Google Professional Cloud Developer Exam Practice Test Instant Access

Question 1

You are deploying your application to a Compute Engine virtual machine instance. Your application is

configured to write its log files to disk. You want to view the logs in Stackdriver Logging without changing the

application code.

What should you do?

AInstall the Stackdriver Logging Agent and configure it to send the application logs.

BUse a Stackdriver Logging Library to log directly from the application to Stackdriver Logging.

CProvide the log file folder path in the metadata of the instance to configure it to send the application logs.

DChange the application to log to /var/log so that its logs are automatically sent to Stackdriver Logging.

Answer : A

Question 2

Your company has a new security initiative that requires all data stored in Google Cloud to be encrypted by customer-managed encryption keys. You plan to use Cloud Key Management Service (KMS) to configure access to the keys. You need to follow the "separation of duties" principle and Google-recommended best practices. What should you do? (Choose two.)

AProvision Cloud KMS in its own project.

BDo not assign an owner to the Cloud KMS project.

CProvision Cloud KMS in the project where the keys are being used.

DGrant the roles/cloudkms.admin role to the owner of the project where the keys from Cloud KMS are being used.

EGrant an owner role for the Cloud KMS project to a different user than the owner of the project where the keys from Cloud KMS are being used.

Answer : A, B

https://cloud.google.com/kms/docs/separation-of-duties#using_separate_project

Question 3

You have an application deployed in Google Kubernetes Engine (GKE). You need to update the application to make authorized requests to Google Cloud managed services. You want this to be a one-time setup, and you need to follow security best practices of auto-rotating your security keys and storing them in an encrypted store. You already created a service account with appropriate access to the Google Cloud service. What should you do next?

AAssign the Google Cloud service account to your GKE Pod using Workload Identity.

BExport the Google Cloud service account, and share it with the Pod as a Kubernetes Secret.

CExport the Google Cloud service account, and embed it in the source code of the application.

DExport the Google Cloud service account, and upload it to HashiCorp Vault to generate a dynamic service account for your application.

Answer : A

https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity

Applications running on GKE might need access to Google Cloud APIs such as Compute Engine API, BigQuery Storage API, or Machine Learning APIs.

Workload Identity allows a Kubernetes service account in your GKE cluster to act as an IAM service account. Pods that use the configured Kubernetes service account automatically authenticate as the IAM service account when accessing Google Cloud APIs. Using Workload Identity allows you to assign distinct, fine-grained identities and authorization for each application in your cluster.

Question 4

You are a developer working on an internal application for payroll processing. You are building a component of the application that allows an employee to submit a timesheet, which then initiates several steps:

* An email is sent to the employee and manager, notifying them that the timesheet was submitted.

* A timesheet is sent to payroll processing for the vendor's API.

* A timesheet is sent to the data warehouse for headcount planning.

These steps are not dependent on each other and can be completed in any order. New steps are being considered and will be implemented by different development teams. Each development team will implement the error handling specific to their step. What should you do?

ADeploy a Cloud Function for each step that calls the corresponding downstream system to complete the required action.

BCreate a Pub/Sub topic for each step. Create a subscription for each downstream development team to subscribe to their step's topic.

CCreate a Pub/Sub topic for timesheet submissions. Create a subscription for each downstream development team to subscribe to the topic.

DCreate a timesheet microservice deployed to Google Kubernetes Engine. The microservice calls each downstream step and waits for a successful response before calling the next step.

Answer : C

Question 5

HipLocal wants to reduce the number of on-call engineers and eliminate manual scaling.

Which two services should they choose? (Choose two.)

AUse Google App Engine services.

BUse serverless Google Cloud Functions.

CUse Knative to build and deploy serverless applications.

DUse Google Kubernetes Engine for automated deployments.

EUse a large Google Compute Engine cluster for deployments.

Answer : B, C

Question 6

You made a typo in a low-level Linux configuration file that prevents your Compute Engine instance from booting to a normal run level. You just created the Compute Engine instance today and have done no other maintenance on it, other than tweaking files. How should you correct this error?

ADownload the file using scp, change the file, and then upload the modified version

BConfigure and log in to the Compute Engine instance through SSH, and change the file

CConfigure and log in to the Compute Engine instance through the serial port, and change the file

DConfigure and log in to the Compute Engine instance using a remote desktop client, and change the file

Answer : C

https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-using-serial-console

Question 7

You are using the Cloud Client Library to upload an image in your application to Cloud Storage. Users of the application report that occasionally the upload does not complete and the client library reports an HTTP 504 Gateway Timeout error. You want to make the application more resilient to errors. What changes to the application should you make?

AWrite an exponential backoff process around the client library call.

BWrite a one-second wait time backoff process around the client library call.

CDesign a retry button in the application and ask users to click if the error occurs.

DCreate a queue for the object and inform the users that the application will try again in 10 minutes.

Answer : A