[May-2024] Pass Google Professional-Cloud-DevOps-Engineer Exam in First Attempt Guaranteed! [Q36-Q58]

[May-2024] Pass Google Professional-Cloud-DevOps-Engineer Exam in First Attempt Guaranteed!

Full Professional-Cloud-DevOps-Engineer Practice Test and 166 unique questions with explanations waiting just for you, get it now!

NEW QUESTION # 36
Your application images are built using Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What should you do when you push the image?

• A. Reference the image digest in the source control tag.
• B. Use Cloud Build to include the release version tag in the application image.
• C. Use GCR digest versioning to match the image to the tag in source control.
• D. Supply the source control tag as a parameter within the image name.

Answer: B

NEW QUESTION # 37
You are monitoring a service that uses n2-standard-2 Compute Engine instances that serve large files. Users have reported that downloads are slow. Your Cloud Monitoring dashboard shows that your VMS are running at peak network throughput. You want to improve the network throughput performance. What should you do?

• A. Add additional network interface controllers (NICs) to your VMS.
• B. Change the machine type for your VMS to n2-standard-8.
• C. Deploy the Ops Agent to export additional monitoring metrics.
• D. Deploy a Cloud NAT gateway and attach the gateway to the subnet of the VMS.

Answer: B

Explanation:
The correct answer is C, Change the machine type for your VMs to n2-standard-8.
According to the Google Cloud documentation, the network throughput performance of a Compute Engine VM depends on its machine type1. The n2-standard-2 machine type has a maximum egress bandwidth of 4 Gbps, which can be a bottleneck for serving large files. By changing the machine type to n2-standard-8, you can increase the maximum egress bandwidth to 16 Gbps, which can improve the network throughput performance and reduce the download time for users. You also need to enable per VM Tier_1 networking performance, which is a feature that allows VMs to achieve higher network performance than the default settings2.
The other options are incorrect because they do not improve the network throughput performance of your VMs. Option A is incorrect because Cloud NAT is a service that allows private IP addresses to access the internet, but it does not increase the network bandwidth or speed3. Option B is incorrect because adding additional network interfaces (NICs) or IP addresses per NIC does not increase ingress or egress bandwidth for a VM1. Option D is incorrect because deploying the Ops Agent can help you monitor and troubleshoot your VMs, but it does not affect the network throughput performance4.
Reference:
Cloud NAT overview, Cloud NAT overview. Network bandwidth, Bandwidth summary. Installing the Ops Agent, Installing the Ops Agent. Configure per VM Tier_1 networking performance, Configure per VM Tier_1 networking performance.

NEW QUESTION # 38
Your company runs services by using Google Kubernetes Engine (GKE). The GKE clusters in the development environment run applications with verbose logging enabled. Developers view logs by using the kubect1 logs command and do not use Cloud Logging. Applications do not have a uniform logging structure defined. You need to minimize the costs associated with application logging while still collecting GKE operational logs.
What should you do?

• A. Run the gcloud container clusters update --logging-SYSTEM command for the development cluster.
• B. Run the gcloud container clusters update logging=WORKLOAD command for the development cluster.
• C. Add the severity >= DEBUG resource. type "k83 container" exclusion filter to the Default logging sink in the project associated with the development environment.
• D. Run the gcloud logging sinks update _Defau1t --disabled command in the project associated with the development environment.

Answer: A

NEW QUESTION # 39
You are managing the production deployment to a set of Google Kubernetes Engine (GKE) clusters. You want to make sure only images which are successfully built by your trusted CI/CD pipeline are deployed to production. What should you do?

• A. Enable Vulnerability Analysis on the Container Registry.
• B. Enable Cloud Security Scanner on the clusters.
• C. Set up the Kubernetes Engine clusters as private clusters.
• D. Set up the Kubernetes Engine clusters with Binary Authorization.

Answer: D

Explanation:
https://cloud.google.com/binary-authorization/docs/overview

NEW QUESTION # 40
You use Spinnaker to deploy your application and have created a canary deployment stage in the pipeline. Your application has an in-memory cache that loads objects at start time. You want to automate the comparison of the canary version against the production version. How should you configure the canary analysis?

• A. Compare the canary with a new deployment of the previous production version.
• B. Compare the canary with the average performance of a sliding window of previous production versions.
• C. Compare the canary with a new deployment of the current production version.
• D. Compare the canary with the existing deployment of the current production version.

Answer: B

NEW QUESTION # 41
You have an application that runs in Google Kubernetes Engine (GKE). The application consists of several microservices that are deployed to GKE by using Deployments and Services One of the microservices is experiencing an issue where a Pod returns 403 errors after the Pod has been running for more than five hours Your development team is working on a solution but the issue will not be resolved for a month You need to ensure continued operations until the microservice is fixed You want to follow Google-recommended practices and use the fewest number of steps What should you do?

• A. Monitor the Pods and terminate any Pods that have been running for more than five hours
• B. Add a HTTP liveness probe to the microservice s deployment
• C. Create a cron job to terminate any Pods that have been running for more than five hours
• D. Configure an alert to notify you whenever a Pod returns 403 errors

Answer: B

Explanation:
Explanation
The best option for ensuring continued operations until the microservice is fixed is to add a HTTP liveness probe to the microservice's deployment. A HTTP liveness probe is a type of probe that checks if a Pod is alive by sending an HTTP request and expecting a success response code. If the probe fails, Kubernetes will restart the Pod. You can add a HTTP liveness probe to your microservice's deployment by using a livenessProbe field in your Pod spec. This way, you can ensure that any Pod that returns 403 errors after running for more than five hours will be restarted automatically and resume normal operations.

NEW QUESTION # 42
Your development team has created a new version of their service's API. You need to deploy the new versions of the API with the least disruption to third-party developers and end users of third-party installed applications.
What should you do?

• A. Introduce the new version of the API.
  Contact remaining users of the old API.
  Announce deprecation of the old version of the API.
  Deprecate the old version of the API.
  Turn down the old version of the API.
  Provide best effort support to users of the old API.
• B. Announce deprecation of the old version of the API.
  Introduce the new version of the API.
  Contact remaining users on the old API.
  Deprecate the old version of the API.
  Turn down the old version of the API.
  Provide best effort support to users of the old API.
• C. Introduce the new version of the API.
  Announce deprecation of the old version of the API.
  Deprecate the old version of the API.
  Contact remaining users of the old API.
  Provide best effort support to users of the old API.
  Turn down the old version of the API.
• D. Announce deprecation of the old version of the API.
  Contact remaining users on the old API.
  Introduce the new version of the API.
  Deprecate the old version of the API.
  Provide best effort support to users of the old API.
  Turn down the old version of the API.

Answer: C

NEW QUESTION # 43
You are ready to deploy a new feature of a web-based application to production. You want to use Google Kubernetes Engine (GKE) to perform a phased rollout to half of the web server pods.
What should you do?

• A. Use a replica set in the deployment specification.
• B. Use a partitioned rolling update.
• C. Use Node taints with NoExecute.
• D. Use a stateful set with parallel pod management policy.

Answer: B

NEW QUESTION # 44
You need to run a business-critical workload on a fixed set of Compute Engine instances for several months. The workload is stable with the exact amount of resources allocated to it. You want to lower the costs for this workload without any performance implications. What should you do?

• A. Convert the instances to preemptible virtual machines.
• B. Migrate the instances to a Managed Instance Group.
• C. Create an Unmanaged Instance Group for the instances used to run the workload.
• D. Purchase Committed Use Discounts.

Answer: C

NEW QUESTION # 45
You are using Stackdriver to monitor applications hosted on Google Cloud Platform (GCP). You recently deployed a new application, but its logs are not appearing on the Stackdriver dashboard.
You need to troubleshoot the issue. What should you do?

• A. Confirm that your account has the proper permissions to use the Stackdriver dashboard.
• B. Confirm that the Stackdriver agent has been installed in the hosting virtual machine.
• C. Confirm that port 25 has been opened in the firewall to allow messages through to Stackdriver.
• D. Confirm that the application is using the required client library and the service account key has proper permissions.

Answer: B

Explanation:
Explanation
https://cloud.google.com/monitoring/agent/monitoring/troubleshooting#checklist

NEW QUESTION # 46
You have a CI/CD pipeline that uses Cloud Build to build new Docker images and push them to Docker Hub. You use Git for code versioning. After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline. You need to resolve the issue following Site Reliability Engineering practices. What should you do?

• A. Disable the CI pipeline and revert to manually building and pushing the artifacts.
• B. Run a Git compare between the previous and current Cloud Build Configuration files to find and fix the bug.
• C. Upload the configuration YAML file to Cloud Storage and use Error Reporting to identify and fix the issue.
• D. Change the CI pipeline to push the artifacts to Container Registry instead of Docker Hub.

Answer: A

NEW QUESTION # 47
A third-party application needs to have a service account key to work properly When you try to export the key from your cloud project you receive an error "The organization policy constraint larn.disableServiceAccountKeyCreation is enforcedM You need to make the third-party application work while following Google-recommended security practices What should you do?

• A. Remove the iam.disableServiceAccountKeyCreation policy at the organization level, and create a key.
• B. Disable the service account key creation policy at the project's folder, and download the default key
• C. Add a rule to set the iam.disableServiceAccountKeyCreation policy to off in your project and create a key.
• D. Enable the default service account key. and download the key

Answer: C

Explanation:
The best option for making the third-party application work while following Google-recommended security practices is to add a rule to set the iam.disableServiceAccountKeyCreation policy to off in your project and create a key. The iam.disableServiceAccountKeyCreation policy is an organization policy that controls whether service account keys can be created in a project or organization. By default, this policy is set to on, which means that service account keys cannot be created. However, you can override this policy at a lower level, such as a project, by adding a rule to set it to off. This way, you can create a service account key for your project without affecting other projects or organizations. You should also follow the best practices for managing service account keys, such as rotating them regularly, storing them securely, and deleting them when they are no longer needed.

NEW QUESTION # 48
You are designing a new Google Cloud organization for a client. Your client is concerned with the risks associated with long-lived credentials created in Google Cloud. You need to design a solution to completely eliminate the risks associated with the use of JSON service account keys while minimizing operational overhead. What should you do?

• A. Use custom versions of predefined roles to exclude all iam.serviceAccountKeys. * service account role permissions.
• B. Apply the constraints/iam. disableServiceAccountKeyUp10ad constraint to the organization.
• C. Apply the constraints/iam.disableserviceAccountKeycreation constraint to the organization.
• D. Grant the roles/ iam.serviceAccountKeyAdmin IAM role to organization administrators only.

Answer: C

Explanation:
The correct answer is B, Apply the constraints/iam.disableServiceAccountKeyCreation constraint to the organization.
According to the Google Cloud documentation, the constraints/iam.disableServiceAccountKeyCreation constraint is an organization policy constraint that prevents the creation of user-managed service account keys1. User-managed service account keys are long-lived credentials that can be downloaded as JSON or P12 files and used to authenticate as a service account2. These keys pose severe security risks if they are leaked, stolen, or misused by unauthorized entities34. By applying this constraint to the organization, you can completely eliminate the risks associated with the use of JSON service account keys and enforce a more secure alternative for authentication, such as Workload Identity or short-lived access tokens12. This also minimizes operational overhead by avoiding the need to manage, rotate, or revoke user-managed service account keys.
The other options are incorrect because they do not completely eliminate the risks associated with the use of JSON service account keys. Option A is incorrect because it only restricts the IAM permissions to create, list, get, delete, or sign service account keys, but it does not prevent existing keys from being used or leaked. Option C is incorrect because it only disables the upload of user-managed service account keys, but it does not prevent the creation or download of such keys. Option D is incorrect because it only limits the IAM role that can create and manage service account keys, but it does not prevent the keys from being distributed or exposed to unauthorized entities.
Reference:
Disable user-managed service account key creation, Disable user-managed service account key creation. Service accounts, User-managed service accounts. Help keep your Google Cloud service account keys safe, Help keep your Google Cloud service account keys safe. Stop Downloading Google Cloud Service Account Keys!, Stop Downloading Google Cloud Service Account Keys! [Service Account Keys], Service Account Keys. [Disable user-managed service account key upload], Disable user-managed service account key upload. [Granting roles to service accounts], Granting roles to service accounts.

NEW QUESTION # 49
You are currently planning how to display Cloud Monitoring metrics for your organization's Google Cloud projects. Your organization has three folders and six projects:

You want to configure Cloud Monitoring dashboards lo only display metrics from the projects within one folder You need to ensure that the dashboards do not display metrics from projects in the other folders You want to follow Google-recommended practices What should you do?

• A. Create new scoping projects for each folder
• B. Use the current app-one-prod project as the scoping project
• C. Use the current app-one-dev, app-one-staging and app-one-prod projects as the scoping project for each folder
• D. Create a single new scoping project

Answer: A

Explanation:
The best option for configuring Cloud Monitoring dashboards to only display metrics from the projects within one folder is to create new scoping projects for each folder. A scoping project is a project that defines which resources are monitored by Cloud Monitoring. You can create new scoping projects for each folder by using the gcloud monitoring register-project command. This way, you can associate each scoping project with a folder and only monitor the resources within that folder. You can then configure Cloud Monitoring dashboards to use the scoping projects as data sources and only display metrics from the projects within one folder.

NEW QUESTION # 50
Your organization has a containerized web application that runs on-premises As part of the migration plan to Google Cloud you need to select a deployment strategy and platform that meets the following acceptance criteria
1 The platform must be able to direct traffic from Android devices to an Android-specific microservice
2 The platform must allow for arbitrary percentage-based traffic splitting
3 The deployment strategy must allow for continuous testing of multiple versions of any microservice What should you do?

• A. Deploy the canary release of the application to App Engine Use traffic splitting to direct a subset of user traffic to the new version based on the IP address
• B. Deploy the canary release of the application to Compute Engine Use Anthos Service Mesh with Compute Engine to direct 10% of user traffic to the canary release by configuring the virtual service.
• C. Deploy the canary release to Google Kubernetes Engine with Anthos Sen/ice Mesh Use traffic splitting to direct 10% of user traffic to the new version based on the user-agent header configured in the virtual service
• D. Deploy the canary release of the application to Cloud Run Use traffic splitting to direct 10% of user traffic to the canary release based on the revision tag

Answer: C

Explanation:
Explanation
The best option for deploying a containerized web application to Google Cloud with the given acceptance criteria is to use Google Kubernetes Engine (GKE) with Anthos Service Mesh. GKE is a managed service for running Kubernetes clusters on Google Cloud, and Anthos Service Mesh is a service mesh that provides observability, traffic management, and security features for microservices. With Anthos Service Mesh, you can use traffic splitting to direct traffic from Android devices to an Android-specific microservice by configuring the user-agent header in the virtual service. You can also use traffic splitting to direct arbitrary percentage-based traffic to different versions of any microservice for continuous testing. For example, you can use a canary release strategy to direct 10% of user traffic to a new version of a microservice and monitor its performance and reliability.

NEW QUESTION # 51
You deploy a new release of an internal application during a weekend maintenance window when there is minimal user traffic. After the window ends, you learn that one of the new features isn't working as expected in the production environment. After an extended outage, you roll back the new release and deploy a fix. You want to modify your release process to reduce the mean time to recovery so you can avoid extended outages in the future. What should you do?
Choose 2 answers

• A. Before merging new code, require 2 different peers to review the code changes.
• B. Require developers to run automated integration tests on their local development environments before release.
• C. Adopt the blue/green deployment strategy when releasing new code via a CD server.
• D. Configure a CI server. Add a suite of unit tests to your code and have your CI server run them on commit and verify any changes.
• E. Integrate a code linting tool to validate coding standards before any code is accepted into the repository.

Answer: A,E

NEW QUESTION # 52
You are ready to deploy a new feature of a web-based application to production. You want to use Google Kubernetes Engine (GKE) to perform a phased rollout to half of the web server pods.
What should you do?

• A. Use a replica set in the deployment specification.
• B. Use a partitioned rolling update.
• C. Use Node taints with NoExecute.
• D. Use a stateful set with parallel pod management policy.

Answer: B

Explanation:
https://medium.com/velotio-perspectives/exploring-upgrade-strategies-for-stateful-sets-in-kubernetes-c02b8286f251

NEW QUESTION # 53
You support an application running on GCP and want to configure SMS notifications to your team for the most critical alerts in Stackdriver Monitoring. You have already identified the alerting policies you want to configure this for. What should you do?

• A. Select the Webhook notifications option for each alerting policy, and configure it to use a third-party integration tool. Ensure that your team members add their SMS/phone numbers to the external tool.
• B. Configure a Slack notification for each alerting policy. Set up a Slack-to-SMS integration to send SMS messages when Slack messages are received. Ensure that your team members add their SMS/phone numbers to the external integration.
• C. Download and configure a third-party integration between Stackdriver Monitoring and an SMS gateway.
  Ensure that your team members add their SMS/phone numbers to the external tool.
• D. Ensure that your team members set their SMS/phone numbers in their Stackdriver Profile. Select the SMS notification option for each alerting policy and then select the appropriate SMS/phone numbers from the list.

Answer: D

Explanation:
Explanation
https://cloud.google.com/monitoring/support/notification-options#creating_channels To configure SMS notifications, do the following:
In the SMS section, click Add new and follow the instructions. Click Save. When you set up your alerting policy, select the SMS notification type and choose a verified phone number from the list.

NEW QUESTION # 54
Your team is designing a new application for deployment into Google Kubernetes Engine (GKE). You need to set up monitoring to collect and aggregate various application-level metrics in a centralized location. You want to use Google Cloud Platform services while minimizing the amount of work required to set up monitoring. What should you do?

• A. Publish various metrics from the application directly to the Slackdriver Monitoring API, and then observe these custom metrics in Stackdriver.
• B. Install the Cloud Pub/Sub client libraries, push various metrics from the application to various topics, and then observe the aggregated metrics in Stackdriver.
• C. Emit all metrics in the form of application-specific log messages, pass these messages from the containers to the Stackdriver logging collector, and then observe metrics in Stackdriver.
• D. Install the OpenTelemetry client libraries in the application, configure Stackdriver as the export destination for the metrics, and then observe the application's metrics in Stackdriver.

Answer: A

Explanation:
https://cloud.google.com/kubernetes-engine/docs/concepts/custom-and-external-metrics#custom_metrics
https://github.com/GoogleCloudPlatform/k8s-stackdriver/blob/master/custom-metrics-stackdriver-adapter/README.md Your application can report a custom metric to Cloud Monitoring. You can configure Kubernetes to respond to these metrics and scale your workload automatically. For example, you can scale your application based on metrics such as queries per second, writes per second, network performance, latency when communicating with a different application, or other metrics that make sense for your workload. https://cloud.google.com/kubernetes-engine/docs/concepts/custom-and-external-metrics

NEW QUESTION # 55
Your team is designing a new application for deployment both inside and outside Google Cloud Platform (GCP). You need to collect detailed metrics such as system resource utilization. You want to use centralized GCP services while minimizing the amount of work required to set up this collection system. What should you do?

• A. Import the Stackdriver Profiler package, and configure it to relay function timing data to Stackdriver for further analysis.
• B. Instrument the code using a timing library, and publish the metrics via a health check endpoint that is scraped by Stackdriver.
• C. Install an Application Performance Monitoring (APM) tool in both locations, and configure an export to a central data storage location for analysis.
• D. Import the Stackdriver Debugger package, and configure the application to emit debug messages with timing information.

Answer: D

Explanation:
Explanation/Reference:

NEW QUESTION # 56
Your application images are built wing Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What would you do when you push the image?

• A. Reference the image digest in the source control tag.
• B. Use Cloud Build to include the release version tag in the application image.
• C. Use GCR digest versioning to match the image to the tag in source control.
• D. Supply the source control tag as a parameter within the image name.

Answer: B

NEW QUESTION # 57
You are the Operations Lead for an ongoing incident with one of your services. The service usually runs at around 70% capacity. You notice that one node is returning 5xx errors for all requests. There has also been a noticeable increase in support cases from customers. You need to remove the offending node from the load balancer pool so that you can isolate and investigate the node. You want to follow Google-recommended practices to manage the incident and reduce the impact on users. What should you do?

• A. 1 . Drain traffic from the unhealthy node and remove the node from service.
  2. Monitor traffic to ensure that the error is resolved and that the other nodes in the pool are handling the traffic appropriately.
  3. Scale the pool as necessary to handle the new load.
  4. Communicate your actions to the incident team.
• B. 1 . Drain traffic from the unhealthy node and remove the old node from service.
  2. Add a new node to the pool, wait for the new node to report as healthy, and then serve traffic to the new node.
  3. Monitor traffic to ensure that the pool is healthy and is handling traffic appropriately.
  4. Communicate your actions to the incident team.
• C. 1. Communicate your intent to the incident team.
  2. Add a new node to the pool, and wait for the new node to report as healthy.
  3. When traffic is being served on the new node, drain traffic from the unhealthy node, and remove the old node from service.
• D. 1. Communicate your intent to the incident team.
  2. Perform a load analysis to determine if the remaining nodes can handle the increase in traffic offloaded from the removed node, and scale appropriately.
  3. When any new nodes report healthy, drain traffic from the unhealthy node, and remove the unhealthy node from service.

Answer: D

Explanation:
The correct answer is A, Communicate your intent to the incident team. Perform a load analysis to determine if the remaining nodes can handle the increase in traffic offloaded from the removed node, and scale appropriately. When any new nodes report healthy, drain traffic from the unhealthy node, and remove the unhealthy node from service.
This answer follows the Google-recommended practices for incident management, as described in the Chapter 9 - Incident Response, Google SRE Book1. According to this source, some of the best practices are:
Maintain a clear line of command. Designate clearly defined roles. Keep a working record of debugging and mitigation as you go. Declare incidents early and often.
Communicate your intent before taking any action that might affect the service or the incident response. This helps to avoid confusion, duplication of work, or unintended consequences.
Perform a load analysis before removing a node from the load balancer pool, as this might affect the capacity and performance of the service. Scale the pool as necessary to handle the expected load.
Drain traffic from the unhealthy node before removing it from service, as this helps to avoid dropping requests or causing errors for users.
Answer A follows these best practices by communicating the intent to the incident team, performing a load analysis and scaling the pool, and draining traffic from the unhealthy node before removing it.
Answer B does not follow the best practice of performing a load analysis before adding or removing nodes, as this might cause overloading or underutilization of resources.
Answer C does not follow the best practice of communicating the intent before taking any action, as this might cause confusion or conflict with other responders.
Answer D does not follow the best practice of draining traffic from the unhealthy node before removing it, as this might cause errors for users.
Reference:
1: Chapter 9 - Incident Response, Google SRE Book

NEW QUESTION # 58
......

Prepare for your Google certification with the updated TorrentVCE Professional-Cloud-DevOps-Engineer exam questions: https://drive.google.com/open?id=1mF8tPM7Ev6QqHWrlgmJC4-v5aoR2wgVf

Get Latest Professional-Cloud-DevOps-Engineer Dumps Exam Questions in here: https://www.torrentvce.com/Professional-Cloud-DevOps-Engineer-valid-vce-collection.html