to deduplicate the data.

Retrieve the messages with a Dataflow streaming pipeline, store them in Cloud Bigtable, and use another Dataflow streaming pipeline to deduplicate messages.

Full Access

Question # 36

Your development team has been asked to refactor an existing monolithic application into a set of composable microservices. Which design aspects should you implement for the new application? (Choose two.)

Develop the microservice code in the same programming language used by the microservice caller.

Create an API contract agreement between the microservice implementation and microservice caller.

Require asynchronous communications between all microservice implementations and microservice callers.

Ensure that sufficient instances of the microservice are running to accommodate the performance requirements.

Implement a versioning scheme to permit future changes that could be incompatible with the current interface.

Full Access

Question # 37

You manage your company's ecommerce platform's payment system, which runs on Google Cloud. Your company must retain user logs for 1 year for internal auditing purposes and for 3 years to meet compliance requirements. You need to store new user logs on Google Cloud to minimize on-premises storage usage and ensure that they are easily searchable. You want to minimize effort while ensuring that the logs are stored correctly. What should you do?

Store the logs in a Cloud Storage bucket with bucket lock turned on.

Store the logs in a Cloud Storage bucket with a 3-year retention period.

Store the logs in Cloud Logging as custom logs with a custom retention period.

Store the logs in a Cloud Storage bucket with a 1-year retention period. After 1 year, move the logs to another bucket with a 2-year retention period.

Full Access