Question 91
Your team develops services that run on Google Kubernetes Engine. You need to standardize their log data using Google-recommended practices and make the data more useful in the fewest number of steps. What should you do? (Choose two.)
A. Create aggregated exports on application logs to BigQuery to facilitate log analytics.
B. Create aggregated exports on application logs to Cloud Storage to facilitate log analytics.
C. Write log output to standard output (stdout) as single-line JSON to be ingested into Cloud Logging as structured logs.
D. Mandate the use of the Logging API in the application code to write structured logs to Cloud Logging.
E. Mandate the use of the Pub/Sub API to write structured data to Pub/Sub and create a Dataflow streaming pipeline to normalize logs and write them to BigQuery for analytics.
Question 92
You are designing a deployment technique for your new applications on Google Cloud. As part of your deployment planning, you want to use live traffic to gather performance metrics for both new and existing applications. You need to test against the full production load prior to launch. What should you do?
A. Use canary deployment
B. Use blue/green deployment
C. Use rolling updates deployment
D. Use A/B testing with traffic mirroring during deployment
Question 93
You support an application that uses the Cloud Storage API. You review the logs and discover multiple HTTP 503 Service Unavailable error responses from the
API. Your application logs the error and does not take any further action. You want to implement Google-recommended retry logic to improve success rates.
Which approach should you take?
A. Retry the failures in batch after a set number of failures is logged.
B. Retry each failure at a set time interval up to a maximum number of times.
C. Retry each failure at increasing time intervals up to a maximum number of tries.
D. Retry each failure at decreasing time intervals up to a maximum number of tries.
Question 94
You need to redesign the ingestion of audit events from your authentication service to allow it to handle a large increase in traffic. Currently, the audit service and the authentication system run in the same Compute Engine virtual machine. You plan to use the following Google Cloud tools in the new architecture:
- Multiple Compute Engine machines, each running an instance of the authentication service
- Multiple Compute Engine machines, each running an instance of the audit service
- Pub/Sub to send the events from the authentication services.
How should you set up the topics and subscriptions to ensure that the system can handle a large volume of messages and can scale efficiently?
A. Create one Pub/Sub topic. Create one pull subscription to allow the audit services to share the messages.
B. Create one Pub/Sub topic. Create one pull subscription per audit service instance to allow the services to share the messages.
C. Create one Pub/Sub topic. Create one push subscription with the endpoint pointing to a load balancer in front of the audit services.
D. Create one Pub/Sub topic per authentication service. Create one pull subscription per topic to be used by one audit service.
E. Create one Pub/Sub topic per authentication service. Create one push subscription per topic, with the endpoint pointing to one audit service.
Question 95
You are developing a marquee stateless web application that will run on Google Cloud. The rate of the incoming user traffic is expected to be unpredictable, with no traffic on some days and large spikes on other days. You need the application to automatically scale up and down, and you need to minimize the cost associated with running the application. What should you do?
A. Build the application in Python with Firestore as the database. Deploy the application to Cloud Run.
B. Build the application in C# with Firestore as the database. Deploy the application to App Engine flexible environment.
C. Build the application in Python with CloudSQL as the database. Deploy the application to App Engine standard environment.
D. Build the application in Python with Firestore as the database. Deploy the application to a Compute Engine managed instance group with autoscaling.
Question 96
You have written a Cloud Function that accesses other Google Cloud resources. You want to secure the environment using the principle of least privilege. What should you do?
A. Create a new service account that has Editor authority to access the resources. The deployer is given permission to get the access token.
B. Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to get the access token.
C. Create a new service account that has Editor authority to access the resources. The deployer is given permission to act as the new service account.
D. Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to act as the new service account.
Question 97
You are a SaaS provider deploying dedicated blogging software to customers in your Google Kubernetes Engine (GKE) cluster. You want to configure a secure multi-tenant platform to ensure that each customer has access to only their own blog and can't affect the workloads of other customers. What should you do?
A. Enable Application-layer Secrets on the GKE cluster to protect the cluster.
B. Deploy a namespace per tenant and use Network Policies in each blog deployment.
C. Use GKE Audit Logging to identify malicious containers and delete them on discovery.
D. Build a custom image of the blogging software and use Binary Authorization to prevent untrusted image deployments.
Question 98
You have decided to migrate your Compute Engine application to Google Kubernetes Engine. You need to build a container image and push it to Artifact Registry using Cloud Build. What should you do? (Choose two.)
A. Run gcloud builds submit in the directory that contains the application source code.
B. Run gcloud run deploy app-name --image gcr.io/$PROJECT_ID/app-name in the directory that contains the application source code.
C. Run gcloud container images add-tag gcr.io/$PROJECT_ID/app-name gcr.io/$PROJECT_ID/app-name:latest in the directory that contains the application source code.
D. In the application source directory, create a file named cloudbuild.yaml that contains the following contents:
E. In the application source directory, create a file named cloudbuild.yaml that contains the following contents:
Question 99
You are developing an internal application that will allow employees to organize community events within your company. You deployed your application on a single Compute Engine instance. Your company uses Google Workspace (formerly G Suite), and you need to ensure that the company employees can authenticate to the application from anywhere. What should you do?
A. Add a public IP address to your instance, and restrict access to the instance using firewall rules. Allow your company's proxy as the only source IP address.
B. Add an HTTP(S) load balancer in front of the instance, and set up Identity-Aware Proxy (IAP). Configure the IAP settings to allow your company domain to access the website.
C. Set up a VPN tunnel between your company network and your instance's VPC location on Google Cloud. Configure the required firewall rules and routing information to both the on-premises and Google Cloud networks.
D. Add a public IP address to your instance, and allow traffic from the internet. Generate a random hash, and create a subdomain that includes this hash and points to your instance. Distribute this DNS address to your company's employees.
Question 100
Your development team is using Cloud Build to promote a Node.js application built on App Engine from your staging environment to production. The application relies on several directories of photos stored in a Cloud Storage bucket named webphotos-staging in the staging environment. After the promotion, these photos must be available in a Cloud Storage bucket named webphotos-prod in the production environment. You want to automate the process where possible. What should you do?
A. Manually copy the photos to webphotos-prod.
B. Add a startup script in the application's app.yami file to move the photos from webphotos-staging to webphotos-prod.
C. Add a build step in the cloudbuild.yaml file before the promotion step with the arguments:
D. Add a build step in the cloudbuild.yaml file before the promotion step with the arguments:
