Professional-Cloud-DevOps-Engineer Actual Questions Answers PDF 100% Cover Real Exam Questions [Q11-Q32]

Share

Professional-Cloud-DevOps-Engineer Actual Questions Answers PDF 100% Cover Real Exam Questions

Professional-Cloud-DevOps-Engineer Exam questions and answers


Google Professional-Cloud-DevOps-Engineer (Google Cloud Certified - Professional Cloud DevOps Engineer) Certification Exam is designed to test the technical skills and knowledge of professionals who work with Google Cloud Platform (GCP) and are responsible for designing, building, and managing highly scalable, highly available, and highly reliable cloud-native applications using DevOps principles and practices. Professional-Cloud-DevOps-Engineer exam measures the candidate's ability to manage and automate workflows, deploy applications, monitor and optimize application performance, and implement security measures using GCP tools and services.

 

NEW QUESTION # 11
Your application images are built and pushed to Google Container Registry (GCR). You want to build an automated pipeline that deploys the application when the image is updated while minimizing the development effort. What should you do?

  • A. Use a custom builder in Cloud Build to trigger a Jenkins pipeline.
  • B. Use Cloud Pub/Sub to trigger a custom deployment service running in Google Kubernetes Engine (GKE).
  • C. Use Cloud Build to trigger a Spinnaker pipeline.
  • D. Use Cloud Pub/Sub to trigger a Spinnaker pipeline.

Answer: D

Explanation:
https://cloud.google.com/architecture/continuous-delivery-toolchain-spinnaker-cloud
https://spinnaker.io/guides/user/pipeline/triggers/pubsub/
The most efficient way to build an automated pipeline that deploys the application when the image is updated is to use Cloud Pub/Sub to trigger a Spinnaker pipeline. This way, you can leverage the built-in integration between GCR and Cloud Pub/Sub, and use Spinnaker as a continuous delivery platform for deploying your application .


NEW QUESTION # 12
You use Cloud Build to build your application. You want to reduce the build time while minimizing cost and development effort. What should you do?

  • A. Use larger Cloud Build virtual machines (VMs) by using the machine-type option.
  • B. Run multiple Jenkins agents to parallelize the build.
  • C. Use Cloud Storage to cache intermediate artifacts.
  • D. Use multiple smaller build steps to minimize execution time.

Answer: D


NEW QUESTION # 13
You are implementing a CI'CD pipeline for your application in your company s multi-cloud environment Your application is deployed by using custom Compute Engine images and the equivalent in other cloud providers You need to implement a solution that will enable you to build and deploy the images to your current environment and is adaptable to future changes Which solution stack should you use'?

  • A. Google Kubernetes Engine with Google Cloud Deploy
  • B. Cloud Build with Google Cloud Deploy
  • C. Cloud Build with Packer
  • D. Cloud Build with kpt

Answer: B

Explanation:
Cloud Build is a fully managed continuous integration and continuous delivery (CI/CD) service that helps you automate your builds, tests, and deployments. Google Cloud Deploy is a service that automates the deployment of your applications to Google Kubernetes Engine (GKE).
Together, Cloud Build and Google Cloud Deploy can be used to build and deploy your application's custom Compute Engine images to your current environment and to other cloud providers in the future.
Here are the steps involved in using Cloud Build and Google Cloud Deploy to implement a CI/CD pipeline for your application:
Create a Cloud Build trigger that fires whenever a change is made to your application's code.
In the Cloud Build trigger, configure Cloud Build to build your application's Docker image.
Create a Google Cloud Deploy configuration file that specifies how to deploy your application's Docker image to GKE.
In Google Cloud Deploy, create a deployment that uses your configuration file.
Once you have created the Cloud Build trigger and Google Cloud Deploy configuration file, any changes made to your application's code will trigger Cloud Build to build a new Docker image. Google Cloud Deploy will then deploy the new Docker image to GKE.
This solution stack is adaptable to future changes because it uses a cloud-agnostic approach. Cloud Build can be used to build Docker images for any cloud provider, and Google Cloud Deploy can be used to deploy Docker images to any Kubernetes cluster.
The other solution stacks are not as adaptable to future changes. For example, solution stack A (Cloud Build with Packer) is limited to building Docker images for Compute Engine. Solution stack C (Google Kubernetes Engine with Google Cloud Deploy) is limited to deploying Docker images to GKE. Solution stack D (Cloud Build with kpt) is a newer solution that is not yet as mature as Cloud Build and Google Cloud Deploy.
Overall, the best solution stack for implementing a CI/CD pipeline for your application in a multi-cloud environment is Cloud Build with Google Cloud Deploy. This solution stack is fully managed, cloud-agnostic, and adaptable to future changes.


NEW QUESTION # 14
You are configuring the frontend tier of an application deployed in Google Cloud The frontend tier is hosted in ngmx and deployed using a managed instance group with an Envoy-based external HTTP(S) load balancer in front The application is deployed entirely within the europe-west2 region: and only serves users based in the United Kingdom. You need to choose the most cost-effective network tier and load balancing configuration What should you use?

  • A. Premium Tier with a regional load balancer
  • B. Standard Tier with a global load balancer
  • C. Premium Tier with a global load balancer
  • D. Standard Tier with a regional load balancer

Answer: A

Explanation:
Explanation
The most cost-effective network tier and load balancing configuration for your frontend tier is to use Premium Tier with a regional load balancer. Premium Tier is a network tier that provides high-performance and low-latency network connectivity across Google's global network. A regional load balancer is a load balancer that distributes traffic within a single region. Since your application is deployed entirely within the europe-west2 region and only serves users based in the United Kingdom, you can use Premium Tier with a regional load balancer to optimize the network performance and cost.


NEW QUESTION # 15
You created a Stackdriver chart for CPU utilization in a dashboard within your workspace project. You want to share the chart with your Site Reliability Engineering (SRE) team only. You want to ensure you follow the principle of least privilege. What should you do?

  • A. Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.
  • B. Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.
  • C. Share the workspace Project ID with the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.
  • D. Share the workspace Project ID with the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.

Answer: C


NEW QUESTION # 16
You support an application running on GCP and want to configure SMS notifications to your team for the most critical alerts in Stackdriver Monitoring. You have already identified the alerting policies you want to configure this for. What should you do?

  • A. Select the Webhook notifications option for each alerting policy, and configure it to use a third-party integration tool. Ensure that your team members add their SMS/phone numbers to the external tool.
  • B. Configure a Slack notification for each alerting policy. Set up a Slack-to-SMS integration to send SMS messages when Slack messages are received. Ensure that your team members add their SMS/phone numbers to the external integration.
  • C. Download and configure a third-party integration between Stackdriver Monitoring and an SMS gateway. Ensure that your team members add their SMS/phone numbers to the external tool.
  • D. Ensure that your team members set their SMS/phone numbers in their Stackdriver Profile. Select the SMS notification option for each alerting policy and then select the appropriate SMS/phone numbers from the list.

Answer: B


NEW QUESTION # 17
You are performing a semi-annual capacity planning exercise for your flagship service You expect a service user growth rate of 10% month-over-month for the next six months Your service is fully containerized and runs on a Google Kubemetes Engine (GKE) standard cluster across three zones with cluster autoscaling enabled You currently consume about 30% of your total deployed CPU capacity and you require resilience against the failure of a zone. You want to ensure that your users experience minimal negative impact as a result of this growth o' as a result of zone failure while you avoid unnecessary costs How should you prepare to handle the predicted growth?

  • A. Because you are only using 30% of deployed CPU capacity there is significant headroom and you do not need to add any additional capacity for this rate of growth
  • B. Verify the maximum node pool size enable a Horizontal Pod Autoscaler and then perform a load lest to verify your expected resource needs
  • C. Proactively add 80% more node capacity to account for six months of 10% growth rate and then perform a load test to ensure that you have enough capacity
  • D. Because you deployed the service on GKE and are using a cluster autoscaler your GKE cluster will scale automatically regardless of growth rate

Answer: B

Explanation:
The best option for preparing to handle the predicted growth is to verify the maximum node pool size, enable a Horizontal Pod Autoscaler, and then perform a load test to verify your expected resource needs. The maximum node pool size is a parameter that specifies the maximum number of nodes that can be added to a node pool by the cluster autoscaler. You should verify that the maximum node pool size is sufficient to accommodate your expected growth rate and avoid hitting any quota limits. The Horizontal Pod Autoscaler is a feature that automatically adjusts the number of Pods in a deployment or replica set based on observed CPU utilization or custom metrics. You should enable a Horizontal Pod Autoscaler for your application to ensure that it runs enough Pods to handle the load. A load test is a test that simulates high user traffic and measures the performance and reliability of your application. You should perform a load test to verify your expected resource needs and identify any bottlenecks or issues.


NEW QUESTION # 18
You recently noticed that one Of your services has exceeded the error budget for the current rolling window period. Your company's product team is about to launch a new feature. You want to follow Site Reliability Engineering (SRE) practices.
What should you do?

  • A. Escalate the situation and request additional error budget.
  • B. Look through other metrics related to the product and find SLOs with remaining error budget. Reallocate the error budgets and allow the feature launch.
  • C. Notify the team about the lack of error budget and ensure that all their tests are successful so the launch will not further risk the error budget.
  • D. Notify the team that their error budget is used up. Negotiate with the team for a launch freeze or tolerate a slightly worse user experience.

Answer: D

Explanation:
The correct answer is
A, Notify the team that their error budget is used up. Negotiate with the team for a launch freeze or tolerate a slightly worse user experience.
According to the Site Reliability Engineering (SRE) practices, an error budget is the amount of unreliability that a service can tolerate without harming user satisfaction1. An error budget is derived from the service-level objectives (SLOs), which are the measurable goals for the service quality2. When a service exceeds its error budget, it means that it has violated its SLOs and may have negatively impacted the users. In this case, the SRE team should notify the product team that their error budget is used up and negotiate with them for a launch freeze or a lower SLO3. A launch freeze means that no new features are deployed until the service reliability is restored. A lower SLO means that the product team accepts a slightly worse user experience in exchange for launching new features. Both options require a trade-off between reliability and innovation, and should be agreed upon by both teams.
The other options are incorrect because they do not follow the SRE practices. Option B is incorrect because it violates the principle of error budget autonomy, which means that each service should have its own error budget and SLOs, and should not borrow or reallocate them from other services4. Option C is incorrect because it does not address the root cause of the error budget overspend, and may create unrealistic expectations for the service reliability. Option D is incorrect because it does not prevent the possibility of introducing new errors or bugs with the feature launch, which may further degrade the service quality and user satisfaction.
Reference:
Error Budgets, Error Budgets. Service Level Objectives, Service Level Objectives. Error Budget Policies, Error Budget Policies. Error Budget Autonomy, Error Budget Autonomy.


NEW QUESTION # 19
You are working with a government agency that requires you to archive application logs for seven years. You need to configure Stackdriver to export and store the logs while minimizing costs of storage. What should you do?

  • A. Create a Cloud Storage bucket and develop your application to send logs directly to the bucket.
  • B. Develop an App Engine application that pulls the logs from Stackdriver and saves them in BigQuery.
  • C. Create an export in Stackdriver and configure Cloud Pub/Sub to store logs in permanent storage for seven years.
  • D. Create a sink in Stackdriver, name it, create a bucket on Cloud Storage for storing archived logs, and then select the bucket as the log export destination.

Answer: D

Explanation:
https://cloud.google.com/logging/docs/routing/overview


NEW QUESTION # 20
You manage several production systems that run on Compute Engine in the same Google Cloud Platform (GCP) project. Each system has its own set of dedicated Compute Engine instances. You want to know how must it costs to run each of the systems. What should you do?

  • A. In the Google Cloud Platform Console, use the Cost Breakdown section to visualize the costs per system.
  • B. Enrich all instances with metadata specific to the system they run. Configure Stackdriver Logging to export to BigQuery, and query costs based on the metadata.
  • C. Name each virtual machine (VM) after the system it runs. Set up a usage report export to a Cloud Storage bucket. Configure the bucket as a source in BigQuery to query costs based on VM name.
  • D. Assign all instances a label specific to the system they run. Configure BigQuery billing export and query costs per label.

Answer: D

Explanation:
Explanation
https://cloud.google.com/billing/docs/how-to/export-data-bigquery


NEW QUESTION # 21
Your company follows Site Reliability Engineering practices. You are the person in charge of Communications for a large, ongoing incident affecting your customer-facing applications. There is still no estimated time for a resolution of the outage. You are receiving emails from internal stakeholders who want updates on the outage, as well as emails from customers who want to know what is happening. You want to efficiently provide updates to everyone affected by the outage. What should you do?

  • A. Provide periodic updates to all stakeholders in a timely manner. Commit to a "next update" time in all communications.
  • B. Provide all internal stakeholder emails to the Incident Commander, and allow them to manage internal communications. Focus on providing responses directly to customers.
  • C. Focus on responding to internal stakeholders at least every 30 minutes. Commit to "next update" times.
  • D. Delegate the responding to internal stakeholder emails to another member of the Incident Response Team. Focus on providing responses directly to customers.

Answer: A

Explanation:
When disaster strikes, the person who declares the incident typically steps into the IC role and directs the high-level state of the incident. The IC concentrates on the 3Cs and does the following: Commands and coordinates the incident response, delegating roles as needed. By default, the IC assumes all roles that have not been delegated yet. Communicates effectively. Stays in control of the incident response. Works with other responders to resolve the incident. https://sre.google/workbook/incident-response/


NEW QUESTION # 22
You are configuring a Cl pipeline. The build step for your Cl pipeline integration testing requires access to APIs inside your private VPC network. Your security team requires that you do not expose API traffic publicly. You need to implement a solution that minimizes management overhead. What should you do?

  • A. Use Cloud Build private pools to connect to the private VPC.
  • B. Use Cloud Build as a pipeline runner. Configure External HTTP(S) Load Balancing with a Google Cloud Armor policy for API access.
  • C. Use Spinnaker for Google Cloud to connect to the private VPC.
  • D. Use Cloud Build as a pipeline runner. Configure Internal HTTP(S) Load Balancing for API access.

Answer: A

Explanation:
Explanation
Cloud Build is a service that executes your builds on Google Cloud Platform infrastructure1. Cloud Build can be used as a pipeline runner for your CI pipeline, which is a process that automates the integration and testing of your code2. Cloud Build private pools are private, dedicated pools of workers that offer greater customization over the build environment, including the ability to access resources in a private VPC network3.
A VPC network is a virtual network that provides connectivity for your Google Cloud resources and services. By using Cloud Build private pools, you can implement a solution that minimizes management overhead, as Cloud Build private pools are hosted and fully-managed by Cloud Build and scale up and down to zero, with no infrastructure to set up, upgrade, or scale3. You can also implement a solution that meets your security requirement, as Cloud Build private pools use network peering to connect into your private VPC network and do not expose API traffic publicly.


NEW QUESTION # 23
You use Cloud Build to build and deploy your application. You want to securely incorporate database credentials and other application secrets into the build pipeline. You also want to minimize the development effort. What should you do?

  • A. Use client-side encryption to encrypt the secrets and store them in a Cloud Storage bucket. Store a decryption key in the bucket and grant Cloud Build access to the bucket.
  • B. Encrypt the secrets and store them in the application repository. Store a decryption key in a separate repository and grant Cloud Build access to the repository.
  • C. Create a Cloud Storage bucket and use the built-in encryption at rest. Store the secrets in the bucket and grant Cloud Build access to the bucket.
  • D. Use Cloud Key Management Service (Cloud KMS) to encrypt the secrets and include them in your Cloud Build deployment configuration. Grant Cloud Build access to the KeyRing.

Answer: D

Explanation:
Explanation
https://cloud.google.com/build/docs/securing-builds/use-encrypted-credentials


NEW QUESTION # 24
You support an application deployed on Compute Engine. The application connects to a Cloud SQL instance to store and retrieve dat a. After an update to the application, users report errors showing database timeout messages. The number of concurrent active users remained stable. You need to find the most probable cause of the database timeout. What should you do?

  • A. Use Stackdriver Profiler to visualize the resources utilization throughout the application.
  • B. Use Cloud Security Scanner to see whether your Cloud SQL is under a Distributed Denial of Service (DDoS) attack.
  • C. Check the serial port logs of the Compute Engine instance.
  • D. Determine whether there is an increased number of connections to the Cloud SQL instance.

Answer: D


NEW QUESTION # 25
You currently store the virtual machine (VM) utilization logs in Stackdriver. You need to provide an easy-to-share interactive VM utilization dashboard that is updated in real time and contains information aggregated on a quarterly basis. You want to use Google Cloud Platform solutions. What should you do?

  • A. 1. Export VM utilization logs from Stackdriver to a Cloud Storage bucket.
    2. Enable the Cloud Storage API to pull the logs programmatically.
    3. Build a custom data visualization application.
    4. Display the pulled logs in a custom dashboard.
  • B. 1. Export VM utilization logs from Stackdriver to Cloud Pub/Sub.
    2. From Cloud Pub/Sub, send the logs to a Security Information and Event Management (SIEM) system.
    3. Build the dashboards in the SIEM system and share with your stakeholders.
  • C. 1. Export VM utilization logs (rom Stackdriver to BigQuery.
    2. From BigQuery. export the logs to a CSV file.
    3. Import the CSV file into Google Sheets.
    4. Build a dashboard in Google Sheets and share it with your stakeholders.
  • D. 1. Export VM utilization logs from Stackdriver to BigOuery.
    2. Create a dashboard in Data Studio.
    3. Share the dashboard with your stakeholders.

Answer: D


NEW QUESTION # 26
You want to share a Cloud Monitoring custom dashboard with a partner team What should you do?

  • A. Copy the Monitoring Query Language (MQL) query from the dashboard; and send the MQL query to the partner team
  • B. Provide the partner team with the dashboard URL to enable the partner team to create a copy of the dashboard
  • C. Download the JSON definition of the dashboard, and send the JSON file to the partner team
  • D. Export the metrics to BigQuery Use Looker Studio to create a dashboard, and share the dashboard with the partner team

Answer: B

Explanation:
The best option for sharing a Cloud Monitoring custom dashboard with a partner team is to provide the partner team with the dashboard URL to enable the partner team to create a copy of the dashboard. A Cloud Monitoring custom dashboard is a dashboard that allows you to create and customize charts and widgets to display metrics, logs, and traces from your Google Cloud resources and applications. You can share a custom dashboard with a partner team by providing them with the dashboard URL, which is a link that allows them to view the dashboard in their browser. The partner team can then create a copy of the dashboard in their own project by using the Copy Dashboard option. This way, they can access and modify the dashboard without affecting the original one.


NEW QUESTION # 27
Your application images are built using Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What should you do when you push the image?

  • A. Supply the source control tag as a parameter within the image name.
  • B. Use Cloud Build to include the release version tag in the application image.
  • C. Reference the image digest in the source control tag.
  • D. Use GCR digest versioning to match the image to the tag in source control.

Answer: B


NEW QUESTION # 28
You support the backend of a mobile phone game that runs on a Google Kubernetes Engine (GKE) cluster.
The application is serving HTTP requests from users. You need to implement a solution that will reduce the network cost. What should you do?

  • A. Configure a Google Cloud HTTP Load Balancer as Ingress.
  • B. Configure your network services on the Standard Tier.
  • C. Configure your Kubernetes duster as a Private Cluster.
  • D. Configure the VPC as a Shared VPC Host project.

Answer: B

Explanation:
Explanation
The Standard Tier network service offers lower network costs than the Premium Tier. This is the correct option to reduce the network cost for the application3.


NEW QUESTION # 29
Your team is writing a postmortem after an incident on your external facing application Your team wants to improve the postmortem policy to include triggers that indicate whether an incident requires a postmortem Based on Site Reliability Engineenng (SRE) practices, what triggers should be defined in the postmortem policy?
Choose 2 answers

  • A. Data is lost due to an incident
  • B. The monitoring system detects that one of the instances for your application has failed
  • C. An external stakeholder asks for a postmortem
  • D. An internal stakeholder requests a postmortem
  • E. The CD pipeline detects an issue and rolls back a problematic release.

Answer: C,D

Explanation:
Explanation
The best options for defining triggers that indicate whether an incident requires a postmortem based on Site Reliability Engineering (SRE) practices are an external stakeholder asks for a postmortem and data is lost due to an incident. An external stakeholder is someone who is affected by or has an interest in the service, such as a customer or a partner. If an external stakeholder asks for a postmortem, it means that they are concerned about the impact or root cause of the incident, and they expect an explanation and remediation from the service provider. Therefore, this should trigger a postmortem to address their concerns and improve their satisfaction. Data loss is a serious consequence of an incident that can affect the integrity and reliability of the service. If data is lost due to an incident, it means that there was a failure in the backup or recovery mechanisms, or that there was a corruption or deletion of data. Therefore, this should trigger a postmortem to investigate the cause and impact of the data loss, and to prevent it from happening again.


NEW QUESTION # 30
Your company is using HTTPS requests to trigger a public Cloud Run-hosted service accessible at the
https://booking-engine-abcdef .a.run.app URL You need to give developers the ability to test the latest revisions of the service before the service is exposed to customers What should you do?

  • A. Runthegcioud run services update-traffic booking-engine -to-revisions LATEST*! command Use the ht tps: //booking-engine-abcdef. a. run. ape URL for testing
  • B. Pass the curl -K "Authorization: Hearer S(gclcud auth print-identity-token)" auth token Use the https: /
    /booking-engine-abcdef. a. run. app URL to test privately
  • C. Runthegcioud run deploy booking-engine -no-traffic --ag dev command Use the
    https://dev----booking-engine-abcdef. a. run. app URL for testing
  • D. Grant the roles/run. invoker role to the developers testing the booking-engine service Use the https:
    //booking-engine-abcdef. private. run. app URL for testing

Answer: A

Explanation:
Explanation
The best option for securing the CI/CD deployment pipeline is to configure vulnerability analysis with Artifact Registry and Binary Authorization. Vulnerability analysis is a feature that allows you to scan container images for known vulnerabilities and security issues. You can use vulnerability analysis with Artifact Registry, which is a service that allows you to store and manage container images and other artifacts. By using vulnerability analysis with Artifact Registry, you can ensure that your container images are scanned for vulnerabilities before they are deployed. Binary Authorization is a feature that allows you to enforce signature-based validation when deploying container images. You can use Binary Authorization with Cloud Build, which is a service that allows you to build and deploy container images. By using Binary Authorization with Cloud Build, you can ensure that only authorized and verified container images are deployed to your environment.


NEW QUESTION # 31
You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (PII) is leaking into certain log entry fields. You want to prevent these fields from being written in new log entries as quickly as possible. What should you do?

  • A. Use the fluent-plugin-record-reformer Fluentd output plugin to remove the fields from the log entries in flight.
  • B. Stage log entries to Cloud Storage, and then trigger a Cloud Function to remove the fields and write the entries to Stackdriver via the Stackdriver Logging API.
  • C. Use the filter-record-transformer Fluentd filter plugin to remove the fields from the log entries in flight.
  • D. Wait for the application developers to patch the application, and then verify that the log entries are no longer exposing PII.

Answer: A


NEW QUESTION # 32
......

DumpsTorrent Professional-Cloud-DevOps-Engineer Exam Practice Test Questions: https://www.dumpstorrent.com/Professional-Cloud-DevOps-Engineer-exam-dumps-torrent.html

Pass Professional-Cloud-DevOps-Engineer Exam Info and Free Practice Test: https://drive.google.com/open?id=1U78ptk-jkM2f4rA6a4F3TDbBDJIbg5lS