Google Professional-Cloud-DevOps-Engineer Exam Practice Test Instant Access

Question 1

Your CTO has asked you to implement a postmortem policy on every incident for internal use. You want to define what a good postmortem is to ensure that the policy is successful at your company. What should you do?

Choose 2 answers

A. Ensure that all postmortems include what caused the incident, identify the person or team responsible for causing the incident. and how to prevent a future occurrence of the incident.

BEnsure that all postmortems include what caused the incident, how the incident could have been worse, and how to prevent a future occurrence of the incident.

CEnsure that all postmortems include the severity of the incident, how to prevent a future occurrence of the incident. and what caused the incident without naming internal system components.

DEnsure that all postmortems include how the incident was resolved and what caused the incident without naming customer information.

EEnsure that all postmortems include all incident participants in postmortem authoring and share postmortems as widely as possible,

Answer : B, E

The correct answers are B and E

A good postmortem should include what caused the incident, how the incident could have been worse, and how to prevent a future occurrence of the incident1. This helps to identify the root cause of the problem, the impact of the incident, and the actions to take to mitigate or eliminate the risk of recurrence.

A good postmortem should also include all incident participants in postmortem authoring and share postmortems as widely as possible2. This helps to foster a culture of learning and collaboration, as well as to increase the visibility and accountability of the incident response process.

Answer A is incorrect because it assigns blame to a person or team, which goes against the principle of blameless postmortems2. Blameless postmortems focus on finding solutions rather than pointing fingers, and encourage honest and constructive feedback without fear of punishment.

Answer C is incorrect because it omits how the incident could have been worse, which is an important factor to consider when evaluating the severity and impact of the incident1. It also avoids naming internal system components, which makes it harder to understand the technical details and root cause of the problem.

Answer D is incorrect because it omits how to prevent a future occurrence of the incident, which is the main goal of a postmortem1. It also avoids naming customer information, which may be relevant for understanding the impact and scope of the incident.

Question 2

You have an application that runs on Cloud Run. You want to use live production traffic to test a new version of the application while you let the quality assurance team perform manual testing. You want to limit the potential impact of any issues while testing the new version, and you must be able to roll back to a previous version of the application if needed. How should you deploy the new version?

Choose 2 answers

ADeploy the application as a new Cloud Run service.

BDeploy a new Cloud Run revision with a tag and use the ---no-traffic option.

CDeploy a new Cloud Run revision without a tag and use the ---no-traffic option.

DDeploy the new application version and use the ---no-traffic option Route production traffic to the revision's URL.

EDeploy the new application version and split traffic to the new version.

Answer : B, E

Question 3

You need to introduce postmortems into your organization. You want to ensure that the postmortem process is well received. What should you do?

Choose 2 answers

ACreate a designated team that is responsible for conducting all postmortems.

BEncourage new employees to conduct postmortems to learn through practice.

CEnsure that writing effective postmortems is a rewarded and celebrated practice.

DEncourage your senior leadership to acknowledge and participate in postmortems.

EProvide your organization with a forum to critique previous postmortems.

Answer : C, D

Question 4

Your company operates in a highly regulated domain. Your security team requires that only trusted container images can be deployed to Google Kubernetes Engine (GKE). You need to implement a solution that meets the requirements of the security team, while minimizing management overhead. What should you do?

AGrant the roles/artifactregistry. writer role to the Cloud Build service account. Confirm that no employee has Artifact Registry write permission.

BUse Cloud Run to write and deploy a custom validator Enable an Eventarc trigger to perform validations when new images are uploaded.

CConfigure Kritis to run in your GKE clusters to enforce deploy-time security policies.

DConfigure Binary Authorization in your GKE clusters to enforce deploy-time security policies

Answer : D

Question 5

Your organization stores all application logs from multiple Google Cloud projects in a central Cloud Logging project. Your security team wants to enforce a rule that each project team can only view their respective logs, and only the operations team can view all the logs. You need to design a solution that meets the security team's requirements, while minimizing costs. What should you do?

AExport logs to BigQuery tables for each project team. Grant project teams access to their tables. Grant logs writer access to the operations team in the central logging project.

BCreate log views for each project team, and only show each project team their application logs. Grant the operations team access to the _ Al Il-jogs View in the central logging project.

CGrant each project team access to the project _ Default view in the central logging project. Grant logging viewer access to the operations team in the central logging project.

DCreate Identity and Access Management (IAM) roles for each project team and restrict access to the _ Default log view in their individual Google Cloud project. Grant viewer access to the operations team in the central logging project.

Answer : B

Create log views for each project team, and only show each project team their application logs.Grant the operations team access to the _AllLogs View in the central logging project1.

This approach aligns with the Google Cloud's recommended methodologies for Professional Cloud DevOps Engineers1. Log views allow you to create and manage access control at a finer granularity for your logs. By creating a separate log view for each project team, you can ensure that they only have access to their respective logs. The operations team, on the other hand, can be granted access to the _AllLogs view in the central logging project, allowing them to view all logs as required.

This solution not only meets the security team's requirements but also minimizes costs as it leverages built-in features of Google Cloud's logging and does not require exporting logs to another service like BigQuery (as suggested in option A), which could incur additional costs1.

Question 6

You are reviewing your deployment pipeline in Google Cloud Deploy You must reduce toil in the pipeline and you want to minimize the amount of time it takes to complete an end-to-end deployment What should you do?

Choose 2 answers

ACreate a trigger to notify the required team to complete the next step when manual intervention is required

BDivide the automation steps into smaller tasks

CUse a script to automate the creation of the deployment pipeline in Google Cloud Deploy

DAdd more engineers to finish the manual steps.

EAutomate promotion approvals from the development environment to the test environment

Answer : A, E

The best options for reducing toil in the pipeline and minimizing the amount of time it takes to complete an end-to-end deployment are to create a trigger to notify the required team to complete the next step when manual intervention is required and to automate promotion approvals from the development environment to the test environment. A trigger is a resource that initiates a deployment when an event occurs, such as a code change, a schedule, or a manual request. You can create a trigger to notify the required team to complete the next step when manual intervention is required by using Cloud Build or Cloud Functions. This way, you can reduce the waiting time and human errors in the pipeline. A promotion approval is a process that allows you to approve or reject a deployment from one environment to another, such as from development to test. You can automate promotion approvals from the development environment to the test environment by using Google Cloud Deploy or Cloud Build. This way, you can speed up the deployment process and avoid manual steps.

Question 7

Your team is building a service that performs compute-heavy processing on batches of data The data is processed faster based on the speed and number of CPUs on the machine These batches of data vary in size and may arrive at any time from multiple third-party sources You need to ensure that third parties are able to upload their data securely. You want to minimize costs while ensuring that the data is processed as quickly as possible What should you do?

A* Provide a secure file transfer protocol (SFTP) server on a Compute Engine instance so that third
parties can upload batches of data and provide appropriate credentials to the server
* Create a Cloud Function with a google.storage, object, finalize Cloud Storage trigger Write code so that the function can scale up a Compute Engine autoscaling managed instance group
* Use an image pre-loaded with the data processing software that terminates the instances when processing completes

B* Provide a Cloud Storage bucket so that third parties can upload batches of data, and provide
appropriate Identity and Access Management (1AM) access to the bucket
* Use a standard Google Kubernetes Engine (GKE) cluster and maintain two services one that processes the batches of data and one that monitors Cloud Storage for new batches of data
* Stop the processing service when there are no batches of data to process

C* Provide a Cloud Storage bucket so that third parties can upload batches of data, and provide appropriate identity and Access Management (1AM) access to the bucket
* Create a Cloud Function with a google, storage, object .finalise Cloud Storage trigger Write code so that the function can scale up a Compute Engine autoscaling managed instance group
* Use an image pre-loaded with the data processing software that terminates the instances when processing completes

D* Provide a Cloud Storage bucket so that third parties can upload batches of data, and provide
appropriate Identity and Access Management (1AM) access to the bucket
* Use Cloud Monitoring to detect new batches of data in the bucket and trigger a Cloud Function that processes the data
* Set a Cloud Function to use the largest CPU possible to minimize the runtime of the processing

Answer : C

The best option for ensuring that third parties are able to upload their data securely and minimizing costs while ensuring that the data is processed as quickly as possible is to provide a Cloud Storage bucket so that third parties can upload batches of data, and provide appropriate Identity and Access Management (IAM) access to the bucket; create a Cloud Function with a google.storage.object.finalize Cloud Storage trigger; write code so that the function can scale up a Compute Engine autoscaling managed instance group; use an image pre-loaded with the data processing software that terminates the instances when processing completes. A Cloud Storage bucket is a resource that allows you to store and access data in Google Cloud. You can provide a Cloud Storage bucket so that third parties can upload batches of data securely and conveniently. You can also provide appropriate IAM access to the bucket by using roles and policies to control who can read or write data to the bucket. A Cloud Function is a serverless function that executes code in response to an event, such as a change in a Cloud Storage bucket. A google.storage.object.finalize trigger is a type of trigger that fires when a new object is created or an existing object is overwritten in a Cloud Storage bucket. You can create a Cloud Function with a google.storage.object.finalize trigger so that the function runs whenever a new batch of data is uploaded to the bucket. You can write code so that the function can scale up a Compute Engine autoscaling managed instance group, which is a group of VM instances that automatically adjusts its size based on load or custom metrics. You can use an image pre-loaded with the data processing software that terminates the instances when processing completes, which means that the instances only run when there is data to process and stop when they are done. This way, you can minimize costs while ensuring that the data is processed as quickly as possible.

Google Professional Cloud DevOps Engineer Exam Practice Test