PROFESSIONAL-CLOUD-DEVOPS-ENGINEER Online Practice Questions and Answers

You have a pool of application servers running on Compute Engine. You need to provide a secure solution that requires the least amount of configuration and allows developers to easily access application logs for troubleshooting. How would you implement the solution on GCP?

A. 1. Deploy the Stackdriver logging agent to the application servers.

2. Give the developers the IAM Logs Viewer role to access Stackdriver and view logs.

B. 1. Deploy the Stackdriver logging agent to the application servers.

2. Give the developers the IAM Logs Private Logs Viewer role to access Stackdriver and view logs.

C. 1. Deploy the Stackdriver monitoring agent to the application servers.

2. Give the developers the IAM Monitoring Viewer role to access Stackdriver and view metrics.

D. 1. Install the gsutil command line tool on your application servers.

2.

Write a script using gsutil to upload your application log to a Cloud Storage bucket, and then schedule it to run via cron every 5 minutes.

3.

Give the developers the IAM Object Viewer access to view the logs in the specified bucket.

Your application images are built and pushed to Google Container Registry (GCR). You want to build an automated pipeline that deploys the application when the image is updated while minimizing the development effort. What should you do?

A. Use Cloud Build to trigger a Spinnaker pipeline.

B. Use Cloud Pub/Sub to trigger a Spinnaker pipeline.

C. Use a custom builder in Cloud Build to trigger Jenkins pipeline.

D. Use Cloud Pub/Sub to trigger a custom deployment service running in Google Kubernetes Engine (GKE).

You are developing a strategy for monitoring your Google Cloud Platform (GCP) projects in production using Stackdriver Workspaces. One of the requirements is to be able to quickly identify and react to production environment issues without false alerts from development and staging projects. You want to ensure that you adhere to the principle of least privilege when providing relevant team members with access to Stackdriver Workspaces. What should you do?

A. Grant relevant team members read access to all GCP production projects. Create Stackdriver workspaces inside each project.

B. Grant relevant team members the Project Viewer IAM role on all GCP production projects. Create Stackdriver workspaces inside each project.

C. Choose an existing GCP production project to host the monitoring workspace. Attach the production Projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.

D. Create a new GCP monitoring project and create a Stackdriver Workspace inside it. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.

You support an application running on GCP and want to configure SMS notifications to your team for the most critical alerts in Stackdriver Monitoring. You have already identified the alerting policies you want to configure this for. What should you do?

A. Download and configure a third-party integration between Stackdriver Monitoring and an SMS gateway. Ensure that your team members add their SMS/phone numbers to the external tool.

B. Select the Webhook notifications option for each alerting policy, and configure it to use a third-party integration tool. Ensure that your team members add their SMS/phone numbers to the external tool.

C. Ensure that your team members set their SMS/phone numbers in their Stackdriver Profile. Select the SMS notification option for each alerting policy and then select the appropriate SMS/phone numbers from the list.

D. Configure a Slack notification for each alerting policy. Set up a Slack-to-SMS integration to send SMS messages when Slack messages are received. Ensure that your team members add their SMS/phone numbers to the external integration.

You support a stateless web-based API that is deployed on a single Compute Engine instance in the europe-west2-a zone. The Service Level Indicator (SLI) for service availability is below the specified Service Level Objective (SLO). A postmortem has revealed that requests to the API regularly time out. The time outs are due to the API having a high number of requests and running out memory. You want to improve service availability. What should you do?

A. Change the specified SLO to match the measured SLI

B. Move the service to higher-specification compute instances with more memory

C. Set up additional service instances in other zones and load balance the traffic between all instances

D. Set up additional service instances in other zones and use them as a failover in case the primary instance is unavailable

You use Cloud Build to build your application. You want to reduce the build time while minimizing cost and development effort. What should you do?

A. Use Cloud Storage to cache intermediate artifacts.

B. Run multiple Jenkins agents to parallelize the build.

C. Use multiple smaller build steps to minimize execution time.

D. Use larger Cloud Build virtual machines (VMs) by using the machine-type option.

Your organization wants to collect system logs that will be used to generate dashboards in Cloud Operations for their Google Cloud project. You need to configure all current and future Compute Engine instances to collect the system logs, and you must ensure that the Ops Agent remains up to date. What should you do?

A. Use the gcloud CLI to install the Ops Agent on each VM listed in the Cloud Asset Inventory,

B. Select all VMs with an Agent status of Not detected on the Cloud Operations VMs dashboard. Then select Install agents.

C. Use the gcloud CLI to create an Agent Policy.

D. Install the Ops Agent on the Compute Engine image by using a startup script

Your application's performance in Google Cloud has degraded since the last release. You suspect that downstream dependencies might be causing some requests to take longer to complete. You need to investigate the issue with your application to determine the cause. What should you do?

A. Configure Error Reporting in your application.

B. Configure Google Cloud Managed Service for Prometheus in your application.

C. Configure Cloud Profiler in your application.

D. Configure Cloud Trace in your application.

Your company is using HTTPS requests to trigger a public Cloud Run-hosted service accessible at the https://booking-engine-abcdef.a.run.app URL. You need to give developers the ability to test the latest revisions of the service before the service is exposed to customers. What should you do?

A. Run the gcloud run deploy booking-engine --no-traffic --tag dev command. Use the https://dev--booking-engine-abcdef.a.run.app URL for testing.

B. Run the gcloud run services update-traffic booking-engine --to-revisions LATEST=1 command. Use the https://booking-engine-abcdef.a.run.app URL for testing.

C. Pass the curl –H “Authorization:Bearer $(gcloud auth print-identity-token)” auth token. Use the https://booking-engine-abcdef.a.run.app URL to test privately.

D. Grant the roles/run.invoker role to the developers testing the booking-engine service. Use the https://booking-engine-abcdef.private.run.app URL for testing.

You have an application that runs in Google Kubernetes Engine (GKE). The application consists of several microservices that are deployed to GKE by using Deployments and Services. One of the microservices is experiencing an issue where a Pod returns 403 errors after the Pod has been running for more than five hours. Your development team is working on a solution, but the issue will not be resolved for a month. You need to ensure continued operations until the microservice is fixed. You want to follow Google-recommended practices and use the fewest number of steps. What should you do?

A. Create a cron job to terminate any Pods that have been running for more than five hours.

B. Add a HTTP liveness probe to the microservice's deployment.

C. Monitor the Pods, and terminate any Pods that have been running for more than five hours.

D. Configure an alert to notify you whenever a Pod returns 403 errors.

Your organization stores all application logs from multiple Google Cloud projects in a central Cloud Logging project. Your security team wants to enforce a rule that each project team can only view their respective logs and only the operations team can view all the logs. You need to design a solution that meets the security team s requirements while minimizing costs. What should you do?

A. Grant each project team access to the project _Default view in the central logging project. Grant togging viewer access to the operations team in the central logging project.

B. Create Identity and Access Management (IAM) roles for each project team and restrict access to the _Default log view in their individual Google Cloud project. Grant viewer access to the operations team in the central logging project.

C. Create log views for each project team and only show each project team their application logs. Grant the operations team access to the _AllLogs view in the central logging project.

D. Export logs to BigQuery tables for each project team. Grant project teams access to their tables. Grant logs writer access to the operations team in the central logging project.

Your company runs services by using Google Kubernetes Engine (GKE). The GKE dusters in the development environment run applications with verbose logging enabled. Developers view logs by using the kubectl logs command and do not use Cloud Logging. Applications do not have a uniform logging structure defined. You need to minimize the costs associated with application logging while still collecting GKE operational logs. What should you do?

A. Run the gcloud container clusters update --logging=SYSTEM command for the development cluster.

B. Run the gcloud container clusters update --logging=WORKLOAD command for the development cluster.

C. Run the gcloud logging sinks update _Default --disabled command in the project associated with the development environment.

D. Add the severity >= DEBUG resource.type = "k8s_container" exclusion filter to the _Default logging sink in the project associated with the development environment.

You have deployed a fleet of Compute Engine instances in Google Cloud. You need to ensure that monitoring metrics and logs for the instances are visible in Cloud Logging and Cloud Monitoring by your company's operations and cyber security teams. You need to grant the required roles for the Compute Engine service account by using Identity and Access Management (IAM) while following the principle of least privilege. What should you do?

A. Grant the logging.logWriter and monitoring.metricWriter roles to the Compute Engine service accounts.

B. Grant the logging.admin and monitoring.editor roles to the Compute Engine service accounts.

C. Grant the logging.editor and monitoring.metricWriter roles to the Compute Engine service accounts.

D. Grant the logging.logWriter and monitoring.editor roles to the Compute Engine service accounts.

You need to introduce postmortems into your organization. You want to ensure that the postmortem process is well received. What should you do? (Choose two.)

A. Encourage new employees to conduct postmortems to team through practice.

B. Create a designated team that is responsible for conducting all postmortems.

C. Encourage your senior leadership to acknowledge and participate in postmortems.

D. Ensure that writing effective postmortems is a rewarded and celebrated practice.

E. Provide your organization with a forum to critique previous postmortems.

Your organization is starting to containerize with Google Cloud. You need a fully managed storage solution for container images and Helm charts. You need to identify a storage solution that has native integration into existing Google Cloud services, including Google Kubernetes Engine (GKE), Cloud Run, VPC Service Controls, and Identity and Access Management (IAM). What should you do?

A. Use Docker to configure a Cloud Storage driver pointed at the bucket owned by your organization.

B. Configure an open source container registry server to run in GKE with a restrictive role-based access control (RBAC) configuration.

C. Configure Artifact Registry as an OCI-based container registry for both Helm charts and container images.

D. Configure Container Registry as an OCI-based container registry for container images.