Get Instant Access of 100% Real Google Professional-Cloud-Developer Exam Questions with Verified Answers [Q91-Q113]

Get Instant Access of 100% Real Google Professional-Cloud-Developer Exam Questions with Verified Answers

Exam Dumps for the Preparation of Latest Professional-Cloud-Developer Exam Questions

Employment and Salary Opportunities

After completing the Google Professional Cloud Developer certification exam, the candidates possess all the knowledge and skills necessary for building scalable and highly available applications with the help of Google-recommended practices and tools. The expertise that you gain while preparing for the qualifying test provides you with access to numerous in-demand and high-paying jobs. Some of the roles that you can apply for after getting certified include a Cloud Infrastructure Engineer, a Google Cloud Platform Cloud Engineer, a Senior Software Engineer, a Python Backend Developer, a Java Developer, a Cloud DevOps Engineer, a Cloud Technical Solutions Developer, and a Google Cloud Platform (GCP) Architect, among others. The average salary associated with these job titles ranges between $86,500 and $207,500 per year.

 

NEW QUESTION # 91
You have an application controlled by a managed instance group. When you deploy a new version of the application, costs should be minimized and the number of instances should not increase. You want to ensure that, when each new instance is created, the deployment only continues if the new instance is healthy. What should you do?

• A. Perform a rolling-action with maxHealthy set to 1, maxUnhealthy set to 0.
• B. Perform a rolling-action with maxSurge set to 0, maxUnavailable set to 1
• C. Perform a rolling-action with maxSurge set to 1, maxUnavailable set to 0.
• D. Perform a rolling-action with maxHealthy set to 0, maxUnhealthy set to 1.

Answer: C

NEW QUESTION # 92
You have a mixture of packaged and internally developed applications hosted on a Compute Engine instance that is running Linux. These applications write log records as text in local files. You want the logs to be written to Cloud Logging. What should you do?

• A. Install a Google version of collectd on the Compute Engine instance.
• B. Install a Google version of fluentd on the Compute Engine instance.
• C. Using cron, schedule a job to copy the log files to Cloud Storage once a day.
• D. Pipe the content of the files to the Linux Syslog daemon.

Answer: B

NEW QUESTION # 93
You are building a CI/CD pipeline that consists of a version control system, Cloud Build, and Container Registry. Each time a new tag is pushed to the repository, a Cloud Build job is triggered, which runs unit tests on the new code builds a new Docker container image, and pushes it into Container Registry. The last step of your pipeline should deploy the new container to your production Google Kubernetes Engine (GKE) cluster.
You need to select a tool and deployment strategy that meets the following requirements:
* Zero downtime is incurred
* Testing is fully automated
* Allows for testing before being rolled out to users
* Can quickly rollback if needed
What should you do?

• A. Trigger a Spinnaker pipeline configured as a canary test of your new code and, if it is successful, deploy the container to production.
• B. Trigger another Cloud Build job that uses the Kubernetes CLI tools to deploy your new container to your GKE cluster, where you can perform a shadow test.
• C. Trigger another Cloud Build job that uses the Kubernetes CLI tools to deploy your new container to your GKE cluster, where you can perform a canary test.
• D. Trigger a Spinnaker pipeline configured as an A/B test of your new code and, if it is successful, deploy the container to production.

Answer: B

Explanation:
Explanation
https://cloud.google.com/architecture/implementing-deployment-and-testing-strategies-on-gke#perform_a_shado With a shadow test, you test the new version of your application by mirroring user traffic from the current application version without impacting the user requests.

NEW QUESTION # 94
You are running a containerized application on Google Kubernetes Engine. Your container images are stored in Container Registry. Your team uses CI/CD practices. You need to prevent the deployment of containers with known critical vulnerabilities. What should you do?

• A. * Enable the Container Scanning API to perform vulnerability scanning
  * Programmatically review vulnerability reporting through the Container Scanning API, and provide an attestation that the container is free of known critical vulnerabilities
  * Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
• B. * Enable the Container Scanning API to perform vulnerability scanning
  * Review vulnerability reporting in Container Registry in the Cloud Console, and provide an attestation that the container is free of known critical vulnerabilities
  * Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
• C. * Use Web Security Scanner to automatically crawl your application
  * Review your application logs for scan results, and provide an attestation that the container is free of known critical vulnerabilities
  * Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
• D. * Use Web Security Scanner to automatically crawl your application
  * Review the scan results in the scan details page in the Cloud Console, and provide an attestation that the container is free of known critical vulnerabilities
  * Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed

Answer: A

Explanation:
https://cloud.google.com/binary-authorization/docs/creating-attestations-kritis
https://cloud.google.com/container-analysis/docs/os-overview

NEW QUESTION # 95
Your application is deployed in a Google Kubernetes Engine (GKE) cluster. You want to expose this application publicly behind a Cloud Load Balancing HTTP(S) load balancer. What should you do?

• A. Configure a GKE Ingress resource.
• B. Configure a GKE Service resource with type: LoadBalancer.
• C. Configure a GKE Service resource.
• D. Configure a GKE Ingress resource with type: LoadBalancer.

Answer: A

Explanation:
Reference: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress

NEW QUESTION # 96
Which of the following gestures should be avoided when welcoming a customer? (Choose two.)

• A. Making eye contact
• B. Opening hands
• C. Folding arms
• D. Standing straight
• E. Fidgeting

Answer: C,E

NEW QUESTION # 97
You are deploying your application on a Compute Engine instance that communicates with Cloud SQL. You will use Cloud SQL Proxy to allow your application to communicate to the database using the service account associated with the application's instance. You want to follow the Google-recommended best practice of providing minimum access for the role assigned to the service account. What should you do?

• A. Assign the Cloud SQL Client role.
• B. Assign the Project Owner role.
• C. Assign the Project Editor role.
• D. Assign the Cloud SQL Editor role.

Answer: A

Explanation:
Reference: https://cloud.google.com/sql/docs/mysql/sql-proxy

NEW QUESTION # 98
You are developing an application hosted on Google Cloud that uses a MySQL relational database schema.
The application will have a large volume of reads and writes to the database and will require backups and ongoing capacity planning. Your team does not have time to fully manage the database but can take on small administrative tasks. How should you host the database?

• A. Configure Cloud SQL to host the database, and import the schema into Cloud SQL.
• B. Configure Bigtable to host the database, and import the data into Bigtable.
• C. Configure Firestore to host the database, and import the data into Firestore.
• D. Configure Cloud Spanner to host the database, and import the schema into Cloud Spanner.
• E. Deploy MySQL from the Google Cloud Marketplace to the database using a client, and import the schema.

Answer: A

Explanation:
Explanation
https://cloud.google.com/spanner/docs/migrating-mysql-to-spanner#migration-process Cloud SQL: Cloud SQL is a web service that allows you to create, configure, and use relational databases that live in Google's cloud. It is a fully-managed service that maintains, manages, and administers your databases, allowing you to focus on your applications and services.
https://cloud.google.com/sql/docs/mysql Cloud SQL for MySQL is a fully-managed database service that helps you set up, maintain, manage, and administer your MySQL relational databases on Google Cloud Platform.

NEW QUESTION # 99
You work for an organization that manages an online ecommerce website. Your company plans to expand across the world; however, the estore currently serves one specific region. You need to select a SQL database and configure a schema that will scale as your organization grows. You want to create a table that stores all customer transactions and ensure that the customer (CustomerId) and the transaction (TransactionId) are unique. What should you do?

• A. Create a Cloud SQL table that has TransactionId and CustomerId configured as primary keys. Use a random string (UUID) for the Transactionid.
• B. Create a Cloud Spanner table that has TransactionId and CustomerId configured as primary keys. Use a random string (UUID) for the TransactionId.
• C. Create a Cloud SQL table that has TransactionId and CustomerId configured as primary keys. Use an incremental number for the TransactionId.
• D. Create a Cloud Spanner table that has TransactionId and CustomerId configured as primary keys. Use an incremental number for the TransactionId.

Answer: B

NEW QUESTION # 100
Your application requires service accounts to be authenticated to GCP products via credentials stored on its host Compute Engine virtual machine instances. You want to distribute these credentials to the host instances as securely as possible. What should you do?

• A. Commit the credential JSON file into your application's source repository, and have your CI/CD process package it with the software that is deployed to the instance.
• B. Use the instance's service account Application Default Credentials to authenticate to the required resources.
• C. Generate a P12 file from the GCP Console after the instance is deployed, and copy the credentials to the host instance before starting the application.
• D. Use HTTP signed URLs to securely provide access to the required resources.

Answer: B

Explanation:
Reference: https://cloud.google.com/compute/docs/api/how-tos/authorization

NEW QUESTION # 101
You want to re-architect a monolithic application so that it follows a microservices model. You want to accomplish this efficiently while minimizing the impact of this change to the business.
Which approach should you take?

• A. Build a new application with the appropriate microservices separate from the monolith and replace it when it is complete.
• B. Refactor the monolithic application with appropriate microservices in a single effort and deploy it.
• C. Deploy the application to Compute Engine and turn on autoscaling.
• D. Replace the application's features with appropriate microservices in phases.

Answer: B

Explanation:
Reference: https://cloud.google.com/solutions/migrating-a-monolithic-app-to-microservices-gke

NEW QUESTION # 102
You migrated your applications to Google Cloud Platform and kept your existing monitoring platform. You now find that your notification system is too slow for time critical problems.
What should you do?

• A. Use Stackdriver to capture and alert on logs, then ship them to your existing platform.
• B. Replace your entire monitoring platform with Stackdriver.
• C. Migrate some traffic back to your old platform and perform AB testing on the two platforms concurrently.
• D. Install the Stackdriver agents on your Compute Engine instances.

Answer: D

NEW QUESTION # 103
Which of the following is an ESD precaution that must be taken when working with Apple devices?

• A. Pick up circuit boards using their connectors.
• B. Do not place internal components on metal surfaces.
• C. When handling internal components, wear synthetic materials.
• D. Use polyester foam mats to ground the workbench.

Answer: B

Explanation:
Explanation/Reference: http://www.peachpit.com/articles/article.aspx?p=760956

NEW QUESTION # 104
You are designing a schema for a table that will be moved from MySQL to Cloud Bigtable. The MySQL table is as follows:

How should you design a row key for Cloud Bigtable for this table?

• A. Set Event_timestamp as a key.
• B. Set Account_id_Event_timestamp as a key.
• C. Set Account_id as a key.
• D. Set Event_timestamp_Account_id as a key.

Answer: D

NEW QUESTION # 105
You are configuring a continuous integration pipeline using Cloud Build to automate the deployment of new container images to Google Kubernetes Engine (GKE). The pipeline builds the application from its source code, runs unit and integration tests in separate steps, and pushes the container to Container Registry. The application runs on a Python web server.
The Dockerfile is as follows:
FROM python:3.7-alpine -
COPY . /app -
WORKDIR /app -
RUN pip install -r requirements.txt
CMD [ "gunicorn", "-w 4", "main:app" ]
You notice that Cloud Build runs are taking longer than expected to complete. You want to decrease the build time. What should you do? (Choose two.)

• A. Store application source code on Cloud Storage, and configure the pipeline to use gsutil to download the source code.
• B. Cache the Docker image for subsequent builds using the -- cache-from argument in your build config file.
• C. Deploy a Container Registry on a Compute Engine VM in a VPC, and use it to store the final images.
• D. Change the base image in the Dockerfile to ubuntu:latest, and install Python 3.7 using a package manager utility.
• E. Select a virtual machine (VM) size with higher CPU for Cloud Build runs.

Answer: B,E

Explanation:
Explanation
https://cloud.google.com/build/docs/optimize-builds/increase-vcpu-for-builds By default, Cloud Build runs your builds on a standard virtual machine (VM). In addition to the standard VM, Cloud Build provides several high-CPU VM types to run builds. To increase the speed of your build, select a machine with a higher vCPU to run builds. Keep in mind that although selecting a high vCPU machine increases your build speed, it may also increase the startup time of your build as Cloud Build only starts non-standard machines on demand.
https://cloud.google.com/build/docs/optimize-builds/speeding-up-builds#using_a_cached_docker_image The easiest way to increase the speed of your Docker image build is by specifying a cached image that can be used for subsequent builds. You can specify the cached image by adding the --cache-from argument in your build config file, which will instruct Docker to build using that image as a cache source.

NEW QUESTION # 106
Your team is responsible for maintaining an application that aggregates news articles from many different sources. Your monitoring dashboard contains publicly accessible real-time reports and runs on a Compute Engine instance as a web application. External stakeholders and analysts need to access these reports via a secure channel without authentication. How should you configure this secure channel?

• A. Use Cloud Scheduler to trigger Cloud Build every hour to create an export from the reports. Store the reports in a public Cloud Storage bucket.
• B. Add a public IP address to the instance. Use the service account key of the instance to encrypt the traffic.
• C. Add an HTTP(S) load balancer in front of the monitoring dashboard. Configure Identity-Aware Proxy to secure the communication channel.
• D. Add an HTTP(S) load balancer in front of the monitoring dashboard. Set up a Google-managed SSL certificate on the load balancer for traffic encryption.

Answer: D

Explanation:
Explanation
https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs

NEW QUESTION # 107
Your data is stored in Cloud Storage buckets. Fellow developers have reported that data downloaded from Cloud Storage is resulting in slow API performance. You want to research the issue to provide details to the GCP support team. Which command should you run?

• A. gcloud compute scp example-instance:~/test-data -o output.json gs://my-bucket
• B. gcloud services test -o output.json gs://my-bucket
• C. gsutil perfdiag -o output.json gs://my-bucket
• D. gsutil test -o output.json gs://my-bucket

Answer: C

NEW QUESTION # 108
You are planning to deploy your application in a Google Kubernetes Engine (GKE) cluster. Your application can scale horizontally, and each instance of your application needs to have a stable network identity and its own persistent disk.
Which GKE object should you use?

• A. ReplicaController
• B. StatefulSet
• C. ReplicaSet
• D. Deployment

Answer: B

Explanation:
Explanation/Reference: https://livebook.manning.com/book/kubernetes-in-action/chapter-10/46

NEW QUESTION # 109
Your application is deployed in a Google Kubernetes Engine (GKE) cluster. When a new version of your application is released, your CI/CD tool updates the spec.template.spec.containers[0].image value to reference the Docker image of your new application version. When the Deployment object applies the change, you want to deploy at least 1 replica of the new version and maintain the previous replicas until the new replica is healthy.
Which change should you make to the GKE Deployment object shown below?

• A. Set the Deployment strategy to RollingUpdate with maxSurge set to 1, maxUnavailable set to 0.
• B. Set the Deployment strategy to Recreate with maxSurge set to 0, maxUnavailable set to 1.
• C. Set the Deployment strategy to RollingUpdate with maxSurge set to 0, maxUnavailable set to 1.
• D. Set the Deployment strategy to Recreate with maxSurge set to 1, maxUnavailable set to 0.

Answer: D

NEW QUESTION # 110
You recently developed an application. You need to call the Cloud Storage API from a Compute Engine instance that doesn't have a public IP address. What should you do?

• A. Use Shared VPC networks
• B. Use Carrier Peering
• C. Use VPC Network Peering
• D. Use Private Google Access

Answer: D

Explanation:
https://cloud.google.com/vpc/docs/private-google-access

NEW QUESTION # 111
You are designing an application that uses a microservices architecture. You are planning to deploy the application in the cloud and on-premises. You want to make sure the application can scale up on demand and also use managed services as much as possible. What should you do?

• A. Create a GKE cluster in each environment with Anthos, and use Cloud Run for Anthos to deploy your application to each cluster.
• B. Deploy open source Istio in a multi-cluster deployment on multiple Google Kubernetes Engine (GKE) clusters managed by Anthos.
• C. Create a GKE cluster in the cloud and install open-source Kubernetes on-premises. Use an external load balancer service to distribute traffic across the two environments.
• D. Install a GKE cluster in each environment with Anthos, and use Cloud Build to create a Deployment for your application in each cluster.

Answer: A

Explanation:
Explanation
https://cloud.google.com/anthos/run
Integrated with Anthos, Cloud Run for Anthos provides a flexible serverless development platform for hybrid and multicloud environments. Cloud Run for Anthos is Google's managed and fully supported Knative offering, an open source project that enables serverless workloads on Kubernetes.

NEW QUESTION # 112
You are a developer at a large organization. You have an application written in Go running in a production Google Kubernetes Engine (GKE) cluster. You need to add a new feature that requires access to BigQuery. You want to grant BigQuery access to your GKE cluster following Google-recommended best practices. What should you do?

• A. Create a Google service account with BigQuery access. Add the JSON key to Secret Manager, and use the Go client library to access the JSON key.
• B. Create a Google service account with BigQuery access. Add the Google service account JSON key as a Kubernetes secret, and configure the application to use this secret.
• C. Create a Google service account and a Kubernetes service account. Configure Workload Identity on the GKE cluster, and reference the Kubernetes service account on the application Deployment.
• D. Create a Google service account with BigQuery access. Add the Google service account JSON key to Secret Manager, and use an init container to access the secret for the application to use.

Answer: C

Explanation:
https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#what_is Applications running on GKE might need access to Google Cloud APIs such as Compute Engine API, BigQuery Storage API, or Machine Learning APIs.
Workload Identity allows a Kubernetes service account in your GKE cluster to act as an IAM service account. Pods that use the configured Kubernetes service account automatically authenticate as the IAM service account when accessing Google Cloud APIs. Using Workload Identity allows you to assign distinct, fine-grained identities and authorization for each application in your cluster.

NEW QUESTION # 113
......

Download Latest & Valid Questions For Google Professional-Cloud-Developer exam: https://actualtests.realvalidexam.com/Professional-Cloud-Developer-real-exam-dumps.html