Mar-2024 Professional-Cloud-DevOps-Engineer Study Material, Preparation Guide and PDF Download [Q32-Q56]

Share

Mar-2024 Professional-Cloud-DevOps-Engineer Study Material, Preparation Guide and PDF Download

Free Professional-Cloud-DevOps-Engineer Certification Sample Questions with Online Practice Test

NEW QUESTION # 32
You use Cloud Build to build your application. You want to reduce the build time while minimizing cost and development effort. What should you do?

  • A. Run multiple Jenkins agents to parallelize the build.
  • B. Use larger Cloud Build virtual machines (VMs) by using the machine-type option.
  • C. Use Cloud Storage to cache intermediate artifacts.
  • D. Use multiple smaller build steps to minimize execution time.

Answer: D


NEW QUESTION # 33
You need to deploy a new service to production. The service needs to automatically scale using a Managed Instance Group (MIG) and should be deployed over multiple regions. The service needs a large number of resources for each instance and you need to plan for capacity. What should you do?

  • A. Use the n1-highcpu-96 machine type in the configuration of the MIG.
  • B. Monitor results of Stackdriver Trace to determine the required amount of resources.
  • C. Validate that the resource requirements are within the available quota limits of each region.
  • D. Deploy the service in one region and use a global load balancer to route traffic to this region.

Answer: D


NEW QUESTION # 34
A third-party application needs to have a service account key to work properly When you try to export the key from your cloud project you receive an error "The organization policy constraint larn.disableServiceAccountKeyCreation is enforcedM You need to make the third-party application work while following Google-recommended security practices What should you do?

  • A. Enable the default service account key. and download the key
  • B. Remove the iam.disableServiceAccountKeyCreation policy at the organization level, and create a key.
  • C. Add a rule to set the iam.disableServiceAccountKeyCreation policy to off in your project and create a key.
  • D. Disable the service account key creation policy at the project's folder, and download the default key

Answer: C

Explanation:
Explanation
The best option for making the third-party application work while following Google-recommended security practices is to add a rule to set the iam.disableServiceAccountKeyCreation policy to off in your project and create a key. The iam.disableServiceAccountKeyCreation policy is an organization policy that controls whether service account keys can be created in a project or organization. By default, this policy is set to on, which means that service account keys cannot be created. However, you can override this policy at a lower level, such as a project, by adding a rule to set it to off. This way, you can create a service account key for your project without affecting other projects or organizations. You should also follow the best practices for managing service account keys, such as rotating them regularly, storing them securely, and deleting them when they are no longer needed.


NEW QUESTION # 35
You support the backend of a mobile phone game that runs on a Google Kubernetes Engine (GKE) cluster.
The application is serving HTTP requests from users. You need to implement a solution that will reduce the network cost. What should you do?

  • A. Configure your Kubernetes duster as a Private Cluster.
  • B. Configure the VPC as a Shared VPC Host project.
  • C. Configure your network services on the Standard Tier.
  • D. Configure a Google Cloud HTTP Load Balancer as Ingress.

Answer: C

Explanation:
Explanation
The Standard Tier network service offers lower network costs than the Premium Tier. This is the correct option to reduce the network cost for the application3.


NEW QUESTION # 36
You are responsible for creating and modifying the Terraform templates that define your Infrastructure. Because two new engineers will also be working on the same code, you need to define a process and adopt a tool that will prevent you from overwriting each other's code. You also want to ensure that you capture all updates in the latest version. What should you do?

  • A. * Store your code in a Git-based version control system.
    * Establish a process that allows developers to merge their own changes at the end of each day.
    * Package and upload code lo a versioned Cloud Storage bucket as the latest master version.
  • B. * Store your code as text files in Google Drive in a defined folder structure that organizes the files.
    * At the end of each day. confirm that all changes have been captured in the files within the folder structure.
    * Rename the folder structure with a predefined naming convention that increments the version.
  • C. * Store your code in a Git-based version control system.
    * Establish a process that includes code reviews by peers and unit testing to ensure integrity and functionality before integration of code.
    * Establish a process where the fully integrated code in the repository becomes the latest master version.
  • D. * Store your code as text files in Google Drive in a defined folder structure that organizes the files.
    * At the end of each day, confirm that all changes have been captured in the files within the folder structure and create a new .zip archive with a predefined naming convention.
    * Upload the .zip archive to a versioned Cloud Storage bucket and accept it as the latest version.

Answer: A


NEW QUESTION # 37
Your company operates in a highly regulated domain. Your security team requires that only trusted container images can be deployed to Google Kubernetes Engine (GKE). You need to implement a solution that meets the requirements of the security team, while minimizing management overhead. What should you do?

  • A. Configure Kritis to run in your GKE clusters to enforce deploy-time security policies.
  • B. Grant the roles/artifactregistry. writer role to the Cloud Build service account. Confirm that no employee has Artifact Registry write permission.
  • C. Configure Binary Authorization in your GKE clusters to enforce deploy-time security policies
  • D. Use Cloud Run to write and deploy a custom validator Enable an Eventarc trigger to perform validations when new images are uploaded.

Answer: C


NEW QUESTION # 38
You need to reduce the cost of virtual machines (VM| for your organization. After reviewing different options, you decide to leverage preemptible VM instances. Which application is suitable for preemptible VMs?

  • A. A GPU-accelerated video rendering platform that retrieves and stores videos in a storage bucket
  • B. A distributed, eventually consistent NoSQL database cluster with sufficient quorum
  • C. A scalable in-memory caching system
  • D. The organization's public-facing website

Answer: A


NEW QUESTION # 39
You support the backend of a mobile phone game that runs on a Google Kubernetes Engine (GKE) cluster. The application is serving HTTP requests from users. You need to implement a solution that will reduce the network cost. What should you do?

  • A. Configure the VPC as a Shared VPC Host project.
  • B. Configure your Kubernetes duster as a Private Cluster.
  • C. Configure a Google Cloud HTTP Load Balancer as Ingress.
  • D. Configure your network services on the Standard Tier.

Answer: B


NEW QUESTION # 40
Your company is developing applications that are deployed on Google Kubernetes Engine (GKE) Each team manages a different application You need to create the development and production environments for each team while you minimize costs Different teams should not be able to access other teams environments You want to follow Google-recommended practices What should you do?

  • A. Create a development and a production GKE cluster in separate projects In each cluster create a Kubernetes namespace per team and then configure Kubernetes role-based access control (RBAC) so that each team can only access its own namespace
  • B. Create one Google Cloud project per team In each project create a cluster for development and one for production Grant the teams Identity and Access Management (1AM) access to their respective clusters
  • C. Create a development and a production GKE cluster in separate projects In each cluster create a Kubernetes namespace per team and then configure Identity-Aware Proxy so that each team can only access its own namespace
  • D. Create one Google Cloud project per team In each project create a cluster with a Kubernetes namespace for development and one for production Grant the teams Identity and Access Management (1AM) access to their respective clusters.

Answer: A

Explanation:
The best option for creating the development and production environments for each team while minimizing costs and ensuring isolation is to create a development and a production GKE cluster in separate projects, in each cluster create a Kubernetes namespace per team, and then configure Kubernetes role-based access control (RBAC) so that each team can only access its own namespace. This option allows you to use fewer clusters and projects than creating one project or cluster per team, which reduces costs and complexity. It also allows you to isolate each team's environment by using namespaces and RBAC, which prevents teams from accessing other teams' environments.


NEW QUESTION # 41
Your company runs applications in Google Kubernetes Engine (GKE). Several applications rely on ephemeral volumes. You noticed some applications were unstable due to the DiskPressure node condition on the worker nodes. You need to identify which Pods are causing the issue, but you do not have execute access to workloads and nodes. What should you do?

  • A. Locate all the Pods with emptyDir volumes. use the df-h command to measure volume disk usage.
  • B. Check the node/ephemeral_storage/used_bytes metric by using Metrics Explorer.
  • C. Locate all the Pods with emptyDir volumes. Use the du -sh * command to measure volume disk usage.
  • D. Check the metric by using Metrics Explorer.

Answer: B

Explanation:
The correct answer is A, Check the node/ephemeral_storage/used_bytes metric by using Metrics Explorer.
The node/ephemeral_storage/used_bytes metric reports the total amount of ephemeral storage used by Pods on each node1. You can use Metrics Explorer to query and visualize this metric and filter it by node name, namespace, or Pod name2. This way, you can identify which Pods are consuming the most ephemeral storage and causing disk pressure on the nodes. You do not need to have execute access to the workloads or nodes to use Metrics Explorer.
The other options are incorrect because they require execute access to the workloads or nodes, which you do not have. The df -h and du -sh * commands are Linux commands that can measure disk usage, but you need to run them inside the Pods or on the nodes, which is not possible in your scenario34.
Reference:
Monitoring metrics for Kubernetes system components, Node metrics, node/ephemeral_storage/used_bytes. Using Metrics Explorer, Querying metrics. How do I find out disk space utilization information using Linux command line?, df command. How to check disk space in Linux from the command line, du command.


NEW QUESTION # 42
Your application images are built wing Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What would you do when you push the image?

  • A. Supply the source control tag as a parameter within the image name.
  • B. Use GCR digest versioning to match the image to the tag in source control.
  • C. Reference the image digest in the source control tag.
  • D. Use Cloud Build to include the release version tag in the application image.

Answer: D


NEW QUESTION # 43
You support a high-traffic web application and want to ensure that the home page loads in a timely manner. As a first step, you decide to implement a Service Level Indicator (SLI) to represent home page request latency with an acceptable page load time set to 100 ms. What is the Google-recommended way of calculating this SLI?

  • A. Count the number of home page requests that load in under 100 ms. and then divide by the total number of all web application requests.
  • B. Buckelize Ihe request latencies into ranges, and then compute the percentile at 100 ms.
  • C. Count the number of home page requests that load in under 100 ms, and then divide by the total number of home page requests.
  • D. Bucketize the request latencies into ranges, and then compute the median and 90th percentiles.

Answer: C

Explanation:
https://sre.google/workbook/implementing-slos/
In the SRE principles book, it's recommended treating the SLI as the ratio of two numbers: the number of good events divided by the total number of events. For example: Number of successful HTTP requests / total HTTP requests (success rate)


NEW QUESTION # 44
You are ready to deploy a new feature of a web-based application to production. You want to use Google Kubernetes Engine (GKE) to perform a phased rollout to half of the web server pods.
What should you do?

  • A. Use a stateful set with parallel pod management policy.
  • B. Use Node taints with NoExecute.
  • C. Use a replica set in the deployment specification.
  • D. Use a partitioned rolling update.

Answer: D

Explanation:
Explanation
https://medium.com/velotio-perspectives/exploring-upgrade-strategies-for-stateful-sets-in-kubernetes-c02b8286f


NEW QUESTION # 45
You support an application running on App Engine. The application is used globally and accessed from various device types. You want to know the number of connections. You are using Stackdriver Monitoring for App Engine. What metric should you use?

  • A. flex/connections/current
  • B. flex/instance/connections/current
  • C. tcp_ssl_proxy/open_connections
  • D. tcp_ssl_proxy/new_connections

Answer: A

Explanation:
Explanation
https://cloud.google.com/monitoring/api/metrics_gcp#gcp-appengine


NEW QUESTION # 46
You are using Stackdriver to monitor applications hosted on Google Cloud Platform (GCP). You recently deployed a new application, but its logs are not appearing on the Stackdriver dashboard.
You need to troubleshoot the issue. What should you do?

  • A. Confirm that the application is using the required client library and the service account key has proper permissions.
  • B. Confirm that port 25 has been opened in the firewall to allow messages through to Stackdriver.
  • C. Confirm that your account has the proper permissions to use the Stackdriver dashboard.
  • D. Confirm that the Stackdriver agent has been installed in the hosting virtual machine.

Answer: D

Explanation:
Explanation
https://cloud.google.com/monitoring/agent/monitoring/troubleshooting#checklist


NEW QUESTION # 47
You need to run a business-critical workload on a fixed set of Compute Engine instances for several months. The workload is stable with the exact amount of resources allocated to it. You want to lower the costs for this workload without any performance implications. What should you do?

  • A. Purchase Committed Use Discounts.
  • B. Convert the instances to preemptible virtual machines.
  • C. Create an Unmanaged Instance Group for the instances used to run the workload.
  • D. Migrate the instances to a Managed Instance Group.

Answer: B


NEW QUESTION # 48
You are part of an organization that follows SRE practices and principles. You are taking over the management of a new service from the Development Team, and you conduct a Production Readiness Review (PRR). After the PRR analysis phase, you determine that the service cannot currently meet its Service Level Objectives (SLOs). You want to ensure that the service can meet its SLOs in production. What should you do next?

  • A. Bring the service into production with no SLOs and build them when you have collected operational data.
  • B. Notify the development team that they will have to provide production support for the service.
  • C. Adjust the SLO targets to be achievable by the service so you can bring it into production.
  • D. Identify recommended reliability improvements to the service to be completed before handover.

Answer: B


NEW QUESTION # 49
You deployed an application into a large Standard Google Kubernetes Engine (GKE) cluster. The application is stateless and multiple pods run at the same time. Your application receives inconsistent traffic. You need to ensure that the user experience remains consistent regardless of changes in traffic. and that the resource usage of the cluster is optimized.
What should you do?

  • A. Configure a Vertical Pod Autoscaler.
  • B. Configure a Horizontal Pod Autoscaler.
  • C. Configure cluster autoscaling on the node pool.
  • D. Configure a cron job to scale the deployment on a schedule.

Answer: B


NEW QUESTION # 50
You use Spinnaker to deploy your application and have created a canary deployment stage in the pipeline. Your application has an in-memory cache that loads objects at start time. You want to automate the comparison of the canary version against the production version. How should you configure the canary analysis?

  • A. Compare the canary with the existing deployment of the current production version.
  • B. Compare the canary with a new deployment of the previous production version.
  • C. Compare the canary with the average performance of a sliding window of previous production versions.
  • D. Compare the canary with a new deployment of the current production version.

Answer: C


NEW QUESTION # 51
You encounter a large number of outages in the production systems you support. You receive alerts for all the outages that wake you up at night. The alerts are due to unhealthy systems that are automatically restarted within a minute. You want to set up a process that would prevent staff burnout while following Site Reliability Engineering practices. What should you do?

  • A. Create an incident report for each of the alerts.
  • B. Distribute the alerts to engineers in different time zones.
  • C. Redefine the related Service Level Objective so that the error budget is not exhausted.
  • D. Eliminate unactionable alerts.

Answer: D

Explanation:
Explanation
Eliminate bad monitoring : Unactionable alerts (i.e., spam)
https://cloud.google.com/blog/products/management-tools/meeting-reliability-challenges-with-sre-principles agree with kyubiblaze about having to remove unactionable items aka spam: "good monitoring alerts on actionable problems" @
https://cloud.google.com/blog/products/management-tools/meeting-reliability-challenges-with-sre-principles


NEW QUESTION # 52
You are designing a system with three different environments: development, quality assurance (QA), and production.
Each environment will be deployed with Terraform and has a Google Kubemetes Engine (GKE) cluster created so that application teams can deploy their applications. Anthos Config Management will be used and templated to deploy infrastructure level resources in each GKE cluster. All users (for example, infrastructure operators and application owners) will use GitOps. How should you structure your source control repositories for both Infrastructure as Code (laC) and application code?

  • A. Cloud Infrastructure (Terraform) repository is shared: different branches are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repository is shared: different overlay directories are different environments Application (app source code) repository is shared:
    different directories are different features
  • B. Cloud Infrastructure (Terraform) repositories are separated: different branches are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repositories are separated: different overlay directories are different environments Application (app source code) repositories are separated: different branches are different features
  • C. Cloud Infrastructure (Terraform) repository is shared: different directories are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repository is shared: different overlay directories are different environments Application (app source code) repositories are separated:
    different branches are different features
  • D. Cloud Infrastructure (Terraform) repository is shared: different directories are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repositories are separated:
    different branches are different environments Application (app source code) repositories are separated:
    different branches are different features

Answer: D

Explanation:
Explanation
The correct answer is B. Cloud Infrastructure (Terraform) repository is shared: different directories are different environments. GKE Infrastructure (Anthos Config Management Kustomize manifests) repositories are separated: different branches are different environments. Application (app source code) repositories are separated: different branches are different features.
This answer follows the best practices for using Terraform and Anthos Config Management with GitOps, as described in the following sources:
For Terraform, it is recommended to use a single repository for all environments, and use directories to separate them. This way, you can reuse the same Terraform modules and configurations across environments, and avoid code duplication and drift. You can also use Terraform workspaces to isolate the state files for each environment12.
For Anthos Config Management, it is recommended to use separate repositories for each environment, and use branches to separate the clusters within each environment. This way, you can enforce different policies and configurations for each environment, and use pull requests to promote changes across environments. You can also use Kustomize to create overlays for each cluster that apply specific patches or customizations34.
For application code, it is recommended to use separate repositories for each application, and use branches to separate the features or bug fixes for each application. This way, you can isolate the development and testing of each application, and use pull requests to merge changes into the main branch. You can also use tags or labels to trigger deployments to different environments5 .
References:
1: Best practices for using Terraform | Google Cloud
2: Terraform Recommended Practices - Part 1 | Terraform - HashiCorp Learn
3: Deploy Anthos on GKE with Terraform part 1: GitOps with Config Sync | Google Cloud Blog
4: Using Kustomize with Anthos Config Management | Anthos Config Management Documentation | Google Cloud
5: Deploy Anthos on GKE with Terraform part 3: Continuous Delivery with Cloud Build | Google Cloud Blog GitOps-style continuous delivery with Cloud Build | Cloud Build Documentation | Google Cloud


NEW QUESTION # 53
You support the backend of a mobile phone game that runs on a Google Kubernetes Engine (GKE) cluster. The application is serving HTTP requests from users. You need to implement a solution that will reduce the network cost. What should you do?

  • A. Configure your Kubernetes duster as a Private Cluster.
  • B. Configure the VPC as a Shared VPC Host project.
  • C. Configure a Google Cloud HTTP Load Balancer as Ingress.
  • D. Configure your network services on the Standard Tier.

Answer: C

Explanation:
Costs associated with a load balancer are charged to the project containing the load balancer components. Because of these benefits, container-native load balancing is the recommended solution for load balancing through Ingress. When NEGs are used with GKE Ingress, the Ingress controller facilitates the creation of all aspects of the L7 load balancer. This includes creating the virtual IP address, forwarding rules, health checks, firewall rules, and more. https://cloud.google.com/architecture/best-practices-for-running-cost-effective-kubernetes-applications-on-gke


NEW QUESTION # 54
Your company experiences bugs, outages, and slowness in its production systems. Developers use the production environment for new feature development and bug fixes. Configuration and experiments are done in the production environment, causing outages for users. Testers use the production environment for load testing, which often slows the production systems. You need to redesign the environment to reduce the number of bugs and outages in production and to enable testers to toad test new features. What should you do?

  • A. Create an automated testing script in production to detect failures as soon as they occur.
  • B. Secure the production environment to ensure that developers can't change it and set up one controlled update per year.
  • C. Create a development environment with smaller server capacity and give access only to developers and testers.
  • D. Create a development environment for writing code and a test environment for configurations, experiments, and load testing.

Answer: A


NEW QUESTION # 55
You are running an application in a virtual machine (VM) using a custom Debian image. The image has the Stackdriver Logging agent installed. The VM has the cloud-platform scope. The application is logging information via syslog. You want to use Stackdriver Logging in the Google Cloud Platform Console to visualize the logs. You notice that syslog is not showing up in the "All logs" dropdown list of the Logs Viewer. What is the first thing you should do?

  • A. Verify the VM service account access scope includes the monitoring.write scope.
  • B. SSH to the VM and execute the following commands on your VM: ps ax I grep fluentd
  • C. Look for the agent's test log entry in the Logs Viewer.
  • D. Install the most recent version of the Stackdriver agent.

Answer: B

Explanation:
Explanation
https://cloud.google.com/compute/docs/access/service-accounts#associating_a_service_account_to_an_instance


NEW QUESTION # 56
......


Google Professional-Cloud-DevOps-Engineer Certification Exam is an essential certification for professionals who want to validate their skills and expertise in Cloud DevOps engineering. It demonstrates to potential employers that the candidate has the necessary knowledge and experience to design, deploy, and manage applications on the Google Cloud platform. If you're a DevOps engineer looking to take your career to the next level, this certification is definitely worth considering.

 

Professional-Cloud-DevOps-Engineer  Certification Study Guide Pass Professional-Cloud-DevOps-Engineer Fast: https://www.passleadervce.com/Cloud-DevOps-Engineer/reliable-Professional-Cloud-DevOps-Engineer-exam-learning-guide.html

Professional-Cloud-DevOps-Engineer Dumps PDF 2024 Program Your Preparation EXAM SUCCESS: https://drive.google.com/open?id=1QODvibE4cVxiMxz8Xtd2YMwASjMScG5U