Professional Cloud DevOps Engineer Practice Exam (2021.03.27)

Ace Your Professional Cloud DevOps Engineer Certification with Practice Exams.

Google Cloud Certified – Professional Cloud DevOps Engineer – Practice Exam (Question 20)

Question 1

You use a multiple step Google Cloud Build pipeline to build and deploy your application to Google Kubernetes Engine (GKE).
You want to integrate with a third-party monitoring platform by performing a HTTP POST of the build information to a webhook. You want to minimize the development effort.
What should you do?

• A. Add logic to each Google Cloud Build step to HTTP POST the build information to a webhook.
• B. Add a new step at the end of the pipeline in Google Cloud Build to HTTP POST the build information to a webhook.
• C. Use Stackdriver Logging to create a logs-based metric from the Google Cloud Build logs. Create an Alert with a Webhook notification type.
• D. Create a Google Cloud Pub/Sub push subscription to the Google Cloud Build cloud-builds PubSub topic to HTTP POST the build information to a webhook.

Correct Answer: D

Reference:
– Configuring HTTP notifications | Cloud Build Documentation

Question 2

You deploy a new release of an internal application during a weekend maintenance window when there is minimal user traffic.
After the window ends, you learn that one of the new features isn’t working as expected in the production environment. After an extended outage, you roll back the new release and deploy a fix. You want to modify your release process to reduce the mean time to recovery so you can avoid extended outages in the future.
What should you do? (Choose two.)

• A. Before merging new code, require 2 different peers to review the code changes.
• B. Adopt the blue/green deployment strategy when releasing new code via a CD server.
• C. Integrate a code linting tool to validate coding standards before any code is accepted into the repository.
• D. Require developers to run automated integration tests on their local development environments before release.
• E. Configure a CI server. Add a suite of unit tests to your code and have your CI server run them on commit and verify any changes.

Correct Answer: A, C

Question 3

You have a pool of application servers running on Google Compute Engine.
You need to provide a secure solution that requires the least amount of configuration and allows developers to easily access application logs for troubleshooting.
How would you implement the solution on GCP?

• A.
  • Deploy the Stackdriver logging agent to the application servers.
  • Give the developers the IAM Logs Viewer role to access Stackdriver and view logs.
• B.
  • Deploy the Stackdriver logging agent to the application servers.
  • Give the developers the IAM Logs Private Logs Viewer role to access Stackdriver and view logs.
• C.
  • Deploy the Stackdriver monitoring agent to the application servers.
  • Give the developers the IAM Monitoring Viewer role to access Stackdriver and view metrics.
• D.
  • Install the gsutil command line tool on your application servers.
  • Write a script using gsutil to upload your application log to a Google Cloud Storage bucket, and then schedule it to run via cron every 5 minutes.
  • Give the developers the IAM Object Viewer access to view the logs in the specified bucket.

Correct Answer: B

Question 4

You are performing a semi-annual capacity planning exercise for your flagship service.
You expect a service user growth rate of 10% month-over-month over the next six months. Your service is fully containerized and runs on Google Cloud Platform (GCP), using a Google Kubernetes Engine (GKE) Standard regional cluster on three zones with cluster autoscaler enabled. You currently consume about 30% of your total deployed CPU capacity, and you require resilience against the failure of a zone. You want to ensure that your users experience minimal negative impact as a result of this growth or as a result of zone failure, while avoiding unnecessary costs.
How should you prepare to handle the predicted growth?

• A. Verify the maximum node pool size, enable a horizontal pod autoscaler, and then perform a load test to verify your expected resource needs.
• B. Because you are deployed on GKE and are using a cluster autoscaler, your GKE cluster will scale automatically regardless of growth rate.
• C. Because you are at only 30% utilization, you have significant headroom and you won’t need to add any additional capacity for this rate of growth.
• D. Proactively add 60% more node capacity to account for six months of 10% growth rate, and then perform a load test to make sure you have enough.

Correct Answer: B

Reference:
– Cluster autoscaler | Kubernetes Engine Documentation

Question 5

Your application images are built and pushed to Google Container Registry (GCR).
You want to build an automated pipeline that deploys the application when the image is updated while minimizing the development effort.
What should you do?

• A. Use Google Cloud Build to trigger a Spinnaker pipeline.
• B. Use Google Cloud Pub/Sub to bigger a Spinnaker pipeline.
• C. Use a custom builder in Google Cloud Build to trigger Jenkins pipeline.
• D. Use Google Cloud Pub/Sub to trigger a custom deployment service running in Google Kubernetes Engine (GKE).

Correct Answer: D

Reference:
– Setting up a custom kube-dns Deployment

Question 6

Your company experiences bugs, outages, and slowness in its production systems.
Developers use the production environment for new feature development and bug fixes. Configuration and experiments are done in the production environment, causing outages for users. Testers use the production environment for load testing, which often slows the production systems. You need to redesign the environment to reduce the number of bugs and outages in production and to enable testers to load test new features.
What should you do?

• A. Create an automated testing script in production to detect failures as soon as they occur.
• B. Create a development environment with smaller server capacity and give access only to developers and testers.
• C. Secure the production environment to ensure that developers can’t change it and set up one controlled update per year.
• D. Create a development environment for writing code and a test environment for configurations, experiments, and load testing.

Correct Answer: A

Question 7

You support an application running on Google App Engine.
The application is used globally and accessed from various device types. You want to know the number of connections. You are using Stackdriver Monitoring for Google App Engine.
What metric should you use?

• A. flex/connections/current
• B. tcp_ssl_proxy/new_connections
• C. tcp_ssl_proxy/open_connections
• D. flex/instance/connections/current

Correct Answer: D

Reference:
– Google Cloud metrics | Cloud Monitoring

Question 8

Your application images are built with Google Cloud Build and pushed to Google Container Registry (GCR).
You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control.
What would you do when you push the image?

• A. Reference the image digest in the source control tag.
• B. Supply the source control tag as a parameter within the image name.
• C. Use Google Cloud Build to include the release version tag in the application image.
• D. Use GCR digest versioning to match the image to the tag in source control.

Correct Answer: C

Reference:
– Creating and managing build triggers | Cloud Build Documentation

Question 9

You currently store the virtual machine (VM) utilization logs in Stackdriver.
You need to provide an easy-to-share interactive VM utilization dashboard that is updated in real time and contains information aggregated on a quarterly basis. You want to use Google Cloud Platform solutions.
What should you do?

• A.
  • Export VM utilization logs from Stackdriver to Google BigQuery.
  • Create a dashboard in Google Data Studio.
  • Share the dashboard with your stakeholders.
• B.
  • Export VM utilization logs from Stackdriver to Google Cloud Pub/Sub.
  • From Google Cloud Pub/Sub, send the logs to a Security Information and Event Management (SIEM) system.
  • Build the dashboards in the SIEM system and share with your stakeholders.
• C.
  • Export VM utilization logs from Stackdriver to Google BigQuery.
  • From Google BigQuery, export the logs to a CSV file.
  • Import the CSV file into Google Sheets.
  • Build a dashboard in Google Sheets and share it with your stakeholders.
• D.
  • Export VM utilization logs from Stackdriver to a Google Cloud Storage bucket.
  • Enable the Google Cloud Storage API to pull the logs programmatically.
  • Build a custom data visualization application.
  • Display the pulled logs in a custom dashboard.

Correct Answer: A

Question 10

You need to run a business-critical workload on a fixed set of Google Compute Engine instances for several months.
The workload is stable with the exact amount of resources allocated to it. You want to lower the costs for this workload without any performance implications.
What should you do?

• A. Purchase Committed Use Discounts.
• B. Migrate the instances to a Managed Instance Group.
• C. Convert the instances to preemptible virtual machines.
• D. Create an Unmanaged Instance Group for the instances used to run the workload.

Correct Answer: C

Reference:
– Google Compute Engine FAQ | Compute Engine Documentation
– Instance groups | Compute Engine Documentation

Question 11

Your team is designing a new application for deployment into Google Kubernetes Engine (GKE).
You need to set up monitoring to collect and aggregate various application-level metrics in a centralized location. You want to use Google Cloud Platform services while minimizing the amount of work required to set up monitoring.
What should you do?

• A. Publish various metrics from the application directly to the Stackdriver Monitoring API, and then observe these custom metrics in Stackdriver.
• B. Install the Google Cloud Pub/Sub client libraries, push various metrics from the application to various topics, and then observe the aggregated metrics in Stackdriver.
• C. Install the OpenTelemetry client libraries in the application, configure Stackdriver as the export destination for the metrics, and then observe the application’s metrics in Stackdriver.
• D. Emit all metrics in the form of application-specific log messages, pass these messages from the containers to the Stackdriver logging collector, and then observe metrics in Stackdriver.

Correct Answer: C

Reference:
– Using distributed tracing to observe microservice latency with OpenCensus and Cloud Trace
– Distributed Tracing with OpenTelemetry | by Yuri Grinshteyn | Google Cloud – Community

Question 12

Your application artifacts are being built and deployed via a CI/CD pipeline.
You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach.
What should you do?

• A. Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.
• B. Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.
• C. Store secrets in Google Cloud Storage encrypted with a key from Google Cloud KMS. Provide the CI/CD pipeline with access to Google Cloud KMS via IAM.
• D. Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it

Correct Answer: C

Reference:
– Encrypting application data | Cloud KMS Documentation

Question 13

Your company follows Site Reliability Engineering practices.
You are the person in charge of Communications for a large, ongoing incident affecting your customer facing applications. There is still no estimated time for a resolution of the outage. You are receiving emails from internal stakeholders who want updates on the outage, as well as emails from customers who want to know what is happening. You want to efficiently provide updates to everyone affected by the outage.
What should you do?

• A. Focus on responding to internal stakeholders at least every 30 minutes. Commit to “next update” times.
• B. Provide periodic updates to all stakeholders in a timely manner. Commit to a “next update” time in all communications.
• C. Delegate the responding to internal stakeholder emails to another member of the Incident Response Team. Focus on providing responses directly to customers.
• D. Provide all internal stakeholder emails to the Incident Commander, and allow them to manage internal communications. Focus on providing responses directly to customers.

Correct Answer: C

Reference:
– How incident management is done at Google

Question 14

You are running an application on Google Compute Engine and collecting logs through Stackdriver.
You discover that some personally identifiable information (PII) is leaking into certain log entry fields. All PII entries begin with the text userinfo. You want to capture these log entries in a secure location for later review and prevent them from leaking to Stackdriver Logging.
What should you do?

• A. Create a basic log filter matching userinfo, and then configure a log export in the Stackdriver console with Google Cloud Storage as a sink.
• B. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, and then copy the entries to a Google Cloud Storage bucket.
• C. Create an advanced log filter matching userinfo, configure a log export in the Stackdriver console with Google Cloud Storage as a sink, and then configure a log exclusion with userinfo as a filter.
• D. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, create an advanced log filter matching userinfo, and then configure a log export in the Stackdriver console with Google Cloud Storage as a sink.

Correct Answer: A

Question 15

You have a CI/CD pipeline that uses Google Cloud Build to build new Docker images and push them to Docker Hub.
You use Git for code versioning. After making a change in the Google Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline. You need to resolve the issue following Site Reliability Engineering practices.
What should you do?

• A. Disable the CI pipeline and revert to manually building and pushing the artifacts.
• B. Change the CI pipeline to push the artifacts is Google Container Registry instead of Docker Hub.
• C. Upload the configuration YAML file to Google Cloud Storage and use Error Reporting to identify and fix the issue.
• D. Run a Git compare between the previous and current Google Cloud Build Configuration files to find and fix the bug.

Correct Answer: B

Reference
– Interacting with Docker Hub images | Cloud Build Documentation

Question 16

You support a high-traffic web application that runs on Google Cloud Platform (GCP).
You need to measure application reliability from a user perspective without making any engineering changes to it.
What should you do? (Choose two.)

• A. Review current application metrics and add new ones as needed.
• B. Modify the code to capture additional information for user interaction.
• C. Analyze the web proxy logs only and capture response time of each request.
• D. Create new synthetic clients to simulate a user journey using the application.
• E. Use current and historic Request Logs to trace customer interaction with the application.

Correct Answer: B, D

Reference:
– A practical guide to cloud migration from Google Cloud SREs
– Tracking toil with SRE principles

Question 17

You manage an application that is writing logs to Stackdriver Logging.
You need to give some team members the ability to export logs.
What should you do?

• A. Grant the team members the IAM role of logging.configWriter on Cloud IAM.
• B. Configure Access Context Manager to allow only these members to export logs.
• C. Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
• D. Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.

Correct Answer: A

Reference:
– Access control guide | Cloud Logging

Question 18

Your application services run in Google Kubernetes Engine (GKE).
You want to make sure that only images from your centrally-managed Google Container Registry (GCR) image registry in the altostrat-images project can be deployed to the cluster while minimizing development time.
What should you do?

• A. Create a custom builder for Google Cloud Build that will only push images to gcr.io/altostrat-images.
• B. Use a Binary Authorization policy that includes the whitelist name pattern gcr.io/altostrat-images/.
• C. Add logic to the deployment pipeline to check that all manifests contain only images from gcr.io/altostrat-images.
• D. Add a tag to each image in gcr.io/altostrat-images and check that this tag is present when the image is deployed.

Correct Answer: D

Reference:
– Deploying a containerized web application | Kubernetes Engine
– Setting up automated deployments | Kubernetes Engine Documentation

Question 19

You support an application running on GCP and want to configure SMS notifications to your team for the most critical alerts in Stackdriver Monitoring.
You have already identified the alerting policies you want to configure this for.
What should you do?

• A. Download and configure a third-party integration between Stackdriver Monitoring and an SMS gateway. Ensure that your team members add their SMS/phone numbers to the external tool.
• B. Select the Webhook notifications option for each alerting policy, and configure it to use a third-party integration tool. Ensure that your team members add their SMS/phone numbers to the external tool.
• C. Ensure that your team members set their SMS/phone numbers in their Stackdriver Profile. Select the SMS notification option for each alerting policy and then select the appropriate SMS/phone numbers from the list.
• D. Configure a Slack notification for each alerting policy. Set up a Slack-to-SMS integration to send SMS messages when Slack messages are received. Ensure that your team members add their SMS/phone numbers to the external integration.

Correct Answer: D

Reference:
– Managing notification channels | Cloud Monitoring
– Stackdriver Monitoring Automation Part 2: Alerting Policies | by Charles | Google Cloud – Community

Question 20

Your team is designing a new application for deployment both inside and outside Google Cloud Platform (GCP).
You need to collect detailed metrics such as system resource utilization. You want to use centralized GCP services while minimizing the amount of work required to set up this collection system.
What should you do?

• A. Import the Stackdriver Profiler package, and configure it to relay function timing data to Stackdriver for further analysis.
• B. Import the Stackdriver Debugger package, and configure the application to emit debug messages with timing information.
• C. Instrument the code using a timing library, and publish the metrics via a health check endpoint that is scraped by Stackdriver.
• D. Install an Application Performance Monitoring (APM) tool in both locations, and configure an export to a central data storage location for analysis.

Correct Answer: B

Reference:
– Debug Logpoints | Cloud Debugger