Question 191
Your company wants to implement a CD pipeline in Cloud Deploy for a web service deployed to GKE. The web service currently does not have any automated testing. The Quality Assurance team must manually verify any new releases of the web service before any production traffic is processed. You need to design the CD pipeline. What should you do?
A. Create a single pipeline stage, and use a standard deployment strategy.
B. Create a single pipeline stage, and use a canary deployment strategy.
C. Create two pipeline stages, and use a canary deployment strategy.
D. Create two pipeline stages, and use a standard deployment strategy.
Question 192
You manage your company’s primary revenue-generating application. You have an error budget policy in place that freezes production deployments when the application is close to breaching its SLO. A number of issues have recently occurred, and the application has exhausted its error budget. You need to deploy a new release to the application that includes a feature urgently required by your largest customer. You have been told that the release has passed all unit tests. What should you do?
A. Delay the deployment of the feature until the error budget is replenished.
B. Re-run the unit tests, and start the deployment of the feature if the tests pass.
C. Start the deployment of the feature immediately.
D. Deploy the feature to a subset of users, and gradually roll out to all users if there are no errors reported.
Question 193
You work for a company that manages highly sensitive user data. You are designing the Google Kubernetes Engine (GKE) infrastructure for your company, including several applications that will be deployed in development and production environments. Your design must protect data from unauthorized access from other applications, while minimizing the amount of management overhead required. What should you do?
A. Create one cluster for the organization with separate namespaces for each application and environment combination.
B. Create one cluster for each application with separate namespaces for production and development environments.
C. Create one cluster for each environment (development and production) with each application in its own namespace within each cluster.
D. Create one cluster for the organization with separate namespaces for each application.
Question 194
You are developing a Node.js utility on a workstation in Cloud Workstations by using Code OSS. The utility is a simple web page, and you have already confirmed that all necessary firewall rules are in place. You tested the application by starting it on port 3000 on your workstation in Cloud Workstations, but you need to be able to access the web page from your local machine. You need to follow Google-recommended security practices. What should you do?
A. Use a browser running on a bastion host VM.
B. Run the gcloud compute start-iap-tunnel command to the Cloud Workstations VM.
C. Allow public IP addresses in the Cloud Workstations configuration.
D. Click the preview link in the Code OSS panel.
Question 195
Your team is preparing to launch a new API in Cloud Run. The API uses an OpenTelemetry agent to send distributed tracing data to Cloud Trace to monitor the time each request takes. The team has noticed inconsistent trace collection. You need to resolve the issue. What should you do?
A. Use an HTTP health check.
B. Configure CPU to be always-allocated.
C. Increase the CPU limit in Cloud Run from 2 to 4.
D. Configure CPU to be allocated only during request processing.
Question 196
You are deploying a new application on Google Kubernetes Engine (GKE) that processes personally identifiable information (PII). You need to configure Cloud Logging to collect logs from your application while ensuring that sensitive user information is not exposed. What should you do?
A. Implement log sampling to reduce the volume of logs collected.
B. Configure Cloud Data Loss Prevention to scan logs in real-time and redact PII before it's stored in Cloud Logging.
C. Disable Cloud Logging for the application to prevent sensitive data from being logged.
D. Store all logs in an encrypted Cloud Storage bucket with restricted access.
Question 197
You recently created a Cloud Build pipeline for deploying Terraform code stored in a GitHub repository. You make Terraform code changes in short-lived branches and sometimes use tags during development. You tag releases with a semantic version when they are ready for deployment. You require your pipeline to apply the Terraform code whenever there is a new release, and you need to minimize operational overhead. What should you do?
A. Create a build trigger with the \d+\.\d+\.\d+ tag pattern.
B. Create a build trigger with the \d+\.\d+\.\d+ branch pattern.
C. Create a build trigger with the .* tag pattern.
D. Create a build trigger with the .* branch pattern.
Question 198
You manage a microservice that provides a public-facing API (Service A). Service A is time-critical and has a response SLO of 500 ms. Service A makes synchronous calls to internal API (Service B) that is known to become unreliable under heavy load, resulting in connection timeout errors or 500 errors. Service B is used to collect request information for the transactions processed by Service A. You need to mitigate the impact of Service B issues on your Service A users. What should you do?
A. Increase the size of the queue in front of the thread pool used by Service A instances.
B. Implement retry logic with exponential back-offs when calling Service B.
C. Implement a circuit breaker to store the request data in a database.
D. Implement rate limiting in Service A to limit the number of requests to Service B.
Question 199
Your company is migrating its production systems to Google Cloud. You need to implement site reliability engineering (SRE) practices during the migration to minimize customer impact from potential future incidents. Which two SRE practices should you implement? (Choose two.)
A. Create up-to-date playbooks with instructions for debugging and mitigating issues.
B. Ensure that all teams can modify the production environment to resolve issues.
C. Create an alerting mechanism for your SRE team based on your system's internal behavior.
D. Automate common tasks to analyze key impact information and intelligently suggest mitigating actions for the on-call team.
E. Ensure that full autonomy and permissions are only granted to the on-call team.
Question 200
You are deploying a new web application on Cloud Run in your Google Cloud project. You expect traffic to range from 10 requests per second during off-peak hours to 1000 requests per second during peak hours. You want to use autoscaling to efficiently handle the changes in traffic while ensuring that the autoscaler does not exceed your project's resource quotas. What should you do?
A. Manually adjust the number of instances based on observed traffic patterns throughout the day.
B. Define appropriate resource limits for the Cloud Run service, and ensure your project has sufficient resource quotas to accommodate the desired scaling range.
C. Configure the autoscaler to scale based on CPU utilization with a target of 80%.
D. Configure the autoscaler to scale based on request count, with a target of 500 requests per instance.
