Question 231
You are a developer at a financial institution. You use Cloud Shell to interact with Google Cloud services. User data is currently stored on an ephemeral disk; however, a recently passed regulation mandates that you can no longer store sensitive information on an ephemeral disk. You need to implement a new storage solution for your user data. You want to minimize code changes. Where should you store your user data?
A. Store user data on a Cloud Shell home disk, and log in at least every 120 days to prevent its deletion.
B. Store user data on a persistent disk in a Compute Engine instance.
C. Store user data in a Cloud Storage bucket.
D. Store user data in BigQuery tables.
Question 232
You recently developed a web application to transfer log data to a Cloud Storage bucket daily. Authenticated users will regularly review logs from the prior two weeks for critical events. After that, logs will be reviewed once annually by an external auditor. Data must be stored for a period of no less than 7 years. You want to propose a storage solution that meets these requirements and minimizes costs. What should you do? (Choose two.)
A. Use the Bucket Lock feature to set the retention policy on the data.
B. Run a scheduled job to set the storage class to Coldline for objects older than 14 days.
C. Create a JSON Web Token (JWT) for users needing access to the Coldline storage buckets.
D. Create a lifecycle management policy to set the storage class to Coldline for objects older than 14 days.
E. Create a lifecycle management policy to set the storage class to Nearline for objects older than 14 days.
Question 233
Your team is developing a Cloud Function triggered by Cloud Storage events. You want to accelerate testing and development of your Cloud Function while following Google-recommended best practices. What should you do?
A. Create a new Cloud Function that is triggered when Cloud Audit Logs detects the cloudfunctions.functions.sourceCodeSet operation in the original Cloud Function. Send mock requests to the new function to evaluate the functionality.
B. Make a copy of the Cloud Function, and rewrite the code to be HTTP-triggered. Edit and test the new version by triggering the HTTP endpoint. Send mock requests to the new function to evaluate the functionality.
C. Install the Functions Frameworks library, and configure the Cloud Function on localhost. Make a copy of the function, and make edits to the new version. Test the new version using curl.
D. Make a copy of the Cloud Function in the Google Cloud console. Use the Cloud console's in-line editor to make source code changes to the new function. Modify your web application to call the new function, and test the new version in production
Question 234
Your team is setting up a build pipeline for an application that will run in Google Kubernetes Engine (GKE). For security reasons, you only want images produced by the pipeline to be deployed to your GKE cluster. Which combination of Google Cloud services should you use?
A. Cloud Build, Cloud Storage, and Binary Authorization
B. Google Cloud Deploy, Cloud Storage, and Google Cloud Armor
C. Google Cloud Deploy, Artifact Registry, and Google Cloud Armor
D. Cloud Build, Artifact Registry, and Binary Authorization
Question 235
You are supporting a business-critical application in production deployed on Cloud Run. The application is reporting HTTP 500 errors that are affecting the usability of the application. You want to be alerted when the number of errors exceeds 15% of the requests within a specific time window. What should you do?
A. Create a Cloud Function that consumes the Cloud Monitoring API. Use Cloud Scheduler to trigger the Cloud Function daily and alert you if the number of errors is above the defined threshold.
B. Navigate to the Cloud Run page in the Google Cloud console, and select the service from the services list. Use the Metrics tab to visualize the number of errors for that revision, and refresh the page daily.
C. Create an alerting policy in Cloud Monitoring that alerts you if the number of errors is above the defined threshold.
D. Create a Cloud Function that consumes the Cloud Monitoring API. Use Cloud Composer to trigger the Cloud Function daily and alert you if the number of errors is above the defined threshold.
Question 236
You need to build a public API that authenticates, enforces quotas, and reports metrics for API callers. Which tool should you use to complete this architecture?
A. App Engine
B. Cloud Endpoints
C. Identity-Aware Proxy
D. GKE Ingress for HTTP(S) Load Balancing
Question 237
You noticed that your application was forcefully shut down during a Deployment update in Google Kubernetes Engine. Your application didn’t close the database connection before it was terminated. You want to update your application to make sure that it completes a graceful shutdown. What should you do?
A. Update your code to process a received SIGTERM signal to gracefully disconnect from the database.
B. Configure a PodDisruptionBudget to prevent the Pod from being forcefully shut down.
C. Increase the terminationGracePeriodSeconds for your application.
D. Configure a PreStop hook to shut down your application.
Question 238
You are a lead developer working on a new retail system that runs on Cloud Run and Firestore in Datastore mode. A web UI requirement is for the system to display a list of available products when users access the system and for the user to be able to browse through all products. You have implemented this requirement in the minimum viable product (MVP) phase by returning a list of all available products stored in Firestore.
A few months after go-live, you notice that Cloud Run instances are terminated with HTTP 500: Container instances are exceeding memory limits errors during busy times. This error coincides with spikes in the number of Datastore entity reads. You need to prevent Cloud Run from crashing and decrease the number of Datastore entity reads. You want to use a solution that optimizes system performance. What should you do?
A. Modify the query that returns the product list using integer offsets.
B. Modify the query that returns the product list using limits.
C. Modify the Cloud Run configuration to increase the memory limits.
D. Modify the query that returns the product list using cursors.
Question 239
You need to deploy an internet-facing microservices application to Google Kubernetes Engine (GKE). You want to validate new features using the A/B testing method. You have the following requirements for deploying new container image releases:
• There is no downtime when new container images are deployed.
• New production releases are tested and verified using a subset of production users.
What should you do?
A. 1. Configure your CI/CD pipeline to update the Deployment manifest file by replacing the container version with the latest version.
2. Recreate the Pods in your cluster by applying the Deployment manifest file.
3. Validate the application's performance by comparing its functionality with the previous release version, and roll back if an issue arises.
B. 1. Create a second namespace on GKE for the new release version.
2. Create a Deployment configuration for the second namespace with the desired number of Pods.
3. Deploy new container versions in the second namespace.
4. Update the Ingress configuration to route traffic to the namespace with the new container versions.
C. 1. Install the Anthos Service Mesh on your GKE cluster.
2. Create two Deployments on the GKE cluster, and label them with different version names.
3. Implement an Istio routing rule to send a small percentage of traffic to the Deployment that references the new version of the application.
D. 1. Implement a rolling update pattern by replacing the Pods gradually with the new release version.
2. Validate the application's performance for the new subset of users during the rollout, and roll back if an issue arises.
Question 240
Your team manages a large Google Kubernetes Engine (GKE) cluster. Several application teams currently use the same namespace to develop microservices for the cluster. Your organization plans to onboard additional teams to create microservices. You need to configure multiple environments while ensuring the security and optimal performance of each team’s work. You want to minimize cost and follow Google-recommended best practices. What should you do?
A. Create new role-based access controls (RBAC) for each team in the existing cluster, and define resource quotas.
B. Create a new namespace for each environment in the existing cluster, and define resource quotas.
C. Create a new GKE cluster for each team.
D. Create a new namespace for each team in the existing cluster, and define resource quotas.
