Practice Free Professional Cloud Developer Exam Online Questions
You are running a web application on Google Kubernetes Engine that you inherited. You want to determine whether the application is using libraries with known vulnerabilities or is vulnerable to XSS attacks.
Which service should you use?
- A . Google Cloud Armor
- B . Debugger
- C . Web Security Scanner
- D . Error Reporting
C
Explanation:
https://cloud.google.com/security-command-center/docs/concepts-web-security-scanner-overview Web Security Scanner identifies security vulnerabilities in your App Engine, Google Kubernetes Engine (GKE), and Compute Engine web applications. It crawls your application, following all links within the scope of your starting URLs, and attempts to exercise as many user inputs and event handlers as possible.
Your application is built as a custom machine image. You have multiple unique deployments of the machine image. Each deployment is a separate managed instance group with its own template. Each deployment requires a unique set of configuration values. You want to provide these unique values to each deployment but use the same custom machine image in all deployments. You want to use out-of-the-box features of Compute Engine.
What should you do?
- A . Place the unique configuration values in the persistent disk.
- B . Place the unique configuration values in a Cloud Bigtable table.
- C . Place the unique configuration values in the instance template startup script.
- D . Place the unique configuration values in the instance template instance metadata.
A
Explanation:
Reference: https://cloud.google.com/compute/docs/instance-groups
A governmental regulation was recently passed that affects your application. For compliance purposes, you are now required to send a duplicate of specific application logs from your application’s project to a project that is restricted to the security team.
What should you do?
- A . Modify the _Default tog bucket sink rules to reroute the logs into the security team’s log bucket.
- B . Create user-defined log buckets in the security team’s project. Configure a Cloud Logging sink to route your application s logs to log buckets in the security team’s project.
- C . Create a job that copies the System Event logs from the _Required log bucket into the security team’s log bucket in their project.
- D . Create a job that copies the togs from the _Required log bucket into the security team’s log bucket in their project.
You are designing an application that consists of several microservices. Each microservice has its own RESTful API and will be deployed as a separate Kubernetes Service. You want to ensure that the consumers of these APIs aren’t impacted when there is a change to your API, and also ensure that third-party systems aren’t interrupted when new versions of the API are released.
How should you
configure the connection to the application following Google-recommended best practices?
- A . Use an Ingress that uses the API’s URL to route requests to the appropriate backend.
- B . Leverage a Service Discovery system, and connect to the backend specified by the request.
- C . Use multiple clusters, and use DNS entries to route requests to separate versioned backends.
- D . Combine multiple versions in the same service, and then specify the API version in the POST request.
You are deploying a microservices application to Google Kubernetes Engine (GKE). The application will receive daily updates. You expect to deploy a large number of distinct containers that will run on the Linux operating system (OS). You want to be alerted to any known OS vulnerabilities in the new containers. You want to follow Google-recommended best practices.
What should you do?
- A . Use the gcloud CLI to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.
- B . Enable Container Analysis, and upload new container images to Artifact Registry. Review the vulnerability results before each deployment.
- C . Enable Container Analysis, and upload new container images to Artifact Registry. Review the critical vulnerability results before each deployment.
- D . Use the Container Analysis REST API to call Container Analysis to scan new container images.
Review the vulnerability results before each deployment.
D
Explanation:
https://cloud.google.com/container-analysis/docs/automated-scanning-howto
https://cloud.google.com/container-analysis/docs/os-overview says: The Container Scanning API allows you to automate OS vulnerability detection, scanning each time you push an image to Container Registry or Artifact Registry. Enabling this API also triggers language package scans for Go and Java vulnerabilities (Preview).
Configure this pipeline to run a deployment step to the Test cluster
Users are complaining that your Cloud Run-hosted website responds too slowly during traffic spikes. You want to provide a better user experience during traffic peaks.
What should you do?
- A . Read application configuration and static data from the database on application startup.
- B . Package application configuration and static data into the application image during build time.
- C . Perform as much work as possible in the background after the response has been returned to the user.
- D . Ensure that timeout exceptions and errors cause the Cloud Run instance to exit quickly so a replacement instance can be started.
Users are complaining that your Cloud Run-hosted website responds too slowly during traffic spikes. You want to provide a better user experience during traffic peaks.
What should you do?
- A . Read application configuration and static data from the database on application startup.
- B . Package application configuration and static data into the application image during build time.
- C . Perform as much work as possible in the background after the response has been returned to the user.
- D . Ensure that timeout exceptions and errors cause the Cloud Run instance to exit quickly so a replacement instance can be started.
You are developing an application that will handle requests from end users. You need to secure a Cloud Function called by the application to allow authorized end users to authenticate to the function via the application while restricting access to unauthorized users. You will integrate Google Sign-In as part of the solution and want to follow Google-recommended best practices.
What should you do?
- A . Deploy from a source code repository and grant users the roles/cloudfunctions.viewer role.
- B . Deploy from a source code repository and grant users the roles/cloudfunctions.invoker role
- C . Deploy from your local machine using gcloud and grant users the roles/cloudfunctions.admin role
- D . Deploy from your local machine using gcloud and grant users the roles/cloudfunctions.developer role
Your development team has been asked to refactor an existing monolithic application into a set of composable microservices.
Which design aspects should you implement for the new application? (Choose two.)
- A . Develop the microservice code in the same programming language used by the microservice caller.
- B . Create an API contract agreement between the microservice implementation and microservice caller.
- C . Require asynchronous communications between all microservice implementations and microservice callers.
- D . Ensure that sufficient instances of the microservice are running to accommodate the performance requirements.
- E . Implement a versioning scheme to permit future changes that could be incompatible with the current interface.