Professional-Cloud-Developer Google Certified Professional - Cloud Developer Questions and Answers

Use the HBase API, Redis API, and MySQL connection to retrieve database lists. Combine the results, and then apply the filter to display the results

Use the HBase API, Redis API, and MySQL connection to retrieve database lists. Filter the results individually, and then combine them to display the results

Run gcloud bigtable instances list, gcloud redis instances list, and gcloud sql databases list. Use a filter within the application, and then display the results

Run gcloud bigtable instances list, gcloud redis instances list, and gcloud sql databases list. Use --filter flag with each command, and then display the results

1 Configure your Cl/CD pipeline to update the Deployment manifest file by replacing the container version with the latest version.

2 Recreate the Pods in your cluster by applying the Deployment manifest file.

3 Validate the application's performance by comparing its functionality with the previous release version and roll back if an issue arises.

1 install the Anthos Service Mesh on your GKE cluster.

2 Create two Deployments on the GKE cluster and label them with different version names.

3 Create a VirtualService with a routing rule to send a small percentage of traffic to the Deployment that references the new version of the application.

1 Create a second namespace on GKE for the new release version.

2 Create a Deployment configuration for the second namespace with the desired number of Pods.

3 Deploy new container versions in the second namespace.

4 Update the ingress configuration to route traffic to the namespace with the new container versions.

1. Implement a rolling update pattern by replacing the Pods gradually with the new release versify.

2 Validate the application's performance for the new subset of users during the rollout and roll back if an issue arises.

Store user data on a Cloud Shell home disk and log in at least every 120 days to prevent its deletion

Store user data on a persistent disk in a Compute Engine instance

Store user data m BigQuery tables

Store user data in a Cloud Storage bucket

Use Network Policies to block traffic between applications.

Install Istio, enable proxy injection on your application namespace, and then enable mTLS.

Define Trusted Network ranges within the application, and configure the applications to allow traffic only from those networks.

Use an automated process to request SSL Certificates for your applications from Let’s Encrypt and add them to your applications.

Use Spinnaker to automate building container images from code based on Git tags.

Use Cloud Build to automate building container images from code based on Git tags.

Use Spinnaker to automate deploying container images to the production environment.

Use Cloud Build to automate building container images from code based on forked versions.

Configure Cloud SQL to host the database, and import the schema into Cloud SQL.

Deploy MySQL from the Google Cloud Marketplace to the database using a client, and import the schema.

Configure Bigtable to host the database, and import the data into Bigtable.

Configure Cloud Spanner to host the database, and import the schema into Cloud Spanner.

Configure Firestore to host the database, and import the data into Firestore.

Create a new feature branch, and ask the build team to rebuild the image.

Shut down the deployed virtual machine, export the disk, and then mount the disk locally to access the boot logs.

Install Packer locally, build the Compute Engine image locally, and then run it in your personal Google Cloud project.

Check Compute Engine OS logs using the serial port, and check the Cloud Logging logs to confirm access to the serial port.

Trigger a Spinnaker pipeline configured as an A/B test of your new code and, if it is successful, deploy the container to production.

Trigger a Spinnaker pipeline configured as a canary test of your new code and, if it is successful, deploy the container to production.

Trigger another Cloud Build job that uses the Kubernetes CLI tools to deploy your new container to your GKE cluster, where you can perform a canary test.

Trigger another Cloud Build job that uses the Kubernetes CLI tools to deploy your new container to your GKE cluster, where you can perform a shadow test.

Use Cloud Build with a trigger configured for each source code commit.

Use Jenkins deployed via the Google Cloud Platform Marketplace, configured to watch for source code commits.

Use a Compute Engine virtual machine instance with an open source continuous integration tool, configured to watch for source code commits.

Use a source code commit trigger to push a message to a Cloud Pub/Sub topic that triggers an App Engine service to build the source code.

Use Carrier Peering

Use VPC Network Peering

Use Shared VPC networks

Use Private Google Access

Ask the developers to use Cloud Shell and run gcloud container clusters get-credentials to switch to another cluster.

Ask the developers to open three terminals on their workstation and use kubecrt1 config to configure access to each cluster.

Ask the developers to install the gcloud CLI on their workstation and run gcloud container clusters get-credentials to switch to another cluster

In a configuration file, define the clusters users, and contexts Email the file to the developers and ask them to use kubect1 config to add cluster, user and context details.

Bind the user identity to the pubsub.publisher and pubsub.subscriber roles at the resource level.

Grant the user identity the pubsub.publisher and pubsub.subscriber roles at the project level.

Grant the user identity a custom role that contains the pubsub.topics.create and pubsub.subscriptions.create permissions.

Configure the application to run as a service account that has the pubsub.publisher and pubsub.subscriber roles.

Enable Application-layer Secrets on the GKE cluster to protect the cluster.

Deploy a namespace per tenant and use Network Policies in each blog deployment.

Use GKE Audit Logging to identify malicious containers and delete them on discovery.

Build a custom image of the blogging software and use Binary Authorization to prevent untrusted image deployments.

Set a retention policy on the bucket with a period of 7 years.

Use IAM Conditions to provide access to objects 7 years after the object creation date.

Enable Object Versioning to prevent objects from being accidentally deleted for 7 years after object creation.

Create an object lifecycle policy on the bucket that moves objects from Standard Storage to Archive Storage after 3 years.

Implement a Cloud Function that checks the age of each object in the bucket and moves the objects older than 3 years to a second bucket with the Archive Storage class. Use Cloud Scheduler to trigger the Cloud Function on a daily schedule.

1) Download the service account’s key file in JSON format, and store it locally on your laptop.

2) Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of your downloaded key file.

1) Run the following command from a command line: gcloud config set auth/impersonate_service_account service-account-name@project.iam.gserviceacccount.com.

2) Set the GOOGLE_OAUTH_ACCESS_TOKEN environment variable to the value that is returned by the gcloud auth print-access-token command.

1) Run the following command from a command line: gcloud auth application-default login.

2) In the browser window that opens, authenticate using your personal credentials.

1) Store the service account's key file in JSON format in Hashicorp Vault.

2) Integrate Terraform with Vault to retrieve the key file dynamically, and authenticate to Vault using a short-lived access token.

Enable private IP for the Cloud SQL instance.

Whitelist a project to access Cloud SQL, and add Compute Engine instances in the whitelisted project.

Create a role in Cloud SQL that allows access to the database from external instances, and assign the

Compute Engine instances to that role.

Create a CloudSQL instance on one project. Create Compute engine instances in a different project.

Create a VPN between these two projects to allow internal access to CloudSQL.

Each developer commits their code to the main branch before each product release, conducts testing, and rolls back if integration issues are detected.

Each group of developers copies the repository, commits their changes to their repository, and merges their code into the main repository before each product release.

Each developer creates a branch for their own work, commits their changes to their branch, and merges their code into the main branch daily.

Each group of developers creates a feature branch from the main branch for their work, commits their changes to their branch, and merges their code into the main branch after the change advisory board approves it.

The folder structure inside the bucket and object paths have changed.

The permissions of the service account’s predefined role have changed.

The service account key has been rotated but not updated on the application server.

The Interconnect link from the on-premises data center to Google Cloud is experiencing a temporary outage.

Perform a rolling update with a PodDisruptionBudget of 80%.

Perform a rolling update with a HorizontalPodAutoscaler scale-down policy value of 0.

Convert the Deployment to a StatefulSet, and perform a rolling update with a PodDisruptionBudget of 80%.

Convert the Deployment to a StatefulSet, and perform a rolling update with a HorizontalPodAutoscaler scale-down policy value of 0.

Use Cloud Load Balancing to slowly ramp up traffic between versions. Use Cloud Monitoring to look for performance issues.

Deploy the application via a continuous delivery pipeline using canary deployments. Use Cloud Monitoring to look for performance issues. and ramp up traffic as the metrics support it.

Deploy the application via a continuous delivery pipeline using blue/green deployments. Use Cloud Monitoring to look for performance issues, and launch fully when the metrics support it.

Deploy the application using kubectl and set the spec.updateStrategv.type to RollingUpdate. Use Cloud Monitoring to look for performance issues, and run the kubectl rollback command if there are any issues.

Upload your application to Cloud Storage.

Upload your application to an App Engine environment.

Create a Compute Engine instance with Apache web server installed. Configure Apache web server to

host the application.

Containerize your application first. Deploy this container to Google Kubernetes Engine (GKE) and assign

an external IP address to the GKE pod hosting the application.

Deploy from a source code repository and grant users the roles/cloudfunctions.viewer role.

Deploy from a source code repository and grant users the roles/cloudfunctions.invoker role

Deploy from your local machine using gcloud and grant users the roles/cloudfunctions.admin role

Deploy from your local machine using gcloud and grant users the roles/cloudfunctions.developer role

Create a user-managed service account with a custom Identity and Access Management (IAM) role.

Create a user-managed service account with the Storage Admin Identity and Access Management (IAM) role.

Create a user-managed service account with the Project Editor Identity and Access Management (IAM) role.

Use the default service account linked to the Cloud Run revision in production.

Stackdriver Trace

Stackdriver Monitoring

Stackdriver Debug Snapshots

Stackdriver Debug Logpoints

Include multiple rows with each request.

Perform the inserts in parallel by creating multiple threads.

Write each row to a Cloud Storage object, then load into BigQuery.

Write each row to a Cloud Storage object in parallel, then load into BigQuery.

Instrument your microservices by installing the OpenTelemetry tracing package Update your application code to send traces to Trace for inspection and analysis Create an analysis report on Trace to analyze user requests

Configure GKE workload metrics using kubect1 Select all Pods to send their metrics to Cloud Monitoring. Create a custom dashboard of application metrics in Cloud Monitoring to determine performance bottlenecks of your GKE cluster

Install tcpdump on your GKE nodes. Run tcpdump to capture network traffic over an extended period of time to collect data Analyze the data files using Wireshark to determine the cause of high latency

Update your microservices to log HTTP request methods and URL paths to STDOUT Use the logs router to send container logs to Cloud Logging Create filters in Cloud Logging to evaluate the latency of user requests across different methods and URL paths.

Store each comment in a subcollection of the article.

Add each comment to an array property on the article.

Store each comment in a document, and add the comment’s key to an array property on the article.

Store each comment in a document, and add the comment’s key to an array property on the user profile.

Migrate the Product catalog, which has integrations to the frontend and product database.

Migrate Payment processing, which has integrations to the frontend, order database, and third-party payment vendor.

Migrate Order fulfillment, which has integrations to the order database, inventory system, and third-party shipping vendor.

Migrate the Shopping cart, which has integrations to the frontend, cart database, inventory system, and payment processing system.

Leave the original Cloud Function as-is and deploy a second Cloud Function with the new API. Use a load balancer to distribute calls between the versions.

Leave the original Cloud Function as-is and deploy a second Cloud Function that includes only the changed API. Calls are automatically routed to the correct function.

Leave the original Cloud Function as-is and deploy a second Cloud Function with the new API. Use Cloud Endpoints to provide an API gateway that exposes a versioned API.

Re-deploy the Cloud Function after making code changes to support the new API. Requests for both versions of the API are fulfilled based on a version identifier included in the call.

RESTful APIs

MQTT for APIs

gRPC-based APIs

SOAP-based APIs

Install the Stackdriver Client Library.

Install the Stackdriver Monitoring Agent.

Use the Stackdriver Metrics Explorer.

Use the Google Cloud Platform Console.

Deploy Voucher Server and Voucher Client Components. After a container image has passed the regression tests, run Voucher Client as a step in the Cloud Build pipeline.

Set the Pod Security Standard level to Restricted for the relevant namespaces Digitally sign the container

images that have passed the regression tests as a step in the Cloud Build pipeline.

Create an attestor and a policy. Create an attestation for the container images that have passed the regression tests as a step in the Cloud Build pipeline.

Create an attestor and a policy Run a vulnerability scan to create an attestation for the container image as a step in the Cloud Build pipeline.

Configure the appropriate service accounts, and use Workload Identity to run the pods.

Store the application credentials as Kubernetes Secrets, and expose them as environment variables.

Configure the appropriate routing rules, and use a VPC-native cluster to directly connect to the database.

Store the application credentials using Cloud Key Management Service, and retrieve them whenever a database connection is made.

Using Identity and Access Management (IAM), grant the Viewer IAM role on the cluster project to the other team.

Create a new GKE cluster. Using Identity and Access Management (IAM), grant the Editor role on the cluster project to the other team.

Create a new namespace in the existing cluster. Using Identity and Access Management (IAM), grant the Editor role on the cluster project to the other team.

Create a new namespace in the existing cluster. Using Kubernetes role-based access control (RBAC), grant the Admin role on the new namespace to the other team.

Download the file using scp, change the file, and then upload the modified version

Configure and log in to the Compute Engine instance through SSH, and change the file

Configure and log in to the Compute Engine instance through the serial port, and change the file

Configure and log in to the Compute Engine instance using a remote desktop client, and change the file

Use App Engine for autoscaling.

Use Cloud Functions for autoscaling.

Use a Compute Engine cluster for the service.

Use a dedicated Compute Engine virtual machine instance for the service.

Create new Cloud SQL instances in Europe and North America for testing and deployment. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Bigtable. Instruct the development teams to use the Cloud SDK to emulate a local Bigtable development environment.

Move from Cloud SQL to MySQL hosted on Compute Engine. Replicate hosts across regions in the Americas and Europe. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Firestore in Native mode and set up instan

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

Migrate the database to Bigtable and use it to serve all global user traffic.

Migrate the database to Cloud Spanner and use it to serve all global user traffic.

Migrate the database to Firestore in Datastore mode and use it to serve all global user traffic.

Migrate the services to Google Kubernetes Engine and use a load balancer service to better scale the application.

Cloud Profiler

Cloud Monitoring

Cloud Trace

Cloud Logging

Block all traffic on port 443.

Allow all traffic into the network.

Allow traffic on port 443 for a specific tag.

Allow all traffic on port 443 into the network.

Use the Cloud Data Loss Prevention API for redaction of the review dataset.

Use the Cloud Data Loss Prevention API for de-identification of the review dataset.

Use the Cloud Natural Language Processing API for redaction of the review dataset.

Use the Cloud Natural Language Processing API for de-identification of the review dataset.

Use the current single instance MySQL on Compute Engine and several read-only MySQL servers on

Compute Engine.

Use the current single instance MySQL on Compute Engine, and replicate the data to Cloud SQL in an

external master configuration.

Replace the current single instance MySQL instance with Cloud SQL, and configure high availability.

Replace the current single instance MySQL instance with Cloud SQL, and Google provides redundancy

without further configuration.

Use local SSDs to store state.

Put a memcache layer in front of MySQL.

Move the state storage to Cloud Spanner.

Replace the MySQL instance with Cloud SQL.

Use Google Kubernetes Engine (GKE) to run the application as a microservice. Run the MySQL database on a dedicated GKE node.

Use multiple Compute Engine instances to run MySQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use Memorystore to store session information and CloudSQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use a Cloud Storage bucket to serve the application as a static website, and use another Cloud Storage bucket to store user state information.

Cloud Armor

Cloud Functions

Cloud Endpoints

Shielded Virtual Machines

Include unit tests in their code, and prevent deployments to QA until all tests have a passing status.

Include performance tests in their code, and prevent deployments to QA until all tests have a passing status.

Create health checks for the QA environment, and redeploy the APIs at a later time if the environment is unhealthy.

Redeploy the APIs to App Engine using Traffic Splitting. Do not move QA traffic to the new versions if errors are found.

Create an API key. Use the API key to interact with Google Cloud.

Use the default compute service account to interact with Google Cloud.

Create a service account for the application. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.

Create a service account for the application and for each Google Cloud API used by the application. Export and deploy the private keys used by the application. Use the service account with one Google Cloud API to interact with Google Cloud.

Use Google App Engine services.

Use serverless Google Cloud Functions.

Use Knative to build and deploy serverless applications.

Use Google Kubernetes Engine for automated deployments.

Use a large Google Compute Engine cluster for deployments.

Take frequent snapshots of all of the VMs.

Install the Stackdriver Logging agent on the VMs.

Install the Stackdriver Monitoring agent on the VMs.

Use Stackdriver Trace to look for performance bottlenecks.

Cloud Spanner

Cloud Datastore

Cloud Memorystore as a cache

Separate Cloud SQL clusters for each region

Create manual subnets.

Create an auto mode subnet.

Create multiple peered VPCs.

Provision a single instance for NAT.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

Cloud VPN

Cloud Armor

Virtual Private Cloud

Cloud Identity-Aware Proxy