[Q67-Q89] Google Cloud Certified - Professional Cloud DevOps Engineer Exam Practice Tests 2024 Pass Professional-Cloud-DevOps-Engineer with confidence!

Google Cloud Certified - Professional Cloud DevOps Engineer Exam Practice Tests 2024 | Pass Professional-Cloud-DevOps-Engineer with confidence!

Practice Cloud DevOps Engineer Professional-Cloud-DevOps-Engineer exam. Online Exam Practice Tests with detailed explanations!

Google Professional Cloud DevOps Engineer Certification Path

The Google Professional Cloud DevOps Engineer Certification is the highest level of certification mainly focusing on the Solution Architect Professional. There is no prerequisite for this exam but still, it would be best to follow some sequence to prove immense knowledge as a Google Professional Cloud DevOps Engineer.

Google Professional-Cloud-DevOps-Engineer certification exam is designed for professionals who want to demonstrate their expertise in using Google Cloud Platform to build and deploy highly scalable and reliable applications. Google Cloud Certified - Professional Cloud DevOps Engineer Exam certification is ideal for DevOps engineers, site reliability engineers, and other IT professionals who are responsible for managing and deploying software applications in the cloud. Professional-Cloud-DevOps-Engineer exam tests your knowledge of various cloud technologies, tools, and best practices that are essential for DevOps professionals to master.

Google Professional-Cloud-DevOps-Engineer certification is recognized globally and is highly valued by employers. It demonstrates that the candidate has the knowledge and skills required to design, implement, and manage cloud-based solutions. Google Cloud Certified - Professional Cloud DevOps Engineer Exam certification also indicates that the candidate is proficient in using Google Cloud Platform tools and technologies to optimize the development and deployment of software applications. Overall, the Google Professional-Cloud-DevOps-Engineer certification is an excellent investment for professionals who are looking to advance their careers in the technology industry.

 

NEW QUESTION # 67
You manage an application that runs in Google Kubernetes Engine (GKE) and uses the blue/green deployment methodology Extracts of the Kubernetes manifests are shown below

The Deployment app-green was updated to use the new version of the application During post-deployment monitoring you notice that the majority of user requests are failing You did not observe this behavior in the testing environment You need to mitigate the incident impact on users and enable the developers to troubleshoot the issue What should you do?

• A. Update the Deployment app-blue to use the new version of the application
• B. Change the selector on the Service app-svc to app: my-app, version: blue
• C. Update the Deployment ape-green to use the previous version of the application
• D. Change the selector on the Service app-2vc to app: my-app.

Answer: B

Explanation:
Explanation
The best option for mitigating the incident impact on users and enabling the developers to troubleshoot the issue is to change the selector on the Service app-svc to app: my-app, version: blue. A Service is a resource that defines how to access a set of Pods. A selector is a field that specifies which Pods are selected by the Service. By changing the selector on the Service app-svc to app: my-app, version: blue, you can ensure that the Service only routes traffic to the Pods that have both labels app: my-app and version: blue. These Pods belong to the Deployment app-blue, which uses the previous version of the application. This way, you can mitigate the incident impact on users by switching back to the working version of the application. You can also enable the developers to troubleshoot the issue with the new version of the application in the Deployment app-green without affecting users.

NEW QUESTION # 68
You are developing a strategy for monitoring your Google Cloud Platform (GCP) projects in production using Stackdriver Workspaces. One of the requirements is to be able to quickly identify and react to production environment issues without false alerts from development and staging projects. You want to ensure that you adhere to the principle of least privilege when providing relevant team members with access to Stackdriver Workspaces. What should you do?

• A. Grant relevant team members read access to all GCP production projects. Create Stackdriver workspaces inside each project.
• B. Create a new GCP monitoring project, and create a Stackdriver Workspace inside it. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.
• C. Choose an existing GCP production project to host the monitoring workspace. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.
• D. Grant relevant team members the Project Viewer IAM role on all GCP production projects. Create Slackdriver workspaces inside each project.

Answer: B

Explanation:
"A Project can host many Projects and appear in many Projects, but it can only be used as the scoping project once. We recommend that you create a new Project for the purpose of having multiple Projects in the same scope."

NEW QUESTION # 69
You have a CI/CD pipeline that uses Cloud Build to build new Docker images and push them to Docker Hub. You use Git for code versioning. After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline. You need to resolve the issue following Site Reliability Engineering practices. What should you do?

• A. Run a Git compare between the previous and current Cloud Build Configuration files to find and fix the bug.
• B. Change the CI pipeline to push the artifacts to Container Registry instead of Docker Hub.
• C. Upload the configuration YAML file to Cloud Storage and use Error Reporting to identify and fix the issue.
• D. Disable the CI pipeline and revert to manually building and pushing the artifacts.

Answer: A

Explanation:
"After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline"- means something wrong on the recent change not with the image registry.

NEW QUESTION # 70
You support a user-facing web application. When analyzing the application's error budget over the previous six months, you notice that the application has never consumed more than 5% of its error budget in any given time window. You hold a Service Level Objective (SLO) review with business stakeholders and confirm that the SLO is set appropriately. You want your application's SLO to more closely reflect its observed reliability.
What steps can you take to further that goal while balancing velocity, reliability, and business needs? (Choose two.)

• A. Tighten the SLO match the application's observed reliability.
• B. Announce planned downtime to consume more error budget, and ensure that users are not depending on a tighter SLO.
• C. Implement and measure additional Service Level Indicators (SLIs) fro the application.
• D. Have more frequent or potentially risky application releases.
• E. Add more serving capacity to all of your application's zones.

Answer: B,C

Explanation:
Explanation
https://sre.google/sre-book/service-level-objectives/
You want the application's SLO to more closely reflect it's observed reliability. The key here is error budget never goes over 5%. This means they can have additional downtime and still stay within their budget.

NEW QUESTION # 71
You manage several production systems that run on Compute Engine in the same Google Cloud Platform (GCP) project. Each system has its own set of dedicated Compute Engine instances. You want to know how must it costs to run each of the systems. What should you do?

• A. Name each virtual machine (VM) after the system it runs. Set up a usage report export to a Cloud Storage bucket. Configure the bucket as a source in BigQuery to query costs based on VM name.
• B. Assign all instances a label specific to the system they run. Configure BigQuery billing export and query costs per label.
• C. In the Google Cloud Platform Console, use the Cost Breakdown section to visualize the costs per system.
• D. Enrich all instances with metadata specific to the system they run. Configure Stackdriver Logging to export to BigQuery, and query costs based on the metadata.

Answer: A

NEW QUESTION # 72
Your company is developing applications that are deployed on Google Kubernetes Engine (GKE) Each team manages a different application You need to create the development and production environments for each team while you minimize costs Different teams should not be able to access other teams environments You want to follow Google-recommended practices What should you do?

• A. Create a development and a production GKE cluster in separate projects In each cluster create a Kubernetes namespace per team and then configure Identity-Aware Proxy so that each team can only access its own namespace
• B. Create one Google Cloud project per team In each project create a cluster for development and one for production Grant the teams Identity and Access Management (1AM) access to their respective clusters
• C. Create one Google Cloud project per team In each project create a cluster with a Kubernetes namespace for development and one for production Grant the teams Identity and Access Management (1AM) access to their respective clusters.
• D. Create a development and a production GKE cluster in separate projects In each cluster create a Kubernetes namespace per team and then configure Kubernetes role-based access control (RBAC) so that each team can only access its own namespace

Answer: D

Explanation:
The best option for creating the development and production environments for each team while minimizing costs and ensuring isolation is to create a development and a production GKE cluster in separate projects, in each cluster create a Kubernetes namespace per team, and then configure Kubernetes role-based access control (RBAC) so that each team can only access its own namespace. This option allows you to use fewer clusters and projects than creating one project or cluster per team, which reduces costs and complexity. It also allows you to isolate each team's environment by using namespaces and RBAC, which prevents teams from accessing other teams' environments.

NEW QUESTION # 73
You are running an application in a virtual machine (VM) using a custom Debian image. The image has the Stackdriver Logging agent installed. The VM has the cloud-platform scope. The application is logging information via syslog. You want to use Stackdriver Logging in the Google Cloud Platform Console to visualize the logs. You notice that syslog is not showing up in the "All logs" dropdown list of the Logs Viewer. What is the first thing you should do?

• A. Look for the agent's test log entry in the Logs Viewer.
• B. SSH to the VM and execute the following commands on your VM: ps ax I grep fluentd
• C. Verify the VM service account access scope includes the monitoring.write scope.
• D. Install the most recent version of the Stackdriver agent.

Answer: B

Explanation:
https://cloud.google.com/compute/docs/access/service-accounts#associating_a_service_account_to_an_instance

NEW QUESTION # 74
Your team of Infrastructure DevOps Engineers is growing, and you are starting to use Terraform to manage infrastructure. You need a way to implement code versioning and to share code with other team members. What should you do?

• A. Store the Terraform code in a network shared folder with child folders for each version release. Ensure that everyone works on different files.
• B. Store the Terraform code in a Cloud Storage bucket using object versioning. Give access to the bucket to every team member so they can download the files.
• C. Store the Terraform code in a version-control system. Establish procedures for pushing new versions and merging with the master.
• D. Store the Terraform code in a shared Google Drive folder so it syncs automatically to every team member's computer. Organize files with a naming convention that identifies each new version.

Answer: C

Explanation:
https://www.terraform.io/docs/cloud/guides/recommended-practices/part3.3.html

NEW QUESTION # 75
You are ready to deploy a new feature of a web-based application to production. You want to use Google Kubernetes Engine (GKE) to perform a phased rollout to half of the web server pods.
What should you do?

• A. Use a partitioned rolling update.
• B. Use a stateful set with parallel pod management policy.
• C. Use Node taints with NoExecute.
• D. Use a replica set in the deployment specification.

Answer: A

Explanation:
https://medium.com/velotio-perspectives/exploring-upgrade-strategies-for-stateful-sets-in-kubernetes-c02b8286f251

NEW QUESTION # 76
As a Site Reliability Engineer, you support an application written in GO that runs on Google Kubernetes Engine (GKE) in production. After releasing a new version Of the application, you notice the application runs for about 15 minutes and then restarts. You decide to add Cloud Profiler to your application and now notice that the heap usage grows constantly until the application restarts. What should you do?

• A. Add high memory compute nodes to the cluster.
• B. Increase the CPU limit in the application deployment.
• C. Add Cloud Trace to the application, and redeploy.
• D. Increase the memory limit in the application deployment.

Answer: D

Explanation:
The correct answer is B, Increase the memory limit in the application deployment.
The application is experiencing a memory leak, which means that it is allocating memory that is not freed or reused. This causes the heap usage to grow constantly until it reaches the memory limit of the pod, which triggers a restart by Kubernetes. Increasing the memory limit in the application deployment can help mitigate the problem by allowing the application to run longer before reaching the limit. However, this is not a permanent solution, as the memory leak will still occur and eventually exhaust the available memory. The best solution is to identify and fix the source of the memory leak in the application code, using tools like Cloud Profiler and pprof12.
Reference:
Using Cloud Profiler with Go, Troubleshooting memory leaks. Profiling Go Programs, Heap profiles.

NEW QUESTION # 77
You are configuring the frontend tier of an application deployed in Google Cloud The frontend tier is hosted in ngmx and deployed using a managed instance group with an Envoy-based external HTTP(S) load balancer in front The application is deployed entirely within the europe-west2 region: and only serves users based in the United Kingdom. You need to choose the most cost-effective network tier and load balancing configuration What should you use?

• A. Standard Tier with a regional load balancer
• B. Premium Tier with a global load balancer
• C. Standard Tier with a global load balancer
• D. Premium Tier with a regional load balancer

Answer: D

Explanation:
The most cost-effective network tier and load balancing configuration for your frontend tier is to use Premium Tier with a regional load balancer. Premium Tier is a network tier that provides high-performance and low-latency network connectivity across Google's global network. A regional load balancer is a load balancer that distributes traffic within a single region. Since your application is deployed entirely within the europe-west2 region and only serves users based in the United Kingdom, you can use Premium Tier with a regional load balancer to optimize the network performance and cost.

NEW QUESTION # 78
Your team of Infrastructure DevOps Engineers is growing, and you are starting to use Terraform to manage infrastructure. You need a way to implement code versioning and to share code with other team members. What should you do?

• A. Store the Terraform code in a network shared folder with child folders for each version release. Ensure that everyone works on different files.
• B. Store the Terraform code in a Cloud Storage bucket using object versioning. Give access to the bucket to every team member so they can download the files.
• C. Store the Terraform code in a version-control system. Establish procedures for pushing new versions and merging with the master.
• D. Store the Terraform code in a shared Google Drive folder so it syncs automatically to every team member's computer. Organize files with a naming convention that identifies each new version.

Answer: C

NEW QUESTION # 79
The new version of your containerized application has been tested and is ready to be deployed to production on Google Kubernetes Engine (GKE) You could not fully load-test the new version in your pre-production environment and you need to ensure that the application does not have performance problems after deployment Your deployment must be automated What should you do?

• A. Deploy the application by using kubectl and set the spec. updatestrategy. type field to RollingUpdate Use Cloud Monitoring to look for performance issues, and run the kubectl rollback command if there are any issues.
• B. Deploy the application by using kubectl and use Config Connector to slowly ramp up traffic between versions. Use Cloud Monitoring to look for performance issues
• C. Deploy the application through a continuous delivery pipeline by using canary deployments Use Cloud Monitoring to look for performance issues, and ramp up traffic as supported by the metrics
• D. Deploy the application through a continuous delivery pipeline by using blue/green deployments Migrate traffic to the new version of the application and use Cloud Monitoring to look for performance issues

Answer: C

Explanation:
The best option for deploying a new version of your containerized application to production on GKE and ensuring that the application does not have performance problems after deployment is to deploy the application through a continuous delivery pipeline by using canary deployments, use Cloud Monitoring to look for performance issues, and ramp up traffic as supported by the metrics. A canary deployment is a deployment strategy that involves releasing a new version of an application to a subset of users or servers and monitoring its performance and reliability. This way, you can test the new version in the production environment with real traffic and load, and gradually increase the traffic as the metrics indicate. You can use Cloud Monitoring to collect and analyze metrics from your application and GKE cluster, such as latency, error rate, CPU utilization, and memory usage. You can also use Cloud Monitoring to set up alerts and dashboards to track the performance of your application.

NEW QUESTION # 80
You have a CI/CD pipeline that uses Cloud Build to build new Docker images and push them to Docker Hub.
You use Git for code versioning. After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline. You need to resolve the issue following Site Reliability Engineering practices. What should you do?

• A. Run a Git compare between the previous and current Cloud Build Configuration files to find and fix the bug.
• B. Change the CI pipeline to push the artifacts to Container Registry instead of Docker Hub.
• C. Upload the configuration YAML file to Cloud Storage and use Error Reporting to identify and fix the issue.
• D. Disable the CI pipeline and revert to manually building and pushing the artifacts.

Answer: A

Explanation:
Explanation
"After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline"- means something wrong on the recent change not with the image registry.

NEW QUESTION # 81
You encounter a large number of outages in the production systems you support. You receive alerts for all the outages that wake you up at night. The alerts are due to unhealthy systems that are automatically restarted within a minute. You want to set up a process that would prevent staff burnout while following Site Reliability Engineering practices. What should you do?

• A. Distribute the alerts to engineers in different time zones.
• B. Create an incident report for each of the alerts.
• C. Redefine the related Service Level Objective so that the error budget is not exhausted.
• D. Eliminate unactionable alerts.

Answer: D

Explanation:
Eliminate bad monitoring : Unactionable alerts (i.e., spam) https://cloud.google.com/blog/products/management-tools/meeting-reliability-challenges-with-sre-principles agree with kyubiblaze about having to remove unactionable items aka spam: "good monitoring alerts on actionable problems" @ https://cloud.google.com/blog/products/management-tools/meeting-reliability-challenges-with-sre-principles

NEW QUESTION # 82
You support a user-facing web application. When analyzing the application's error budget over the previous six months, you notice that the application has never consumed more than 5% of its error budget in any given time window. You hold a Service Level Objective (SLO) review with business stakeholders and confirm that the SLO is set appropriately. You want your application's SLO to more closely reflect its observed reliability. What steps can you take to further that goal while balancing velocity, reliability, and business needs? (Choose two.)

• A. Tighten the SLO match the application's observed reliability.
• B. Announce planned downtime to consume more error budget, and ensure that users are not depending on a tighter SLO.
• C. Implement and measure additional Service Level Indicators (SLIs) fro the application.
• D. Have more frequent or potentially risky application releases.
• E. Add more serving capacity to all of your application's zones.

Answer: B,C

Explanation:
https://sre.google/sre-book/service-level-objectives/
You want the application's SLO to more closely reflect it's observed reliability. The key here is error budget never goes over 5%. This means they can have additional downtime and still stay within their budget.

NEW QUESTION # 83
You are designing a new Google Cloud organization for a client. Your client is concerned with the risks associated with long-lived credentials created in Google Cloud. You need to design a solution to completely eliminate the risks associated with the use of JSON service account keys while minimizing operational overhead. What should you do?

• A. Grant the roles/ iam.serviceAccountKeyAdmin IAM role to organization administrators only.
• B. Use custom versions of predefined roles to exclude all iam.serviceAccountKeys. * service account role permissions.
• C. Apply the constraints/iam. disableServiceAccountKeyUp10ad constraint to the organization.
• D. Apply the constraints/iam.disableserviceAccountKeycreation constraint to the organization.

Answer: D

Explanation:
The correct answer is B, Apply the constraints/iam.disableServiceAccountKeyCreation constraint to the organization.
According to the Google Cloud documentation, the constraints/iam.disableServiceAccountKeyCreation constraint is an organization policy constraint that prevents the creation of user-managed service account keys1. User-managed service account keys are long-lived credentials that can be downloaded as JSON or P12 files and used to authenticate as a service account2. These keys pose severe security risks if they are leaked, stolen, or misused by unauthorized entities34. By applying this constraint to the organization, you can completely eliminate the risks associated with the use of JSON service account keys and enforce a more secure alternative for authentication, such as Workload Identity or short-lived access tokens12. This also minimizes operational overhead by avoiding the need to manage, rotate, or revoke user-managed service account keys.
The other options are incorrect because they do not completely eliminate the risks associated with the use of JSON service account keys. Option A is incorrect because it only restricts the IAM permissions to create, list, get, delete, or sign service account keys, but it does not prevent existing keys from being used or leaked. Option C is incorrect because it only disables the upload of user-managed service account keys, but it does not prevent the creation or download of such keys. Option D is incorrect because it only limits the IAM role that can create and manage service account keys, but it does not prevent the keys from being distributed or exposed to unauthorized entities.
Reference:
Disable user-managed service account key creation, Disable user-managed service account key creation. Service accounts, User-managed service accounts. Help keep your Google Cloud service account keys safe, Help keep your Google Cloud service account keys safe. Stop Downloading Google Cloud Service Account Keys!, Stop Downloading Google Cloud Service Account Keys! [Service Account Keys], Service Account Keys. [Disable user-managed service account key upload], Disable user-managed service account key upload. [Granting roles to service accounts], Granting roles to service accounts.

NEW QUESTION # 84
You are analyzing Java applications in production. All applications have Cloud Profiler and Cloud Trace installed and configured by default. You want to determine which applications need performance tuning. What should you do?
Choose 2 answers

• A. Examine the heap usage Of the application. If the usage is low, mark the application for optimization.
• B. O Examine the latency time, the wall-clock time, and the CPU time of the application. If the latency time is slowly burning down the error budget, and the difference between wall-clock time and CPU time is minimal, mark the application for optimization.
• C. Examine the wall-clock time and the CPU time of the application. If the difference is substantial, increase the memory resource allocation.
• D. Examine the wall-clock time and the CPU time Of the application. If the difference is substantial, increase the CPU resource allocation.
• E. 17 Examine the wall-clock time and the CPU time of the application. If the difference is substantial, increase the local disk storage allocation.

Answer: B,D

Explanation:
The correct answers are A and D)
Examine the wall-clock time and the CPU time of the application. If the difference is substantial, increase the CPU resource allocation. This is a good way to determine if the application is CPU-bound, meaning that it spends more time waiting for the CPU than performing actual computation. Increasing the CPU resource allocation can improve the performance of CPU-bound applications1.
Examine the latency time, the wall-clock time, and the CPU time of the application. If the latency time is slowly burning down the error budget, and the difference between wall-clock time and CPU time is minimal, mark the application for optimization. This is a good way to determine if the application is I/O-bound, meaning that it spends more time waiting for input/output operations than performing actual computation. Increasing the CPU resource allocation will not help I/O-bound applications, and they may need optimization to reduce the number or duration of I/O operations2.
Answer B is incorrect because increasing the memory resource allocation will not help if the application is CPU-bound or I/O-bound. Memory allocation affects how much data the application can store and access in memory, but it does not affect how fast the application can process that data.
Answer C is incorrect because increasing the local disk storage allocation will not help if the application is CPU-bound or I/O-bound. Disk storage affects how much data the application can store and access on disk, but it does not affect how fast the application can process that data.
Answer E is incorrect because examining the heap usage of the application will not help to determine if the application needs performance tuning. Heap usage affects how much memory the application allocates for dynamic objects, but it does not affect how fast the application can process those objects. Moreover, low heap usage does not necessarily mean that the application is inefficient or unoptimized.

NEW QUESTION # 85
You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (PII) is leaking into certain log entry fields. You want to prevent these fields from being written in new log entries as quickly as possible. What should you do?

• A. Wait for the application developers to patch the application, and then verify that the log entries are no longer exposing PII.
• B. Use the fluent-plugin-record-reformer Fluentd output plugin to remove the fields from the log entries in flight.
• C. Stage log entries to Cloud Storage, and then trigger a Cloud Function to remove the fields and write the entries to Stackdriver via the Stackdriver Logging API.
• D. Use the filter-record-transformer Fluentd filter plugin to remove the fields from the log entries in flight.

Answer: B

NEW QUESTION # 86
Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach. What should you do?

• A. Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.
• B. Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.
• C. Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it
• D. Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.

Answer: B

NEW QUESTION # 87
Your company experiences bugs, outages, and slowness in its production systems. Developers use the production environment for new feature development and bug fixes. Configuration and experiments are done in the production environment, causing outages for users. Testers use the production environment for load testing, which often slows the production systems. You need to redesign the environment to reduce the number of bugs and outages in production and to enable testers to load test new features. What should you do?

• A. Create a development environment with smaller server capacity and give access only to developers and testers.
• B. Create an automated testing script in production to detect failures as soon as they occur.
• C. Create a development environment for writing code and a test environment for configurations, experiments, and load testing.
• D. Secure the production environment to ensure that developers can't change it and set up one controlled update per year.

Answer: C

Explanation:
Explanation
Creating a development environment for writing code and a test environment for configurations, experiments, and load testing is the best practice to reduce the number of bugs and outages in production and to enable testers to load test new features. This way, the production environment is isolated from changes that could affect its stability and performance.

NEW QUESTION # 88
Your Cloud Run application writes unstructured logs as text strings to Cloud Logging. You want to convert the unstructured logs to JSON-based structured logs. What should you do?

• A. A Install a Fluent Bit sidecar container, and use a JSON parser.
• B. Modify the application to use Cloud Logging software development kit (SDK), and send log entries with a jsonPay10ad field.
• C. Configure the log agent to convert log text payload to JSON payload.
• D. Install the log agent in the Cloud Run container image, and use the log agent to forward logs to Cloud Logging.

Answer: B

Explanation:
Explanation
The correct answer is D. Modify the application to use Cloud Logging software development kit (SDK), and send log entries with a jsonPayload field.
Cloud Logging SDKs are libraries that allow you to write structured logs from your Cloud Run application.
You can use the SDKs to create log entries with a jsonPayload field, which contains a JSON object with the properties of your log entry. The jsonPayload field allows you to use advanced features of Cloud Logging, such as filtering, querying, and exporting logs based on the properties of your log entry1.
To use Cloud Logging SDKs, you need to install the SDK for your programming language, and then use the SDK methods to create and send log entries to Cloud Logging. For example, if you are using Node.js, you can use the following code to write a structured log entry with a jsonPayload field2:
// Imports the Google Cloud client library
const {Logging} = require('@google-cloud/logging');
// Creates a client
const logging = new Logging();
// Selects the log to write to
const log = logging.log('my-log');
// The data to write to the log
const text = 'Hello, world!';
const metadata = {
// Set the Cloud Run service name and revision as labels
labels: {
service_name: process.env.K_SERVICE || 'unknown',
revision_name: process.env.K_REVISION || 'unknown',
},
// Set the log entry payload type and value
jsonPayload: {
message: text,
timestamp: new Date(),
},
};
// Prepares a log entry
const entry = log.entry(metadata);
// Writes the log entry
await log.write(entry);
console.log(`Logged: ${text}`);
Using Cloud Logging SDKs is the best way to convert unstructured logs to structured logs, as it provides more flexibility and control over the format and content of your log entries.
Using a Fluent Bit sidecar container is not a good option, as it adds complexity and overhead to your Cloud Run application. Fluent Bit is a lightweight log processor and forwarder that can be used to collect and parse logs from various sources and send them to different destinations3. However, Cloud Run does not support sidecar containers, so you would need to run Fluent Bit as part of your main container image. This would require modifying your Dockerfile and configuring Fluent Bit to read logs from supported locations and parse them as JSON. This is more cumbersome and less reliable than using Cloud Logging SDKs.
Using the log agent in the Cloud Run container image is not possible, as the log agent is not supported on Cloud Run. The log agent is a service that runs on Compute Engine or Google Kubernetes Engine instances and collects logs from various applications and system components. However, Cloud Run does not allow you to install or run any agents on its underlying infrastructure, as it is a fully managed service that abstracts away the details of the underlying platform.
Storing the password directly in the code is not a good practice, as it exposes sensitive information and makes it hard to change or rotate the password. It also requires rebuilding and redeploying the application each time the password changes, which adds unnecessary work and downtime.
References:
1: Writing structured logs | Cloud Run Documentation | Google Cloud
2: Write structured logs | Cloud Run Documentation | Google Cloud
3: Fluent Bit - Fast and Lightweight Log Processor & Forwarder
Logging Best Practices for Serverless Applications - Google Codelabs
About the logging agent | Cloud Logging Documentation | Google Cloud
Cloud Run FAQ | Google Cloud

NEW QUESTION # 89
......

Get instant access to Professional-Cloud-DevOps-Engineer practice exam questions: https://drive.google.com/open?id=1mF8tPM7Ev6QqHWrlgmJC4-v5aoR2wgVf

The best Professional-Cloud-DevOps-Engineer exam study material and preparation tool is here: https://www.torrentvce.com/Professional-Cloud-DevOps-Engineer-valid-vce-collection.html