Pre-Winter Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Question # 4

You have an application deployed in production. When a new version is deployed, you want to ensure that all production traffic is routed to the new version of your application. You also want to keep the previous version deployed so that you can revert to it if there is an issue with the new version.

Which deployment strategy should you use?

A.

Blue/green deployment

B.

Canary deployment

C.

Rolling deployment

D.

Recreate deployment

Full Access
Question # 5

You have an application written in Python running in production on Cloud Run. Your application needs to read/write data stored in a Cloud Storage bucket in the same project. You want to grant access to your application following the principle of least privilege. What should you do?

A.

Create a user-managed service account with a custom Identity and Access Management (IAM) role.

B.

Create a user-managed service account with the Storage Admin Identity and Access Management (IAM) role.

C.

Create a user-managed service account with the Project Editor Identity and Access Management (IAM) role.

D.

Use the default service account linked to the Cloud Run revision in production.

Full Access
Question # 6

You are a developer at a financial institution You use Cloud Shell to interact with Google Cloud services. User data is currently stored on an ephemeral disk however a recently passed regulation mandates that you can no longer store sensitive information on an ephemeral disk. You need to implement a new storage solution for your user data You want to minimize code changes Where should you store your user data'?

A.

Store user data on a Cloud Shell home disk and log in at least every 120 days to prevent its deletion

B.

Store user data on a persistent disk in a Compute Engine instance

C.

Store user data m BigQuery tables

D.

Store user data in a Cloud Storage bucket

Full Access
Question # 7

You have an HTTP Cloud Function that is called via POST. Each submission’s request body has a flat, unnested JSON structure containing numeric and text data. After the Cloud Function completes, the collected data should be immediately available for ongoing and complex analytics by many users in parallel. How should you persist the submissions?

A.

Directly persist each POST request’s JSON data into Datastore.

B.

Transform the POST request’s JSON data, and stream it into BigQuery.

C.

Transform the POST request’s JSON data, and store it in a regional Cloud SQL cluster.

D.

Persist each POST request’s JSON data as an individual file within Cloud Storage, with the file name containing the request identifier.

Full Access
Question # 8

You are developing a flower ordering application Currently you have three microservices.

• Order Service (receives the orders).

• Order Fulfillment Service (processes the orders).

• Notification Service (notifies the customer when the order is filled).

You need to determine how the services will communicate with each other. You want incoming orders to be processed quickly and you need to collect order information for fulfillment. You also want to make sure orders are not lost between your services and are able to communicate asynchronously. How should the requests be processed?

A.

B.

C.

D.

Full Access
Question # 9

You are developing an application that consists of several microservices running in a Google Kubernetes Engine cluster. One microservice needs to connect to a third-party database running on-premises. You need to store credentials to the database and ensure that these credentials can be rotated while following security best practices. What should you do?

A.

Store the credentials in a sidecar container proxy, and use it to connect to the third-party database.

B.

Configure a service mesh to allow or restrict traffic from the Pods in your microservice to the database.

C.

Store the credentials in an encrypted volume mount, and associate a Persistent Volume Claim with the client Pod.

D.

Store the credentials as a Kubernetes Secret, and use the Cloud Key Management Service plugin to handle encryption and decryption.

Full Access
Question # 10

You are developing a corporate tool on Compute Engine for the finance department, which needs to authenticate users and verify that they are in the finance department. All company employees use G Suite.

What should you do?

A.

Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Verify the provided JSON Web Token within the application.

B.

Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Issue client-side certificates to everybody in the finance team and verify the certificates in the application.

C.

Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Verify the provided JSON Web Token within the application.

D.

Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Issue client side certificates to everybody in the finance team and verify the certificates in the application.

Full Access
Question # 11

You have written a Cloud Function that accesses other Google Cloud resources. You want to secure the environment using the principle of least privilege. What should you do?

A.

Create a new service account that has Editor authority to access the resources. The deployer is given permission to get the access token.

B.

Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to get the access token.

C.

Create a new service account that has Editor authority to access the resources. The deployer is given permission to act as the new service account.

D.

Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to act as the new service account.

Full Access
Question # 12

Your application takes an input from a user and publishes it to the user's contacts. This input is stored in a

table in Cloud Spanner. Your application is more sensitive to latency and less sensitive to consistency.

How should you perform reads from Cloud Spanner for this application?

A.

Perform Read-Only transactions.

B.

Perform stale reads using single-read methods.

C.

Perform strong reads using single-read methods.

D.

Perform stale reads using read-write transactions.

Full Access
Question # 13

Your team detected a spike of errors in an application running on Cloud Run in your production project. The application is configured to read messages from Pub/Sub topic A, process the messages, and write the messages to topic B. You want to conduct tests to identify the cause of the errors. You can use a set of mock messages for testing. What should you do?

A.

Deploy the Pub/Sub and Cloud Run emulators on your local machine. Deploy the application locally, and change the logging level in the application to DEBUG or INFO. Write mock messages to topic A, and then analyze the logs.

B.

Use the gcloud CLI to write mock messages to topic A. Change the logging level in the application to DEBUG or INFO, and then analyze the logs.

C.

Deploy the Pub/Sub emulator on your local machine. Point the production application to your local Pub/Sub topics. Write mock messages to topic A, and then analyze the logs.

D.

Use the Google Cloud console to write mock messages to topic A. Change the logging level in the application to DEBUG or INFO, and then analyze the logs.

Full Access
Question # 14

Your company has a BigQuery data mart that provides analytics information to hundreds of employees. One

user of wants to run jobs without interrupting important workloads. This user isn't concerned about the time it

takes to run these jobs. You want to fulfill this request while minimizing cost to the company and the effort

required on your part.

What should you do?

A.

Ask the user to run the jobs as batch jobs.

B.

Create a separate project for the user to run jobs.

C.

Add the user as a job.user role in the existing project.

D.

Allow the user to run jobs when important workloads are not running.

Full Access
Question # 15

You are developing an application that needs to store files belonging to users in Cloud Storage. You want each user to have their own subdirectory in Cloud Storage. When a new user is created, the corresponding empty subdirectory should also be created. What should you do?

A.

Create an object with the name of the subdirectory ending with a trailing slash ('/') that is zero bytes in length.

B.

Create an object with the name of the subdirectory, and then immediately delete the object within that subdirectory.

C.

Create an object with the name of the subdirectory that is zero bytes in length and has WRITER access control list permission.

D.

Create an object with the name of the subdirectory that is zero bytes in length. Set the Content-Type metadata to CLOUDSTORAGE_FOLDER.

Full Access
Question # 16

You are deploying a microservices application to Google Kubernetes Engine (GKE) that will broadcast livestreams. You expect unpredictable traffic patterns and large variations in the number of concurrent users. Your application must meet the following requirements:

• Scales automatically during popular events and maintains high availability

• Is resilient in the event of hardware failures

How should you configure the deployment parameters? (Choose two.)

A.

Distribute your workload evenly using a multi-zonal node pool.

B.

Distribute your workload evenly using multiple zonal node pools.

C.

Use cluster autoscaler to resize the number of nodes in the node pool, and use a Horizontal Pod Autoscaler to scale the workload.

D.

Create a managed instance group for Compute Engine with the cluster nodes. Configure autoscaling rules for the managed instance group.

E.

Create alerting policies in Cloud Monitoring based on GKE CPU and memory utilization. Ask an on-duty engineer to scale the workload by executing a script when CPU and memory usage exceed predefined thresholds.

Full Access
Question # 17

You are working on a social media application. You plan to add a feature that allows users to upload images. These images will be 2 MB – 1 GB in size. You want to minimize their infrastructure operations overhead for this feature. What should you do?

A.

Change the application to accept images directly and store them in the database that stores other user information.

B.

Change the application to create signed URLs for Cloud Storage. Transfer these signed URLs to the client application to upload images to Cloud Storage.

C.

Set up a web server on GCP to accept user images and create a file store to keep uploaded files. Change the application to retrieve images from the file store.

D.

Create a separate bucket for each user in Cloud Storage. Assign a separate service account to allow write access on each bucket. Transfer service account credentials to the client application based on user information. The application uses this service account to upload images to Cloud Storage.

Full Access
Question # 18

You want to use the Stackdriver Logging Agent to send an application's log file to Stackdriver from a Compute Engine virtual machine instance.

After installing the Stackdriver Logging Agent, what should you do first?

A.

Enable the Error Reporting API on the project.

B.

Grant the instance full access to all Cloud APIs.

C.

Configure the application log file as a custom source.

D.

Create a Stackdriver Logs Export Sink with a filter that matches the application's log entries.

Full Access
Question # 19

You are using Cloud Run to host a global ecommerce web application. Your company's design team is creating a new color scheme for the web app. You have been tasked with determining whether the new color scheme will increase sales You want to conduct testing on live production traffic How should you design the study?

A.

Use an external HTTP(S) load balancer to route a predetermined percentage of traffic to two different color

schemes of your application Analyze the results to determine whether there is a statistically significant

difference in sales.

B.

Use an external HTTP(S) load balancer to route traffic to the original color scheme while the new deployment

is created and tested After testing is complete reroute all traffic to the new color scheme Analyze the

results to determine whether there is a statistically significant difference in sales.

C.

Enable a feature flag that displays the new color scheme to half of all users. Monitor sales to see whether

they increase for this group of users.

D.

Use an external HTTP(S) load balancer to mirror traffic to the new version of your application Analyze the

results to determine whether there is a statistically significant difference in sales.

Full Access
Question # 20

You are deploying your application to a Compute Engine virtual machine instance. Your application is

configured to write its log files to disk. You want to view the logs in Stackdriver Logging without changing the

application code.

What should you do?

A.

Install the Stackdriver Logging Agent and configure it to send the application logs.

B.

Use a Stackdriver Logging Library to log directly from the application to Stackdriver Logging.

C.

Provide the log file folder path in the metadata of the instance to configure it to send the application logs.

D.

Change the application to log to /var/log so that its logs are automatically sent to Stackdriver Logging.

Full Access
Question # 21

Your application is built as a custom machine image. You have multiple unique deployments of the machine image. Each deployment is a separate managed instance group with its own template. Each deployment requires a unique set of configuration values. You want to provide these unique values to each deployment but use the same custom machine image in all deployments. You want to use out-of-the-box features of Compute Engine. What should you do?

A.

Place the unique configuration values in the persistent disk.

B.

Place the unique configuration values in a Cloud Bigtable table.

C.

Place the unique configuration values in the instance template startup script.

D.

Place the unique configuration values in the instance template instance metadata.

Full Access
Question # 22

You are developing an event-driven application. You have created a topic to receive messages sent to Pub/Sub. You want those messages to be processed in real time. You need the application to be independent from any other system and only incur compute costs when new messages arrive. You want to configure the simplest and most efficient architecture What should you do?

A.

Deploy your code on Cloud Functions. Use a Pub/Sub trigger to invoke the Cloud Function. Use the Pub/Sub API to create a pull subscription to the Pub/Sub topic and read messages from it.

B.

Deploy your code on Cloud Functions. Use a Pub/Sub trigger to handle new messages in the topic.

C.

Deploy the application on Google Kubernetes Engine. Use the Pub/Sub API to create a pull subscription to the Pub/Sub topic and read messages from it

D.

Deploy the application on Compute Engine. Use a Pub/Sub push subscription to process new messages in the topic.

Full Access
Question # 23

You recently developed a new application. You want to deploy the application on Cloud Run without a Dockerfile. Your organization requires that all container images are pushed to a centrally managed container repository. How should you build your container using Google Cloud services? (Choose two.)

A.

Push your source code to Artifact Registry.

B.

Submit a Cloud Build job to push the image.

C.

Use the pack build command with pack CLI.

D.

Include the --source flag with the gcloud run deploy CLI command.

E.

Include the --platform=kubernetes flag with the gcloud run deploy CLI command.

Full Access
Question # 24

Your team is developing unit tests for Cloud Function code. The code is stored in a Cloud Source Repositories repository. You are responsible for implementing the tests. Only a specific service account has the necessary permissions to deploy the code to Cloud Functions. You want to ensure that the code cannot be deployed without first passing the tests. How should you configure the unit testing process?

A.

Configure Cloud Build to deploy the Cloud Function. If the code passes the tests, a deployment approval is sent to you.

B.

Configure Cloud Build to deploy the Cloud Function, using the specific service account as the build agent. Run the unit tests after successful deployment.

C.

Configure Cloud Build to run the unit tests. If the code passes the tests, the developer deploys the Cloud Function.

D.

Configure Cloud Build to run the unit tests, using the specific service account as the build agent. If the code passes the tests, Cloud Build deploys the Cloud Function.

Full Access
Question # 25

Your application requires service accounts to be authenticated to GCP products via credentials stored on its host Compute Engine virtual machine instances. You want to distribute these credentials to the host instances as securely as possible. What should you do?

A.

Use HTTP signed URLs to securely provide access to the required resources.

B.

Use the instance’s service account Application Default Credentials to authenticate to the required resources.

C.

Generate a P12 file from the GCP Console after the instance is deployed, and copy the credentials to the host instance before starting the application.

D.

Commit the credential JSON file into your application’s source repository, and have your CI/CD process package it with the software that is deployed to the instance.

Full Access
Question # 26

Your application stores customers' content in a Cloud Storage bucket, with each object being encrypted with the customer's encryption key. The key for each object in Cloud Storage is entered into your application by the customer. You discover that your application is receiving an HTTP 4xx error when reading the object from Cloud Storage What is a possible cause of this error?

A.

You attempted the read operation without the base64-encoded SHA256 hash of the encryption key.

B.

You entered the same encryption algorithm specified by the customer when attempting the read operation.

C.

You attempted the read operation on the object with the base64-encoded SHA256 hash of the customer's key.

D.

You attempted the read operation on the object with the customers base64-encoded key.

Full Access
Question # 27

You are reviewing and updating your Cloud Build steps to adhere to Google-recommended practices. Currently, your build steps include:

1. Pull the source code from a source repository.

2. Build a container image

3. Upload the built image to Artifact Registry.

You need to add a step to perform a vulnerability scan of the built container image, and you want the results of the scan to be available to your deployment pipeline running in Google Cloud. You want to minimize changes that could disrupt other teams' processes What should you do?

A.

Enable Binary Authorization, and configure it to attest that no vulnerabilities exist in a container image.

B.

Enable the Container Scanning API in Artifact Registry, and scan the built container images for vulnerabilities.

C.

Upload the built container images to your Docker Hub instance, and scan them for vulnerabilities.

D.

Add Artifact Registry to your Aqua Security instance, and scan the built container images for vulnerabilities

Full Access
Question # 28

Your company’s development teams want to use various open source operating systems in their Docker builds. When images are created in published containers in your company’s environment, you need to scan them for Common Vulnerabilities and Exposures (CVEs). The scanning process must not impact software development agility. You want to use managed services where possible. What should you do?

A.

Enable the Vulnerability scanning setting in the Container Registry.

B.

Create a Cloud Function that is triggered on a code check-in and scan the code for CVEs.

C.

Disallow the use of non-commercially supported base images in your development environment.

D.

Use Cloud Monitoring to review the output of Cloud Build to determine whether a vulnerable version has been used.

Full Access
Question # 29

You are building a mobile application that will store hierarchical data structures in a database. The application will enable users working offline to sync changes when they are back online. A backend service will enrich the data in the database using a service account. The application is expected to be very popular and needs to scale seamlessly and securely. Which database and IAM role should you use?

A.

Use Cloud SQL, and assign the roles/cloudsql.editor role to the service account.

B.

Use Bigtable, and assign the roles/bigtable.viewer role to the service account.

C.

Use Firestore in Native mode and assign the roles/datastore.user role to the service account.

D.

Use Firestore in Datastore mode and assign the roles/datastore.viewer role to the service account.

Full Access
Question # 30

You are supporting a business-critical application in production deployed on Cloud Run. The application is reporting HTTP 500 errors that are affecting the usability of the application. You want to be alerted when the number of errors exceeds 15% of the requests within a specific time window. What should you do?

A.

Navigate to the Cloud Run page in the Google Cloud console, and select the service from the services list.

Use the Metrics tab to visualize the number of errors for that revision and refresh the page daily.

B.

Create a Cloud Function that consumes the Cloud Monitoring API Use Cloud Composer to trigger the Cloud

Function daily and alert you if the number of errors is above the defined threshold.

C.

Create an alerting policy in Cloud Monitoring that alerts you if the number of errors is above the defined

threshold.

D.

Create a Cloud Function that consumes the Cloud Monitoring API Use Cloud Scheduler to trigger the Cloud

Function daily and alert you if the number of errors is above the defined threshold

Full Access
Question # 31

You are designing a schema for a table that will be moved from MySQL to Cloud Bigtable. The MySQL table is as follows:

How should you design a row key for Cloud Bigtable for this table?

A.

Set Account_id as a key.

B.

Set Account_id_Event_timestamp as a key.

C.

Set Event_timestamp_Account_id as a key.

D.

Set Event_timestamp as a key.

Full Access
Question # 32

You plan to make a simple HTML application available on the internet. This site keeps information about FAQs for your application. The application is static and contains images, HTML, CSS, and Javascript. You want to make this application available on the internet with as few steps as possible.

What should you do?

A.

Upload your application to Cloud Storage.

B.

Upload your application to an App Engine environment.

C.

Create a Compute Engine instance with Apache web server installed. Configure Apache web server to

host the application.

D.

Containerize your application first. Deploy this container to Google Kubernetes Engine (GKE) and assign

an external IP address to the GKE pod hosting the application.

Full Access
Question # 33

Your application performs well when tested locally, but it runs significantly slower when you deploy it to App Engine standard environment. You want to diagnose the problem. What should you do?

A.

File a ticket with Cloud Support indicating that the application performs faster locally.

B.

Use Stackdriver Debugger Snapshots to look at a point-in-time execution of the application.

C.

Use Stackdriver Trace to determine which functions within the application have higher latency.

D.

Add logging commands to the application and use Stackdriver Logging to check where the latency problem occurs.

Full Access
Question # 34

Your company just experienced a Google Kubernetes Engine (GKE) API outage due to a zone failure. You want to deploy a highly available GKE architecture that minimizes service interruption to users in the event of a future zone failure. What should you do?

A.

Deploy Zonal clusters

B.

Deploy Regional clusters

C.

Deploy Multi-Zone clusters

D.

Deploy GKE on-premises clusters

Full Access
Question # 35

You are developing a new application that has the following design requirements:

Creation and changes to the application infrastructure are versioned and auditable.

The application and deployment infrastructure uses Google-managed services as much as possible.

The application runs on a serverless compute platform.

How should you design the application’s architecture?

A.

1. Store the application and infrastructure source code in a Git repository.

2. Use Cloud Build to deploy the application infrastructure with Terraform.

3. Deploy the application to a Cloud Function as a pipeline step.

B.

1. Deploy Jenkins from the Google Cloud Marketplace, and define a continuous integration pipeline in Jenkins.

2. Configure a pipeline step to pull the application source code from a Git repository.

3. Deploy the application source code to App Engine as a pipeline step.

C.

1. Create a continuous integration pipeline on Cloud Build, and configure the pipeline to deploy the application infrastructure using Deployment Manager templates.

2. Configure a pipeline step to create a container with the latest application source code.

3. Deploy the container to a Compute Engine instance as a pipeline step.

D.

1. Deploy the application infrastructure using gcloud commands.

2. Use Cloud Build to define a continuous integration pipeline for changes to the application source code.

3. Configure a pipeline step to pull the application source code from a Git repository, and create a containerized application.

4. Deploy the new container on Cloud Run as a pipeline step.

Full Access
Question # 36

You are using Cloud Build to build a Docker image. You need to modify the build to execute unit and run

integration tests. When there is a failure, you want the build history to clearly display the stage at which the

build failed.

What should you do?

A.

Add RUN commands in the Dockerfile to execute unit and integration tests.

B.

Create a Cloud Build build config file with a single build step to compile unit and integration tests.

C.

Create a Cloud Build build config file that will spawn a separate cloud build pipeline for unit and integration

tests.

D.

Create a Cloud Build build config file with separate cloud builder steps to compile and execute unit and

integration tests.

Full Access
Question # 37

You have deployed an HTTP(s) Load Balancer with the gcloud commands shown below.

Health checks to port 80 on the Compute Engine virtual machine instance are failing and no traffic is sent to your instances. You want to resolve the problem.

Which commands should you run?

A.

gcloud compute instances add-access-config ${NAME}-backend-instance-1

B.

gcloud compute instances add-tags ${NAME}-backend-instance-1 --tags http-server

C.

gcloud compute firewall-rules create allow-lb --network load-balancer --allow

tcp --source-ranges 130.211.0.0/22,35.191.0.0/16 --direction INGRESS

D.

gcloud compute firewall-rules create allow-lb --network load-balancer --allow

tcp --destination-ranges 130.211.0.0/22,35.191.0.0/16 --direction EGRESS

Full Access
Question # 38

Your application is logging to Stackdriver. You want to get the count of all requests on all /api/alpha/*

endpoints.

What should you do?

A.

Add a Stackdriver counter metric for path:/api/alpha/.

B.

Add a Stackdriver counter metric for endpoint:/api/alpha/*.

C.

Export the logs to Cloud Storage and count lines matching /api/alphA.

D.

Export the logs to Cloud Pub/Sub and count lines matching /api/alphA.

Full Access
Question # 39

You have an application controlled by a managed instance group. When you deploy a new version of the application, costs should be minimized and the number of instances should not increase. You want to ensure that, when each new instance is created, the deployment only continues if the new instance is healthy. What should you do?

A.

Perform a rolling-action with maxSurge set to 1, maxUnavailable set to 0.

B.

Perform a rolling-action with maxSurge set to 0, maxUnavailable set to 1

C.

Perform a rolling-action with maxHealthy set to 1, maxUnhealthy set to 0.

D.

Perform a rolling-action with maxHealthy set to 0, maxUnhealthy set to 1.

Full Access
Question # 40

You are using Cloud Build to create a new Docker image on each source code commit to a Cloud Source Repositoties repository. Your application is built on every commit to the master branch. You want to release specific commits made to the master branch in an automated method. What should you do?

A.

Manually trigger the build for new releases.

B.

Create a build trigger on a Git tag pattern. Use a Git tag convention for new releases.

C.

Create a build trigger on a Git branch name pattern. Use a Git branch naming convention for new releases.

D.

Commit your source code to a second Cloud Source Repositories repository with a second Cloud Build trigger. Use this repository for new releases only.

Full Access
Question # 41

For this question, refer to the HipLocal case study.

How should HipLocal redesign their architecture to ensure that the application scales to support a large increase in users?

A.

Use Google Kubernetes Engine (GKE) to run the application as a microservice. Run the MySQL database on a dedicated GKE node.

B.

Use multiple Compute Engine instances to run MySQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

C.

Use Memorystore to store session information and CloudSQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

D.

Use a Cloud Storage bucket to serve the application as a static website, and use another Cloud Storage bucket to store user state information.

Full Access
Question # 42

For this question, refer to the HipLocal case study.

A recent security audit discovers that HipLocal’s database credentials for their Compute Engine-hosted MySQL databases are stored in plain text on persistent disks. HipLocal needs to reduce the risk of these credentials being stolen. What should they do?

A.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

B.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

C.

Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

D.

Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

Full Access
Question # 43

Which service should HipLocal use for their public APIs?

A.

Cloud Armor

B.

Cloud Functions

C.

Cloud Endpoints

D.

Shielded Virtual Machines

Full Access
Question # 44

HipLocal's APIs are showing occasional failures, but they cannot find a pattern. They want to collect some

metrics to help them troubleshoot.

What should they do?

A.

Take frequent snapshots of all of the VMs.

B.

Install the Stackdriver Logging agent on the VMs.

C.

Install the Stackdriver Monitoring agent on the VMs.

D.

Use Stackdriver Trace to look for performance bottlenecks.

Full Access
Question # 45

For this question refer to the HipLocal case study.

HipLocal wants to reduce the latency of their services for users in global locations. They have created read replicas of their database in locations where their users reside and configured their service to read traffic using those replicas. How should they further reduce latency for all database interactions with the least amount of effort?

A.

Migrate the database to Bigtable and use it to serve all global user traffic.

B.

Migrate the database to Cloud Spanner and use it to serve all global user traffic.

C.

Migrate the database to Firestore in Datastore mode and use it to serve all global user traffic.

D.

Migrate the services to Google Kubernetes Engine and use a load balancer service to better scale the application.

Full Access
Question # 46

For this question, refer to the HipLocal case study.

Which Google Cloud product addresses HipLocal’s business requirements for service level indicators and objectives?

A.

Cloud Profiler

B.

Cloud Monitoring

C.

Cloud Trace

D.

Cloud Logging

Full Access
Question # 47

For this question, refer to the HipLocal case study.

HipLocal's application uses Cloud Client Libraries to interact with Google Cloud. HipLocal needs to configure authentication and authorization in the Cloud Client Libraries to implement least privileged access for the application. What should they do?

A.

Create an API key. Use the API key to interact with Google Cloud.

B.

Use the default compute service account to interact with Google Cloud.

C.

Create a service account for the application. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.

D.

Create a service account for the application and for each Google Cloud API used by the application. Export and deploy the private keys used by the application. Use the service account with one Google Cloud API to interact with Google Cloud.

Full Access
Question # 48

In order to meet their business requirements, how should HipLocal store their application state?

A.

Use local SSDs to store state.

B.

Put a memcache layer in front of MySQL.

C.

Move the state storage to Cloud Spanner.

D.

Replace the MySQL instance with Cloud SQL.

Full Access
Question # 49

HipLocal has connected their Hadoop infrastructure to GCP using Cloud Interconnect in order to query data stored on persistent disks.

Which IP strategy should they use?

A.

Create manual subnets.

B.

Create an auto mode subnet.

C.

Create multiple peered VPCs.

D.

Provision a single instance for NAT.

Full Access
Question # 50

HipLocal wants to improve the resilience of their MySQL deployment, while also meeting their business and technical requirements.

Which configuration should they choose?

A.

Use the current single instance MySQL on Compute Engine and several read-only MySQL servers on

Compute Engine.

B.

Use the current single instance MySQL on Compute Engine, and replicate the data to Cloud SQL in an

external master configuration.

C.

Replace the current single instance MySQL instance with Cloud SQL, and configure high availability.

D.

Replace the current single instance MySQL instance with Cloud SQL, and Google provides redundancy

without further configuration.

Full Access
Question # 51

HipLocal wants to reduce the number of on-call engineers and eliminate manual scaling.

Which two services should they choose? (Choose two.)

A.

Use Google App Engine services.

B.

Use serverless Google Cloud Functions.

C.

Use Knative to build and deploy serverless applications.

D.

Use Google Kubernetes Engine for automated deployments.

E.

Use a large Google Compute Engine cluster for deployments.

Full Access
Question # 52

Which service should HipLocal use to enable access to internal apps?

A.

Cloud VPN

B.

Cloud Armor

C.

Virtual Private Cloud

D.

Cloud Identity-Aware Proxy

Full Access
Question # 53

For this question, refer to the HipLocal case study.

HipLocal is expanding into new locations. They must capture additional data each time the application is launched in a new European country. This is causing delays in the development process due to constant schema changes and a lack of environments for conducting testing on the application changes. How should they resolve the issue while meeting the business requirements?

A.

Create new Cloud SQL instances in Europe and North America for testing and deployment. Provide developers with local MySQL instances to conduct testing on the application changes.

B.

Migrate data to Bigtable. Instruct the development teams to use the Cloud SDK to emulate a local Bigtable development environment.

C.

Move from Cloud SQL to MySQL hosted on Compute Engine. Replicate hosts across regions in the Americas and Europe. Provide developers with local MySQL instances to conduct testing on the application changes.

D.

Migrate data to Firestore in Native mode and set up instan

Full Access
Question # 54

Which database should HipLocal use for storing user activity?

A.

BigQuery

B.

Cloud SQL

C.

Cloud Spanner

D.

Cloud Datastore

Full Access
Question # 55

HipLocal's.net-based auth service fails under intermittent load.

What should they do?

A.

Use App Engine for autoscaling.

B.

Use Cloud Functions for autoscaling.

C.

Use a Compute Engine cluster for the service.

D.

Use a dedicated Compute Engine virtual machine instance for the service.

Full Access
Question # 56

HipLocal’s data science team wants to analyze user reviews.

How should they prepare the data?

A.

Use the Cloud Data Loss Prevention API for redaction of the review dataset.

B.

Use the Cloud Data Loss Prevention API for de-identification of the review dataset.

C.

Use the Cloud Natural Language Processing API for redaction of the review dataset.

D.

Use the Cloud Natural Language Processing API for de-identification of the review dataset.

Full Access
Question # 57

For this question, refer to the HipLocal case study.

How should HipLocal increase their API development speed while continuing to provide the QA team with a stable testing environment that meets feature requirements?

A.

Include unit tests in their code, and prevent deployments to QA until all tests have a passing status.

B.

Include performance tests in their code, and prevent deployments to QA until all tests have a passing status.

C.

Create health checks for the QA environment, and redeploy the APIs at a later time if the environment is unhealthy.

D.

Redeploy the APIs to App Engine using Traffic Splitting. Do not move QA traffic to the new versions if errors are found.

Full Access
Question # 58

HipLocal is configuring their access controls.

Which firewall configuration should they implement?

A.

Block all traffic on port 443.

B.

Allow all traffic into the network.

C.

Allow traffic on port 443 for a specific tag.

D.

Allow all traffic on port 443 into the network.

Full Access
Question # 59

In order for HipLocal to store application state and meet their stated business requirements, which database service should they migrate to?

A.

Cloud Spanner

B.

Cloud Datastore

C.

Cloud Memorystore as a cache

D.

Separate Cloud SQL clusters for each region

Full Access