Question 161
Your company recently migrated to Google Cloud. You need to design a fast, reliable, and repeatable solution for your company to provision new projects and basic resources in Google Cloud. What should you do?
A. Use the Google Cloud console to create projects.
B. Write a script by using the gcloud CLI that passes the appropriate parameters from the request. Save the script in a Git repository.
C. Write a Terraform module and save it in your source control repository. Copy and run the terraform apply command to create the new project.
D. Use the Terraform repositories from the Cloud Foundation Toolkit. Apply the code with appropriate parameters to create the Google Cloud project and related resources.
Question 162
You are configuring a CI pipeline. The build step for your CI pipeline integration testing requires access to APIs inside your private VPC network. Your security team requires that you do not expose API traffic publicly. You need to implement a solution that minimizes management overhead. What should you do?
A. Use Cloud Build private pools to connect to the private VPC.
B. Use Spinnaker for Google Cloud to connect to the private VPC.
C. Use Cloud Build as a pipeline runner. Configure Internal HTTP(S) Load Balancing for API access.
D. Use Cloud Build as a pipeline runner. Configure External HTTP(S) Load Balancing with a Google Cloud Armor policy for API access.
Question 163
You are leading a DevOps project for your organization. The DevOps team is responsible for managing the service infrastructure and being on-call for incidents. The Software Development team is responsible for writing, submitting, and reviewing code. Neither team has any published SLOs. You want to design a new joint-ownership model for a service between the DevOps team and the Software Development team. Which responsibilities should be assigned to each team in the new joint-ownership model?
A.
B.
C.
D.
Question 164
You recently migrated an ecommerce application to Google Cloud. You now need to prepare the application for the upcoming peak traffic season. You want to follow Google-recommended practices. What should you do first to prepare for the busy season?
A. Migrate the application to Cloud Run, and use autoscaling.
B. Create a Terraform configuration for the application's underlying infrastructure to quickly deploy to additional regions.
C. Load test the application to profile its performance for scaling.
D. Pre-provision the additional compute power that was used last season, and expect growth.
Question 165
You are monitoring a service that uses n2-standard-2 Compute Engine instances that serve large files. Users have reported that downloads are slow. Your Cloud Monitoring dashboard shows that your VMs are running at peak network throughput. You want to improve the network throughput performance. What should you do?
A. Add additional network interface controllers (NICs) to your VMs.
B. Deploy a Cloud NAT gateway and attach the gateway to the subnet of the VMs.
C. Change the machine type for your VMs to n2-standard-8.
D. Deploy the Ops Agent to export additional monitoring metrics.
Question 166
Your organization is starting to containerize with Google Cloud. You need a fully managed storage solution for container images and Helm charts. You need to identify a storage solution that has native integration into existing Google Cloud services, including Google Kubernetes Engine (GKE), Cloud Run, VPC Service Controls, and Identity and Access Management (IAM). What should you do?
A. Use Docker to configure a Cloud Storage driver pointed at the bucket owned by your organization.
B. Configure an open source container registry server to run in GKE with a restrictive role-based access control (RBAC) configuration.
C. Configure Artifact Registry as an OCI-based container registry for both Helm charts and container images.
D. Configure Container Registry as an OCI-based container registry for container images.
Question 167
You need to define SLOs for a high-traffic web application. Customers are currently happy with the application performance and availability. Based on current measurement, the 90th percentile of latency is 160 ms and the 95th percentile of latency is 300 ms over a 28-day window. What latency SLO should you publish?
A. 90th percentile - 150 ms
95th percentile - 290 ms
B. 90th percentile - 160 ms
95th percentile - 300 ms
C. 90th percentile - 190 ms
95th percentile - 330 ms
D. 90th percentile - 300 ms
95th percentile - 450 ms
Question 168
Your company runs applications in Google Kubernetes Engine (GKE). Application developers frequently create cloud resources to support their applications. You need to give developers the ability to manage infrastructure as code while adhering to Google-recommended practices. You want to manage infrastructure as code through Kubernetes Custom Resource Definitions (CRDs) and ensure that your chosen setup can be supported by the Google Cloud Support Portal. What should you do?
A. Configure Cloud Build with a Terraform builder to execute the terraform plan and terraform apply commands.
B. Install and configure Crossplane in GKE.
C. Configure a GitHub Action with a Terraform builder to execute the terraform plan and terraform apply commands as part of the pull request process.
D. Install and configure Config Connector in GKE.
Question 169
Your company runs services on Google Cloud. Each team runs their applications in a dedicated project. New teams and projects are created regularly. Your security team requires that all logs are processed by a security information and event management (SIEM) system. The SIEM ingests logs by using Pub/Sub. You must ensure that all existing and future logs are scanned by the SIEM. What should you do?
A. Create an organization-level aggregated sink with a siem log bucket as the destination. Set an inclusion filter to include all logs.
B. Create a folder-level aggregated sink with a siem Pub/Sub topic as the destination. Set an inclusion filter to include all logs. Repeat for each folder.
C. Create an organization-level aggregated sink with a siem Pub/Sub topic as the destination. Set an inclusion filter to include all logs.
D. Create a project-level logging sink with a siem Pub/Sub topic as the destination. Set an inclusion filter to include all logs. Repeat for each project.
Question 170
Your company allows teams to self-manage Google Cloud projects, including project-level Identity and Access Management (IAM). You are concerned that the team responsible for the Shared VPC project might accidentally delete the project, so a lien has been placed on the project. You need to design a solution to restrict Shared VPC project deletion to those with the resourcemanager.projects.updateLiens permission at the organization level. What should you do?
A. Instruct teams to only perform IAM permission management as code with Terraform.
B. Enable VPC Service Controls for the container.googleapis.com API service.
C. Revoke the resourcemanager.projects.updateLiens permission from all users associated with the project.
D. Enable the compute.restrictXpnProjectLienRemoval organization policy constraint.
