Professional-Cloud-Developer Google Certified Professional - Cloud Developer Question and Answers

Provision Cloud KMS in its own project.

Do not assign an owner to the Cloud KMS project.

Provision Cloud KMS in the project where the keys are being used.

Grant the roles/cloudkms.admin role to the owner of the project where the keys from Cloud KMS are being used.

Grant an owner role for the Cloud KMS project to a different user than the owner of the project where the keys from Cloud KMS are being used.

Use Stackdriver Monitoring to plot slot usage.

Use Stackdriver Trace to plot API execution time.

Use Stackdriver Trace to plot query execution time.

Use Stackdriver Monitoring to plot query execution times.

Google Cloud Armor

Debugger

Web Security Scanner

Error Reporting

Increase the size of the instance class.

Change the Persistent Disk type to SSD.

Change /product-details to perform the requests in parallel.

Store the /sku-details information in a database, and replace the webservice call with a database query.

Create aggregated exports on application logs to BigQuery to facilitate log analytics.

Create aggregated exports on application logs to Cloud Storage to facilitate log analytics.

Write log output to standard output (stdout) as single-line JSON to be ingested into Cloud Logging as structured logs.

Mandate the use of the Logging API in the application code to write structured logs to Cloud Logging.

Mandate the use of the Pub/Sub API to write structured data to Pub/Sub and create a Dataflow streaming pipeline to normalize logs and write them to BigQuery for analytics.

Move the data to a Cloud Storage bucket, and mount the bucket on the filesystem using Cloud Storage

FUSE.

Move the data to a Cloud Storage bucket, and copy the data to the boot disk of the instance via a startup

script.

Move the data to a Compute Engine persistent disk, and attach the disk in read-only mode to multiple

Compute Engine virtual machine instances.

Move the data to a Compute Engine persistent disk, take a snapshot, create multiple disks from the

snapshot, and attach each disk to its own instance.

Configure Cloud SQL to host the database, and import the schema into Cloud SQL.

Deploy MySQL from the Google Cloud Marketplace to the database using a client, and import the schema.

Configure Bigtable to host the database, and import the data into Bigtable.

Configure Cloud Spanner to host the database, and import the schema into Cloud Spanner.

Configure Firestore to host the database, and import the data into Firestore.

Uptime check

Process health

Metric absence

Metric threshold

Add the users to their projects, assign the relevant roles to the users, and then provide the users with each relevant Project ID.

Add the users to their projects, assign the relevant roles to the users, and then provide the users with each relevant Project Number.

Create groups, add the users to their groups, assign the relevant roles to the groups, and then provide the users with each relevant Project ID.

Create groups, add the users to their groups, assign the relevant roles to the groups, and then provide the users with each relevant Project Number.

Deploy Zonal clusters

Deploy Regional clusters

Deploy Multi-Zone clusters

Deploy GKE on-premises clusters

Trigger a Spinnaker pipeline configured as an A/B test of your new code and, if it is successful, deploy the container to production.

Trigger a Spinnaker pipeline configured as a canary test of your new code and, if it is successful, deploy the container to production.

Trigger another Cloud Build job that uses the Kubernetes CLI tools to deploy your new container to your GKE cluster, where you can perform a canary test.

Trigger another Cloud Build job that uses the Kubernetes CLI tools to deploy your new container to your GKE cluster, where you can perform a shadow test.

Your user account does not have privileges to interact with the cluster using kubectl.

Your Cloud Shell external IP address is not part of the authorized networks of the cluster.

The Cloud Shell is not part of the same VPC as the GKE cluster.

A VPC firewall is blocking access to the cluster’s endpoint.

Ask the developers to use Cloud Shell and run gcloud container clusters get-credentials to switch to another cluster.

Ask the developers to open three terminals on their workstation and use kubecrt1 config to configure access to each cluster.

Ask the developers to install the gcloud CLI on their workstation and run gcloud container clusters get-credentials to switch to another cluster

In a configuration file, define the clusters users, and contexts Email the file to the developers and ask them to use kubect1 config to add cluster, user and context details.

With an OAuth Client ID that uses the https://www.googleapis.com/auth/drive.file scope to

obtain an access token for each user.

With an OAuth Client ID with delegated domain-wide authority.

With the App Engine service account and https://www.googleapis.com/auth/drive.file scope

that generates a signed JWT.

With the App Engine service account with delegated domain-wide authority.

Use Cloud Logging to check for error logs, and reduce Spanner processing units by small increments until you find the minimum capacity required.

Use Cloud Trace to monitor the requests per sec of incoming requests to Spanner, and reduce Spanner processing units by small increments until you find the minimum capacity required.

Use Cloud Monitoring to monitor the CPU utilization, and reduce Spanner processing units by small increments until you find the minimum capacity required.

Use Snapshot Debugger to check for application errors, and reduce Spanner processing units by small increments until you find the minimum capacity required.

Deploy the website on App Engine and use traffic splitting.

Deploy the website on App Engine as three separate services.

Deploy the website on Cloud Functions and use traffic splitting.

Deploy the website on Cloud Functions as three separate functions.

Leave the original Cloud Function as-is and deploy a second Cloud Function with the new API. Use a load balancer to distribute calls between the versions.

Leave the original Cloud Function as-is and deploy a second Cloud Function that includes only the changed API. Calls are automatically routed to the correct function.

Leave the original Cloud Function as-is and deploy a second Cloud Function with the new API. Use Cloud Endpoints to provide an API gateway that exposes a versioned API.

Re-deploy the Cloud Function after making code changes to support the new API. Requests for both versions of the API are fulfilled based on a version identifier included in the call.

Use an Ingress that uses the API's URL to route requests to the appropriate backend.

Leverage a Service Discovery system, and connect to the backend specified by the request.

Use multiple clusters, and use DNS entries to route requests to separate versioned backends.

Combine multiple versions in the same service, and then specify the API version in the POST request.

Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Verify the provided JSON Web Token within the application.

Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Issue client-side certificates to everybody in the finance team and verify the certificates in the application.

Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Verify the provided JSON Web Token within the application.

Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Issue client side certificates to everybody in the finance team and verify the certificates in the application.

Add a Stackdriver counter metric for path:/api/alpha/.

Add a Stackdriver counter metric for endpoint:/api/alpha/*.

Export the logs to Cloud Storage and count lines matching /api/alphA.

Export the logs to Cloud Pub/Sub and count lines matching /api/alphA.

Install the Stackdriver Logging Agent and configure it to send the application logs.

Use a Stackdriver Logging Library to log directly from the application to Stackdriver Logging.

Provide the log file folder path in the metadata of the instance to configure it to send the application logs.

Change the application to log to /var/log so that its logs are automatically sent to Stackdriver Logging.

Vertical Pod Autoscaler in Auto mode

Vertical Pod Autoscaler in Recommendation mode

Horizontal Pod Autoscaler based on an external metric

Horizontal Pod Autoscaler based on resources utilization

Your Memorystore for Redis instance was deployed without a public IP address.

You configured your Serverless VPC Access connector in a different region than your App Engine instance.

The firewall rule allowing a connection between App Engine and Memorystore was removed during an infrastructure update by the DevOps team.

You configured your application to use a Serverless VPC Access connector on a different subnet in a different availability zone than your App Engine instance.

Use a text editor and the Git command line to send your source code updates as pull requests from a public computer.

Use a text editor and the Git command line to send your source code updates as pull requests from a virtual machine running on a public computer.

Use Cloud Shell and the built-in code editor for development. Send your source code updates as pull requests.

Use a Cloud Storage bucket to store the source code that you need to edit. Mount the bucket to a public computer as a drive, and use a code editor to update the code. Turn on versioning for the bucket, and point it to the team’s Git repository.

Deploy the Pub/Sub and Cloud Run emulators on your local machine. Deploy the application locally, and change the logging level in the application to DEBUG or INFO. Write mock messages to topic A, and then analyze the logs.

Use the gcloud CLI to write mock messages to topic A. Change the logging level in the application to DEBUG or INFO, and then analyze the logs.

Deploy the Pub/Sub emulator on your local machine. Point the production application to your local Pub/Sub topics. Write mock messages to topic A, and then analyze the logs.

Use the Google Cloud console to write mock messages to topic A. Change the logging level in the application to DEBUG or INFO, and then analyze the logs.

Assign the Project Editor role.

Assign the Project Owner role.

Assign the Cloud SQL Client role.

Assign the Cloud SQL Editor role.

Send the purchase and change requests over WebSockets to the backend.

Send the purchase and change requests as REST requests to the backend.

Use a Pub/Sub subscriber in pull mode and use a data store to manage ordering.

Use a Pub/Sub subscriber in push mode and use a data store to manage ordering.

Deploy a Cloud Function for each step that calls the corresponding downstream system to complete the required action.

Create a Pub/Sub topic for each step. Create a subscription for each downstream development team to subscribe to their step's topic.

Create a Pub/Sub topic for timesheet submissions. Create a subscription for each downstream development team to subscribe to the topic.

Create a timesheet microservice deployed to Google Kubernetes Engine. The microservice calls each downstream step and waits for a successful response before calling the next step.

Use the latest Docker image tag.

Use a unique Docker image name.

Use the digest of the Docker image.

Use a semantic version Docker image tag.

Perform Read-Only transactions.

Perform stale reads using single-read methods.

Perform strong reads using single-read methods.

Perform stale reads using read-write transactions.

Create a new Cloud Storage bucket, and mount it via FUSE in the container.

Create a new persistent disk, and mount the volume as a shared PersistentVolume.

Create a new Filestore instance, and mount the volume as an NFS PersistentVolume.

Create a new ConfigMap and volumeMount to store the contents of the configuration file.

Option A

Option B

Option C

Option D

Use Container Registry to create a registry in each development team's project. Configure the Cloud Build

build to push the Docker image to the project's registry. Grant the operations team access to each

development team's registry.

Create a separate project for the operations team that has Container Registry configured. Assign

appropriate permissions to the Cloud Build service account in each developer team's project to allow

access to the operation team's registry.

Create a separate project for the operations team that has Container Registry configured. Create a Service

Account for each development team and assign the appropriate permissions to allow it access to the

operations team's registry. Store the service account key file in the source code repository and use it to

authenticate against the operations team's registry.

Create a separate project for the operations team that has the open source Docker Registry deployed on a

Compute Engine virtual machine instance. Create a username and password for each development team.

Store the username and password in the source code repository and use it to authenticate against the

operations team's Docker registry.

Reboot the machine.

Enable and check the serial port output.

Delete the machine and create a new one.

Take a snapshot of the disk and attach it to a new machine.

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

Use App Engine for autoscaling.

Use Cloud Functions for autoscaling.

Use a Compute Engine cluster for the service.

Use a dedicated Compute Engine virtual machine instance for the service.

Use Google App Engine services.

Use serverless Google Cloud Functions.

Use Knative to build and deploy serverless applications.

Use Google Kubernetes Engine for automated deployments.

Use a large Google Compute Engine cluster for deployments.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

Cloud VPN

Cloud Armor

Virtual Private Cloud

Cloud Identity-Aware Proxy

Create new Cloud SQL instances in Europe and North America for testing and deployment. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Bigtable. Instruct the development teams to use the Cloud SDK to emulate a local Bigtable development environment.

Move from Cloud SQL to MySQL hosted on Compute Engine. Replicate hosts across regions in the Americas and Europe. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Firestore in Native mode and set up instan

Take frequent snapshots of all of the VMs.

Install the Stackdriver Logging agent on the VMs.

Install the Stackdriver Monitoring agent on the VMs.

Use Stackdriver Trace to look for performance bottlenecks.

Create manual subnets.

Create an auto mode subnet.

Create multiple peered VPCs.

Provision a single instance for NAT.

Migrate the database to Bigtable and use it to serve all global user traffic.

Migrate the database to Cloud Spanner and use it to serve all global user traffic.

Migrate the database to Firestore in Datastore mode and use it to serve all global user traffic.

Migrate the services to Google Kubernetes Engine and use a load balancer service to better scale the application.

Create an API key. Use the API key to interact with Google Cloud.

Use the default compute service account to interact with Google Cloud.

Create a service account for the application. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.

Create a service account for the application and for each Google Cloud API used by the application. Export and deploy the private keys used by the application. Use the service account with one Google Cloud API to interact with Google Cloud.

Use Google Kubernetes Engine (GKE) to run the application as a microservice. Run the MySQL database on a dedicated GKE node.

Use multiple Compute Engine instances to run MySQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use Memorystore to store session information and CloudSQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use a Cloud Storage bucket to serve the application as a static website, and use another Cloud Storage bucket to store user state information.

Use the Cloud Data Loss Prevention API for redaction of the review dataset.

Use the Cloud Data Loss Prevention API for de-identification of the review dataset.

Use the Cloud Natural Language Processing API for redaction of the review dataset.

Use the Cloud Natural Language Processing API for de-identification of the review dataset.

Use local SSDs to store state.

Put a memcache layer in front of MySQL.

Move the state storage to Cloud Spanner.

Replace the MySQL instance with Cloud SQL.

Block all traffic on port 443.

Allow all traffic into the network.

Allow traffic on port 443 for a specific tag.

Allow all traffic on port 443 into the network.

Cloud Armor

Cloud Functions

Cloud Endpoints

Shielded Virtual Machines

Cloud Profiler

Cloud Monitoring

Cloud Trace

Cloud Logging

Use the current single instance MySQL on Compute Engine and several read-only MySQL servers on

Compute Engine.

Use the current single instance MySQL on Compute Engine, and replicate the data to Cloud SQL in an

external master configuration.

Replace the current single instance MySQL instance with Cloud SQL, and configure high availability.

Replace the current single instance MySQL instance with Cloud SQL, and Google provides redundancy

without further configuration.

Include unit tests in their code, and prevent deployments to QA until all tests have a passing status.

Include performance tests in their code, and prevent deployments to QA until all tests have a passing status.

Create health checks for the QA environment, and redeploy the APIs at a later time if the environment is unhealthy.

Redeploy the APIs to App Engine using Traffic Splitting. Do not move QA traffic to the new versions if errors are found.

Cloud Spanner

Cloud Datastore

Cloud Memorystore as a cache

Separate Cloud SQL clusters for each region