You support a Node.js application running on Google Kubernetes Engine (GKE) in production. The application makes several HTTP requests to dependent applications. You want to anticipate which dependent applications might cause performance issues. What should you do?
AInstrument all applications with Stackdriver Profiler.
BInstrument all applications with Stackdriver Trace and review inter-service HTTP requests.
CUse Stackdriver Debugger to review the execution of logic within each application to instrument all applications.
DModify the Node.js application to log HTTP request and response times to dependent applications. Use Stackdriver Logging to find dependent applications that are performing poorly.
You have a pool of application servers running on Compute Engine. You need to provide a secure solution that requires the least amount of configuration and allows developers to easily access application logs for troubleshooting. How would you implement the solution on GCP?
Aג€¢ Deploy the Stackdriver logging agent to the application servers. ג€¢ Give the developers the IAM Logs Viewer role to access Stackdriver and view logs.
Bג€¢ Deploy the Stackdriver logging agent to the application servers. ג€¢ Give the developers the IAM Logs Private Logs Viewer role to access Stackdriver and view logs.
Cג€¢ Deploy the Stackdriver monitoring agent to the application servers. ג€¢ Give the developers the IAM Monitoring Viewer role to access Stackdriver and view metrics.
Dג€¢ Install the gsutil command line tool on your application servers. ג€¢ Write a script using gsutil to upload your application log to a Cloud Storage bucket, and then schedule it to run via cron every 5 minutes. ג€¢ Give the developers the IAM Object Viewer access to view the logs in the specified bucket.
The new version of your containerized application has been tested and is ready to be deployed to production on Google Kubernetes Engine (GKE). You could not fully load-test the new version in your pre-production environment, and you need to ensure that the application does not have performance problems after deployment. Your deployment must be automated. What should you do?
ADeploy the application through a continuous delivery pipeline by using canary deployments. Use Cloud Monitoring to look for performance issues, and ramp up traffic as supported by the metrics.
BDeploy the application through a continuous delivery pipeline by using blue/green deployments. Migrate traffic to the new version of the application and use Cloud Monitoring to look for performance issues.
CDeploy the application by using kubectl and use Config Connector to slowly ramp up traffic between versions. Use Cloud Monitoring to look for performance issues.
DDeploy the application by using kubectl and set the spec.updateStrategy.type field to RollingUpdate. Use Cloud Monitoring to look for performance issues, and run the kubectl rollback command if there are any issues.
You are managing an application that runs in Compute Engine. The application uses a custom HTTP server to expose an API that is accessed by other applications through an internal TCP/UDP load balancer. A firewall rule allows access to the API port from 0.0.0.0/0. You need to configure Cloud Logging to log each IP address that accesses the API by using the fewest number of steps. What should you do first?
AEnable Packet Mirroring on the VPC.
BInstall the Ops Agent on the Compute Engine instances.
CEnable logging on the firewall rule.
DEnable VPC Flow Logs on the subnet.
Your company runs an ecommerce website built with JVM-based applications and microservice architecture in Google Kubernetes Engine (GKE). The application load increases during the day and decreases during the night. Your operations team has configured the application to run enough Pods to handle the evening peak load. You want to automate scaling by only running enough Pods and nodes for the load. What should you do?
AConfigure the Vertical Pod Autoscaler, but keep the node pool size static.
BConfigure the Vertical Pod Autoscaler, and enable the cluster autoscaler.
CConfigure the Horizontal Pod Autoscaler, but keep the node pool size static.
DConfigure the Horizontal Pod Autoscaler, and enable the cluster autoscaler.
Your organization wants to increase the availability target of an application from 99.9% to 99.99% for an investment of $2,000. The application's current revenue is $1,000,000. You need to determine whether the increase in availability is worth the investment for a single year of usage. What should you do?
ACalculate the value of improved availability to be $900, and determine that the increase in availability is not worth the investment.
BCalculate the value of improved availability to be $1,000, and determine that the increase in availability is not worth the investment.
CCalculate the value of improved availability to be $1,000, and determine that the increase in availability is worth the investment.
DCalculate the value of improved availability to be $9,000, and determine that the increase in availability is worth the investment.
A third-party application needs to have a service account key to work properly. When you try to export the key from your cloud project, you receive an error: “The organization policy constraint iam.disableServiceAccounKeyCreation is enforced.” You need to make the third-party application work while following Google-recommended security practices.
What should you do?
AEnable the default service account key, and download the key.
BRemove the iam.disableServiceAccountKeyCreation policy at the organization level, and create a key.
CDisable the service account key creation policy at the project's folder, and download the default key.
DAdd a rule to set the iam.disableServiceAccountKeyCreation policy to off in your project, and create a key.
Your team is writing a postmortem after an incident on your external facing application. Your team wants to improve the postmortem policy to include triggers that indicate whether an incident requires a postmortem. Based on Site Reliability Engineering (SRE) practices, what triggers should be defined in the postmortem policy? (Choose two.)
AAn external stakeholder asks for a postmortem
BData is lost due to an incident.
CAn internal stakeholder requests a postmortem.
DThe monitoring system detects that one of the instances for your application has failed.
EThe CD pipeline detects an issue and rolls back a problematic release.
You are implementing a CI/CD pipeline for your application in your company’s multi-cloud environment. Your application is deployed by using custom Compute Engine images and the equivalent in other cloud providers. You need to implement a solution that will enable you to build and deploy the images to your current environment and is adaptable to future changes. Which solution stack should you use?
ACloud Build with Packer
BCloud Build with Google Cloud Deploy
CGoogle Kubernetes Engine with Google Cloud Deploy
DCloud Build with kpt
Your application's performance in Google Cloud has degraded since the last release. You suspect that downstream dependencies might be causing some requests to take longer to complete. You need to investigate the issue with your application to determine the cause. What should you do?
AConfigure Error Reporting in your application.
BConfigure Google Cloud Managed Service for Prometheus in your application.
CConfigure Cloud Profiler in your application.
DConfigure Cloud Trace in your application.
You are creating a CI/CD pipeline in Cloud Build to build an application container image. The application code is stored in GitHub. Your company requires that production image builds are only run against the main branch and that the change control team approves all pushes to the main branch. You want the image build to be as automated as possible. What should you do? (Choose two.)
ACreate a trigger on the Cloud Build job. Set the repository event setting to ‘Pull request’.
BAdd the OWNERS file to the Included files filter on the trigger.
CCreate a trigger on the Cloud Build job. Set the repository event setting to ‘Push to a branch’
DConfigure a branch protection rule for the main branch on the repository.
EEnable the Approval option on the trigger.
You built a serverless application by using Cloud Run and deployed the application to your production environment. You want to identify the resource utilization of the application for cost optimization. What should you do?
AUse Cloud Trace with distributed tracing to monitor the resource utilization of the application.
BUse Cloud Profiler with Ops Agent to monitor the CPU and memory utilization of the application.
CUse Cloud Monitoring to monitor the container CPU and memory utilization of the application.
DUse Cloud Ops to create logs-based metrics to monitor the resource utilization of the application.
You support the backend of a mobile phone game that runs on a Google Kubernetes Engine (GKE) cluster. The application is serving HTTP requests from users.
You need to implement a solution that will reduce the network cost. What should you do?
AConfigure the VPC as a Shared VPC Host project.
BConfigure your network services on the Standard Tier.
CConfigure your Kubernetes cluster as a Private Cluster.
DConfigure a Google Cloud HTTP Load Balancer as Ingress.
Your company is using HTTPS requests to trigger a public Cloud Run-hosted service accessible at the https://booking-engine-abcdef.a.run.app URL. You need to give developers the ability to test the latest revisions of the service before the service is exposed to customers. What should you do?
ARun the gcloud run deploy booking-engine --no-traffic --tag dev command. Use the https://dev--booking-engine-abcdef.a.run.app URL for testing.
BRun the gcloud run services update-traffic booking-engine --to-revisions LATEST=1 command. Use the https://booking-engine-abcdef.a.run.app URL for testing.
CPass the curl –H “Authorization:Bearer $(gcloud auth print-identity-token)” auth token. Use the https://booking-engine-abcdef.a.run.app URL to test privately.
DGrant the roles/run.invoker role to the developers testing the booking-engine service. Use the https://booking-engine-abcdef.private.run.app URL for testing.
You are configuring connectivity across Google Kubernetes Engine (GKE) clusters in different VPCs. You notice that the nodes in Cluster A are unable to access the nodes in Cluster B. You suspect that the workload access issue is due to the network configuration. You need to troubleshoot the issue but do not have execute access to workloads and nodes. You want to identify the layer at which the network connectivity is broken. What should you do?
AInstall a toolbox container on the node in Cluster Confirm that the routes to Cluster B are configured appropriately.
BUse Network Connectivity Center to perform a Connectivity Test from Cluster A to Cluster B.
CUse a debug container to run the traceroute command from Cluster A to Cluster B and from Cluster B to Cluster A. Identify the common failure point.
DEnable VPC Flow Logs in both VPCs, and monitor packet drops.
You manage an application that runs in Google Kubernetes Engine (GKE) and uses the blue/green deployment methodology. Extracts of the Kubernetes manifests are shown below:
The Deployment app-green was updated to use the new version of the application. During post-deployment monitoring, you notice that the majority of user requests are failing. You did not observe this behavior in the testing environment. You need to mitigate the incident impact on users and enable the developers to troubleshoot the issue. What should you do?
AUpdate the Deployment app-blue to use the new version of the application.
BUpdate the Deployment app-green to use the previous version of the application.
CChange the selector on the Service app-svc to app: my-app.
DChange the selector on the Service app-svc to app: my-app, version: blue.
You are running a web application deployed to a Compute Engine managed instance group. Ops Agent is installed on all instances. You recently noticed suspicious activity from a specific IP address. You need to configure Cloud Monitoring to view the number of requests from that specific IP address with minimal operational overhead. What should you do?
AConfigure the Ops Agent with a logging receiver. Create a logs-based metric.
B Create a script to scrape the web server log. Export the IP address request metrics to the Cloud Monitoring API.
BUpdate the application to export the IP address request metrics to the Cloud Monitoring API.
CConfigure the Ops Agent with a metrics receiver.
Your organization is using Helm to package containerized applications. Your applications reference both public and private charts. Your security team flagged that using a public Helm repository as a dependency is a risk. You want to manage all charts uniformly, with native access control and VPC Service Controls. What should you do?
AStore public and private charts in OCI format by using Artifact Registry.
BStore public and private charts by using GitHub Enterprise with Google Workspace as the identity provider.
CStore public and private charts by using Git repository. Configure Cloud Build to synchronize contents of the repository into a Cloud Storage bucket. Connect Helm to the bucket by using https://[bucket].storage-googleapis.com/[helmchart] as the Helm repository.
DConfigure a Helm chart repository server to run in Google Kubernetes Engine (GKE) with Cloud Storage bucket as the storage backend.
You use Terraform to manage an application deployed to a Google Cloud environment. The application runs on instances deployed by a managed instance group. The Terraform code is deployed by using a CI/CD pipeline. When you change the machine type on the instance template used by the managed instance group, the pipeline fails at the terraform apply stage with the following error message:
You need to update the instance template and minimize disruption to the application and the number of pipeline runs.
What should you do?
ADelete the managed instance group, and recreate it after updating the instance template.
BAdd a new instance template, update the managed instance group to use the new instance template, and delete the old instance template.
CRemove the managed instance group from the Terraform state file, update the instance template, and reimport the managed instance group.
DSet the create_before_destroy meta-argument to true in the lifecycle block on the instance template.
Your company operates in a highly regulated domain that requires you to store all organization logs for seven years. You want to minimize logging infrastructure complexity by using managed services. You need to avoid any future loss of log capture or stored logs due to misconfiguration or human error. What should you do?
AUse Cloud Logging to configure an aggregated sink at the organization level to export all logs into a BigQuery dataset.
BUse Cloud Logging to configure an aggregated sink at the organization level to export all logs into Cloud Storage with a seven-year retention policy and Bucket Lock.
CUse Cloud Logging to configure an export sink at each project level to export all logs into a BigQuery dataset
DUse Cloud Logging to configure an export sink at each project level to export all logs into Cloud Storage with a seven-year retention policy and Bucket Lock.
You are building the CI/CD pipeline for an application deployed to Google Kubernetes Engine (GKE). The application is deployed by using a Kubernetes Deployment, Service, and Ingress. The application team asked you to deploy the application by using the blue/green deployment methodology. You need to implement the rollback actions. What should you do?
ARun the kubectl rollout undo command.
BDelete the new container image, and delete the running Pods.
CUpdate the Kubernetes Service to point to the previous Kubernetes Deployment.
DScale the new Kubernetes Deployment to zero.
You are building and running client applications in Cloud Run and Cloud Functions. Your client requires that all logs must be available for one year so that the client can import the logs into their logging service. You must minimize required code changes. What should you do?
AUpdate all images in Cloud Run and all functions in Cloud Functions to send logs to both Cloud Logging and the client's logging service. Ensure that all the ports required to send logs are open in the VPC firewall.
BCreate a Pub/Sub topic, subscription, and logging sink. Configure the logging sink to send all logs into the topic. Give your client access to the topic to retrieve the logs.
CCreate a storage bucket and appropriate VPC firewall rules. Update all images in Cloud Run and all functions in Cloud Functions to send logs to a file within the storage bucket.
DCreate a logs bucket and logging sink. Set the retention on the logs bucket to 365 days. Configure the logging sink to send logs to the bucket. Give your client access to the bucket to retrieve the logs.
You are building and running client applications in Cloud Run and Cloud Functions. Your client requires that all logs must be available for one year so that the client can import the logs into their logging service. You must minimize required code changes. What should you do?
ADeploy Falco or Twistlock on GKE to monitor for vulnerabilities on your running Pods.
BConfigure Identity and Access Management (IAM) policies to create a least privilege model on your GKE clusters.
CUse Binary Authorization to attest images during your CI/CD pipeline.
DEnable Container Analysis in Artifact Registry, and check for common vulnerabilities and exposures (CVEs) in your container images.
You encountered a major service outage that affected all users of the service for multiple hours. After several hours of incident management, the service returned to normal, and user access was restored. You need to provide an incident summary to relevant stakeholders following the Site Reliability Engineering recommended practices. What should you do first?
ACall individual stakeholders to explain what happened.
BDevelop a post-mortem to be distributed to stakeholders.
CSend the Incident State Document to all the stakeholders.
DRequire the engineer responsible to write an apology email to all stakeholders.
You have an application that runs in Google Kubernetes Engine (GKE). The application consists of several microservices that are deployed to GKE by using Deployments and Services. One of the microservices is experiencing an issue where a Pod returns 403 errors after the Pod has been running for more than five hours. Your development team is working on a solution, but the issue will not be resolved for a month. You need to ensure continued operations until the microservice is fixed. You want to follow Google-recommended practices and use the fewest number of steps. What should you do?
ACreate a cron job to terminate any Pods that have been running for more than five hours.
BAdd a HTTP liveness probe to the microservice's deployment.
CMonitor the Pods, and terminate any Pods that have been running for more than five hours.
DConfigure an alert to notify you whenever a Pod returns 403 errors.
Preview
