Professional Cloud DeveloperFree trialFree trial

By google
Aug, 2025

Verified

25Q per page

Question 1

You want to upload files from an on-premises virtual machine to Google Cloud Storage as part of a data migration. These files will be consumed by Cloud
DataProc Hadoop cluster in a GCP environment.
Which command should you use?

  • A: gsutil cp [LOCAL_OBJECT] gs://[DESTINATION_BUCKET_NAME]/
  • B: gcloud cp [LOCAL_OBJECT] gs://[DESTINATION_BUCKET_NAME]/
  • C: hadoop fs cp [LOCAL_OBJECT] gs://[DESTINATION_BUCKET_NAME]/
  • D: gcloud dataproc cp [LOCAL_OBJECT] gs://[DESTINATION_BUCKET_NAME]/

Question 2

Your company wants to expand their users outside the United States for their popular application. The company wants to ensure 99.999% availability of the database for their application and also wants to minimize the read latency for their users across the globe.
Which two actions should they take? (Choose two.)

  • A: Create a multi-regional Cloud Spanner instance with "nam-asia-eur1" configuration.
  • B: Create a multi-regional Cloud Spanner instance with "nam3" configuration.
  • C: Create a cluster with at least 3 Spanner nodes.
  • D: Create a cluster with at least 1 Spanner node.
  • E: Create a minimum of two Cloud Spanner instances in separate regions with at least one node.
  • F: Create a Cloud Dataflow pipeline to replicate data across different databases.

Question 3

Your development team is using Cloud Build to promote a Node.js application built on App Engine from your staging environment to production. The application relies on several directories of photos stored in a Cloud Storage bucket named webphotos-staging in the staging environment. After the promotion, these photos must be available in a Cloud Storage bucket named webphotos-prod in the production environment. You want to automate the process where possible. What should you do?

  • A: Manually copy the photos to webphotos-prod.
  • B: Add a startup script in the application's app.yami file to move the photos from webphotos-staging to webphotos-prod.
  • C: Add a build step in the cloudbuild.yaml file before the promotion step with the arguments:
  • D: Add a build step in the cloudbuild.yaml file before the promotion step with the arguments:

Question 4

You are developing a web application that will be accessible over both HTTP and HTTPS and will run on Compute Engine instances. On occasion, you will need to SSH from your remote laptop into one of the Compute Engine instances to conduct maintenance on the app. How should you configure the instances while following Google-recommended best practices?

  • A: Set up a backend with Compute Engine web server instances with a private IP address behind a TCP proxy load balancer.
  • B: Configure the firewall rules to allow all ingress traffic to connect to the Compute Engine web servers, with each server having a unique external IP address.
  • C: Configure Cloud Identity-Aware Proxy API for SSH access. Then configure the Compute Engine servers with private IP addresses behind an HTTP(s) load balancer for the application web traffic.
  • D: Set up a backend with Compute Engine web server instances with a private IP address behind an HTTP(S) load balancer. Set up a bastion host with a public IP address and open firewall ports. Connect to the web instances using the bastion host.

Question 5

You have a mixture of packaged and internally developed applications hosted on a Compute Engine instance that is running Linux. These applications write log records as text in local files. You want the logs to be written to Cloud Logging. What should you do?

  • A: Pipe the content of the files to the Linux Syslog daemon.
  • B: Install a Google version of fluentd on the Compute Engine instance.
  • C: Install a Google version of collectd on the Compute Engine instance.
  • D: Using cron, schedule a job to copy the log files to Cloud Storage once a day.

Question 6

You want to create fully baked or golden Compute Engine images for your application. You need to bootstrap your application to connect to the appropriate database according to the environment the application is running on (test, staging, production). What should you do?

  • A: Embed the appropriate database connection string in the image. Create a different image for each environment.
  • B: When creating the Compute Engine instance, add a tag with the name of the database to be connected. In your application, query the Compute Engine API to pull the tags for the current instance, and use the tag to construct the appropriate database connection string.
  • C: When creating the Compute Engine instance, create a metadata item with a key of ג€DATABASEג€ and a value for the appropriate database connection string. In your application, read the ג€DATABASEג€ environment variable, and use the value to connect to the appropriate database.
  • D: When creating the Compute Engine instance, create a metadata item with a key of ג€DATABASEג€ and a value for the appropriate database connection string. In your application, query the metadata server for the ג€DATABASEג€ value, and use the value to connect to the appropriate database.

Question 7

You are developing a microservice-based application that will be deployed on a Google Kubernetes Engine cluster. The application needs to read and write to a
Spanner database. You want to follow security best practices while minimizing code changes. How should you configure your application to retrieve Spanner credentials?

  • A: Configure the appropriate service accounts, and use Workload Identity to run the pods.
  • B: Store the application credentials as Kubernetes Secrets, and expose them as environment variables.
  • C: Configure the appropriate routing rules, and use a VPC-native cluster to directly connect to the database.
  • D: Store the application credentials using Cloud Key Management Service, and retrieve them whenever a database connection is made.

Question 8

You are deploying your application on a Compute Engine instance that communicates with Cloud SQL. You will use Cloud SQL Proxy to allow your application to communicate to the database using the service account associated with the application's instance. You want to follow the Google-recommended best practice of providing minimum access for the role assigned to the service account. What should you do?

  • A: Assign the Project Editor role.
  • B: Assign the Project Owner role.
  • C: Assign the Cloud SQL Client role.
  • D: Assign the Cloud SQL Editor role.

Question 9

Your team develops stateless services that run on Google Kubernetes Engine (GKE). You need to deploy a new service that will only be accessed by other services running in the GKE cluster. The service will need to scale as quickly as possible to respond to changing load. What should you do?

  • A: Use a Vertical Pod Autoscaler to scale the containers, and expose them via a ClusterIP Service.
  • B: Use a Vertical Pod Autoscaler to scale the containers, and expose them via a NodePort Service.
  • C: Use a Horizontal Pod Autoscaler to scale the containers, and expose them via a ClusterIP Service.
  • D: Use a Horizontal Pod Autoscaler to scale the containers, and expose them via a NodePort Service.

Question 10

You recently migrated a monolithic application to Google Cloud by breaking it down into microservices. One of the microservices is deployed using Cloud
Functions. As you modernize the application, you make a change to the API of the service that is backward-incompatible. You need to support both existing callers who use the original API and new callers who use the new API. What should you do?

  • A: Leave the original Cloud Function as-is and deploy a second Cloud Function with the new API. Use a load balancer to distribute calls between the versions.
  • B: Leave the original Cloud Function as-is and deploy a second Cloud Function that includes only the changed API. Calls are automatically routed to the correct function.
  • C: Leave the original Cloud Function as-is and deploy a second Cloud Function with the new API. Use Cloud Endpoints to provide an API gateway that exposes a versioned API.
  • D: Re-deploy the Cloud Function after making code changes to support the new API. Requests for both versions of the API are fulfilled based on a version identifier included in the call.

Question 11

You are developing an application that will allow users to read and post comments on news articles. You want to configure your application to store and display user-submitted comments using Firestore. How should you design the schema to support an unknown number of comments and articles?

  • A: Store each comment in a subcollection of the article.
  • B: Add each comment to an array property on the article.
  • C: Store each comment in a document, and add the comment's key to an array property on the article.
  • D: Store each comment in a document, and add the comment's key to an array property on the user profile.

Question 12

You recently developed an application. You need to call the Cloud Storage API from a Compute
Engine instance that doesn't have a public IP address. What should you do?

  • A: Use Carrier Peering
  • B: Use VPC Network Peering
  • C: Use Shared VPC networks
  • D: Use Private Google Access

Question 13

You need to migrate an internal file upload API with an enforced 500-MB file size limit to App Engine.
What should you do?

  • A: Use FTP to upload files.
  • B: Use CPanel to upload files.
  • C: Use signed URLs to upload files.
  • D: Change the API to be a multipart file upload API.

Question 14

You are a developer working with the CI/CD team to troubleshoot a new feature that your team introduced. The CI/CD team used HashiCorp Packer to create a new Compute Engine image from your development branch. The image was successfully built, but is not booting up. You need to investigate the issue with the CI/
CD team. What should you do?

  • A: Create a new feature branch, and ask the build team to rebuild the image.
  • B: Shut down the deployed virtual machine, export the disk, and then mount the disk locally to access the boot logs.
  • C: Install Packer locally, build the Compute Engine image locally, and then run it in your personal Google Cloud project.
  • D: Check Compute Engine OS logs using the serial port, and check the Cloud Logging logs to confirm access to the serial port.

Question 15

You manage an application that runs in a Compute Engine instance. You also have multiple backend services executing in stand-alone Docker containers running in Compute Engine instances. The Compute Engine instances supporting the backend services are scaled by managed instance groups in multiple regions. You want your calling application to be loosely coupled. You need to be able to invoke distinct service implementations that are chosen based on the value of an HTTP header found in the request. Which Google Cloud feature should you use to invoke the backend services?

  • A: Traffic Director
  • B: Service Directory
  • C: Anthos Service Mesh
  • D: Internal HTTP(S) Load Balancing

Question 16

Your team is developing an ecommerce platform for your company. Users will log in to the website and add items to their shopping cart. Users will be automatically logged out after 30 minutes of inactivity. When users log back in, their shopping cart should be saved. How should you store users' session and shopping cart information while following Google-recommended best practices?

  • A: Store the session information in Pub/Sub, and store the shopping cart information in Cloud SQL.
  • B: Store the shopping cart information in a file on Cloud Storage where the filename is the SESSION ID.
  • C: Store the session and shopping cart information in a MySQL database running on multiple Compute Engine instances.
  • D: Store the session information in Memorystore for Redis or Memorystore for Memcached, and store the shopping cart information in Firestore.

Question 17

You are designing a resource-sharing policy for applications used by different teams in a Google Kubernetes Engine cluster. You need to ensure that all applications can access the resources needed to run. What should you do? (Choose two.)

  • A: Specify the resource limits and requests in the object specifications.
  • B: Create a namespace for each team, and attach resource quotas to each namespace.
  • C: Create a LimitRange to specify the default compute resource requirements for each namespace.
  • D: Create a Kubernetes service account (KSA) for each application, and assign each KSA to the namespace.
  • E: Use the Anthos Policy Controller to enforce label annotations on all namespaces. Use taints and tolerations to allow resource sharing for namespaces.

Question 18

You are developing a new application that has the following design requirements:
✑ Creation and changes to the application infrastructure are versioned and auditable.
✑ The application and deployment infrastructure uses Google-managed services as much as possible.
✑ The application runs on a serverless compute platform.
How should you design the application's architecture?

  • A: 1. Store the application and infrastructure source code in a Git repository. 2. Use Cloud Build to deploy the application infrastructure with Terraform. 3. Deploy the application to a Cloud Function as a pipeline step.
  • B: 1. Deploy Jenkins from the Google Cloud Marketplace, and define a continuous integration pipeline in Jenkins. 2. Configure a pipeline step to pull the application source code from a Git repository. 3. Deploy the application source code to App Engine as a pipeline step.
  • C: 1. Create a continuous integration pipeline on Cloud Build, and configure the pipeline to deploy the application infrastructure using Deployment Manager templates. 2. Configure a pipeline step to create a container with the latest application source code. 3. Deploy the container to a Compute Engine instance as a pipeline step.
  • D: 1. Deploy the application infrastructure using gcloud commands. 2. Use Cloud Build to define a continuous integration pipeline for changes to the application source code. 3. Configure a pipeline step to pull the application source code from a Git repository, and create a containerized application. 4. Deploy the new container on Cloud Run as a pipeline step.

Question 19

You are creating and running containers across different projects in Google Cloud. The application you are developing needs to access Google Cloud services from within Google Kubernetes Engine (GKE). What should you do?

  • A: Assign a Google service account to the GKE nodes.
  • B: Use a Google service account to run the Pod with Workload Identity.
  • C: Store the Google service account credentials as a Kubernetes Secret.
  • D: Use a Google service account with GKE role-based access control (RBAC).

Question 20

You have containerized a legacy application that stores its configuration on an NFS share. You need to deploy this application to Google Kubernetes Engine
(GKE) and do not want the application serving traffic until after the configuration has been retrieved. What should you do?

  • A: Use the gsutil utility to copy files from within the Docker container at startup, and start the service using an ENTRYPOINT script.
  • B: Create a PersistentVolumeClaim on the GKE cluster. Access the configuration files from the volume, and start the service using an ENTRYPOINT script.
  • C: Use the COPY statement in the Dockerfile to load the configuration into the container image. Verify that the configuration is available, and start the service using an ENTRYPOINT script.
  • D: Add a startup script to the GKE instance group to mount the NFS share at node startup. Copy the configuration files into the container, and start the service using an ENTRYPOINT script.

Question 21

Your team is developing a new application using a PostgreSQL database and Cloud Run. You are responsible for ensuring that all traffic is kept private on Google
Cloud. You want to use managed services and follow Google-recommended best practices. What should you do?

  • A: 1. Enable Cloud SQL and Cloud Run in the same project. 2. Configure a private IP address for Cloud SQL. Enable private services access. 3. Create a Serverless VPC Access connector. 4. Configure Cloud Run to use the connector to connect to Cloud SQL.
  • B: 1. Install PostgreSQL on a Compute Engine virtual machine (VM), and enable Cloud Run in the same project. 2. Configure a private IP address for the VM. Enable private services access. 3. Create a Serverless VPC Access connector. 4. Configure Cloud Run to use the connector to connect to the VM hosting PostgreSQL.
  • C: 1. Use Cloud SQL and Cloud Run in different projects. 2. Configure a private IP address for Cloud SQL. Enable private services access. 3. Create a Serverless VPC Access connector. 4. Set up a VPN connection between the two projects. Configure Cloud Run to use the connector to connect to Cloud SQL.
  • D: 1. Install PostgreSQL on a Compute Engine VM, and enable Cloud Run in different projects. 2. Configure a private IP address for the VM. Enable private services access. 3. Create a Serverless VPC Access connector. 4. Set up a VPN connection between the two projects. Configure Cloud Run to use the connector to access the VM hosting PostgreSQL

Question 22

You are developing an application that will allow clients to download a file from your website for a specific period of time. How should you design the application to complete this task while following Google-recommended best practices?

  • A: Configure the application to send the file to the client as an email attachment.
  • B: Generate and assign a Cloud Storage-signed URL for the file. Make the URL available for the client to download.
  • C: Create a temporary Cloud Storage bucket with time expiration specified, and give download permissions to the bucket. Copy the file, and send it to the client.
  • D: Generate the HTTP cookies with time expiration specified. If the time is valid, copy the file from the Cloud Storage bucket, and make the file available for the client to download.

Question 23

Your development team has been asked to refactor an existing monolithic application into a set of composable microservices. Which design aspects should you implement for the new application? (Choose two.)

  • A: Develop the microservice code in the same programming language used by the microservice caller.
  • B: Create an API contract agreement between the microservice implementation and microservice caller.
  • C: Require asynchronous communications between all microservice implementations and microservice callers.
  • D: Ensure that sufficient instances of the microservice are running to accommodate the performance requirements.
  • E: Implement a versioning scheme to permit future changes that could be incompatible with the current interface.

Question 24

You are planning to deploy your application in a Google Kubernetes Engine (GKE) cluster. The application exposes an HTTP-based health check at /healthz. You want to use this health check endpoint to determine whether traffic should be routed to the pod by the load balancer.
Which code snippet should you include in your Pod configuration?
A.

Image 1

B.

Image 2

C.

Image 3

D.

Image 4

Question 25

You deployed a new application to Google Kubernetes Engine and are experiencing some performance degradation. Your logs are being written to Cloud
Logging, and you are using a Prometheus sidecar model for capturing metrics. You need to correlate the metrics and data from the logs to troubleshoot the performance issue and send real-time alerts while minimizing costs. What should you do?

  • A: Create custom metrics from the Cloud Logging logs, and use Prometheus to import the results using the Cloud Monitoring REST API.
  • B: Export the Cloud Logging logs and the Prometheus metrics to Cloud Bigtable. Run a query to join the results, and analyze in Google Data Studio.
  • C: Export the Cloud Logging logs and stream the Prometheus metrics to BigQuery. Run a recurring query to join the results, and send notifications using Cloud Tasks.
  • D: Export the Prometheus metrics and use Cloud Monitoring to view them as external metrics. Configure Cloud Monitoring to create log-based metrics from the logs, and correlate them with the Prometheus data.
Page 1 of 15 • Questions 1-25 of 359
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!