Professional-Cloud-Developer Google Certified Professional - Cloud Developer Questions and Answers

Pipe the content of the files to the Linux Syslog daemon.

Install a Google version of fluentd on the Compute Engine instance.

Install a Google version of collectd on the Compute Engine instance.

Using cron, schedule a job to copy the log files to Cloud Storage once a day.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

Cloud VPN

Cloud Armor

Virtual Private Cloud

Cloud Identity-Aware Proxy

Use App Engine for autoscaling.

Use Cloud Functions for autoscaling.

Use a Compute Engine cluster for the service.

Use a dedicated Compute Engine virtual machine instance for the service.

Create manual subnets.

Create an auto mode subnet.

Create multiple peered VPCs.

Provision a single instance for NAT.

Create an API key. Use the API key to interact with Google Cloud.

Use the default compute service account to interact with Google Cloud.

Create a service account for the applicatio n. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.

Create a service account for the application and for each Google Cloud API used by the application. Export and deploy the private keys used by the application. Use the service account with one Google Cloud API to interact with Google Cloud.

Take frequent snapshots of all of the VMs.

Install the Stackdriver Logging agent on the VMs.

Install the Stackdriver Monitoring agent on the VMs.

Use Stackdriver Trace to look for performance bottlenecks.

Create new Cloud SQL instances in Europe and North America for testing and deployment. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Bigtable. Instruct the development teams to use the Cloud SDK to emulate a local Bigtable development environment.

Move from Cloud SQL to MySQL hosted on Compute Engine. Replicate hosts across regions in the Americas and Europe. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Firestore in Native mode and set up instan

Use Google Kubernetes Engine (GKE) to run the application as a microservice. Run the MySQL database on a dedicated GKE node.

Use multiple Compute Engine instances to run MySQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use Memorystore to store session information and Cloud SQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use a Cloud Storage bucket to serve the application as a static website, and use another Cloud St orage bucket to store user state information.

Use local SSDs to store state.

Put a memcache layer in front of MySQL.

Move the state storage to Cloud Spanner.

Replace the MySQL instance with Cloud SQL.

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

Include unit tests in their code, and prevent deployments to QA until all tests have a passing status.

Include performance tests in their code, and prevent deployments to QA until all tests have a passing status.

Create health checks for the QA environment, and redeploy the APIs at a later time if the environment is unhealthy.

Redeploy the APIs to App Engine using Traffic Splitting. Do not move QA traffic to the new versions if errors are found.

Google Cloud Armor

Debugger

Web Security Scanner

Error Reporting

Create one root collection for user profiles, and store each user ' s post as a nested list in the user profile document.

Create one root collection for user profiles, and create one root collection for user posts.

Create one root collection for user profiles, and create one subcollection for each user ' s posts.

Create one root collection for user posts, and create one subcollection for each user ' s profile

Create a custom jndex over the products

Modify the query that returns the product list using cursors with limits

Modify the Cloud Run configuration to increase the memory limits

Modify the query that returns the product list using integer offsets

Use the service account attached to the GKE node.

Enable Workload Identity in the cluster via the gcloud command-line tool.

Access the Google service account keys from a secret management service.

Store the Google service account keys in a central secret management service.

Use gcloud to bind the Kubernetes service account and the Google service account using roles/iam.workloadIdentity.

Option A

Option B

Option C

Option D

Option E

Build a new Docker container that examines the files in /workspace and then checks and adds a copyright for each source file. Changed files are explicitly committed back to the source repository.

Build a new Docker container that examines the files in /workspace and then checks and adds a copyright for each source file. Changed files do not need to be committed back to the source repository.

Build a new Docker container that examines the files in a Cloud Storage bucket and then checks and adds a copyright for each source file. Changed files are written back to the Cloud Storage bucket.

Build a new Docker container that examines the files in a Cloud Storage bucket and then checks and adds a copyright for each source file. Changed files are explicitly committed back to the source repository.

1 Configure your Cl/CD pipeline to update the Deployment manifest file by replacing the container version with the latest version.

2 Recreate the Pods in your cluster by applying the Deployment manifest file.

3 Validate the application ' s performance by comparing its functionality with the previous release version and roll back if an issue arises.

1 install the Anthos Service Mesh on your GKE cluster.

2 Create two Deployments on the GKE cluster and label them with different version names.

3 Create a VirtualService with a routing rule to send a small percentage of traffic to the Deployment that references the new version of the application.

1 Create a second namespace on GKE for the new release version.

2 Create a Deployment configuration for the second namespace with the desired number of Pods.

3 Deploy new container versions in the second namespace.

4 Update the ingress configuration to route traffic to the namespace with the new container versions.

1. Implement a rolling update pattern by replacing the Pods gradually with the new release versify.

2 Validate the application ' s performance for the new subset of users during the rollout and roll back if an issue arises.

Configure Cloud Build to deploy the Cloud Function. If the code passes the tests, a deployment approval is sent to you.

Configure Cloud Build to deploy the Cloud Function, using the specific service account as the build agent. Run the unit tests after successful deployment.

Configure Cloud Build to run the unit tests. If the code passes the tests, the developer deploys the Cloud Function.

Configure Cloud Build to run the unit tests, using the specific service account as the build agent. If the code passes the tests, Cloud Build deploys the Cloud Function.

Develop the microservice code in the same programming language used by the microservice caller.

Create an API contract agreement between the microservice implementation and microservice caller.

Require asynchronous communications between all microservice implementations and microservice callers.

Ensure that sufficient instances of the microservice are running to accommodate the performance requirements.

Implement a versioning scheme to permit future changes that could be incompatible with the current interface.

Grant the service account BigQuery Data Viewer and BigQuery Job User roles.

Grant the service account BigQuery Data Editor and BigQuery Data Viewer roles.

Create a view in BigQuery from the SQL query and SELECT* from the view in the CLI.

Create a new dataset in BigQuery, and copy the source table to the new dataset Query the new dataset and table from the CLI.

Store the credentials in a sidecar container proxy, and use it to connect to the third-party database.

Configure a service mesh to allow or restrict traffic from the Pods in your microservice to the database.

Store the credentials in an encrypted volume mount, and associate a Persistent Volume Claim with the client Pod.

Store the credentials as a Kubernetes Secret, and use the Cloud Key Management Service plugin to handle encryption and decryption.

Use the latest Docker image tag.

Use a unique Docker image name.

Use the digest of the Docker image.

Use a semantic version Docker image tag.

Cloud SQL

Cloud Storage

Cloud Spanner

Cloud Datastore/Firestore

Your user account does not have privileges to interact with the cluster using kubectl.

Your Cloud Shell external IP address is not part of the authorized networks of the cluster.

The Cloud Shell is not part of the same VPC as the GKE cluster.

A VPC firewall is blocking access to the cluster’s endpoint.

Wait 10 minutes, then verify that Trace captures those types of requests automatically.

Write a custom script that sends this type of request repeatedly from your dev project.

Use the Trace API to apply custom attributes to the trace.

Add the X-Cloud-Trace-Context header to the request with the appropriate parameters.

Create a new feature branch, and ask the build team to rebuild the image.

Shut down the deployed virtual machine, export the disk, and then mount the disk locally to access the boot logs.

Install Packer locally, build the Compute Engine image locally, and then run it in your personal Google Cloud project.

Check Compute Engine OS logs using the serial port, and check the Cloud Logging logs to confirm access to the serial port.

Use Cloud Functions to deploy the microservice.

Use Cloud Build to create the container, and deploy it on Cloud Run.

Use Cloud Shell to containerize your microservice. and deploy it on GKE Standard.

Use Cloud Shell to containerize your microservice. and deploy it on a Container-Optimized OS Compute Engine instance.

Bind the user identity to the pubsub.publisher and pubsub.subscriber roles at the resource level.

Grant the user identity the pubsub.publisher and pubsub.subscriber roles at the project level.

Grant the user identity a custom role that contains the pubsub.topics.create and pubsub.subscriptions.create permissions.

Configure the application to run as a service account that has the pubsub.publisher and pubsub.subscriber roles.

Option A

Option B

Option C

Option D

Enable private IP for the Cloud SQL instance.

Whitelist a project to access Cloud SQL, and add Compute Engine instances in the whitelisted project.

Create a role in Cloud SQL that allows access to the database from external instances, and assign the

Compute Engine instances to that role.

Create a CloudSQL instance on one project. Create Compute engine instances in a different project.

Create a VPN between these two projects to allow internal access to CloudSQL.

Use Container Registry to create a registry in each development team ' s project. Configure the Cloud Build

build to push the Docker image to the project ' s registry. Grant the operations team access to each

development team ' s registry.

Create a separate project for the operations team that has Container Registry configured. Assign

appropriate permissions to the Cloud Build service account in each developer team ' s project to allow

access to the operation team ' s registry.

Create a separate project for the operations team that has Container Registry configured. Create a Service

Account for each development team and assign the appropriate permissions to allow it access to the

operations team ' s registry. Store the service account key file in the source code repository and use it to

authenticate against the operations team ' s registry.

Create a separate project for the operations team that has the open source Docker Registry deployed on a

Compute Engine virtual machine instance. Create a username and password for each development team.

Store the username and password in the source code repository and use it to authenticate against the

operations team ' s Docker registry.

Use the current single instance MySQL on Compute Engine and several read-only MySQL servers on

Compute Engine.

Use the current single instance MySQL on Compute Engine, and replicate the data to Cloud SQL in an

external master configuration.

Replace the current single instance MySQL instance with Cloud SQL, and configure high availability.

Replace the current single instance MySQL instance with Cloud SQL, and Google provides redundancy

without further configuration.

Migrate the database to Bigtable and use it to serve all global user traffic.

Migrate the database to Cloud Spanner and use it to serve all global user traffic.

Migrate the database to Firestore in Datastore mode and use it to serve a ll global user traffic.

Migrate the services to Google Kubernetes Engine and use a load balancer service to better scale the application.

Cloud Spanner

Cloud Datastore

Cloud Memorystore as a cache

Separate Cloud SQL clusters for each region

Cloud Armor

Cloud Functions

Cloud Endpoints

Shielded Virtual Machines

Cloud Profiler

Cloud Monitoring

Cloud Trace

Cloud Logging

Block all traffic on port 443.

Allow all traffic into the network.

Allow traffic on port 443 for a specific tag.

Allow all traffic on port 443 into the network.

Use the Cloud Data Loss Prevention API for redaction of the review dataset.

Use the Cloud Data Loss Prevention API for de-identification of the review dataset.

Use the Cloud Natural Language Processing API for redaction of the review dataset.

Use the Cloud Natural Language Processing API for de-identification of the review dataset.

Use Google App Engine services.

Use serverless Google Cloud Functions.

Use Knative to build and deploy serverless applications.

Use Google Kubernetes Engine for automated deployments.

Use a large Google Compute Engine cluster for deployments.

Split traffic between versions using weights.

Enable the new recommendation feature flag on a single instance.

Mirror traffic to the new version of your application.

Use HTTP header-based routing.

Perform Read-Only transactions.

Perform stale reads using single-read methods.

Perform strong reads using single-read methods.

Perform stale reads using read-write transactions.

Store and retrieve the file contents using Compute Engine instance metadata.

Output the file contents to a file in /workspace. Read from the same /workspace file in the subsequent build step.

Use gsutil to output the file contents to a Cloud Storage object. Read from the same object in the subsequent build step.

Add a build argument that runs an HTTP POST via curl to a separate web server to persist the value in one builder. Use an HTTP GET via curl from the subsequent build step to read the value.

Use Migrate for Anthos to migrate the VM to your Google Kubernetes Engine (GKE) cluster as a container.

Export the VM as a raw disk and import it as an image. Create a Compute Engine instance from the Imported image.

Use Migrate for Compute Engine to migrate the VM to a Compute Engine instance, and use Cloud Build to convert it to a container.

Use Jib to build a Docker image from your source code, and upload it to Artifact Registry. Deploy the application in a GKE cluster, and test the application.

Install the Functions Frameworks library, and configure the Cloud Function on localhost. Make a copy of the function, and make edits to the new version Test the new version using cur1.

Make a copy of the Cloud Function, and rewrite the code to be HTTP-triggered Edit and test the new version

by triggering the HTTP endpoint. Send mock requests to the new function to evaluate the functionality.

Make a copy of the Cloud Function in the Google Cloud Console Use the Cloud console ' s in-line editor to

make source code changes to the new function Modify your web application to call the new function and test the new version in production.

Create a new Cloud Function that is triggered when Cloud Audit Logs detects the

cloudfunctions. functions. sourceCodeSet operation in the original Cloud Function Send mock

requests to the new function to evaluate the functionality.

Increase the size of the instance class.

Change the Persistent Disk type to SSD.

Change /product-details to perform the requests in parallel.

Store the /sku-details information in a database, and replace the webservice call with a database query.

Create a Service Directory Namespace Use API calls to register the services during deployment, and query during runtime.

Configure your microservices to use the Cloud Run Admin and Cloud Functions APIs to query for deployed Cloud Run services and Cloud Functions in the Google Cloud project.

Deploy Hashicorp Consul on a single Compute Engine Instance Register the services with Consul during deployment and query during runtime

Rename the Cloud Functions and Cloud Run services endpoints using a well-documented naming

convention

Embed the appropriate database connection string in the image. Create a different image for each environment.

When creating the Compute Engine instance, add a tag with the name of the database to be connected. In your application, query the Compute Engine API to pull the tags for the current instance, and use the tag to construct the appropriate database connection string.

When creating the Compute Engine instance, create a metadata item with a key of “DATABASE” and a value for the appropriate database connection string. In your application, read the “DATABASE” environment variable, and use the value to connect to the appropriate database.

When creating the Compute Engine instance, create a metadata item with a key of “DATABASE” and a value for the appropriate database connection string. In your application, query the metadata server for the “DATABASE” value, and use the value to connect to the appropriate database.

The folder structure inside the bucket and object paths have changed.

The permissions of the service account’s predefined role have changed.

The service account key has been rotated but not updated on the application server.

The Interconnect link from the on-premises data center to Google Cloud is experiencing a temporary outage.

Create a table named Customers. Add an Array field in a table that will hold phone numbers for the customer.

Create a table named Customers. Create a table named Phones. Add a CustomerId field in the Phones table to find the CustomerId from a phone number.

Create a table named Customers. Add an Array field in a table that will hold phone numbers for the customer. Create a secondary index on the Array field.

Create a table named Customers as a parent table. Create a table named Phones, and interleave this table into the Customer table. Create an index on the phone number field in the Phones table.

Request additional GKE quota is the GCP Console.

Request additional Compute Engine quota in the GCP Console.

Open a support case to request additional GKE quotA.

Decouple services in the cluster, and rewrite new clusters to function with fewer cores.

Define a new Ingress resource with a host rule matching the new domain

Modify the existing Ingress resource with a host rule matching the new domain

Create a new Service of type LoadBalancer specifying the existing IP address as the loadBalancerIP

Generate a new Ingress resource and specify the existing IP address as the kubernetes.io/ingress.global-static-ip-name annotation value

Add a public IP address to your instance, and restrict access to the instance using firewall rules. Allow your company’s proxy as the only source IP address.

Add an HTTP(S) load balancer in front of the instance, and set up Identity-Aware Proxy (IAP). Configure the IAP settings to allow your company domain to access the website.

Set up a VPN tunnel between your company network and your instance’s VPC location on Google Cloud. Configure the required firewall rules and routing information to both the on-premises and Google Cloud networks.

Add a public IP address to your instance, and allow traffic from the internet. Generate a random hash, and create a subdomain that includes this hash and points to your instance. Distribute this DNS address to your company’s employees.

Deploy your application on Cloud Run. Use traffic splitting to direct a subset of user traffic to the new version based on the revisio n tag.

Deploy your application on Google Kubernetes Engine with Anthos Service Mesh. Use traffic splitting to direct a subset of user traffic to the new version based on the user-agent header.

Deploy your application on App Engine. Use traffic splitt ing to direct a subset of user traffic to the new version based on the IP address.

Deploy your application on Compute Engine. Use Traffic Director to direct a subset of user traffic to the new version based on predefined weights.

Process the messages with a Dataproc job, and write the output to storage.

Process the messages with a Dataflow streaming pipeline using Apache Beam ' s PubSubIO package, and write the output to storage.

Process the messages with a Cloud Function, and write the results to a BigQuery location where you can run a job to deduplicate the data.

Retrieve the messages with a Dataflow streaming pipeline, store them in Cloud Bigtable, and use another Dataflow streaming pipeline to deduplicate messages.