
Professional-Cloud-DevOps-Engineer Free Certification Exam Material from PassCollection with 53 Questions
Use Real Professional-Cloud-DevOps-Engineer - 100% Cover Real Exam Questions
NEW QUESTION 29
You created a Stackdriver chart for CPU utilization in a dashboard within your workspace project. You want to share the chart with your Site Reliability Engineering (SRE) team only. You want to ensure you follow the principle of least privilege. What should you do?
- A. Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.
- B. Share the workspace Project ID with the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.
- C. Share the workspace Project ID with the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.
- D. Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.
Answer: C
NEW QUESTION 30
You use a multiple step Cloud Build pipeline to build and deploy your application to Google Kubernetes Engine (GKE). You want to integrate with a third-party monitoring platform by performing a HTTP POST of the build information to a webhook. You want to minimize the development effort. What should you do?
- A. Create a Cloud Pub/Sub push subscription to the Cloud Build cloud-builds PubSub topic to HTTP POST the build information to a webhook.
- B. Add logic to each Cloud Build step to HTTP POST the build information to a webhook.
- C. Add a new step at the end of the pipeline in Cloud Build to HTTP POST the build information to a webhook.
- D. Use Stackdriver Logging to create a logs-based metric from the Cloud Build logs. Create an Alert with a Webhook notification type.
Answer: A
NEW QUESTION 31
You support a high-traffic web application and want to ensure that the home page loads in a timely manner. As a first step, you decide to implement a Service Level Indicator (SLI) to represent home page request latency with an acceptable page load time set to 100 ms. What is the Google-recommended way of calculating this SLI?
- A. Count the number of home page requests that load in under 100 ms. and then divide by the total number of all web application requests.
- B. Count the number of home page requests that load in under 100 ms, and then divide by the total number of home page requests.
- C. Bucketize the request latencies into ranges, and then compute the median and 90th percentiles.
- D. Buckelize Ihe request latencies into ranges, and then compute the percentile at 100 ms.
Answer: B
NEW QUESTION 32
Your product is currently deployed in three Google Cloud Platform (GCP) zones with your users divided between the zones. You can fail over from one zone to another, but it causes a 10-minute service disruption for the affected users. You typically experience a database failure once per quarter and can detect it within five minutes. You are cataloging the reliability risks of a new real-time chat feature for your product. You catalog the following information for each risk:
* Mean Time to Detect (MUD} in minutes
* Mean Time to Repair (MTTR) in minutes
* Mean Time Between Failure (MTBF) in days
* User Impact Percentage
The chat feature requires a new database system that takes twice as long to successfully fail over between zones. You want to account for the risk of the new database failing in one zone. What would be the values for the risk of database failover with the new system?
- A. MTTD: 5
MTTR: 10
MTBF: 90
Impact: 33% - B. MTTD:5
MTTR: 20
MTBF: 90
Impact: 33% - C. MTTD:5
MTTR: 20
MTBF: 90
Impact: 50% - D. MTTD:5
MTTR: 10
MTBF: 90
Impact 50%
Answer: A
NEW QUESTION 33
Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to a Kubernetes cluster in the production environment. The security auditor is concerned that developers or operators could circumvent automated testing and push code changes to production without approval. What should you do to enforce approvals?
- A. Leverage Kubernetes Role-Based Access Control (RBAC) to restrict access to only approved users.
- B. Enable binary authorization inside the Kubernetes cluster and configure the build pipeline as an attestor.
- C. Configure the build system with protected branches that require pull request approval.
- D. Use an Admission Controller to verify that incoming requests originate from approved sources.
Answer: A
NEW QUESTION 34
Your team is designing a new application for deployment both inside and outside Google Cloud Platform (GCP). You need to collect detailed metrics such as system resource utilization. You want to use centralized GCP services while minimizing the amount of work required to set up this collection system. What should you do?
- A. Instrument the code using a timing library, and publish the metrics via a health check endpoint that is scraped by Stackdriver.
- B. Install an Application Performance Monitoring (APM) tool in both locations, and configure an export to a central data storage location for analysis.
- C. Import the Stackdriver Debugger package, and configure the application to emit debug messages with timing information.
- D. Import the Stackdriver Profiler package, and configure it to relay function timing data to Stackdriver for further analysis.
Answer: C
Explanation:
Explanation/Reference:
NEW QUESTION 35
You deploy a new release of an internal application during a weekend maintenance window when there is minimal user tragic. After the window ends, you learn that one of the new features isn't working as expected in the production environment. After an extended outage, you roll back the new release and deploy a fix. You want to modify your release process to reduce the mean time to recovery so you can avoid extended outages in the future. What should you do? (Choose two.)
- A. Before merging new code, require 2 different peers to review the code changes.
- B. Configure a CI server. Add a suite of unit tests to your code and have your CI server run them on commit and verify any changes.
- C. Adopt the blue/green deployment strategy when releasing new code via a CD server.
- D. Require developers to run automated integration tests on their local development environments before release.
- E. Integrate a code linting tool to validate coding standards before any code is accepted into the repository.
Answer: A,E
NEW QUESTION 36
You are performing a semi-annual capacity planning exercise for your flagship service. You expect a service user growth rate of 10% month-over-month over the next six months. Your service is fully containerized and runs on Google Cloud Platform (GCP), using a Google Kubernetes Engine (GKE) Standard regional cluster on three zones with cluster autoscaler enabled. You currently consume about 30% of your total deployed CPU capacity, and you require resilience against the failure of a zone. You want to ensure that your users experience minimal negative impact as a result of this growth or as a result of zone failure, while avoiding unnecessary costs. How should you prepare to handle the predicted growth?
- A. Because you are deployed on GKE and are using a cluster autoscaler, your GKE cluster will scale automatically regardless of growth rate.
- B. Verify the maximum node pool size, enable a horizontal pod autoscaler, and then perform a load test to verify your expected resource needs.
- C. Because you are at only 30% utilization, you have significant headroom and you won't need to add any additional capacity for this rate of growth.
- D. Proactively add 60% more node capacity to account for six months of 10% growth rate, and then perform a load test to make sure you have enough.
Answer: A
NEW QUESTION 37
Your team is designing a new application for deployment into Google Kubernetes Engine (GKE). You need to set up monitoring to collect and aggregate various application-level metrics in a centralized location. You want to use Google Cloud Platform services while minimizing the amount of work required to set up monitoring.
What should you do?
- A. Install the Cloud Pub/Sub client libraries, push various metrics from the application to various topics, and then observe the aggregated metrics in Stackdriver.
- B. Publish various metrics from the application directly to the Stackdriver Monitoring API, and then observe these custom metrics in Stackdriver.
- C. Install the OpenTelemetry client libraries in the application, configure Stackdriver as the export destination for the metrics, and then observe the application's metrics in Stackdriver.
- D. Emit all metrics in the form of application-specific log messages, pass these messages from the containers to the Stackdriver logging collector, and then observe metrics in Stackdriver.
Answer: C
NEW QUESTION 38
Your application services run in Google Kubernetes Engine (GKE). You want to make sure that only images from your centrally-managed Google Container Registry (GCR) image registry in the altostrat-images project can be deployed to the cluster while minimizing development time. What should you do?
- A. Add logic to the deployment pipeline to check that all manifests contain only images from gcr.io/altostrat-images.
- B. Add a tag to each image in gcr.io/altostrat-images and check that this tag is present when the image is deployed.
- C. Use a Binary Authorization policy that includes the whitelist name pattern gcr.io/attostrat-images/.
- D. Create a custom builder for Cloud Build that will only push images to gcr.io/altostrat-images.
Answer: B
NEW QUESTION 39
You need to run a business-critical workload on a fixed set of Compute Engine instances for several months.
The workload is stable with the exact amount of resources allocated to it. You want to lower the costs for this workload without any performance implications. What should you do?
- A. Purchase Committed Use Discounts.
- B. Create an Unmanaged Instance Group for the instances used to run the workload.
- C. Migrate the instances to a Managed Instance Group.
- D. Convert the instances to preemptible virtual machines.
Answer: D
Explanation:
Explanation/Reference: https://cloud.google.com/compute/docs/faq
NEW QUESTION 40
Your application images are built using Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What should you do when you push the image?
- A. Use GCR digest versioning to match the image to the tag in source control.
- B. Reference the image digest in the source control tag.
- C. Supply the source control tag as a parameter within the image name.
- D. Use Cloud Build to include the release version tag in the application image.
Answer: C
NEW QUESTION 41
Your team uses Cloud Build for all CI/CO pipelines. You want to use the kubectl builder for Cloud Build to deploy new images to Google Kubernetes Engine (GKE). You need to authenticate to GKE while minimizing development effort. What should you do?
- A. Create a new service account with the Container Developer role and use it to run Cloud Build.
- B. Create a separate step in Cloud Build to retrieve service account credentials and pass these to kubectl.
- C. Assign the Container Developer role to the Cloud Build service account.
- D. Specify the Container Developer role for Cloud Build in the cloudbuild.yaml file.
Answer: C
NEW QUESTION 42
Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach.
What should you do?
- A. Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.
- B. Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it.
- C. Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.
- D. Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.
Answer: A
NEW QUESTION 43
You need to reduce the cost of virtual machines (VM| for your organization. After reviewing different options, you decide to leverage preemptible VM instances. Which application is suitable for preemptible VMs?
- A. The organization's public-facing website
- B. A distributed, eventually consistent NoSQL database cluster with sufficient quorum
- C. A scalable in-memory caching system
- D. A GPU-accelerated video rendering platform that retrieves and stores videos in a storage bucket
Answer: D
NEW QUESTION 44
Your team is designing a new application for deployment both inside and outside Google Cloud Platform (GCP). You need to collect detailed metrics such as system resource utilization. You want to use centralized GCP services while minimizing the amount of work required to set up this collection system. What should you do?
- A. Instrument the code using a timing library, and publish the metrics via a health check endpoint that is scraped by Stackdriver.
- B. Import the Stackdriver Debugger package, and configure the application to emit debug messages with timing information.
- C. Install an Application Performance Monitoring (APM) tool in both locations, and configure an export to a central data storage location for analysis.
- D. Import the Stackdriver Profiler package, and configure it to relay function timing data to Stackdriver for further analysis.
Answer: C
NEW QUESTION 45
Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to a Kubernetes cluster in the production environment. The security auditor is concerned that developers or operators could circumvent automated testing and push code changes to production without approval. What should you do to enforce approvals?
- A. Configure the build system with protected branches that require pull request approval.
- B. Enable binary authorization inside the Kubernetes cluster and configure the build pipeline as an attestor.
- C. Use an Admission Controller to verify that incoming requests originate from approved sources.
- D. Leverage Kubernetes Role-Based Access Control (RBAC) to restrict access to only approved users.
Answer: A
NEW QUESTION 46
You are on-call for an infrastructure service that has a large number of dependent systems. You receive an alert indicating that the service is failing to serve most of its requests and all of its dependent systems with hundreds of thousands of users are affected. As part of your Site Reliability Engineering (SRE) incident management protocol, you declare yourself Incident Commander (IC) and pull in two experienced people from your team as Operations Lead (OLJ and Communications Lead (CL). What should you do next?
- A. Start a postmortem, add incident information, circulate the draft internally, and ask internal stakeholders for input.
- B. Look for ways to mitigate user impact and deploy the mitigations to production.
- C. Establish a communication channel where incident responders and leads can communicate with each other.
- D. Contact the affected service owners and update them on the status of the incident.
Answer: B
NEW QUESTION 47
You have a pool of application servers running on Compute Engine. You need to provide a secure solution that requires the least amount of configuration and allows developers to easily access application logs for troubleshooting. How would you implement the solution on GCP?
- A. * Install the gsutil command line tool on your application servers.
* Write a script using gsutil to upload your application log to a Cloud Storage bucket, and then schedule it to run via cron every 5 minutes.
* Give the developers the IAM Object Viewer access to view the logs in the specified bucket. - B. * Deploy the Stackdriver monitoring agent to the application servers.
* Give the developers the IAM Monitoring Viewer role to access Stackdriver and view metrics. - C. * Deploy the Stackdriver logging agent to the application servers.
* Give the developers the IAM Logs Viewer role to access Stackdriver and view logs. - D. * Deploy the Stackdriver logging agent to the application servers.
* Give the developers the IAM Logs Private Logs Viewer role to access Stackdriver and view logs.
Answer: D
NEW QUESTION 48
Your application images are built wing Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What would you do when you push the image?
- A. Use Cloud Build to include the release version tag in the application image.
- B. Use GCR digest versioning to match the image to the tag in source control.
- C. Supply the source control tag as a parameter within the image name.
- D. Reference the image digest in the source control tag.
Answer: A
NEW QUESTION 49
You are responsible for creating and modifying the Terraform templates that define your Infrastructure. Because two new engineers will also be working on the same code, you need to define a process and adopt a tool that will prevent you from overwriting each other's code. You also want to ensure that you capture all updates in the latest version. What should you do?
- A. * Store your code in a Git-based version control system.
* Establish a process that includes code reviews by peers and unit testing to ensure integrity and functionality before integration of code.
* Establish a process where the fully integrated code in the repository becomes the latest master version. - B. * Store your code in a Git-based version control system.
* Establish a process that allows developers to merge their own changes at the end of each day.
* Package and upload code lo a versioned Cloud Storage bucket as the latest master version. - C. * Store your code as text files in Google Drive in a defined folder structure that organizes the files.
* At the end of each day, confirm that all changes have been captured in the files within the folder structure and create a new .zip archive with a predefined naming convention.
* Upload the .zip archive to a versioned Cloud Storage bucket and accept it as the latest version. - D. * Store your code as text files in Google Drive in a defined folder structure that organizes the files.
* At the end of each day. confirm that all changes have been captured in the files within the folder structure.
* Rename the folder structure with a predefined naming convention that increments the version.
Answer: B
NEW QUESTION 50
......
Dumps Brief Outline Of The Professional-Cloud-DevOps-Engineer Exam: https://www.passcollection.com/Professional-Cloud-DevOps-Engineer_real-exams.html
Professional-Cloud-DevOps-Engineer Training & Certification Get Latest Cloud DevOps Engineer : https://drive.google.com/open?id=1ekN1MBp_gxxJ1bK9qiATmfQg9LbVWCEE

