Google Professional Cloud Developer Exam Practice Test Instant Access

Question 1

Your team is creating a serverless web application on Cloud Run. The application needs to access images stored in a private Cloud Storage bucket. You want to give the application Identity and Access Management (IAM) permission to access the images in the bucket, while also securing the services using Google-recommended best practices What should you do?

AEnforce signed URLs for the desired bucket. Grant the Storage Object Viewer IAM role on the bucket to the Compute Engine default service account.

BEnforce public access prevention for the desired bucket. Grant the Storage Object Viewer IAM role on the bucket to the Compute Engine
default service account.

CEnforce signed URLs for the desired bucket Create and update the Cloud Run service to use a user -managed service account. Grant the Storage Object Viewer IAM role on the bucket to the service account

DEnforce public access prevention for the desired bucket.
Create and update the Cloud Run service to use a user-managed service account. Grant the Storage Object Viewer IAM role on the bucket to the service account.

Answer : B

Question 2

You are tasked with using C++ to build and deploy a microservice for an application hosted on Google Cloud. The code needs to be containerized and use several custom software libraries that your team has built. You do not want to maintain the underlying infrastructure of the application How should you deploy the microservice?

AUse Cloud Functions to deploy the microservice.

BUse Cloud Build to create the container, and deploy it on Cloud Run.

CUse Cloud Shell to containerize your microservice. and deploy it on GKE Standard.

DUse Cloud Shell to containerize your microservice. and deploy it on a Container-Optimized OS Compute Engine instance.

Answer : B

Question 3

You are reviewing and updating your Cloud Build steps to adhere to Google-recommended practices. Currently, your build steps include:

1. Pull the source code from a source repository.

2. Build a container image

3. Upload the built image to Artifact Registry.

You need to add a step to perform a vulnerability scan of the built container image, and you want the results of the scan to be available to your deployment pipeline running in Google Cloud. You want to minimize changes that could disrupt other teams' processes What should you do?

AEnable Binary Authorization, and configure it to attest that no vulnerabilities exist in a container image.

BEnable the Container Scanning API in Artifact Registry, and scan the built container images for vulnerabilities.

CUpload the built container images to your Docker Hub instance, and scan them for vulnerabilities.

DAdd Artifact Registry to your Aqua Security instance, and scan the built container images for vulnerabilities

Answer : B

Question 4

Your application stores customers' content in a Cloud Storage bucket, with each object being encrypted with the customer's encryption key. The key for each object in Cloud Storage is entered into your application by the customer. You discover that your application is receiving an HTTP 4xx error when reading the object from Cloud Storage What is a possible cause of this error?

AYou attempted the read operation without the base64-encoded SHA256 hash of the encryption key.

BYou entered the same encryption algorithm specified by the customer when attempting the read operation.

CYou attempted the read operation on the object with the base64-encoded SHA256 hash of the customer's key.

DYou attempted the read operation on the object with the customers base64-encoded key.

Answer : D

Question 5

You need to load-test a set of REST API endpoints that are deployed to Cloud Run. The API responds to HTTP POST requests Your load tests must meet the following requirements:

* Load is initiated from multiple parallel threads

* User traffic to the API originates from multiple source IP addresses.

* Load can be scaled up using additional test instances

You want to follow Google-recommended best practices How should you configure the load testing'?

ACreate an image that has cURL installed and configure cURLto run a test plan Deploy the image in a
managed instance group, and run one instance of the image for each VM.

BCreate an image that has cURL installed and configure cURL to run a test plan Deploy the image in an
unmanaged instance group, and run one instance of the image for each VM.

CDeploy a distributed load testing framework on a private Google Kubernetes Engine Cluster Deploy
additional Pods as needed to initiate more traffic and support the number of concurrent users.

DDownload the container image of a distributed load testing framework on Cloud Shell Sequentially start
several instances of the container on Cloud Shell to increase the load on the API.

Answer : C

Question 6

You work for a financial services company that has a container-first approach. Your team develops microservices applications You have a Cloud Build pipeline that creates a container image, runs regression tests, and publishes the image to Artifact Registry You need to ensure that only containers that have passed the regression tests are deployed to Google Kubernetes Engine (GKE) clusters You have already enabled Binary Authorization on the GKE clusters What should you do next?

ADeploy Voucher Server and Voucher Client Components. After a container image has passed the regression tests, run Voucher Client as a step in the Cloud Build pipeline.

BSet the Pod Security Standard level to Restricted for the relevant namespaces Digitally sign the container
images that have passed the regression tests as a step in the Cloud Build pipeline.

CCreate an attestor and a policy. Create an attestation for the container images that have passed the regression tests as a step in the Cloud Build pipeline.

DCreate an attestor and a policy Run a vulnerability scan to create an attestation for the container image as a step in the Cloud Build pipeline.

Answer : C

Question 7

Your team has created an application that is hosted on a Google Kubernetes Engine (GKE) cluster You need to connect the application to a legacy REST service that is deployed in two GKE clusters in two different regions. You want to connect your application to the legacy service in a way that is resilient and requires the fewest number of steps You also want to be able to run probe-based health checks on the legacy service on a separate port How should you set up the connection?

AUse Traffic Director with a sidecar proxy to connect the application to the service.

BUse a proxyless Traffic Director configuration to connect the application to the service.

CConfigure the legacy service's firewall to allow health checks originating from the proxy.

DConfigure the legacy service's firewall to allow health checks originating from the application.

EConfigure the legacy service's firewall to allow health checks originating from the Traffic Director control plane.

Answer : A, C

https://cloud.google.com/traffic-director/docs/advanced-setup#routing-rule-maps https://cloud.google.com/traffic-director/docs/advanced-setup

A) Using Traffic Director with a sidecar proxy can provide resilience for your application by allowing for failover to the secondary region in the event of an outage. The sidecar proxy can route traffic to the legacy service in either of the two GKE clusters, ensuring high availability. C. Configuring the legacy service's firewall to allow health checks originating from the proxy allows the proxy to periodically check the health of the legacy service and ensure that it is functioning properly. This helps to ensure that traffic is only routed to healthy instances of the legacy service, further improving the resilience of the setup.