Win IT Exam with Last Dumps 2025

You are developing a public web application on Cloud Run. You expose the Cloud Run service directly with its public IP address. You are now running a load test to ensure that your application is resilient against high traffic loads. You notice that your application performs as expected when you initiate light traffic. However, when you generate high loads, your web server runs slowly and returns error messages. How should you troubleshoot this issue?

A. Check the network traffic to Cloud Run in Cloud Monitoring to validate whether a traffic spike occurred. If necessary, enable traffic splitting on the Cloud Run instance to route some of the traffic to a previous instance revision.

B. Check the min-instances value for your Cloud Run service. If necessary, increase the min-instances value to match the maximum number of virtual users in your load test.

C. Check whether Cloud Armor is detecting distributed denial of service (DDoS) attacks and is blocking traffic before the traffic is routed to your Cloud Run service. If necessary, disable any Cloud Armor policies in your project.

D. Check whether the Cloud Run service has scaled to a number of instances that equals the max-instances value. If necessary, increase the max-instances value.

You are developing a new image processing application that needs to handle various tasks, such as resizing, cropping, and watermarking images. You also need to monitor the workflow and ensure that it scales efficiently when there are large volumes of images. You want to automate the image processing tasks and workflow monitoring with the least effort. What should you do?

A. Employ Cloud Composer to manage the image processing workflows. Use Dataproc for workflow monitoring and analytics.

B. Use Cloud Run to deploy the image processing functions. Use Apigee to expose the API. Use Cloud Logging for workflow monitoring.

C. Implement Workflows to orchestrate the image processing tasks. Use Cloud Logging for workflow monitoring.

D. Use Cloud Build to trigger Cloud Functions for the image processing tasks. Use Cloud Monitoring for workflow monitoring.

You are developing a web application that will be deployed to production on Cloud Run. The application consists of multiple microservices, some of which will be publicly accessible and others that will only be accessible after authentication by Google identities. You need to ensure that only authenticated users can access the restricted services, while allowing unrestricted access to the public services of the application. You want to use the most secure approach while minimizing management overhead and complexity. How should you configure access?

A. Enable Identity-Aware Proxy (IAP) for all microservices. Develop a new microservice that checks the authentication requirements for each application and controls access to the respective services.

B. Enable Identity-Aware Proxy (IAP) for all microservices. Manage access control lists (ACLs) for the restricted services, and configure allAuthenticatedUsers access to the public services.

C. Use Cloud Endpoints with Firebase Authentication for all microservices. Configure Firebase rules to manage access control lists (ACLs) for each service, allowing access to the public services.

D. Configure separate Cloud Run services for the public and restricted microservices. Enable Identity-Aware Proxy (IAP) only for the restricted services, and configure the Cloud Run ingress settings to ‘Internal and Cloud Load Balancing’.

You are the lead developer for a company that provides a financial risk calculation API. The API is built on Cloud Run and has a gRPC interface. You frequently develop optimizations to the risk calculators. You want to enable these optimizations for select customers who registered to try out the optimizations prior to rolling out the optimization to all customers. Your CI/CD pipeline has built a new image and stored it in the Artifact Registry.
Which rollout strategy should you use?

A. Migrate the traffic to the new service by setting Cloud Run’s traffic split based on the percentage of registered customers.

B. Migrate the traffic to the new service by using a blue/green deployment approach.

C. Migrate the traffic to the new service by using a feature flag for registered customers.

D. Migrate the traffic to the new service and enable session affinity for Cloud Run.

Your ecommerce application has a rapidly growing user base, and it is experiencing performance issues due to excessive requests to your backend API. Your team develops and manages this API. The Cloud SQL backend database is struggling to handle the high demand, leading to latency and timeouts. You need to implement a solution that optimizes API performance and improves user experience. What should you do?

A. Use Apigee to expose your API. Use Memorystore for Redis to cache frequently accessed data. Implement exponential backoff in the application to retry failed requests.

B. Use Apigee to expose your API. Implement rate limiting and access control policies in Apigee to control API traffic. Use Pub/Sub to queue requests to prevent database overload.

C. Use Cloud Load Balancing to expose your API. Use Cloud CDN in front of the load balancer to cache responses. Implement exponential backoff to retry failed requests.

D. Use Cloud Load Balancing to expose your API. Increase the memory for the database instances to handle more concurrent requests. Implement a custom rate-limiting mechanism in your application code to control API requests.

You need to deploy a new feature into production on Cloud Run. Your company’s SRE team mandates gradual deployments to avoid large downtimes caused by code change errors. You want to configure this deployment with minimal effort. What should you do?

A. Configure the application’s frontend load balancer to toggle between the new and old revisions.

B. Configure the application code to send a small percentage of users to the newly deployed revision.

C. Deploy the feature with “Serve this revision immediately” unchecked, and configure the new revision to serve a small percentage of traffic. Check for errors, and increase traffic to the revision as appropriate.

D. Deploy the feature with “Serve this revision immediately” checked. Check for errors, roll back to the previous revision, and repeat the process until you have verified that the deployment is bug-free.

You are developing an external-facing application on GKE that provides a streaming API to users. You want to offer two subscription tiers, “basic" and “premium", to users based on the number of API requests that each client application is allowed to make each day. You want to design the application architecture to provide subscription tiers to users while following Google-recommended practices. What should you do?

A. 1. Configure the service on GKE as a backend to an Apigee proxy.
2. Provide API keys to users to identify client applications.
3. Configure a Quota policy in Apigee for API keys based on the subscription tier.

B. 1. Configure the service on GKE as a backend to an Apigee proxy.
2. Provide API keys to users to identify client applications.
3. Configure a SpikeArrest policy in Apigee for API keys based on the subscription tier.

C. 1. Configure the service on GKE as a backend to two new projects, each with a separate Application Load Balancer.
2. Configure the quota "Queries per second (QPS) per region per network” for each project individually.
3. Provide users with API endpoints based on the subscription tier.

D. 1. Deploy the application to two GKE clusters, one for each subscription tier. Configure each cluster to have a separate Ingress.
2. Configure each cluster as a backend to an Apigee proxy.
3. Provide API keys to users to identify client applications.
4. Configure separate rate limits for client applications based on the subscription tier.

Your organization has users and groups configured in an external identity provider (IdP). You want to leverage the same external IdP to allow Google Cloud console access to all employees. You also want to personalize the sign-in experience by displaying the user's name and photo when users access the Google Cloud console. What should you do?

A. Configure workforce identity federation with the external IdP, and set up attribute mapping.

B. Configure a service account for each individual by using the user name and photo, and grant permissions for each user to impersonate their respective service accounts.

C. Configure workload identity federation to get the external IdP tokens, and use these tokens to sign in to the Google Cloud console.

D. Create a Google group that includes organization email IDs for all users. Ask users to use the same name, work email ID, and password to register and sign in.

You are developing a new API that creates requests on an asynchronous message service. Requests will be consumed by different services. You need to expose the API by using a gRPC interface while minimizing infrastructure management overhead. How should you deploy the API?

A. Deploy your API to App Engine. Create a Pub/Sub topic, and configure your API to push messages to the topic.

B. Deploy your API as a Cloud Run service. Create a Pub/Sub topic, and configure your API to push messages to the topic.

C. Deploy your API to a GKE cluster. Create a Kafka cluster, and configure your API to write messages to the cluster.

D. Deploy your API on a Compute Engine instance. Create a Kafka cluster, and configure your API to write messages to the cluster.

You are about to deploy an application hosted on a Compute Engine instance with Windows OS and Cloud SQL. You plan to use the Cloud SQL Auth Proxy for connectivity to the Cloud SQL instance. You plan to follow Google-recommended practices and the principle of least privilege. You have already created a custom service account. What should you do next?

A. Create and assign a custom role with the cloudsql.instances.connect permission to the custom service account. Adjust the Cloud SQL Auth Proxy start command to specify your instance connection name.

B. Grant the custom service account the roles/cloudsql.client role. Adjust the Cloud SQL Auth Proxy start command to use the --unix-socket CLI option.

C. Grant the custom service account the roles/cloudsql.editor role.

D. Grant the custom service account the roles/cloudsql.viewer role. Adjust the Cloud SQL Auth Proxy start command to specify your instance connection name.