Verified Professional-Cloud-DevOps-Engineer Exam Dumps PDF [2024] Access using SureTorrent
Try Best Professional-Cloud-DevOps-Engineer Exam Questions from Training Expert SureTorrent
NEW QUESTION # 73
You are ready to deploy a new feature of a web-based application to production. You want to use Google Kubernetes Engine (GKE) to perform a phased rollout to half of the web server pods.
What should you do?
- A. Use a partitioned rolling update.
- B. Use a stateful set with parallel pod management policy.
- C. Use Node taints with NoExecute.
- D. Use a replica set in the deployment specification.
Answer: A
Explanation:
Explanation
https://medium.com/velotio-perspectives/exploring-upgrade-strategies-for-stateful-sets-in-kubernetes-c02b8286f
NEW QUESTION # 74
Your team is designing a new application for deployment both inside and outside Google Cloud Platform (GCP). You need to collect detailed metrics such as system resource utilization. You want to use centralized GCP services while minimizing the amount of work required to set up this collection system. What should you do?
- A. Instrument the code using a timing library, and publish the metrics via a health check endpoint that is scraped by Stackdriver.
- B. Import the Stackdriver Profiler package, and configure it to relay function timing data to Stackdriver for further analysis.
- C. Install an Application Performance Monitoring (APM) tool in both locations, and configure an export to a central data storage location for analysis.
- D. Import the Stackdriver Debugger package, and configure the application to emit debug messages with timing information.
Answer: C
NEW QUESTION # 75
You have an application that runs in Google Kubernetes Engine (GKE). The application consists of several microservices that are deployed to GKE by using Deployments and Services One of the microservices is experiencing an issue where a Pod returns 403 errors after the Pod has been running for more than five hours Your development team is working on a solution but the issue will not be resolved for a month You need to ensure continued operations until the microservice is fixed You want to follow Google-recommended practices and use the fewest number of steps What should you do?
- A. Monitor the Pods and terminate any Pods that have been running for more than five hours
- B. Configure an alert to notify you whenever a Pod returns 403 errors
- C. Create a cron job to terminate any Pods that have been running for more than five hours
- D. Add a HTTP liveness probe to the microservice s deployment
Answer: D
Explanation:
The best option for ensuring continued operations until the microservice is fixed is to add a HTTP liveness probe to the microservice's deployment. A HTTP liveness probe is a type of probe that checks if a Pod is alive by sending an HTTP request and expecting a success response code. If the probe fails, Kubernetes will restart the Pod. You can add a HTTP liveness probe to your microservice's deployment by using a livenessProbe field in your Pod spec. This way, you can ensure that any Pod that returns 403 errors after running for more than five hours will be restarted automatically and resume normal operations.
NEW QUESTION # 76
You need to run a business-critical workload on a fixed set of Compute Engine instances for several months. The workload is stable with the exact amount of resources allocated to it. You want to lower the costs for this workload without any performance implications. What should you do?
- A. Purchase Committed Use Discounts.
- B. Create an Unmanaged Instance Group for the instances used to run the workload.
- C. Migrate the instances to a Managed Instance Group.
- D. Convert the instances to preemptible virtual machines.
Answer: B
NEW QUESTION # 77
You support a web application that is hosted on Compute Engine. The application provides a booking service for thousands of users. Shortly after the release of a new feature, your monitoring dashboard shows that all users are experiencing latency at login. You want to mitigate the impact of the incident on the users of your service. What should you do first?
- A. Deploy a new release to see whether it fixes the problem.
- B. Upsize the virtual machines running the login services.
- C. Review the Stackdriver monitoring.
- D. Roll back the recent release.
Answer: B
NEW QUESTION # 78
Some of your production services are running in Google Kubernetes Engine (GKE) in the eu-west-1 region. Your build system runs in the us-west-1 region. You want to push the container images from your build system to a scalable registry to maximize the bandwidth for transferring the images to the cluster. What should you do?
- A. Push the images to Google Container Registry (GCR) using the us.gcr.io hostname.
- B. Push the images to a private image registry running on a Compute Engine instance in the eu-west-1 region.
- C. Push the images to Google Container Registry (GCR) using the gcr.io hostname.
- D. Push the images to Google Container Registry (GCR) using the eu.gcr.io hostname.
Answer: D
Explanation:
Hostname Storage location gcr.io Stores images in data centers in the United States asia.gcr.io Stores images in data centers in Asia eu.gcr.io Stores images in data centers within member states of the European Union us.gcr.io Stores images in data centers in the United States
NEW QUESTION # 79
You have deployed a fleet Of Compute Engine instances in Google Cloud. You need to ensure that monitoring metrics and logs for the instances are visible in Cloud Logging and Cloud Monitoring by your company's operations and cyber security teams. You need to grant the required roles for the Compute Engine service account by using Identity and Access Management (IAM) while following the principle of least privilege. What should you do?
- A. Grant the logging. logWriter and monitoring. metricWriter roles to the Compute Engine service accounts.
- B. Grant the logging.editor and monitoring.metricwriter roles to the Compute Engine service accounts.
- C. Grant the logging. logwriter and monitoring. editor roles to the Compute Engine service accounts.
- D. Grant the Logging. admin and monitoring . editor roles to the Compute Engine service accounts.
Answer: A
Explanation:
Explanation
The correct answer is D. Grant the logging.logWriter and monitoring.metricWriter roles to the Compute Engine service accounts.
According to the Google Cloud documentation, the Compute Engine service account is a Google-managed service account that is automatically created when you enable the Compute Engine API1. This service account is used by default to run your Compute Engine instances and access other Google Cloud services on your behalf1. To ensure that monitoring metrics and logs for the instances are visible in Cloud Logging and Cloud Monitoring, you need to grant the following IAM roles to the Compute Engine service account23:
The logging.logWriter role allows the service account to write log entries to Cloud Logging4.
The monitoring.metricWriter role allows the service account to write custom metrics to Cloud Monitoring5.
These roles grant the minimum permissions that are needed for logging and monitoring, following the principle of least privilege. The other roles are either unnecessary or too broad for this purpose. For example, the logging.editor role grants permissions to create and update logs, log sinks, and log exclusions, which are not required for writing log entries6. The logging.admin role grants permissions to delete logs, log sinks, and log exclusions, which are not required for writing log entries and may pose a security risk if misused. The monitoring.editor role grants permissions to create and update alerting policies, uptime checks, notification channels, dashboards, and groups, which are not required for writing custom metrics.
NEW QUESTION # 80
You need to reduce the cost of virtual machines (VM| for your organization. After reviewing different options, you decide to leverage preemptible VM instances. Which application is suitable for preemptible VMs?
- A. A GPU-accelerated video rendering platform that retrieves and stores videos in a storage bucket
- B. The organization's public-facing website
- C. A scalable in-memory caching system
- D. A distributed, eventually consistent NoSQL database cluster with sufficient quorum
Answer: A
Explanation:
Explanation
https://cloud.google.com/compute/docs/instances/preemptible
NEW QUESTION # 81
You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (Pll) is leaking into certain log entry fields. All Pll entries begin with the text userinfo. You want to capture these log entries in a secure location for later review and prevent them from leaking to Stackdriver Logging. What should you do?
- A. Create an advanced log filter matching userinfo, configure a log export in the Stackdriver console with Cloud Storage as a sink, and then configure a tog exclusion with userinfo as a filter.
- B. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, and then copy the entries to a Cloud Storage bucket.
- C. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, create an advanced log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.
- D. Create a basic log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.
Answer: B
Explanation:
Explanation
https://medium.com/google-cloud/fluentd-filter-plugin-for-google-cloud-data-loss-prevention-api-42bbb1308e76
NEW QUESTION # 82
A third-party application needs to have a service account key to work properly When you try to export the key from your cloud project you receive an error "The organization policy constraint larn.disableServiceAccountKeyCreation is enforcedM You need to make the third-party application work while following Google-recommended security practices What should you do?
- A. Enable the default service account key. and download the key
- B. Add a rule to set the iam.disableServiceAccountKeyCreation policy to off in your project and create a key.
- C. Remove the iam.disableServiceAccountKeyCreation policy at the organization level, and create a key.
- D. Disable the service account key creation policy at the project's folder, and download the default key
Answer: B
Explanation:
Explanation
The best option for making the third-party application work while following Google-recommended security practices is to add a rule to set the iam.disableServiceAccountKeyCreation policy to off in your project and create a key. The iam.disableServiceAccountKeyCreation policy is an organization policy that controls whether service account keys can be created in a project or organization. By default, this policy is set to on, which means that service account keys cannot be created. However, you can override this policy at a lower level, such as a project, by adding a rule to set it to off. This way, you can create a service account key for your project without affecting other projects or organizations. You should also follow the best practices for managing service account keys, such as rotating them regularly, storing them securely, and deleting them when they are no longer needed.
NEW QUESTION # 83
Your organization uses a change advisory board (CAB) to approve all changes to an existing service You want to revise this process to eliminate any negative impact on the software delivery performance What should you do?
Choose 2 answers
- A. Batch changes into larger but less frequent software releases
- B. Let developers merge their own changes but ensure that the team's deployment platform can roll back changes if any issues are discovered
- C. Move to a peer-review based process for individual changes that is enforced at code check-in time and supported by automated tests
- D. Ensure that the team's development platform enables developers to get fast feedback on the impact of their changes
- E. Replace the CAB with a senior manager to ensure continuous oversight from development to deployment
Answer: C,D
Explanation:
Explanation
A change advisory board (CAB) is a traditional way of approving changes to a service, but it can slow down the software delivery performance and introduce bottlenecks. A better way to improve the speed and quality of changes is to use a peer-review based process for individual changes that is enforced at code check-in time and supported by automated tests. This way, developers can get fast feedback on the impact of their changes and catch any errors or bugs before they reach production. Additionally, the team's development platform should enable developers to get fast feedback on the impact of their changes, such as using Cloud Code, Cloud Build, or Cloud Debugger.
NEW QUESTION # 84
You support the backend of a mobile phone game that runs on a Google Kubernetes Engine (GKE) cluster. The application is serving HTTP requests from users. You need to implement a solution that will reduce the network cost. What should you do?
- A. Configure the VPC as a Shared VPC Host project.
- B. Configure your Kubernetes duster as a Private Cluster.
- C. Configure your network services on the Standard Tier.
- D. Configure a Google Cloud HTTP Load Balancer as Ingress.
Answer: C
Explanation:
The Standard Tier network service offers lower network costs than the Premium Tier. This is the correct option to reduce the network cost for the application3.
NEW QUESTION # 85
Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to the production environment. A recent security audit alerted your team that the code pushed to production could contain vulnerabilities and that the existing tooling around virtual machine (VM) vulnerabilities no longer applies to the containerized environment. You need to ensure the security and patch level of all code running through the pipeline. What should you do?
- A. Reconfigure the existing operating system vulnerability software to exist inside the container.
- B. Implement static code analysis tooling against the Docker files used to create the containers.
- C. Set up Container Analysis to scan and report Common Vulnerabilities and Exposures.
- D. Configure the containers in the build pipeline to always update themselves before release.
Answer: B
Explanation:
https://cloud.google.com/binary-authorization
Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed on Google Kubernetes Engine (GKE) or Cloud Run. With Binary Authorization, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. By enforcing validation, you can gain tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process.
NEW QUESTION # 86
You are creating a CI/CD pipeline in Cloud Build to build an application container image The application code is stored in GitHub Your company requires thai production image builds are only run against the main branch and that the change control team approves all pushes to the main branch You want the image build to be as automated as possible What should you do?
Choose 2 answers
- A. Configure a branch protection rule for the main branch on the repository
- B. Create a trigger on the Cloud Build job Set the repository event setting to Push to a branch
- C. Enable the Approval option on the trigger
- D. Create a trigger on the Cloud Build job Set the repository event setting to Pull request'
- E. Add the owners file to the Included files filter on the trigger
Answer: A,B
Explanation:
Explanation
The best options for creating a CI/CD pipeline in Cloud Build to build an application container image and ensuring that production image builds are only run against the main branch and that the change control team approves all pushes to the main branch are to create a trigger on the Cloud Build job, set the repository event setting to Push to a branch, and configure a branch protection rule for the main branch on the repository. A trigger is a resource that starts a build when an event occurs, such as a code change. By creating a trigger on the Cloud Build job and setting the repository event setting to Push to a branch, you can ensure that the image build is only run when code is pushed to a specific branch, such as the main branch. A branch protection rule is a rule that enforces certain policies on a branch, such as requiring reviews, status checks, or approvals before merging code. By configuring a branch protection rule for the main branch on the repository, you can ensure that the change control team approves all pushes to the main branch.
NEW QUESTION # 87
You manage an application that runs in Google Kubernetes Engine (GKE) and uses the blue/green deployment methodology Extracts of the Kubernetes manifests are shown below
The Deployment app-green was updated to use the new version of the application During post-deployment monitoring you notice that the majority of user requests are failing You did not observe this behavior in the testing environment You need to mitigate the incident impact on users and enable the developers to troubleshoot the issue What should you do?
- A. Update the Deployment app-blue to use the new version of the application
- B. Update the Deployment ape-green to use the previous version of the application
- C. Change the selector on the Service app-svc to app: my-app, version: blue
- D. Change the selector on the Service app-2vc to app: my-app.
Answer: C
Explanation:
Explanation
The best option for mitigating the incident impact on users and enabling the developers to troubleshoot the issue is to change the selector on the Service app-svc to app: my-app, version: blue. A Service is a resource that defines how to access a set of Pods. A selector is a field that specifies which Pods are selected by the Service. By changing the selector on the Service app-svc to app: my-app, version: blue, you can ensure that the Service only routes traffic to the Pods that have both labels app: my-app and version: blue. These Pods belong to the Deployment app-blue, which uses the previous version of the application. This way, you can mitigate the incident impact on users by switching back to the working version of the application. You can also enable the developers to troubleshoot the issue with the new version of the application in the Deployment app-green without affecting users.
NEW QUESTION # 88
You work for a global organization and are running a monolithic application on Compute Engine You need to select the machine type for the application to use that optimizes CPU utilization by using the fewest number of steps You want to use historical system metncs to identify the machine type for the application to use You want to follow Google-recommended practices What should you do?
- A. Review the Cloud Monitoring dashboard for the VM and choose the machine type with the lowest CPU utilization
- B. Install the Ops Agent in a fleet of VMs by using the gcloud CLI
- C. Create an Agent Policy to automatically install Ops Agent in all VMs
- D. Use the Recommender API and apply the suggested recommendations
Answer: D
Explanation:
Explanation
The best option for selecting the machine type for the application to use that optimizes CPU utilization by using the fewest number of steps is to use the Recommender API and apply the suggested recommendations.
The Recommender API is a service that provides recommendations for optimizing your Google Cloud resources, such as Compute Engine instances, disks, and firewalls. You can use the Recommender API to get recommendations for changing the machine type of your Compute Engine instances based on historical system metrics, such as CPU utilization. You can also apply the suggested recommendations by using the Recommender API or Cloud Console. This way, you can optimize CPU utilization by using the most suitable machine type for your application with minimal effort.
NEW QUESTION # 89
You are the on-call Site Reliability Engineer for a microservice that is deployed to a Google Kubernetes Engine (GKE) Autopilot cluster. Your company runs an online store that publishes order messages to Pub/Sub and a microservice receives these messages and updates stock information in the warehousing system. A sales event caused an increase in orders, and the stock information is not being updated quickly enough. This is causing a large number of orders to be accepted for products that are out of stock You check the metrics for the microservice and compare them to typical levels.
You need to ensure that the warehouse system accurately reflects product inventory at the time orders are placed and minimize the impact on customers What should you do?
- A. Increase the number of Pod replicas
- B. Add a virtual queue to the online store that allows typical traffic levels
- C. Decrease the acknowledgment deadline on the subscription
- D. Increase the Pod CPU and memory limits
Answer: A
Explanation:
Explanation
The best option for ensuring that the warehouse system accurately reflects product inventory at the time orders are placed and minimizing the impact on customers is to increase the number of Pod replicas. Increasing the number of Pod replicas will increase the scalability and availability of your microservice, which will allow it to handle more Pub/Sub messages and update stock information faster. This way, you can reduce the backlog of undelivered messages and oldest unacknowledged message age, which are causing delays in updating product inventory. You can use Horizontal Pod Autoscaler or Cloud Monitoring metrics-based autoscaling to automatically adjust the number of Pod replicas based on load or custom metrics.
NEW QUESTION # 90
You are reviewing your deployment pipeline in Google Cloud Deploy You must reduce toil in the pipeline and you want to minimize the amount of time it takes to complete an end-to-end deployment What should you do?
Choose 2 answers
- A. Divide the automation steps into smaller tasks
- B. Add more engineers to finish the manual steps.
- C. Create a trigger to notify the required team to complete the next step when manual intervention is required
- D. Use a script to automate the creation of the deployment pipeline in Google Cloud Deploy
- E. Automate promotion approvals from the development environment to the test environment
Answer: C,E
Explanation:
Explanation
The best options for reducing toil in the pipeline and minimizing the amount of time it takes to complete an end-to-end deployment are to create a trigger to notify the required team to complete the next step when manual intervention is required and to automate promotion approvals from the development environment to the test environment. A trigger is a resource that initiates a deployment when an event occurs, such as a code change, a schedule, or a manual request. You can create a trigger to notify the required team to complete the next step when manual intervention is required by using Cloud Build or Cloud Functions. This way, you can reduce the waiting time and human errors in the pipeline. A promotion approval is a process that allows you to approve or reject a deployment from one environment to another, such as from development to test. You can automate promotion approvals from the development environment to the test environment by using Google Cloud Deploy or Cloud Build. This way, you can speed up the deployment process and avoid manual steps.
NEW QUESTION # 91
You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (PII) is leaking into certain log entry fields. You want to prevent these fields from being written in new log entries as quickly as possible. What should you do?
- A. Stage log entries to Cloud Storage, and then trigger a Cloud Function to remove the fields and write the entries to Stackdriver via the Stackdriver Logging API.
- B. Use the filter-record-transformer Fluentd filter plugin to remove the fields from the log entries in flight.
- C. Wait for the application developers to patch the application, and then verify that the log entries are no longer exposing PII.
- D. Use the fluent-plugin-record-reformer Fluentd output plugin to remove the fields from the log entries in flight.
Answer: D
NEW QUESTION # 92
You support an application running on App Engine. The application is used globally and accessed from various device types. You want to know the number of connections. You are using Stackdriver Monitoring for App Engine. What metric should you use?
- A. tcp_ssl_proxy/open_connections
- B. flex/connections/current
- C. (lex/jnstance/connections/current
- D. tcp_ssl_proxy/new_connections
Answer: B
NEW QUESTION # 93
You are managing the production deployment to a set of Google Kubernetes Engine (GKE) clusters. You want to make sure only images which are successfully built by your trusted CI/CD pipeline are deployed to production. What should you do?
- A. Enable Cloud Security Scanner on the clusters.
- B. Set up the Kubernetes Engine clusters with Binary Authorization.
- C. Set up the Kubernetes Engine clusters as private clusters.
- D. Enable Vulnerability Analysis on the Container Registry.
Answer: C
NEW QUESTION # 94
Your team has recently deployed an NGINX-based application into Google Kubernetes Engine (GKE) and has exposed it to the public via an HTTP Google Cloud Load Balancer (GCLB) ingress. You want to scale the deployment of the application's frontend using an appropriate Service Level Indicator (SLI). What should you do?
- A. Configure the vertical pod autoscaler in GKE and enable the cluster autoscaler to scale the cluster as pods expand.
- B. Configure the horizontal pod autoscaler to use the average response time from the Liveness and Readiness probes.
- C. Install the Stackdriver custom metrics adapter and configure a horizontal pod autoscaler to use the number of requests provided by the GCLB.
- D. Expose the NGINX stats endpoint and configure the horizontal pod autoscaler to use the request metrics exposed by the NGINX deployment.
Answer: A
NEW QUESTION # 95
You are monitoring a service that uses n2-standard-2 Compute Engine instances that serve large files. Users have reported that downloads are slow. Your Cloud Monitoring dashboard shows that your VMS are running at peak network throughput. You want to improve the network throughput performance. What should you do?
- A. Deploy the Ops Agent to export additional monitoring metrics.
- B. Change the machine type for your VMS to n2-standard-8.
- C. Add additional network interface controllers (NICs) to your VMS.
- D. Deploy a Cloud NAT gateway and attach the gateway to the subnet of the VMS.
Answer: B
Explanation:
Explanation
The correct answer is C. Change the machine type for your VMs to n2-standard-8.
According to the Google Cloud documentation, the network throughput performance of a Compute Engine VM depends on its machine type1. The n2-standard-2 machine type has a maximum egress bandwidth of 4 Gbps, which can be a bottleneck for serving large files. By changing the machine type to n2-standard-8, you can increase the maximum egress bandwidth to 16 Gbps, which can improve the network throughput performance and reduce the download time for users. You also need to enable per VM Tier_1 networking performance, which is a feature that allows VMs to achieve higher network performance than the default settings2.
The other options are incorrect because they do not improve the network throughput performance of your VMs. Option A is incorrect because Cloud NAT is a service that allows private IP addresses to access the internet, but it does not increase the network bandwidth or speed3. Option B is incorrect because adding additional network interfaces (NICs) or IP addresses per NIC does not increase ingress or egress bandwidth for a VM1. Option D is incorrect because deploying the Ops Agent can help you monitor and troubleshoot your VMs, but it does not affect the network throughput performance4.
NEW QUESTION # 96
You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (Pll) is leaking into certain log entry fields. All Pll entries begin with the text userinfo. You want to capture these log entries in a secure location for later review and prevent them from leaking to Stackdriver Logging. What should you do?
- A. Create an advanced log filter matching userinfo, configure a log export in the Stackdriver console with Cloud Storage as a sink, and then configure a tog exclusion with userinfo as a filter.
- B. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, and then copy the entries to a Cloud Storage bucket.
- C. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, create an advanced log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.
- D. Create a basic log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.
Answer: B
Explanation:
https://medium.com/google-cloud/fluentd-filter-plugin-for-google-cloud-data-loss-prevention-api-42bbb1308e76
NEW QUESTION # 97
......
Latest 100% Passing Guarantee - Brilliant Professional-Cloud-DevOps-Engineer Exam Questions PDF: https://www.suretorrent.com/Professional-Cloud-DevOps-Engineer-exam-guide-torrent.html
Practice Examples and Dumps & Tips for 2024 Latest Professional-Cloud-DevOps-Engineer Valid Tests Dumps: https://drive.google.com/open?id=1ajv71LJoh6ramzTc3cr7jfoNMEMYQa3E