Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

Professional Cloud DeveloperFree trialFree trial

By google
Aug, 2025

Verified

25Q per page

Question 26

You have been tasked with planning the migration of your company's application from on-premises to Google Cloud. Your company's monolithic application is an ecommerce website. The application will be migrated to microservices deployed on Google Cloud in stages. The majority of your company's revenue is generated through online sales, so it is important to minimize risk during the migration. You need to prioritize features and select the first functionality to migrate. What should you do?

  • A: Migrate the Product catalog, which has integrations to the frontend and product database.
  • B: Migrate Payment processing, which has integrations to the frontend, order database, and third-party payment vendor.
  • C: Migrate Order fulfillment, which has integrations to the order database, inventory system, and third-party shipping vendor.
  • D: Migrate the Shopping cart, which has integrations to the frontend, cart database, inventory system, and payment processing system.

Question 27

Your team develops services that run on Google Kubernetes Engine. Your team's code is stored in Cloud Source Repositories. You need to quickly identify bugs in the code before it is deployed to production. You want to invest in automation to improve developer feedback and make the process as efficient as possible.
What should you do?

  • A: Use Spinnaker to automate building container images from code based on Git tags.
  • B: Use Cloud Build to automate building container images from code based on Git tags.
  • C: Use Spinnaker to automate deploying container images to the production environment.
  • D: Use Cloud Build to automate building container images from code based on forked versions.

Question 28

Your team is developing an application in Google Cloud that executes with user identities maintained by Cloud Identity. Each of your application's users will have an associated Pub/Sub topic to which messages are published, and a Pub/Sub subscription where the same user will retrieve published messages. You need to ensure that only authorized users can publish and subscribe to their own specific Pub/Sub topic and subscription. What should you do?

Image 1
  • A: Bind the user identity to the pubsub.publisher and pubsub.subscriber roles at the resource level.
  • B: Grant the user identity the pubsub.publisher and pubsub.subscriber roles at the project level.
  • C: Grant the user identity a custom role that contains the pubsub.topics.create and pubsub.subscriptions.create permissions.
  • D: Configure the application to run as a service account that has the pubsub.publisher and pubsub.subscriber roles.

Question 29

You are evaluating developer tools to help drive Google Kubernetes Engine adoption and integration with your development environment, which includes VS Code and IntelliJ. What should you do?

  • A: Use Cloud Code to develop applications.
  • B: Use the Cloud Shell integrated Code Editor to edit code and configuration files.
  • C: Use a Cloud Notebook instance to ingest and process data and deploy models.
  • D: Use Cloud Shell to manage your infrastructure and applications from the command line.

Question 30

You are developing an ecommerce web application that uses App Engine standard environment and Memorystore for Redis. When a user logs into the app, the application caches the user's information (e.g., session, name, address, preferences), which is stored for quick retrieval during checkout.
While testing your application in a browser, you get a 502 Bad Gateway error. You have determined that the application is not connecting to Memorystore. What is the reason for this error?

  • A: Your Memorystore for Redis instance was deployed without a public IP address.
  • B: You configured your Serverless VPC Access connector in a different region than your App Engine instance.
  • C: The firewall rule allowing a connection between App Engine and Memorystore was removed during an infrastructure update by the DevOps team.
  • D: You configured your application to use a Serverless VPC Access connector on a different subnet in a different availability zone than your App Engine instance.

Question 31

Your team develops services that run on Google Cloud. You need to build a data processing service and will use Cloud Functions. The data to be processed by the function is sensitive. You need to ensure that invocations can only happen from authorized services and follow Google-recommended best practices for securing functions. What should you do?

  • A: Enable Identity-Aware Proxy in your project. Secure function access using its permissions.
  • B: Create a service account with the Cloud Functions Viewer role. Use that service account to invoke the function.
  • C: Create a service account with the Cloud Functions Invoker role. Use that service account to invoke the function.
  • D: Create an OAuth 2.0 client ID for your calling service in the same project as the function you want to secure. Use those credentials to invoke the function.

Question 32

You are deploying your applications on Compute Engine. One of your Compute Engine instances failed to launch. What should you do? (Choose two.)

  • A: Determine whether your file system is corrupted.
  • B: Access Compute Engine as a different SSH user.
  • C: Troubleshoot firewall rules or routes on an instance.
  • D: Check whether your instance boot disk is completely full.
  • E: Check whether network traffic to or from your instance is being dropped.

Question 33

Your web application is deployed to the corporate intranet. You need to migrate the web application to Google Cloud. The web application must be available only to company employees and accessible to employees as they travel. You need to ensure the security and accessibility of the web application while minimizing application changes. What should you do?

  • A: Configure the application to check authentication credentials for each HTTP(S) request to the application.
  • B: Configure Identity-Aware Proxy to allow employees to access the application through its public IP address.
  • C: Configure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine instance forwards requests to and from the web application.
  • D: Configure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine issues an HTTP redirect to a public IP address hosting the web application.

Question 34

You have an application that uses an HTTP Cloud Function to process user activity from both desktop browser and mobile application clients. This function will serve as the endpoint for all metric submissions using HTTP POST.
Due to legacy restrictions, the function must be mapped to a domain that is separate from the domain requested by users on web or mobile sessions. The domain for the Cloud Function is https://fn.example.com. Desktop and mobile clients use the domain https://www.example.com. You need to add a header to the function's
HTTP response so that only those browser and mobile sessions can submit metrics to the Cloud Function. Which response header should you add?

  • A: Access-Control-Allow-Origin: *
  • B: Access-Control-Allow-Origin: https://*.example.com
  • C: Access-Control-Allow-Origin: https://fn.example.com
  • D: Access-Control-Allow-origin: https://www.example.com

Question 35

Your teammate has asked you to review the code below. Its purpose is to efficiently add a large number of small rows to a BigQuery table.

Image 1

Which improvement should you suggest your teammate make?

  • A: Include multiple rows with each request.
  • B: Perform the inserts in parallel by creating multiple threads.
  • C: Write each row to a Cloud Storage object, then load into BigQuery.
  • D: Write each row to a Cloud Storage object in parallel, then load into BigQuery.

Question 36

You have an HTTP Cloud Function that is called via POST. Each submission's request body has a flat, unnested JSON structure containing numeric and text data. After the Cloud Function completes, the collected data should be immediately available for ongoing and complex analytics by many users in parallel. How should you persist the submissions?

  • A: Directly persist each POST request's JSON data into Datastore.
  • B: Transform the POST request's JSON data, and stream it into BigQuery.
  • C: Transform the POST request's JSON data, and store it in a regional Cloud SQL cluster.
  • D: Persist each POST request's JSON data as an individual file within Cloud Storage, with the file name containing the request identifier.

Question 37

Your security team is auditing all deployed applications running in Google Kubernetes Engine. After completing the audit, your team discovers that some of the applications send traffic within the cluster in clear text. You need to ensure that all application traffic is encrypted as quickly as possible while minimizing changes to your applications and maintaining support from Google. What should you do?

  • A: Use Network Policies to block traffic between applications.
  • B: Install Istio, enable proxy injection on your application namespace, and then enable mTLS.
  • C: Define Trusted Network ranges within the application, and configure the applications to allow traffic only from those networks.
  • D: Use an automated process to request SSL Certificates for your applications from Let's Encrypt and add them to your applications.

Question 38

You migrated some of your applications to Google Cloud. You are using a legacy monitoring platform deployed on-premises for both on-premises and cloud- deployed applications. You discover that your notification system is responding slowly to time-critical problems in the cloud applications. What should you do?

  • A: Replace your monitoring platform with Cloud Monitoring.
  • B: Install the Cloud Monitoring agent on your Compute Engine instances.
  • C: Migrate some traffic back to your old platform. Perform A/B testing on the two platforms concurrently.
  • D: Use Cloud Logging and Cloud Monitoring to capture logs, monitor, and send alerts. Send them to your existing platform.

Question 39

You recently deployed your application in Google Kubernetes Engine, and now need to release a new version of your application. You need the ability to instantly roll back to the previous version in case there are issues with the new version. Which deployment model should you use?

  • A: Perform a rolling deployment, and test your new application after the deployment is complete.
  • B: Perform A/B testing, and test your application periodically after the new tests are implemented.
  • C: Perform a blue/green deployment, and test your new application after the deployment is. complete.
  • D: Perform a canary deployment, and test your new application periodically after the new version is deployed.

Question 40

You developed a JavaScript web application that needs to access Google Drive's API and obtain permission from users to store files in their Google Drives. You need to select an authorization approach for your application. What should you do?

  • A: Create an API key.
  • B: Create a SAML token.
  • C: Create a service account.
  • D: Create an OAuth Client ID.

Question 41

You manage an ecommerce application that processes purchases from customers who can subsequently cancel or change those purchases. You discover that order volumes are highly variable and the backend order-processing system can only process one request at a time. You want to ensure seamless performance for customers regardless of usage volume. It is crucial that customers' order update requests are performed in the sequence in which they were generated. What should you do?

  • A: Send the purchase and change requests over WebSockets to the backend.
  • B: Send the purchase and change requests as REST requests to the backend.
  • C: Use a Pub/Sub subscriber in pull mode and use a data store to manage ordering.
  • D: Use a Pub/Sub subscriber in push mode and use a data store to manage ordering.

Question 42

Your company needs a database solution that stores customer purchase history and meets the following requirements:
✑ Customers can query their purchase immediately after submission.
✑ Purchases can be sorted on a variety of fields.
✑ Distinct record formats can be stored at the same time.
Which storage option satisfies these requirements?

  • A: Firestore in Native mode
  • B: Cloud Storage using an object read
  • C: Cloud SQL using a SQL SELECT statement
  • D: Firestore in Datastore mode using a global query

Question 43

You recently developed a new service on Cloud Run. The new service authenticates using a custom service and then writes transactional information to a Cloud
Spanner database. You need to verify that your application can support up to 5,000 read and 1,000 write transactions per second while identifying any bottlenecks that occur. Your test infrastructure must be able to autoscale. What should you do?

  • A: Build a test harness to generate requests and deploy it to Cloud Run. Analyze the VPC Flow Logs using Cloud Logging.
  • B: Create a Google Kubernetes Engine cluster running the Locust or JMeter images to dynamically generate load tests. Analyze the results using Cloud Trace.
  • C: Create a Cloud Task to generate a test load. Use Cloud Scheduler to run 60,000 Cloud Task transactions per minute for 10 minutes. Analyze the results using Cloud Monitoring.
  • D: Create a Compute Engine instance that uses a LAMP stack image from the Marketplace, and use Apache Bench to generate load tests against the service. Analyze the results using Cloud Trace.

Question 44

You are using Cloud Build for your CI/CD pipeline to complete several tasks, including copying certain files to Compute Engine virtual machines. Your pipeline requires a flat file that is generated in one builder in the pipeline to be accessible by subsequent builders in the same pipeline. How should you store the file so that all the builders in the pipeline can access it?

  • A: Store and retrieve the file contents using Compute Engine instance metadata.
  • B: Output the file contents to a file in /workspace. Read from the same /workspace file in the subsequent build step.
  • C: Use gsutil to output the file contents to a Cloud Storage object. Read from the same object in the subsequent build step.
  • D: Add a build argument that runs an HTTP POST via curl to a separate web server to persist the value in one builder. Use an HTTP GET via curl from the subsequent build step to read the value.

Question 45

Your company’s development teams want to use various open source operating systems in their Docker builds. When images are created in published containers in your company’s environment, you need to scan them for Common Vulnerabilities and Exposures (CVEs). The scanning process must not impact software development agility. You want to use managed services where possible. What should you do?

  • A: Enable the Vulnerability scanning setting in the Container Registry.
  • B: Create a Cloud Function that is triggered on a code check-in and scan the code for CVEs.
  • C: Disallow the use of non-commercially supported base images in your development environment.
  • D: Use Cloud Monitoring to review the output of Cloud Build to determine whether a vulnerable version has been used.

Question 46

You are developing a JPEG image-resizing API hosted on Google Kubernetes Engine (GKE). Callers of the service will exist within the same GKE cluster. You want clients to be able to get the IP address of the service.
What should you do?

  • A: Define a GKE Service. Clients should use the name of the A record in Cloud DNS to find the service's cluster IP address.
  • B: Define a GKE Service. Clients should use the service name in the URL to connect to the service.
  • C: Define a GKE Endpoint. Clients should get the endpoint name from the appropriate environment variable in the client container.
  • D: Define a GKE Endpoint. Clients should get the endpoint name from Cloud DNS.

Question 47

You are configuring a continuous integration pipeline using Cloud Build to automate the deployment of new container images to Google Kubernetes Engine (GKE). The pipeline builds the application from its source code, runs unit and integration tests in separate steps, and pushes the container to Container Registry. The application runs on a Python web server.

The Dockerfile is as follows:

FROM python:3.7-alpine -

COPY . /app -

WORKDIR /app -
RUN pip install -r requirements.txt
CMD [ "gunicorn", "-w 4", "main:app" ]

You notice that Cloud Build runs are taking longer than expected to complete. You want to decrease the build time. What should you do? (Choose two.)

  • A: Select a virtual machine (VM) size with higher CPU for Cloud Build runs.
  • B: Deploy a Container Registry on a Compute Engine VM in a VPC, and use it to store the final images.
  • C: Cache the Docker image for subsequent builds using the -- cache-from argument in your build config file.
  • D: Change the base image in the Dockerfile to ubuntu:latest, and install Python 3.7 using a package manager utility.
  • E: Store application source code on Cloud Storage, and configure the pipeline to use gsutil to download the source code.

Question 48

You are building a CI/CD pipeline that consists of a version control system, Cloud Build, and Container Registry. Each time a new tag is pushed to the repository, a Cloud Build job is triggered, which runs unit tests on the new code builds a new Docker container image, and pushes it into Container Registry. The last step of your pipeline should deploy the new container to your production Google Kubernetes Engine (GKE) cluster. You need to select a tool and deployment strategy that meets the following requirements:
• Zero downtime is incurred
• Testing is fully automated
• Allows for testing before being rolled out to users
• Can quickly rollback if needed

What should you do?

  • A: Trigger a Spinnaker pipeline configured as an A/B test of your new code and, if it is successful, deploy the container to production.
  • B: Trigger a Spinnaker pipeline configured as a canary test of your new code and, if it is successful, deploy the container to production.
  • C: Trigger another Cloud Build job that uses the Kubernetes CLI tools to deploy your new container to your GKE cluster, where you can perform a canary test.
  • D: Trigger another Cloud Build job that uses the Kubernetes CLI tools to deploy your new container to your GKE cluster, where you can perform a shadow test.

Question 49

Your operations team has asked you to create a script that lists the Cloud Bigtable, Memorystore, and Cloud SQL databases running within a project. The script should allow users to submit a filter expression to limit the results presented. How should you retrieve the data?

  • A: Use the HBase API, Redis API, and MySQL connection to retrieve database lists. Combine the results, and then apply the filter to display the results
  • B: Use the HBase API, Redis API, and MySQL connection to retrieve database lists. Filter the results individually, and then combine them to display the results
  • C: Run gcloud bigtable instances list, gcloud redis instances list, and gcloud sql databases list. Use a filter within the application, and then display the results
  • D: Run gcloud bigtable instances list, gcloud redis instances list, and gcloud sql databases list. Use --filter flag with each command, and then display the results

Question 50

You need to deploy a new European version of a website hosted on Google Kubernetes Engine. The current and new websites must be accessed via the same HTTP(S) load balancer's external IP address, but have different domain names. What should you do?

  • A: Define a new Ingress resource with a host rule matching the new domain
  • B: Modify the existing Ingress resource with a host rule matching the new domain
  • C: Create a new Service of type LoadBalancer specifying the existing IP address as the loadBalancerIP
  • D: Generate a new Ingress resource and specify the existing IP address as the kubernetes.io/ingress.global-static-ip-name annotation value
Page 2 of 15 • Questions 26-50 of 359
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!