Professional-Cloud-DevOps-Engineer Exam Dumps - Google Cloud Certified - Professional Cloud DevOps Engineer Exam

Searching for workable clues to ace the Google Professional-Cloud-DevOps-Engineer Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s Professional-Cloud-DevOps-Engineer PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:

<< First
Prev
1
2
3
4
5
6
7
8
Next
Last >>

Question # 4

Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to the production environment. A recent security audit alerted your team that the code pushed to production could contain vulnerabilities and that the existing tooling around virtual machine (VM) vulnerabilities no longer applies to the containerized environment. You need to ensure the security and patch level of all code running through the pipeline. What should you do?

Set up Container Analysis to scan and report Common Vulnerabilities and Exposures.

Configure the containers in the build pipeline to always update themselves before release.

Reconfigure the existing operating system vulnerability software to exist inside the container.

Implement static code analysis tooling against the Docker files used to create the containers.

Full Access

Question # 5

You need to run a business-critical workload on a fixed set of Compute Engine instances for several months. The workload is stable with the exact amount of resources allocated to it. You want to lower the costs for this workload without any performance implications. What should you do?

Purchase Committed Use Discounts.

Migrate the instances to a Managed Instance Group.

Convert the instances to preemptible virtual machines.

Create an Unmanaged Instance Group for the instances used to run the workload.

Full Access

Question # 6

Your company allows teams to self-manage Google Cloud projects, including project-level Identity and Access Management (IAM). You are concerned that the team responsible for the Shared VPC project might accidentally delete the project, so a lien has been placed on the project. You need to design a solution to restrict Shared VPC project deletion to those with the resourcemanager.projects.updateLiens permission at the organization level. What should you do?

Enable VPC Service Controls for the container.googleapis.com API service.

Revoke the resourcemanager.projects.updateLiens permission from all users associated with the project.

Enable the compute.restrictXpnProjectLienRemoval organization policy constraint.

Instruct teams to only perform IAM permission management as code with Terraform.

Full Access

Answer:

Explanation:

Comprehensive and Detailed Explanation From General Google Cloud IAM and Organization Policy Knowledge:

The core requirement is to prevent accidental deletion of a Shared VPC host project, even by project owners, by ensuring that only users with a specific permission at the organization level can remove the lien that protects the project.

A lien (resourcemanager.projects.delete) has already been placed on the project. This prevents its deletion. The challenge is to prevent the removal of this lien by project-level administrators.

The permission to remove a lien is resourcemanager.projectLiens.update (or resourcemanager.projects.updateLiens as stated in the question, which implies a broader update capability including liens).

Option A (Enable VPC Service Controls for the container.googleapis.com API service): VPC Service Controls are for data exfiltration prevention by creating service perimeters. They do not directly control IAM permissions for lien management or project deletion.

Option B (Revoke the resourcemanager.projects.updateLiens permission from all users associated with the project): While this would prevent project-level users from removing the lien, it doesn't enforce therequirement that only users with this permission at the organization level can remove it. A project owner could potentially re-grant themselves this permission at the project level if not otherwise restricted. The goal is a stronger, centrally enforced restriction.

Option C (Enable the compute.restrictXpnProjectLienRemoval organization policy constraint): This is specifically designed for the scenario described.Organization Policies allow centralized control over resource configurations across the organization.

The compute.restrictXpnProjectLienRemoval constraint, when enforced (set to True), restricts the removal of liens on Shared VPC host projects. Only users who have the resourcemanager.projectLiens.update permission (or resourcemanager.projects.updateLiens) granted at the organization level can then remove such liens. This prevents project owners or other project-level principals from removing the lien unless they also have this specific permission at the org level.

Option D (Instruct teams to only perform IAM permission management as code with Terraform): While Infrastructure as Code (IaC) is a good practice for managing IAM, it's an operational guideline and doesn't technically enforce the restriction on lien removal. A user with sufficient project-level IAM permissions could still manually remove the lien via the console or gcloud if not prevented by an organization policy.

Therefore, enabling the compute.restrictXpnProjectLienRemoval organization policy is the direct and most effective way to meet the requirement.

Reference (Based on Google Cloud Organization Policy and Shared VPC documentation):

Google Cloud documentation on Resource Manager Liens: https://cloud.google.com/resource-manager/docs/project-liens

Google Cloud documentation on Organization Policy Constraints: https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints

Specifically, the compute.restrictXpnProjectLienRemoval constraint: "When set to true, liens on Shared VPC host projects can only be removed by users that have resourcemanager.projectLiens.update permission on the organization." (or similar wording indicating org-level permission is required). This constraint ensures that the protection afforded by the lien on a critical Shared VPC host project cannot be easily circumvented at the project level.

Question # 7

You want to share a Cloud Monitoring custom dashboard with a partner team What should you do?

Provide the partner team with the dashboard URL to enable the partner team to create a copy of the dashboard

Export the metrics to BigQuery Use Looker Studio to create a dashboard, and share the dashboard with the partner team

Copy the Monitoring Query Language (MQL) query from the dashboard; and send the MQL query to the partner team

Download the JSON definition of the dashboard, and send the JSON file to the partner team

Full Access

Question # 8

You recently created a Cloud Build pipeline for deploying Terraform code stored in a GitHub repository. You make Terraform code changes in short-lived branches and sometimes use tags during development. You tag releases with a semantic version when they are ready for deployment. You require your pipeline to apply the Terraform code whenever there is a new release, and you need to minimize operational overhead. What should you do?

Create a build trigger with the * branch pattern.

Create a build trigger with the \d+\.\d+\.\d* tag pattern.

Create a build trigger with the .* tag pattern.

Create a build trigger with the \d*\.\d+\.\d* branch pattern.

Full Access