Win IT Exam with Last Dumps 2025

You are currently pushing container images to Artifact Registry and deploying a containerized microservices application to GKE. After deploying the application, you notice that the services do not behave as expected. You use the kubectl get pods command to inspect the state of the application Pods, and discover that one of the Pods has a state of CrashLoopBackoff. How should you troubleshoot the Pod?

A. Connect to the problematic Pod by running the kubectl exec -it POD_NAME - /bin/bash command where the POD_NAME parameter is the name of the problematic Pod. Inspect the logs in the /var/log/messages folder to determine the root cause.

B. Execute the gcloud projects get-iam-policy PROJECT_ID command where the PROJECT_ID parameter is the name of the project where your Artifact Registry resides. Inspect the IAM bindings of the node pool s service account. Validate if the service account has the roles/artifactregistry.reader role.

C. Run the kubectl logs POD_NAME command where the POD_NAME parameter is the name of the problematic Pod. Analyze the logs of the Pod from previous runs to determine the root cause of failed start attempts of the Pod.

D. In the Google Cloud console, navigate to Cloud Logging in the project of the cluster’s VPC. Enter a filter to show denied egress traffic to the Private Google Access CIDR range. Validate if egress traffic is denied from your GKE cluster to the Private Google Access CIDR range.

You use Cloud Build to build and test container images prior to deploying them to Cloud Run. Your images are stored in Artifact Registry. You need to ensure that only container images that have passed testing are deployed. You want to minimize operational overhead. What should you do?

A. Deploy a new revision to a Cloud Run service. Assign a tag that allows access to the revision at a specific URL without serving traffic. Test that revision again. Migrate the traffic to the Cloud Run service after you confirm that the new revision is performing as expected.

B. Enable Binary Authorization on your Cloud Run service. Create an attestation if the container image has passed all tests. Configure Binary Authorization to allow only images with appropriate attestation to be deployed to the Cloud Run service.

C. Create a GKE cluster. Verify that all tests have passed, and then deploy the image to the GKE cluster.

D. Configure build provenance on your Cloud Build pipeline. Verify that all the tests have passed, and then deploy the image to a Cloud Run service.

You are developing a scalable web application for internal users. Your organization uses Google Workspace. You need to set up authentication to the application for the users, and then deploy the application on Google Cloud. You plan to use cloud-native features, and you want to minimize infrastructure management effort. What should you do? (Choose two.)

A. Create a Compute Engine VM, configure a web server, and deploy the application in a VPC.

B. Containerize the application, and deploy it as a Cloud Run service.

C. Configure Cloud SQL database with a table containing the users and password hashes. Add an authentication screen to ensure that only internal users can access the application.

D. Configure Identity Aware Proxy, and grant the roles/iap.httpsResourceAccessor IAM role to the users that need to access the application.

E. Configure Identity Aware Proxy, and grant the roles/iap.tunnelResourceAccessor IAM role to the users that need to access the application.

You work for an ecommerce company, and you are responsible for deploying and managing multiple APIs. The operations team wants to review the traffic patterns in the orders-prod and users-prod environments. These are the only environments in the store-prod environment group. You want to follow Google-recommended practices. What should you do?

A. Assign the Apigee Analytics Viewer IAM role to the operations team for both environments. Use Cloud Monitoring to review traffic patterns.

B. Assign the Apigee Analytics Viewer IAM role to the operations team for both environments. Use Apigee API Analytics to review traffic patterns.

C. Assign the Apigee API Reader IAM role to each user of the operations team for both environments. Use Cloud Monitoring to review traffic patterns.

D. Assign the Apigee API Reader IAM role to each user of the operations team for both environments. Use Apigee API Analytics to review traffic patterns.

You are migrating a containerized application to Cloud Run. You plan to use Cloud Build to build your container image and push it to Artifact Registry, and you plan to use Cloud Deploy to deploy the image to production. You need to ensure that only secure images are deployed to production. What should you do?

A. Use Cloud Armor in front of Cloud Run to protect the container image from threats.

B. Use Artifact Analysis to scan the image for vulnerabilities. Use Cloud Key Management Service to encrypt the image to be deployed to production.

C. Use Secret Manager to store the encrypted image. Deploy this image to production.

D. Use Binary Authorization to enforce a policy that only allows images that have been signed with a trusted key to be deployed to production.

Your team uses Cloud Storage for a video and image application that was recently migrated to Google Cloud. Following a viral surge, users are reporting application instability, coinciding with a 10x increase in HTTP 429 error codes from Cloud Storage APIs. You need to resolve the errors and establish a long-term solution. You want to ensure that the application remains stable if the load increases again in the future. What should you do?

A. Optimize the application code to reduce unnecessary calls to Cloud Storage APIs to prevent HTTP 429 errors.

B. Compress the video and images files to reduce their size, and minimize storage costs and bandwidth usage. Implement a custom throttling mechanism in the application that limits the number of concurrent API calls.

C. Migrate all image and video data to Firestore. Replace the Cloud Storage APIs in the application code with the new Firestore database.

D. Implement a retry strategy with exponential backoff for requests that encounter HTTP 429 errors.

You are developing a container build pipeline for an application hosted on GKE. You have the following requirements:
• Only images that are created using your build pipeline should be deployed on your GKE cluster.
• All code and build artifacts should remain within your environment and protected from data exfiltration.
How should you build the pipeline?

A. 1. Create a build pipeline by using Cloud Build with the default worker pool.
2. Deploy container images to a private container registry in your VPC.
3. Create a VPC firewall policy in your project that denies all egress and ingress traffic to public networks.

B. 1. Create a build pipeline by using Cloud Build with a private worker pool.
2. Use VPC Service Controls to place all components and services in your CI/CD pipeline inside a security perimeter.
3. Configure your GKE cluster to only allow container images signed by Binary Authorization.

C. 1. Create a build pipeline by using Cloud Build with a private worker pool.
2. Configure the CI/CD pipeline to build container images and store them in Artifact Registry.
3. Configure Artifact Registry to encrypt container images by using customer-managed encryption keys (CMEK).

D. 1. Create a build pipeline by using Cloud Build with the default worker pool.
2. Configure the CI/CD pipeline to build container images and store them in Artifact Registry.
3. Configure your GKE cluster to only allow container images signed by Binary Authorization.

You are a developer at a company that operates an ecommerce website. The website stores the customer order data in a Cloud SQL for PostgreSQL database. Data scientists on the marketing team access this data to run their reports. Every time they run these reports, the website's performance is negatively affected. You want to provide access to up-to-date customer order datasets without affecting your website. What should you do?

A. Configure Cloud Scheduler to run an hourly Cloud Function that exports the data from the Cloud SQL database into CSV format and sends the data to a Cloud Storage bucket.

B. Set up a Bigtable table for the data science team. Configure the application to perform dual writes to both Cloud SQL and Bigtable simultaneously.

C. Set up a BigQuery dataset for the data science team. Configure Datastream to replicate the relevant Cloud SQL tables in BigQuery.

D. Create a clone of the PostgreSQL database instance for the data science team. Schedule a job to create a new clone every 15 minutes.

You are developing a web application by using Cloud Run and Cloud Storage. You are notified of a production issue that you need to troubleshoot immediately. You need to implement a workaround that requires you to execute a script on a Git repository. Your corporate laptop is unavailable but you have your personal computer. You can use your corporate credentials to access the required Git repository and Google Cloud resources. You want to fix the issue as quickly and efficiently as possible while minimizing additional cost. What should you do?

A. Create and launch a workstation with Cloud Workstations on your personal computer. Authenticate and set up API access in the workstation. Clone the Git repository and execute the workaround script. Ensure that the issue has been fixed.

B. Install VS Code and the extension Cloud Code for VS Code on your personal computer. Check the Cloud Run logs in Cloud Code to confirm the error. Execute the workaround script. Ensure that the issue has been fixed.

C. Connect to the Google Cloud console and open Cloud Shell on your personal computer. Clone the Git repository and execute the workaround script. Ensure that the issue has been fixed.

D. Download and install the gcloud CLI on your personal computer. Authenticate and set up API access. Clone the Git repository and execute the workaround script. Ensure that the issue has been fixed.

You are using App Engine and Cloud SQL for PostgreSQL to develop an application. You want to test your application code locally before deploying new application versions to the development environment that is shared with other developers. You need to set up your App Engine local development environment to test your application while keeping all traffic to Cloud SQL instances encrypted and authenticated to Cloud IAM and PostgreSQL. What should you do before starting the local development server?

A. Install PostgreSQL on your local workstation. Run a local PostgreSQL database on your workstation. Configure the application to connect to a PostgreSQL instance on localhost.

B. Download and install the Cloud SQL Auth Proxy to your local development environment. Configure the Cloud SQL Auth Proxy to connect to the Cloud SQL instance and run the proxy. Configure the application to connect to a PostgreSQL instance on localhost.

C. Deploy a Compute Engine instance, and install HAProxy on the instance. Configure Cloud SQL Auth Proxy on the instance, and use the instance’s service account to authenticate to Cloud SQL. Configure the application to connect to the Compute Engine instance's IP address.

D. Configure your local development server to connect to the private IP address of the Cloud SQL instance. Encrypt database entries with a cryptographic library before submitting them to the database. Store the decryption key as an environment variable in App Engine.