Professional-Cloud-Developer Google Certified Professional - Cloud Developer exact Exam Questions

Google Certified Professional - Cloud Developer

Last Update 11 hours ago Total Questions : 265

The Google Certified Professional - Cloud Developer content is now fully updated, with all current exam questions added 11 hours ago. Deciding to include Professional-Cloud-Developer practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our Professional-Cloud-Developer exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these Professional-Cloud-Developer sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Google Certified Professional - Cloud Developer practice test comfortably within the allotted time.

Question # 11

You are creating and running containers across different projects in Google Cloud. The application you are developing needs to access Google Cloud services from within Google Kubernetes Engine (GKE).

What should you do?

Assign a Google service account to the GKE nodes.

Use a Google service account to run the Pod with Workload Identity.

Store the Google service account credentials as a Kubernetes Secret.

Use a Google service account with GKE role-based access control (RBAC).

Question # 12

Your company ' s development teams want to use Cloud Build in their projects to build and push Docker images

to Container Registry. The operations team requires all Docker images to be published to a centralized,

securely managed Docker registry that the operations team manages.

What should you do?

Use Container Registry to create a registry in each development team ' s project. Configure the Cloud Build

build to push the Docker image to the project ' s registry. Grant the operations team access to each

development team ' s registry.

Create a separate project for the operations team that has Container Registry configured. Assign

appropriate permissions to the Cloud Build service account in each developer team ' s project to allow

access to the operation team ' s registry.

Create a separate project for the operations team that has Container Registry configured. Create a Service

Account for each development team and assign the appropriate permissions to allow it access to the

operations team ' s registry. Store the service account key file in the source code repository and use it to

authenticate against the operations team ' s registry.

Create a separate project for the operations team that has the open source Docker Registry deployed on a

Compute Engine virtual machine instance. Create a username and password for each development team.

Store the username and password in the source code repository and use it to authenticate against the

operations team ' s Docker registry.

Question # 13

Your company has a new security initiative that requires all data stored in Google Cloud to be encrypted by customer-managed encryption keys. You plan to use Cloud Key Management Service (KMS) to configure access to the keys. You need to follow the " separation of duties " principle and Google-recommended best practices. What should you do? (Choose two.)

Provision Cloud KMS in its own project.

Do not assign an owner to the Cloud KMS project.

Provision Cloud KMS in the project where the keys are being used.

Grant the roles/cloudkms.admin role to the owner of the project where the keys from Cloud KMS are being used.

Grant an owner role for the Cloud KMS project to a different user than the owner of the project where the keys from Cloud KMS are being used.

Question # 14

You are a developer at a large corporation You manage three Google Kubernetes Engine clusters. Your team’s developers need to switch from one cluster to another regularly without losing access to their preferred development tools. You want to configure access to these clusters using the fewest number of steps while following Google-recommended best practices. What should you do?

Ask the developers to use Cloud Shell and run gcloud container clusters get-credentials to switch to another cluster.

Ask the developers to open three terminals on their workstation and use kubecrt1 config to configure access to each cluster.

Ask the developers to install the gcloud CLI on their workstation and run gcloud container clusters get-credentials to switch to another cluster

In a configuration file, define the clusters users, and contexts Email the file to the developers and ask them to use kubect1 config to add cluster, user and context details.

Question # 15

Your web application is deployed to the corporate intranet. You need to migrate the web application to Google Cloud. The web application must be available only to company employees and accessible to employees as they travel. You need to ensure the security and accessibility of the web application while minimizing application changes. What should you do?

Configure the application to check authentication credentials for each HTTP(S) request to the application.

Configure Identity-Aware Proxy to allow employees to access the application through its public IP address.

Configure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine instance forwards requests to and from the web application.

Configure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine issues an HTTP redirect to a public IP address hosting the web application.

Question # 16

You are reviewing and updating your Cloud Build steps to adhere to Google-recommended practices. Currently, your build steps include:

1. Pull the source code from a source repository.

2. Build a container image

3. Upload the built image to Artifact Registry.

You need to add a step to perform a vulnerability scan of the built container image, and you want the results of the scan to be available to your deployment pipeline running in Google Cloud. You want to minimize changes that could disrupt other teams ' processes What should you do?

Enable Binary Authorization, and configure it to attest that no vulnerabilities exist in a container image.

Enable the Container Scanning API in Artifact Registry, and scan the built container images for vulnerabilities.

Upload the built container images to your Docker Hub instance, and scan them for vulnerabilities.

Add Artifact Registry to your Aqua Security instance, and scan the built container images for vulnerabilities

Question # 17

You are a developer at a financial institution You use Cloud Shell to interact with Google Cloud services. User data is currently stored on an ephemeral disk however a recently passed regulation mandates that you can no longer store sensitive information on an ephemeral disk. You need to implement a new storage solution for your user data You want to minimize code changes Where should you store your user data ' ?

Store user data on a Cloud Shell home disk and log in at least every 120 days to prevent its deletion

Store user data on a persistent disk in a Compute Engine instance

Store user data m BigQuery tables

Store user data in a Cloud Storage bucket

Question # 18

Your company’s product team has a new requirement based on customer demand to autoscale your stateless and distributed service running in a Google Kubernetes Engine (GKE) duster. You want to find a solution that minimizes changes because this feature will go live in two weeks. What should you do?

Deploy a Vertical Pod Autoscaler, and scale based on the CPU load.

Deploy a Vertical Pod Autoscaler, and scale based on a custom metric.

Deploy a Horizontal Pod Autoscaler, and scale based on the CPU toad.

Deploy a Horizontal Pod Autoscaler, and scale based on a custom metric.

Question # 19

Your company’s development teams want to use various open source operating systems in their Docker builds. When images are created in published containers in your company’s environment, you need to scan them for Common Vulnerabilities and Exposures (CVEs). The scanning process must not impact software development agility. You want to use managed services where possible. What should you do?

Enable the Vulnerability scanning setting in the Container Registry.

Create a Cloud Function that is triggered on a code check-in and scan the code for CVEs.

Disallow the use of non-commercially supported base images in your development environment.

Use Cloud Monitoring to review the output of Cloud Build to determine whether a vulnerable version has been used.

Question # 20

You are developing a corporate tool on Compute Engine for the finance department, which needs to authenticate users and verify that they are in the finance department. All company employees use G Suite.

What should you do?

Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Verify the provided JSON Web Token within the application.

Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Issue client-side certificates to everybody in the finance team and verify the certificates in the application.

Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Verify the provided JSON Web Token within the application.

Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Issue client side certificates to everybody in the finance team and verify the certificates in the application.