Your company's development teams want to use Cloud Build in their projects to build and push Docker images to Container Registry. The operations team requires all Docker images to be published to a centralized, securely managed Docker registry that the operations team manages.
What should you do? Use Container Registry to create a registry in each development team's project. Configure the Cloud Build build to push the Docker image to the project's registry. Grant the operations team access to each development team's registry. Create a separate project for the operations team that has Container Registry configured. Assign appropriate permissions to the Cloud Build service account in each developer team's project to allow access to the operation team's registry. Create a separate project for the operations team that has Container Registry configured. Create a Service Account for each development team and assign the appropriate permissions to allow it access to the operations team's registry. Store the service account key file in the source code repository and use it to authenticate against the operations team's registry. Create a separate project for the operations team that has the open source Docker Registry deployed on a Compute Engine virtual machine instance. Create a username and password for each development team. Store the username and password in the source code repository and use it to authenticate against the operations team's Docker registry.
You are planning to deploy your application in a Google Kubernetes Engine (GKE) cluster. Your application can scale horizontally, and each instance of your application needs to have a stable network identity and its own persistent disk.
Which GKE object should you use? Deployment StatefulSet ReplicaSet ReplicaController.
You are using Cloud Build to build a Docker image. You need to modify the build to execute unit and run integration tests. When there is a failure, you want the build history to clearly display the stage at which the build failed.
What should you do? Add RUN commands in the Dockerfile to execute unit and integration tests. Create a Cloud Build build config file with a single build step to compile unit and integration tests. Create a Cloud Build build config file that will spawn a separate cloud build pipeline for unit and integration tests. Create a Cloud Build build config file with separate cloud builder steps to compile and execute unit and integration tests.
Your code is running on Cloud Functions in project A. It is supposed to write an object in a Cloud Storage bucket owned by project B. However, the write call is failing with the error "403 Forbidden".
What should you do to correct the problem? Grant your user account the roles/storage.objectCreator role for the Cloud Storage bucket. Grant your user account the roles/iam.serviceAccountUser role for the service-PROJECTA@gcf-admin-robot.iam.gserviceaccount.com service account. Grant the service-PROJECTA@gcf-admin-robot.iam.gserviceaccount.com service account the roles/storage.objectCreator role for the Cloud Storage bucket. Enable the Cloud Storage API in project B.
Your application is running in multiple Google Kubernetes Engine clusters. It is managed by a Deployment in each cluster. The Deployment has created multiple replicas of your Pod in each cluster. You want to view the logs sent to stdout for all of the replicas in your Deployment in all clusters.
Which command should you use?
kubectl logs [PARAM] gcloud logging read [PARAM] kubectl exec ג€"it [PARAM] journalctl gcloud compute ssh [PARAM] ג€"-command= ג€sudo journalctlג€.
You are using Cloud Build to create a new Docker image on each source code commit to a Cloud Source Repositories repository. Your application is built on every commit to the master branch. You want to release specific commits made to the master branch in an automated method.
What should you do? Manually trigger the build for new releases. Create a build trigger on a Git tag pattern. Use a Git tag convention for new releases. Create a build trigger on a Git branch name pattern. Use a Git branch naming convention for new releases. Commit your source code to a second Cloud Source Repositories repository with a second Cloud Build trigger. Use this repository for new releases only.
You are designing a schema for a table that will be moved from MySQL to Cloud Bigtable. The MySQL table is as follows.
How should you design a row key for Cloud Bigtable for this table? Set Account_id as a key. Set Account_id_Event_timestamp as a key. Set Event_timestamp_Account_id as a key. Set Event_timestamp as a key.
You want to view the memory usage of your application deployed on Compute Engine.
What should you do? Install the Stackdriver Client Library. Install the Stackdriver Monitoring Agent. Use the Stackdriver Metrics Explorer. Use the Google Cloud Platform Console.
You are designing a schema for a Cloud Spanner customer database. You want to store a phone number array field in a customer table. You also want to allow users to search customers by phone number.
How should you design this schema? Create a table named Customers. Add an Array field in a table that will hold phone numbers for the customer. Create a table named Customers. Create a table named Phones. Add a CustomerId field in the Phones table to find the CustomerId from a phone number. Create a table named Customers. Add an Array field in a table that will hold phone numbers for the customer. Create a secondary index on the Array field. Create a table named Customers as a parent table. Create a table named Phones, and interleave this table into the Customer table. Create an index on the phone number field in the Phones table. .
You are deploying a single website on App Engine that needs to be accessible via the URL http://www.altostrat.com/.
What should you do? Verify domain ownership with Webmaster Central. Create a DNS CNAME record to point to the App Engine canonical name ghs.googlehosted.com. Verify domain ownership with Webmaster Central. Define an A record pointing to the single global App Engine IP address. Define a mapping in dispatch.yaml to point the domain www.altostrat.com to your App Engine service. Create a DNS CNAME record to point to the App Engine canonical name ghs.googlehosted.com. Define a mapping in dispatch.yaml to point the domain www.altostrat.com to your App Engine service. Define an A record pointing to the single global App Engine IP address.
You are running an application on App Engine that you inherited. You want to find out whether the application is using insecure binaries or is vulnerable to XSS attacks.
Which service should you use? Cloud Armor Cloud Debugger Cloud Security Scanner Cloud Error Reporting.
You are working on a social media application. You plan to add a feature that allows users to upload images. These images will be 2 MB `" 1 GB in size. You want to minimize their infrastructure operations overhead for this feature.
What should you do? Change the application to accept images directly and store them in the database that stores other user information. Change the application to create signed URLs for Cloud Storage. Transfer these signed URLs to the client application to upload images to Cloud Storage. Set up a web server on GCP to accept user images and create a file store to keep uploaded files. Change the application to retrieve images from the file store. Create a separate bucket for each user in Cloud Storage. Assign a separate service account to allow write access on each bucket. Transfer service account credentials to the client application based on user information. The application uses this service account to upload images to Cloud Storage.
Your application is built as a custom machine image. You have multiple unique deployments of the machine image. Each deployment is a separate managed instance group with its own template. Each deployment requires a unique set of configuration values. You want to provide these unique values to each deployment but use the same custom machine image in all deployments. You want to use out-of-the-box features of Compute Engine.
What should you do? Place the unique configuration values in the persistent disk. Place the unique configuration values in a Cloud Bigtable table. Place the unique configuration values in the instance template startup script. Place the unique configuration values in the instance template instance metadata.
Your application performs well when tested locally, but it runs significantly slower after you deploy it to a Compute Engine instance. You need to diagnose the problem. What should you do? File a ticket with Cloud Support indicating that the application performs faster locally. Use Cloud Debugger snapshots to look at a point-in-time execution of the application. Use Cloud Profiler to determine which functions within the application take the longest amount of time. Add logging commands to the application and use Cloud Logging to check where the latency problem occurs.
You have an application running in App Engine. Your application is instrumented with Stackdriver Trace. The /product-details request reports details about four known unique products at /sku-details as shown below. You want to reduce the time it takes for the request to complete.
What should you do? Increase the size of the instance class. Change the Persistent Disk type to SSD. Change /product-details to perform the requests in parallel. Store the /sku-details information in a database, and replace the webservice call with a database query.
Your company has a data warehouse that keeps your application information in BigQuery. The BigQuery data warehouse keeps 2 PBs of user data. Recently, your company expanded your user base to include EU users and needs to comply with these requirements:
✑ Your company must be able to delete all user account information upon user request.
✑ All EU user data must be stored in a single region specifically for EU users.
Which two actions should you take? (Choose two.) Use BigQuery federated queries to query data from Cloud Storage. Create a dataset in the EU region that will keep information about EU users only. Create a Cloud Storage bucket in the EU region to store information for EU users only. Re-upload your data using to a Cloud Dataflow pipeline by filtering your user records out. Use DML statements in BigQuery to update/delete user records based on their requests.
Your App Engine standard configuration is as follows:
service: production
instance_class: B1
You want to limit the application to 5 instances.
Which code snippet should you include in your configuration? manual_scaling: instances: 5 min_pending_latency: 30ms manual_scaling: max_instances: 5 idle_timeout: 10m basic_scaling: instances: 5 min_pending_latency: 30ms basic_scaling: max_instances: 5 idle_timeout: 10m.
Your analytics system executes queries against a BigQuery dataset. The SQL query is executed in batch and passes the contents of a SQL file to the BigQuery
CLI. Then it redirects the BigQuery CLI output to another process. However, you are getting a permission error from the BigQuery CLI when the queries are executed.
You want to resolve the issue. What should you do? Grant the service account BigQuery Data Viewer and BigQuery Job User roles. Grant the service account BigQuery Data Editor and BigQuery Data Viewer roles. Grant the service account BigQuery Data Editor and BigQuery Data Viewer roles. Create a new dataset in BigQuery, and copy the source table to the new dataset Query the new dataset and table from the CLI.
Your application is running on Compute Engine and is showing sustained failures for a small number of requests. You have narrowed the cause down to a single
Compute Engine instance, but the instance is unresponsive to SSH.
What should you do next? Reboot the machine. Enable and check the serial port output. Delete the machine and create a new one. Take a snapshot of the disk and attach it to a new machine.
You configured your Compute Engine instance group to scale automatically according to overall CPU usage. However, your application's response latency increases sharply before the cluster has finished adding up instances. You want to provide a more consistent latency experience for your end users by changing the configuration of the instance group autoscaler.
Which two configuration changes should you make? (Choose two.) Add the label AUTOSCALE to the instance group template. Decrease the cool-down period for instances added to the group. Increase the target CPU usage for the instance group autoscaler. Decrease the target CPU usage for the instance group autoscaler. Remove the health-check for individual VMs in the instance group.
You have an application controlled by a managed instance group. When you deploy a new version of the application, costs should be minimized and the number of instances should not increase. You want to ensure that, when each new instance is created, the deployment only continues if the new instance is healthy.
What should you do? Perform a rolling-action with maxSurge set to 1, maxUnavailable set to 0. Perform a rolling-action with maxSurge set to 0, maxUnavailable set to 1 Perform a rolling-action with maxHealthy set to 1, maxUnhealthy set to 0. Perform a rolling-action with maxHealthy set to 0, maxUnhealthy set to 1.
Your application requires service accounts to be authenticated to GCP products via credentials stored on its host Compute Engine virtual machine instances. You want to distribute these credentials to the host instances as securely as possible.
What should you do? Use HTTP signed URLs to securely provide access to the required resources. Use the instance's service account Application Default Credentials to authenticate to the required resources. Generate a P12 file from the GCP Console after the instance is deployed, and copy the credentials to the host instance before starting the application. Commit the credential JSON file into your application's source repository, and have your CI/CD process package it with the software that is deployed to the instance.
Your application is deployed in a Google Kubernetes Engine (GKE) cluster. You want to expose this application publicly behind a Cloud Load Balancing HTTP(S) load balancer.
What should you do? Configure a GKE Ingress resource. Configure a GKE Service resource. Configure a GKE Ingress resource with type: LoadBalancer. Configure a GKE Service resource with type: LoadBalancer.
Your data is stored in Cloud Storage buckets. Fellow developers have reported that data downloaded from Cloud Storage is resulting in slow API performance.
You want to research the issue to provide details to the GCP support team.
Which command should you run? gsutil test -o output.json gs://my-bucket gsutil perfdiag -o output.json gs://my-bucket gcloud compute scp example-instance:~/test-data -o output.json gs://my-bucket gcloud services test ג€"o output.json gs://my-bucket.
You are using Cloud Build build to promote a Docker image to Development, Test, and Production environments. You need to ensure that the same Docker image is deployed to each of these environments.
How should you identify the Docker image in your build?
Use the latest Docker image tag. Use a unique Docker image name. Use the digest of the Docker image. Use a semantic version Docker image tag.
Your company has created an application that uploads a report to a Cloud Storage bucket. When the report is uploaded to the bucket, you want to publish a message to a Cloud Pub/Sub topic. You want to implement a solution that will take a small amount to effort to implement.
What should you do? Configure the Cloud Storage bucket to trigger Cloud Pub/Sub notifications when objects are modified.
Create an App Engine application to receive the file; when it is received, publish a message to the Cloud Pub/Sub topic. Create a Cloud Function that is triggered by the Cloud Storage bucket. In the Cloud Function, publish a message to the Cloud Pub/Sub topic. Create an application deployed in a Google Kubernetes Engine cluster to receive the file; when it is received, publish a message to the Cloud Pub/Sub topic.
Your teammate has asked you to review the code below, which is adding a credit to an account balance in Cloud Datastore.
Which improvement should you suggest your teammate make? Get the entity with an ancestor query. Get and put the entity in a transaction. Use a strongly consistent transactional database. Don't return the account entity from the function.
Your company stores their source code in a Cloud Source Repositories repository. Your company wants to build and test their code on each source code commit to the repository and requires a solution that is managed and has minimal operations overhead.
Which method should they use? Use Cloud Build with a trigger configured for each source code commit. Use Jenkins deployed via the Google Cloud Platform Marketplace, configured to watch for source code commits. Use a Compute Engine virtual machine instance with an open source continuous integration tool, configured to watch for source code commits. Use a source code commit trigger to push a message to a Cloud Pub/Sub topic that triggers an App Engine service to build the source code.
You are writing a Compute Engine hosted application in project A that needs to securely authenticate to a Cloud Pub/Sub topic in project B.
What should you do? Configure the instances with a service account owned by project B. Add the service account as a Cloud Pub/Sub publisher to project A. Configure the instances with a service account owned by project A. Add the service account as a publisher on the topic. Configure Application Default Credentials to use the private key of a service account owned by project B. Add the service account as a Cloud Pub/Sub publisher to project A. Configure Application Default Credentials to use the private key of a service account owned by project A. Add the service account as a publisher on the topic.
You are developing a corporate tool on Compute Engine for the finance department, which needs to authenticate users and verify that they are in the finance department. All company employees use G Suite.
What should you do? Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Verify the provided JSON Web Token within the application. Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Issue client-side certificates to everybody in the finance team and verify the certificates in the application. Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Verify the provided JSON Web Token within the application. Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Issue client side certificates to everybody in the finance team and verify the certificates in the application.
You have an application deployed in production. When a new version is deployed, you want to ensure that all production traffic is routed to the new version of your application. You also want to keep the previous version deployed so that you can revert to it if there is an issue with the new version.
Which deployment strategy should you use?
Blue/green deployment Canary deployment Rolling deployment Recreate deployment.
You are porting an existing Apache/MySQL/PHP application stack from a single machine to Google
Kubernetes Engine. You need to determine how to containerize the application. Your approach should follow Google-recommended best practices for availability.
What should you do? Package each component in a separate container. Implement readiness and liveness probes. Package the application in a single container. Use a process management tool to manage each component. Package each component in a separate container. Use a script to orchestrate the launch of the components. Package the application in a single container. Use a bash script as an entrypoint to the container, and then spawn each component as a background job.
You are developing an application that will be launched on Compute Engine instances into multiple distinct projects, each corresponding to the environments in your software development process (development, QA, staging, and production). The instances in each project have the same application code but a different configuration. During deployment, each instance should receive the application's configuration based on the environment it serves. You want to minimize the number of steps to configure this flow. What should you do?
When creating your instances, configure a startup script using the gcloud command to determine the project name that indicates the correct environment. In each project, configure a metadata key -environment- whose value is the environment it serves. Use your deployment tool to query the instance metadata and configure the application based on the -environment- value. Deploy your chosen deployment tool on an instance in each project. Use a deployment job to retrieve the appropriate configuration file from your version control system, and apply the configuration when deploying the application on each instance. During each instance launch, configure an instance custom-metadata key named ג€environmentג€ whose value is the environment the instance serves. Use your deployment tool to query the instance metadata, and configure the application based on the -environment- value.
You are developing an ecommerce application that stores customer, order, and inventory data as relational tables inside Cloud Spanner. During a recent load test, you discover that Spanner performance is not scaling linearly as expected. Which of the following is the cause? The use of 64-bit numeric types for 32-bit numbers. The use of the STRING data type for arbitrary-precision values. The use of Version 1 UUIDs as primary keys that increase monotonically. The use of LIKE instead of STARTS_WITH keyword for parameterized SQL queries.
You are developing an application that reads credit card data from a Pub/Sub subscription. You have written code and completed unit testing. You need to test the
Pub/Sub integration before deploying to Google Cloud. What should you do? Create a service to publish messages, and deploy the Pub/Sub emulator. Generate random content in the publishing service, and publish to the emulator. Create a service to publish messages to your application. Collect the messages from Pub/Sub in production, and replay them through the publishing service. Create a service to publish messages, and deploy the Pub/Sub emulator. Collect the messages from Pub/Sub in production, and publish them to the emulator. Create a service to publish messages, and deploy the Pub/Sub emulator. Publish a standard set of testing messages from the publishing service to the emulator.
|
