Google Professional Cloud DevOps Engineer Exam Practice Test Instant Access

Question 1

Your team is designing a new application for deployment into Google Kubernetes Engine (GKE). You need to set up monitoring to collect and aggregate various application-level metrics in a centralized location. You want to use Google Cloud Platform services while minimizing the amount of work required to set up monitoring. What should you do?

APublish various metrics from the application directly to the Slackdriver Monitoring API, and then observe these custom metrics in Stackdriver.

BInstall the Cloud Pub/Sub client libraries, push various metrics from the application to various topics, and then observe the aggregated metrics in Stackdriver.

CInstall the OpenTelemetry client libraries in the application, configure Stackdriver as the export destination for the metrics, and then observe the application's metrics in Stackdriver.

DEmit all metrics in the form of application-specific log messages, pass these messages from the containers to the Stackdriver logging collector, and then observe metrics in Stackdriver.

Answer : A

https://cloud.google.com/kubernetes-engine/docs/concepts/custom-and-external-metrics#custom_metrics

https://github.com/GoogleCloudPlatform/k8s-stackdriver/blob/master/custom-metrics-stackdriver-adapter/README.md

Your application can report a custom metric to Cloud Monitoring. You can configure Kubernetes to respond to these metrics and scale your workload automatically. For example, you can scale your application based on metrics such as queries per second, writes per second, network performance, latency when communicating with a different application, or other metrics that make sense for your workload. https://cloud.google.com/kubernetes-engine/docs/concepts/custom-and-external-metrics

Question 2

You are managing an application that runs in Compute Engine The application uses a custom HTTP server to expose an API that is accessed by other applications through an internal TCP/UDP load balancer A firewall rule allows access to the API port from 0.0.0-0/0. You need to configure Cloud Logging to log each IP address that accesses the API by using the fewest number of steps What should you do Bret?

AEnable Packet Mirroring on the VPC

BInstall the Ops Agent on the Compute Engine instances.

CEnable logging on the firewall rule

DEnable VPC Flow Logs on the subnet

Answer : C

The best option for configuring Cloud Logging to log each IP address that accesses the API by using the fewest number of steps is to enable logging on the firewall rule. A firewall rule is a rule that controls the traffic to and from your Compute Engine instances. You can enable logging on a firewall rule to capture information about the traffic that matches the rule, such as source and destination IP addresses, protocols, ports, and actions. You can use Cloud Logging to view and export the firewall logs to other destinations, such as BigQuery, for further analysis.

Question 3

Your CTO has asked you to implement a postmortem policy on every incident for internal use. You want to define what a good postmortem is to ensure that the policy is successful at your company. What should you do?

Choose 2 answers

A. Ensure that all postmortems include what caused the incident, identify the person or team responsible for causing the incident. and how to prevent a future occurrence of the incident.

BEnsure that all postmortems include what caused the incident, how the incident could have been worse, and how to prevent a future occurrence of the incident.

CEnsure that all postmortems include the severity of the incident, how to prevent a future occurrence of the incident. and what caused the incident without naming internal system components.

DEnsure that all postmortems include how the incident was resolved and what caused the incident without naming customer information.

EEnsure that all postmortems include all incident participants in postmortem authoring and share postmortems as widely as possible,

Answer : B, E

The correct answers are B and E.

A good postmortem should include what caused the incident, how the incident could have been worse, and how to prevent a future occurrence of the incident1. This helps to identify the root cause of the problem, the impact of the incident, and the actions to take to mitigate or eliminate the risk of recurrence.

A good postmortem should also include all incident participants in postmortem authoring and share postmortems as widely as possible2. This helps to foster a culture of learning and collaboration, as well as to increase the visibility and accountability of the incident response process.

Answer A is incorrect because it assigns blame to a person or team, which goes against the principle of blameless postmortems2. Blameless postmortems focus on finding solutions rather than pointing fingers, and encourage honest and constructive feedback without fear of punishment.

Answer C is incorrect because it omits how the incident could have been worse, which is an important factor to consider when evaluating the severity and impact of the incident1. It also avoids naming internal system components, which makes it harder to understand the technical details and root cause of the problem.

Question 4

You support a Node.js application running on Google Kubernetes Engine (GKE) in production. The application makes several HTTP requests to dependent applications. You want to anticipate which dependent applications might cause performance issues. What should you do?

AInstrument all applications with Stackdriver Profiler.

BInstrument all applications with Stackdriver Trace and review inter-service HTTP requests.

CUse Stackdriver Debugger to review the execution of logic within each application to instrument all applications.

DModify the Node.js application to log HTTP request and response times to dependent applications. Use Stackdriver Logging to find dependent applications that are performing poorly.

Answer : B

Question 5

You are building an application that runs on Cloud Run The application needs to access a third-party API by using an API key You need to determine a secure way to store and use the API key in your application by following Google-recommended practices What should you do?

ASave the API key in Secret Manager as a secret Reference the secret as an environment variable in the Cloud Run application

BSave the API key in Secret Manager as a secret key Mount the secret key under the /sys/api_key directory and decrypt the key in the Cloud Run application

CSave the API key in Cloud Key Management Service (Cloud KMS) as a key Reference the key as an environment variable in the Cloud Run application

DEncrypt the API key by using Cloud Key Management Service (Cloud KMS) and pass the key to Cloud Run as an environment variable Decrypt and use the key in Cloud Run

Answer : A

The best option for storing and using the API key in your application by following Google-recommended practices is to save the API key in Secret Manager as a secret and reference the secret as an environment variable in the Cloud Run application. Secret Manager is a service that allows you to store and manage sensitive data, such as API keys, passwords, and certificates, in Google Cloud. A secret is a resource that represents a logical secret, such as an API key. You can save the API key in Secret Manager as a secret and use IAM policies to control who can access it. You can also reference the secret as an environment variable in the Cloud Run application by using the ${SECRET_NAME} syntax. This way, you can securely store and use the API key in your application without exposing it in your code or configuration files.

Question 6

You need to build a CI/CD pipeline for a containerized application in Google Cloud Your development team uses a central Git repository for trunk-based development You want to run all your tests in the pipeline for any new versions of the application to improve the quality What should you do?

A1. Install a Git hook to require developers to run unit tests before pushing the code to a central repository
2. Trigger Cloud Build to build the application container Deploy the application container to a testing environment, and run integration tests
3. If the integration tests are successful deploy the application container to your production environment. and run acceptance tests

B1. Install a Git hook to require developers to run unit tests before pushing the code to a central repository
If all tests are successful build a container
2. Trigger Cloud Build to deploy the application container to a testing environment, and run integration
tests and acceptance tests
3. If all tests are successful tag the code as production ready Trigger Cloud Build to build and deploy the application container to the production environment

C1. Trigger Cloud Build to build the application container and run unit tests with the container
2. If unit tests are successful, deploy the application container to a testing environment, and run integration tests
3. If the integration tests are successful the pipeline deploys the application container to the production environment After that, run acceptance tests

D1. Trigger Cloud Build to run unit tests when the code is pushed If all unit tests are successful, build and push the application container to a central registry.
2. Trigger Cloud Build to deploy the container to a testing environment, and run integration tests and acceptance tests
3. If all tests are successful the pipeline deploys the application to the production environment and runs smoke tests

Answer : D

The best option for building a CI/CD pipeline for a containerized application in Google Cloud is to trigger Cloud Build to run unit tests when the code is pushed, if all unit tests are successful, build and push the application container to a central registry, trigger Cloud Build to deploy the container to a testing environment, and run integration tests and acceptance tests, and if all tests are successful, the pipeline deploys the application to the production environment and runs smoke tests. This option follows the best practices for CI/CD pipelines, such as running tests at different stages of the pipeline, using a central registry for storing and managing containers, deploying to different environments, and using Cloud Build as a unified tool for building, testing, and deploying.

Question 7

You support an application deployed on Compute Engine. The application connects to a Cloud SQL instance to store and retrieve dat

a. After an update to the application, users report errors showing database timeout messages. The number of concurrent active users remained stable. You need to find the most probable cause of the database timeout. What should you do?

ACheck the serial port logs of the Compute Engine instance.

BUse Stackdriver Profiler to visualize the resources utilization throughout the application.

CDetermine whether there is an increased number of connections to the Cloud SQL instance.

DUse Cloud Security Scanner to see whether your Cloud SQL is under a Distributed Denial of Service (DDoS) attack.

Answer : C

The most probable cause of the database timeout is an increased number of connections to the Cloud SQL instance. This could happen if the application does not close connections properly or if it creates too many connections at once. You can check the number of connections to the Cloud SQL instance using Cloud Monitoring or Cloud SQL Admin API .