Question 121
You have been tasked with planning the migration of your company's application from on-premises to Google Cloud. Your company's monolithic application is an ecommerce website. The application will be migrated to microservices deployed on Google Cloud in stages. The majority of your company's revenue is generated through online sales, so it is important to minimize risk during the migration. You need to prioritize features and select the first functionality to migrate. What should you do?
A. Migrate the Product catalog, which has integrations to the frontend and product database.
B. Migrate Payment processing, which has integrations to the frontend, order database, and third-party payment vendor.
C. Migrate Order fulfillment, which has integrations to the order database, inventory system, and third-party shipping vendor.
D. Migrate the Shopping cart, which has integrations to the frontend, cart database, inventory system, and payment processing system.
Question 122
Your team develops services that run on Google Kubernetes Engine. Your team's code is stored in Cloud Source Repositories. You need to quickly identify bugs in the code before it is deployed to production. You want to invest in automation to improve developer feedback and make the process as efficient as possible.
What should you do?
A. Use Spinnaker to automate building container images from code based on Git tags.
B. Use Cloud Build to automate building container images from code based on Git tags.
C. Use Spinnaker to automate deploying container images to the production environment.
D. Use Cloud Build to automate building container images from code based on forked versions.
Question 123
Your team is developing an application in Google Cloud that executes with user identities maintained by Cloud Identity. Each of your application's users will have an associated Pub/Sub topic to which messages are published, and a Pub/Sub subscription where the same user will retrieve published messages. You need to ensure that only authorized users can publish and subscribe to their own specific Pub/Sub topic and subscription. What should you do?
A. Bind the user identity to the pubsub.publisher and pubsub.subscriber roles at the resource level.
B. Grant the user identity the pubsub.publisher and pubsub.subscriber roles at the project level.
C. Grant the user identity a custom role that contains the pubsub.topics.create and pubsub.subscriptions.create permissions.
D. Configure the application to run as a service account that has the pubsub.publisher and pubsub.subscriber roles.
Question 124
You are evaluating developer tools to help drive Google Kubernetes Engine adoption and integration with your development environment, which includes VS Code and IntelliJ. What should you do?
A. Use Cloud Code to develop applications.
B. Use the Cloud Shell integrated Code Editor to edit code and configuration files.
C. Use a Cloud Notebook instance to ingest and process data and deploy models.
D. Use Cloud Shell to manage your infrastructure and applications from the command line.
Question 125
You are developing an ecommerce web application that uses App Engine standard environment and Memorystore for Redis. When a user logs into the app, the application caches the user's information (e.g., session, name, address, preferences), which is stored for quick retrieval during checkout.
While testing your application in a browser, you get a 502 Bad Gateway error. You have determined that the application is not connecting to Memorystore. What is the reason for this error?
A. Your Memorystore for Redis instance was deployed without a public IP address.
B. You configured your Serverless VPC Access connector in a different region than your App Engine instance.
C. The firewall rule allowing a connection between App Engine and Memorystore was removed during an infrastructure update by the DevOps team.
D. You configured your application to use a Serverless VPC Access connector on a different subnet in a different availability zone than your App Engine instance.
Question 126
Your team develops services that run on Google Cloud. You need to build a data processing service and will use Cloud Functions. The data to be processed by the function is sensitive. You need to ensure that invocations can only happen from authorized services and follow Google-recommended best practices for securing functions. What should you do?
A. Enable Identity-Aware Proxy in your project. Secure function access using its permissions.
B. Create a service account with the Cloud Functions Viewer role. Use that service account to invoke the function.
C. Create a service account with the Cloud Functions Invoker role. Use that service account to invoke the function.
D. Create an OAuth 2.0 client ID for your calling service in the same project as the function you want to secure. Use those credentials to invoke the function.
Question 127
You are deploying your applications on Compute Engine. One of your Compute Engine instances failed to launch. What should you do? (Choose two.)
A. Determine whether your file system is corrupted.
B. Access Compute Engine as a different SSH user.
C. Troubleshoot firewall rules or routes on an instance.
D. Check whether your instance boot disk is completely full.
E. Check whether network traffic to or from your instance is being dropped.
Question 128
Your web application is deployed to the corporate intranet. You need to migrate the web application to Google Cloud. The web application must be available only to company employees and accessible to employees as they travel. You need to ensure the security and accessibility of the web application while minimizing application changes. What should you do?
A. Configure the application to check authentication credentials for each HTTP(S) request to the application.
B. Configure Identity-Aware Proxy to allow employees to access the application through its public IP address.
C. Configure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine instance forwards requests to and from the web application.
D. Configure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine issues an HTTP redirect to a public IP address hosting the web application.
Question 129
You have an application that uses an HTTP Cloud Function to process user activity from both desktop browser and mobile application clients. This function will serve as the endpoint for all metric submissions using HTTP POST.
Due to legacy restrictions, the function must be mapped to a domain that is separate from the domain requested by users on web or mobile sessions. The domain for the Cloud Function is https://fn.example.com. Desktop and mobile clients use the domain https://www.example.com. You need to add a header to the function's
HTTP response so that only those browser and mobile sessions can submit metrics to the Cloud Function. Which response header should you add?
A. Access-Control-Allow-Origin: *
B. Access-Control-Allow-Origin: https://*.example.com
C. Access-Control-Allow-Origin: https://fn.example.com
D. Access-Control-Allow-origin: https://www.example.com
Question 130
You have an HTTP Cloud Function that is called via POST. Each submission's request body has a flat, unnested JSON structure containing numeric and text data. After the Cloud Function completes, the collected data should be immediately available for ongoing and complex analytics by many users in parallel. How should you persist the submissions?
A. Directly persist each POST request's JSON data into Datastore.
B. Transform the POST request's JSON data, and stream it into BigQuery.
C. Transform the POST request's JSON data, and store it in a regional Cloud SQL cluster.
D. Persist each POST request's JSON data as an individual file within Cloud Storage, with the file name containing the request identifier.
