Practice Free Professional Cloud Developer Exam Online Questions
You are using Cloud Build to build and test application source code stored in Cloud Source Repositories. The build process requires a build tool not available in the Cloud Build environment.
What should you do?
- A . Download the binary from the internet during the build process.
- B . Build a custom cloud builder image and reference the image in your build steps.
- C . Include the binary in your Cloud Source Repositories repository and reference it in your build scripts.
- D . Ask to have the binary added to the Cloud Build environment by filing a feature request against the Cloud
Build public Issue Tracker.
You are developing an application that will store and access sensitive unstructured data objects in a Cloud Storage bucket. To comply with regulatory requirements, you need to ensure that all data objects are available for at least 7 years after their initial creation. Objects created more than 3 years
ago are accessed very infrequently (less than once a year). You need to configure object storage while ensuring that storage cost is optimized.
What should you do? (Choose two.)
- A . Set a retention policy on the bucket with a period of 7 years.
- B . Use IAM Conditions to provide access to objects 7 years after the object creation date.
- C . Enable Object Versioning to prevent objects from being accidentally deleted for 7 years after object creation.
- D . Create an object lifecycle policy on the bucket that moves objects from Standard Storage to Archive Storage after 3 years.
- E . Implement a Cloud Function that checks the age of each object in the bucket and moves the objects older than 3 years to a second bucket with the Archive Storage class. Use Cloud Scheduler to trigger the Cloud Function on a daily schedule.
AD
Explanation:
https://cloud.google.com/storage/docs/bucket-lock
This page discusses the Bucket Lock feature, which allows you to configure a data retention policy for a Cloud Storage bucket that governs how long objects in the bucket must be retained. The feature also allows you to lock the data retention policy, permanently preventing the policy from being reduced or removed.
https://cloud.google.com/storage/docs/storage-classes#archive
Archive storage is the lowest-cost, highly durable storage service for data archiving, online backup, and disaster recovery. Unlike the "coldest" storage services offered by other Cloud providers, your data is available within milliseconds, not hours or days.
Archive storage is the best choice for data that you plan to access less than once a year.
You need to migrate a standalone Java application running in an on-premises Linux virtual machine (VM) to Google Cloud in a cost-effective manner. You decide not to take the lift-and-shift approach, and instead you plan to modernize the application by converting it to a container.
How should you accomplish this task?
- A . Use Migrate for Anthos to migrate the VM to your Google Kubernetes Engine (GKE) cluster as a container.
- B . Export the VM as a raw disk and import it as an image. Create a Compute Engine instance from the Imported image.
- C . Use Migrate for Compute Engine to migrate the VM to a Compute Engine instance, and use Cloud Build to convert it to a container.
- D . Use Jib to build a Docker image from your source code, and upload it to Artifact Registry. Deploy the application in a GKE cluster, and test the application.
D
Explanation:
https://cloud.google.com/blog/products/application-development/introducing-jib-build-java-docker-images-better
Your team develops stateless services that run on Google Kubernetes Engine (GKE). You need to deploy a new service that will only be accessed by other services running in the GKE cluster. The service will need to scale as quickly as possible to respond to changing load.
What should you do?
- A . Use a Vertical Pod Autoscaler to scale the containers, and expose them via a ClusterIP Service.
- B . Use a Vertical Pod Autoscaler to scale the containers, and expose them via a NodePort Service.
- C . Use a Horizontal Pod Autoscaler to scale the containers, and expose them via a ClusterIP Service.
- D . Use a Horizontal Pod Autoscaler to scale the containers, and expose them via a NodePort Service.
C
Explanation:
https://cloud.google.com/kubernetes-engine/docs/concepts/service
You are deploying a single website on App Engine that needs to be accessible via the URL http://www.altostrat.com/.
What should you do?
- A . Verify domain ownership with Webmaster Central. Create a DNS CNAME record to point to the App Engine canonical name ghs.googlehosted.com.
- B . Verify domain ownership with Webmaster Central. Define an A record pointing to the single global App Engine IP address.
- C . Define a mapping in dispatch.yaml to point the domain www.altostrat.com to your App Engine service. Create a DNS CNAME record to point to the App Engine canonical name ghs.googlehosted.com.
- D . Define a mapping in dispatch.yaml to point the domain www.altostrat.com to your App Engine service. Define an A record pointing to the single global App Engine IP address.
A
Explanation:
Reference: https://cloud.google.com/appengine/docs/flexible/dotnet/mapping-custom-domains?hl=fa
Your team is building an application for a financial institution. The application’s frontend runs on
Compute Engine, and the data resides in Cloud SQL and one Cloud Storage bucket. The application
will collect data containing PII, which will be stored in the Cloud SQL database and the Cloud Storage
bucket. You need to secure the PII data.
What should you do?
- A . 1) Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database
2) Using IAM, allow only the frontend service account to access the Cloud Storage bucket - B . 1) Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database
2) Enable private access to allow the frontend to access the Cloud Storage bucket privately - C . 1) Configure a private IP address for Cloud SQL
2) Use VPC-SC to create a service perimeter
3) Add the Cloud SQL database and the Cloud Storage bucket to the same service perimeter - D . 1) Configure a private IP address for Cloud SQL
2) Use VPC-SC to create a service perimeter
3) Add the Cloud SQL database and the Cloud Storage bucket to different service perimeters
Your team is building an application for a financial institution. The application’s frontend runs on
Compute Engine, and the data resides in Cloud SQL and one Cloud Storage bucket. The application
will collect data containing PII, which will be stored in the Cloud SQL database and the Cloud Storage
bucket. You need to secure the PII data.
What should you do?
- A . 1) Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database
2) Using IAM, allow only the frontend service account to access the Cloud Storage bucket - B . 1) Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database
2) Enable private access to allow the frontend to access the Cloud Storage bucket privately - C . 1) Configure a private IP address for Cloud SQL
2) Use VPC-SC to create a service perimeter
3) Add the Cloud SQL database and the Cloud Storage bucket to the same service perimeter - D . 1) Configure a private IP address for Cloud SQL
2) Use VPC-SC to create a service perimeter
3) Add the Cloud SQL database and the Cloud Storage bucket to different service perimeters
Your team is building an application for a financial institution. The application’s frontend runs on
Compute Engine, and the data resides in Cloud SQL and one Cloud Storage bucket. The application
will collect data containing PII, which will be stored in the Cloud SQL database and the Cloud Storage
bucket. You need to secure the PII data.
What should you do?
- A . 1) Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database
2) Using IAM, allow only the frontend service account to access the Cloud Storage bucket - B . 1) Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database
2) Enable private access to allow the frontend to access the Cloud Storage bucket privately - C . 1) Configure a private IP address for Cloud SQL
2) Use VPC-SC to create a service perimeter
3) Add the Cloud SQL database and the Cloud Storage bucket to the same service perimeter - D . 1) Configure a private IP address for Cloud SQL
2) Use VPC-SC to create a service perimeter
3) Add the Cloud SQL database and the Cloud Storage bucket to different service perimeters
You work for an organization that manages an online ecommerce website. Your company plans to expand across the world; however, the estore currently serves one specific region. You need to select a SQL database and configure a schema that will scale as your organization grows. You want to create a table that stores all customer transactions and ensure that the customer (CustomerId) and the transaction (TransactionId) are unique.
What should you do?
- A . Create a Cloud SQL table that has TransactionId and CustomerId configured as primary keys. Use an incremental number for the TransactionId.
- B . Create a Cloud SQL table that has TransactionId and CustomerId configured as primary keys. Use a random string (UUID) for the Transactionid.
- C . Create a Cloud Spanner table that has TransactionId and CustomerId configured as primary keys.
Use a random string (UUID) for the TransactionId. - D . Create a Cloud Spanner table that has TransactionId and CustomerId configured as primary keys.
Use an incremental number for the TransactionId.
You work for an organization that manages an ecommerce site. Your application is deployed behind a global HTTP(S) load balancer. You need to test a new product recommendation algorithm. You plan to use A/B testing to determine the new algorithm’s effect on sales in a randomized way.
How should you test this feature?
- A . Split traffic between versions using weights.
- B . Enable the new recommendation feature flag on a single instance.
- C . Mirror traffic to the new version of your application.
- D . Use HTTP header-based routing.
C
Explanation:
https://cloud.google.com/load-balancing/docs/https/traffic-management-global#traffic_actions_weight-based_traffic_splitting
Deploying a new version of an existing production service generally incurs some risk. Even if your tests pass in staging, you probably don’t want to subject 100% of your users to the new version immediately. With traffic management, you can define percentage-based traffic splits across multiple backend services.
For example, you can send 95% of the traffic to the previous version of your service and 5% to the new version of your service. After you’ve validated that the new production version works as expected, you can gradually shift the percentages until 100% of the traffic reaches the new version of your service. Traffic splitting is typically used for deploying new versions, A/B testing, service migration, and similar processes.
https://cloud.google.com/traffic-director/docs/advanced-traffic-management#weight-based_traffic_splitting_for_safer_deployments
https://cloud.google.com/architecture/implementing-deployment-and-testing-strategies-on-gke#split_the_traffic_2
https://cloud.google.com/load-balancing/docs/https/traffic-management-global#traffic_actions_weight-based_traffic_splitting