Practice Free Professional Cloud Developer Exam Online Questions
You have containerized a legacy application that stores its configuration on an NFS share. You need to deploy this application to Google Kubernetes Engine (GKE) and do not want the application serving traffic until after the configuration has been retrieved.
What should you do?
- A . Use the gsutil utility to copy files from within the Docker container at startup, and start the service using an ENTRYPOINT script.
- B . Create a PersistentVolumeClaim on the GKE cluster. Access the configuration files from the volume, and start the service using an ENTRYPOINT script.
- C . Use the COPY statement in the Dockerfile to load the configuration into the container image.
Verify that the configuration is available, and start the service using an ENTRYPOINT script. - D . Add a startup script to the GKE instance group to mount the NFS share at node startup. Copy the configuration files into the container, and start the service using an ENTRYPOINT script.
B
Explanation:
Reference: https://cloud.google.com/compute/docs/instances/startup-scripts/linux
You need to configure a Deployment on Google Kubernetes Engine (GKE). You want to include a check that verifies that the containers can connect to the database. If the Pod is failing to connect, you want a script on the container to run to complete a graceful shutdown.
How should you configure the Deployment?
- A . Create two jobs: one that checks whether the container can connect to the database, and another that runs the shutdown script if the Pod is failing.
- B . Create the Deployment with a livenessProbe for the container that will fail if the container can’t connect to the database. Configure a Prestop lifecycle handler that runs the shutdown script if the container is failing.
- C . Create the Deployment with a PostStart lifecycle handler that checks the service availability. Configure a PreStop lifecycle handler that runs the shutdown script if the container is failing.
- D . Create the Deployment with an initContainer that checks the service availability. Configure a Prestop lifecycle handler that runs the shutdown script if the Pod is failing.
B
Explanation:
https://cloud.google.com/architecture/best-practices-for-running-cost-effective-kubernetes-applications-on-gke#make_sure_your_applications_are_shutting_down_in_accordance_with_kubernetes_expectations
You need to configure a Deployment on Google Kubernetes Engine (GKE). You want to include a check that verifies that the containers can connect to the database. If the Pod is failing to connect, you want a script on the container to run to complete a graceful shutdown.
How should you configure the Deployment?
- A . Create two jobs: one that checks whether the container can connect to the database, and another that runs the shutdown script if the Pod is failing.
- B . Create the Deployment with a livenessProbe for the container that will fail if the container can’t connect to the database. Configure a Prestop lifecycle handler that runs the shutdown script if the container is failing.
- C . Create the Deployment with a PostStart lifecycle handler that checks the service availability. Configure a PreStop lifecycle handler that runs the shutdown script if the container is failing.
- D . Create the Deployment with an initContainer that checks the service availability. Configure a Prestop lifecycle handler that runs the shutdown script if the Pod is failing.
B
Explanation:
https://cloud.google.com/architecture/best-practices-for-running-cost-effective-kubernetes-applications-on-gke#make_sure_your_applications_are_shutting_down_in_accordance_with_kubernetes_expectations
You are developing an internal application that will allow employees to organize community events within your company. You deployed your application on a single Compute Engine instance. Your company uses Google Workspace (formerly G Suite), and you need to ensure that the company employees can authenticate to the application from anywhere.
What should you do?
- A . Add a public IP address to your instance, and restrict access to the instance using firewall rules.
Allow your company’s proxy as the only source IP address. - B . Add an HTTP(S) load balancer in front of the instance, and set up Identity-Aware Proxy (IAP).
Configure the IAP settings to allow your company domain to access the website. - C . Set up a VPN tunnel between your company network and your instance’s VPC location on Google Cloud. Configure the required firewall rules and routing information to both the on-premises and Google Cloud networks.
- D . Add a public IP address to your instance, and allow traffic from the internet. Generate a random hash, and create a subdomain that includes this hash and points to your instance. Distribute this DNS address to your company’s employees.
B
Explanation:
https://cloud.google.com/blog/topics/developers-practitioners/control-access-your-web-sites-identity-aware-proxy
You have an on-premises application that authenticates to the Cloud Storage API using a user-managed service account with a user-managed key. The application connects to Cloud Storage using Private Google Access over a Dedicated Interconnect link. You discover that requests from the application to access objects in the Cloud Storage bucket are failing with a 403 Permission Denied error code.
What is the likely cause of this issue?
- A . The folder structure inside the bucket and object paths have changed.
- B . The permissions of the service account’s predefined role have changed.
- C . The service account key has been rotated but not updated on the application server.
- D . The Interconnect link from the on-premises data center to Google Cloud is experiencing a temporary outage.
You work for an organization that manages an online ecommerce website. Your company plans to expand across the world; however, the estore currently serves one specific region. You need to select a SQL database and configure a schema that will scale as your organization grows. You want to create a table that stores all customer transactions and ensure that the customer (CustomerId) and the transaction (TransactionId) are unique.
What should you do?
- A . Create a Cloud SQL table that has TransactionId and CustomerId configured as primary keys. Use an incremental number for the TransactionId.
- B . Create a Cloud SQL table that has TransactionId and CustomerId configured as primary keys. Use a random string (UUID) for the Transactionid.
- C . Create a Cloud Spanner table that has TransactionId and CustomerId configured as primary keys.
Use a random string (UUID) for the TransactionId. - D . Create a Cloud Spanner table that has TransactionId and CustomerId configured as primary keys.
Use an incremental number for the TransactionId.
You are developing a corporate tool on Compute Engine for the finance department, which needs to authenticate users and verify that they are in the finance department. All company employees use G Suite.
What should you do?
- A . Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Verify the provided JSON Web Token within the application.
- B . Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Issue client-side certificates to everybody in the finance team and verify the certificates in the application.
- C . Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges.
Verify the provided JSON Web Token within the application. - D . Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Issue client side certificates to everybody in the finance team and verify the certificates in the application.
A
Explanation:
https://cloud.google.com/iap/docs/signed-headers-howto#securing_iap_headers
(https://cloud.google.com/endpoints/docs/openapi/authenticating-users-google-id).
https://cloud.google.com/armor/docs/security-policy-overview#:~:text=Google%20Cloud%20Armor%20security%20policies%20enable%20you%20to%20a llow%20or,Private%20Cloud%20(VPC)%20networks
"Google Cloud Armor security policies protect your application by providing Layer 7 filtering and by scrubbing incoming requests for common web attacks or other Layer 7 attributes to potentially block traffic before it reaches your load balanced backend services or backend buckets"
You are parsing a log file that contains three columns: a timestamp, an account number (a string), and a transaction amount (a number). You want to calculate the sum of all transaction amounts for each unique account number efficiently.
Which data structure should you use?
- A . A linked list
- B . A hash table
- C . A two-dimensional array
- D . A comma-delimited string
Your development team has built several Cloud Functions using Java along with corresponding integration and service tests. You are building and deploying the functions and launching the tests using Cloud Build. Your Cloud Build job is reporting deployment failures immediately after successfully validating the code.
What should you do?
- A . Check the maximum number of Cloud Function instances.
- B . Verify that your Cloud Build trigger has the correct build parameters.
- C . Retry the tests using the truncated exponential backoff polling strategy.
- D . Verify that the Cloud Build service account is assigned the Cloud Functions Developer role.
D
Explanation:
https://cloud.google.com/build/docs/securing-builds/configure-access-for-cloud-build-service-account
Configure this pipeline to run a deployment step to the Test cluster