Question 131
Your security team is auditing all deployed applications running in Google Kubernetes Engine. After completing the audit, your team discovers that some of the applications send traffic within the cluster in clear text. You need to ensure that all application traffic is encrypted as quickly as possible while minimizing changes to your applications and maintaining support from Google. What should you do?
A. Use Network Policies to block traffic between applications.
B. Install Istio, enable proxy injection on your application namespace, and then enable mTLS.
C. Define Trusted Network ranges within the application, and configure the applications to allow traffic only from those networks.
D. Use an automated process to request SSL Certificates for your applications from Let's Encrypt and add them to your applications.
Question 132
You migrated some of your applications to Google Cloud. You are using a legacy monitoring platform deployed on-premises for both on-premises and cloud- deployed applications. You discover that your notification system is responding slowly to time-critical problems in the cloud applications. What should you do?
A. Replace your monitoring platform with Cloud Monitoring.
B. Install the Cloud Monitoring agent on your Compute Engine instances.
C. Migrate some traffic back to your old platform. Perform A/B testing on the two platforms concurrently.
D. Use Cloud Logging and Cloud Monitoring to capture logs, monitor, and send alerts. Send them to your existing platform.
Question 133
You recently deployed your application in Google Kubernetes Engine, and now need to release a new version of your application. You need the ability to instantly roll back to the previous version in case there are issues with the new version. Which deployment model should you use?
A. Perform a rolling deployment, and test your new application after the deployment is complete.
B. Perform A/B testing, and test your application periodically after the new tests are implemented.
C. Perform a blue/green deployment, and test your new application after the deployment is. complete.
D. Perform a canary deployment, and test your new application periodically after the new version is deployed.
Question 134
You developed a JavaScript web application that needs to access Google Drive's API and obtain permission from users to store files in their Google Drives. You need to select an authorization approach for your application. What should you do?
A. Create an API key.
B. Create a SAML token.
C. Create a service account.
D. Create an OAuth Client ID.
Question 135
You manage an ecommerce application that processes purchases from customers who can subsequently cancel or change those purchases. You discover that order volumes are highly variable and the backend order-processing system can only process one request at a time. You want to ensure seamless performance for customers regardless of usage volume. It is crucial that customers' order update requests are performed in the sequence in which they were generated. What should you do?
A. Send the purchase and change requests over WebSockets to the backend.
B. Send the purchase and change requests as REST requests to the backend.
C. Use a Pub/Sub subscriber in pull mode and use a data store to manage ordering.
D. Use a Pub/Sub subscriber in push mode and use a data store to manage ordering.
Question 136
Your company needs a database solution that stores customer purchase history and meets the following requirements:
- Customers can query their purchase immediately after submission.
- Purchases can be sorted on a variety of fields.
- Distinct record formats can be stored at the same time.
Which storage option satisfies these requirements?
A. Firestore in Native mode
B. Cloud Storage using an object read
C. Cloud SQL using a SQL SELECT statement
D. Firestore in Datastore mode using a global query
Question 137
You recently developed a new service on Cloud Run. The new service authenticates using a custom service and then writes transactional information to a Cloud
Spanner database. You need to verify that your application can support up to 5,000 read and 1,000 write transactions per second while identifying any bottlenecks that occur. Your test infrastructure must be able to autoscale. What should you do?
A. Build a test harness to generate requests and deploy it to Cloud Run. Analyze the VPC Flow Logs using Cloud Logging.
B. Create a Google Kubernetes Engine cluster running the Locust or JMeter images to dynamically generate load tests. Analyze the results using Cloud Trace.
C. Create a Cloud Task to generate a test load. Use Cloud Scheduler to run 60,000 Cloud Task transactions per minute for 10 minutes. Analyze the results using Cloud Monitoring.
D. Create a Compute Engine instance that uses a LAMP stack image from the Marketplace, and use Apache Bench to generate load tests against the service. Analyze the results using Cloud Trace.
Question 138
You are using Cloud Build for your CI/CD pipeline to complete several tasks, including copying certain files to Compute Engine virtual machines. Your pipeline requires a flat file that is generated in one builder in the pipeline to be accessible by subsequent builders in the same pipeline. How should you store the file so that all the builders in the pipeline can access it?
A. Store and retrieve the file contents using Compute Engine instance metadata.
B. Output the file contents to a file in /workspace. Read from the same /workspace file in the subsequent build step.
C. Use gsutil to output the file contents to a Cloud Storage object. Read from the same object in the subsequent build step.
D. Add a build argument that runs an HTTP POST via curl to a separate web server to persist the value in one builder. Use an HTTP GET via curl from the subsequent build step to read the value.
Question 139
Your company’s development teams want to use various open source operating systems in their Docker builds. When images are created in published containers in your company’s environment, you need to scan them for Common Vulnerabilities and Exposures (CVEs). The scanning process must not impact software development agility. You want to use managed services where possible. What should you do?
A. Enable the Vulnerability scanning setting in the Container Registry.
B. Create a Cloud Function that is triggered on a code check-in and scan the code for CVEs.
C. Disallow the use of non-commercially supported base images in your development environment.
D. Use Cloud Monitoring to review the output of Cloud Build to determine whether a vulnerable version has been used.
Question 140
You are configuring a continuous integration pipeline using Cloud Build to automate the deployment of new container images to Google Kubernetes Engine (GKE). The pipeline builds the application from its source code, runs unit and integration tests in separate steps, and pushes the container to Container Registry. The application runs on a Python web server.
The Dockerfile is as follows:
FROM python:3.7-alpine -
COPY . /app -
WORKDIR /app -
RUN pip install -r requirements.txt
CMD [ "gunicorn", "-w 4", "main:app" ]
You notice that Cloud Build runs are taking longer than expected to complete. You want to decrease the build time. What should you do? (Choose two.)
A. Select a virtual machine (VM) size with higher CPU for Cloud Build runs.
B. Deploy a Container Registry on a Compute Engine VM in a VPC, and use it to store the final images.
C. Cache the Docker image for subsequent builds using the -- cache-from argument in your build config file.
D. Change the base image in the Dockerfile to ubuntu:latest, and install Python 3.7 using a package manager utility.
E. Store application source code on Cloud Storage, and configure the pipeline to use gsutil to download the source code.
