Google Professional Cloud Developer Exam Practice Test Instant Access

Question 1

Your organization has recently begun an initiative to replatform their legacy applications onto Google Kubernetes Engine. You need to decompose a monolithic application into microservices. Multiple instances have read and write access to a configuration file, which is stored on a shared file system. You want to minimize the effort required to manage this transition, and you want to avoid rewriting the application code. What should you do?

ACreate a new Cloud Storage bucket, and mount it via FUSE in the container.

BCreate a new persistent disk, and mount the volume as a shared PersistentVolume.

CCreate a new Filestore instance, and mount the volume as an NFS PersistentVolume.

DCreate a new ConfigMap and volumeMount to store the contents of the configuration file.

Answer : D

https://cloud.google.com/kubernetes-engine/docs/concepts/configmap

ConfigMaps bind non-sensitive configuration artifacts such as configuration files, command-line arguments, and environment variables to your Pod containers and system components at runtime.

A ConfigMap separates your configurations from your Pod and components, which helps keep your workloads portable. This makes their configurations easier to change and manage, and prevents hardcoding configuration data to Pod specifications.

Question 2

Users are complaining that your Cloud Run-hosted website responds too slowly during traffic spikes. You want to provide a better user experience during traffic peaks. What should you do?

ARead application configuration and static data from the database on application startup.

BPackage application configuration and static data into the application image during build time.

CPerform as much work as possible in the background after the response has been returned to the user.

DEnsure that timeout exceptions and errors cause the Cloud Run instance to exit quickly so a replacement instance can be started.

Answer : C

Question 3

Your company just experienced a Google Kubernetes Engine (GKE) API outage due to a zone failure. You want to deploy a highly available GKE architecture that minimizes service interruption to users in the event of a future zone failure. What should you do?

ADeploy Zonal clusters

BDeploy Regional clusters

CDeploy Multi-Zone clusters

DDeploy GKE on-premises clusters

Answer : B

https://cloud.google.com/kubernetes-engine/docs/concepts/types-of-clusters#regional_clusters

A regional cluster has multiple replicas of the control plane, running in multiple zones within a given region. Nodes in a regional cluster can run in multiple zones or a single zone depending on the configured node locations. By default, GKE replicates each node pool across three zones of the control plane's region. When you create a cluster or when you add a new node pool, you can change the default configuration by specifying the zone(s) in which the cluster's nodes run. All zones must be within the same region as the control plane.

Question 4

You are deploying a microservices application to Google Kubernetes Engine (GKE). The application will receive daily updates. You expect to deploy a large number of distinct containers that will run on the Linux operating system (OS). You want to be alerted to any known OS vulnerabilities in the new containers. You want to follow Google-recommended best practices. What should you do?

AUse the gcloud CLI to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.

BEnable Container Analysis, and upload new container images to Artifact Registry. Review the vulnerability results before each deployment.

CEnable Container Analysis, and upload new container images to Artifact Registry. Review the critical vulnerability results before each deployment.

DUse the Container Analysis REST API to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.

Answer : D

https://cloud.google.com/container-analysis/docs/automated-scanning-howto

https://cloud.google.com/container-analysis/docs/os-overview says: The Container Scanning API allows you to automate OS vulnerability detection, scanning each time you push an image to Container Registry or Artifact Registry. Enabling this API also triggers language package scans for Go and Java vulnerabilities (Preview).

Question 5

Your team develops stateless services that run on Google Kubernetes Engine (GKE). You need to deploy a new service that will only be accessed by other services running in the GKE cluster. The service will need to scale as quickly as possible to respond to changing load. What should you do?

AUse a Vertical Pod Autoscaler to scale the containers, and expose them via a ClusterIP Service.

BUse a Vertical Pod Autoscaler to scale the containers, and expose them via a NodePort Service.

CUse a Horizontal Pod Autoscaler to scale the containers, and expose them via a ClusterIP Service.

DUse a Horizontal Pod Autoscaler to scale the containers, and expose them via a NodePort Service.

Answer : C

https://cloud.google.com/kubernetes-engine/docs/concepts/service

Question 6

You are developing a corporate tool on Compute Engine for the finance department, which needs to authenticate users and verify that they are in the finance department. All company employees use G Suite.

What should you do?

AEnable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Verify the provided JSON Web Token within the application.

BEnable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Issue client-side certificates to everybody in the finance team and verify the certificates in the application.

CConfigure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Verify the provided JSON Web Token within the application.

DConfigure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Issue client side certificates to everybody in the finance team and verify the certificates in the application.

Answer : A

https://cloud.google.com/iap/docs/signed-headers-howto#securing_iap_headers

(https://cloud.google.com/endpoints/docs/openapi/authenticating-users-google-id).

https://cloud.google.com/armor/docs/security-policy-overview#:~:text=Google%20Cloud%20Armor%20security%20policies%20enable%20you%20to%20allow%20or,Private%20Cloud%20(VPC)%20networks

'Google Cloud Armor security policies protect your application by providing Layer 7 filtering and by scrubbing incoming requests for common web attacks or other Layer 7 attributes to potentially block traffic before it reaches your load balanced backend services or backend buckets'

Question 7

You work for an organization that manages an online ecommerce website. Your company plans to expand across the world; however, the estore currently serves one specific region. You need to select a SQL database and configure a schema that will scale as your organization grows. You want to create a table that stores all customer transactions and ensure that the customer (CustomerId) and the transaction (TransactionId) are unique. What should you do?

ACreate a Cloud SQL table that has TransactionId and CustomerId configured as primary keys. Use an incremental number for the TransactionId.

BCreate a Cloud SQL table that has TransactionId and CustomerId configured as primary keys. Use a random string (UUID) for the Transactionid.

CCreate a Cloud Spanner table that has TransactionId and CustomerId configured as primary keys. Use a random string (UUID) for the TransactionId.

DCreate a Cloud Spanner table that has TransactionId and CustomerId configured as primary keys. Use an incremental number for the TransactionId.

Answer : C