Quality Professional-Cloud-DevOps-Engineer PDF Dumps - Professional-Cloud-DevOps-Engineer Exam Questions [Q14-Q35]

Quality Professional-Cloud-DevOps-Engineer PDF Dumps - Professional-Cloud-DevOps-Engineer Exam Questions

Most UptoDate Google Professional-Cloud-DevOps-Engineer Exam Dumps PDF 2021

Audience for This Certification Exam

The target audience for the Google Professional Cloud DevOps Engineer test is formed of those individuals who want to learn how they can develop efficient operations and find a balance between the speed in delivering services and its reliability. Also, the candidates who are interested in taking this evaluation want to validate their skills in using the Google Cloud Platform at a professional level. Therefore, thanks to such an exam, applicants will learn how to develop pipelines related to software delivery, as well as become experts at monitoring and deploying services, together with managing and learning from them.

 

NEW QUESTION 14
Your organization wants to implement Site Reliability Engineering (SRE) culture and principles. Recently, a service that you support had a limited outage. A manager on another team asks you to provide a formal explanation of what happened so they can action remediations. What should you do?

• A. Develop a postmortem that includes the root causes, resolution, lessons learned, the list of people responsible, and a list of action items for each person. Share it on the engineering organization's document portal.
• B. Develop a postmortem that includes the root causes, resolution, lessons learned, the list of people responsible, and a list of action items for each person. Share it with the manager only.
• C. Develop a postmortem that includes the root causes, resolution, lessons learned, and a prioritized list of action items. Share it on the engineering organization's document portal.
• D. Develop a postmortem that includes the root causes, resolution, lessons learned, and a prioritized list of action items. Share it with the manager only.

Answer: C

 

NEW QUESTION 15
Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach. What should you do?

• A. Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it
• B. Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.
• C. Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.
• D. Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.

Answer: C

 

NEW QUESTION 16
You support a popular mobile game application deployed on Google Kubernetes Engine (GKE) across several Google Cloud regions. Each region has multiple Kubernetes clusters. You receive a report that none of the users in a specific region can connect to the application. You want to resolve the incident while following Site Reliability Engineering practices. What should you do first?

• A. Use Stackdriver Monitoring to check for a spike in CPU or memory usage for the affected region.
• B. Use Stackdriver Logging to filter on the clusters in the affected region, and inspect error messages in the logs.
• C. Add an extra node pool that consists of high memory and high CPU machine type instances to the cluster.
• D. Reroute the user traffic from the affected region to other regions that don't report issues.

Answer: B

 

NEW QUESTION 17
Your team is designing a new application for deployment both inside and outside Google Cloud Platform (GCP). You need to collect detailed metrics such as system resource utilization. You want to use centralized GCP services while minimizing the amount of work required to set up this collection system. What should you do?

• A. Import the Stackdriver Debugger package, and configure the application to emit debug messages with timing information.
• B. Instrument the code using a timing library, and publish the metrics via a health check endpoint that is scraped by Stackdriver.
• C. Install an Application Performance Monitoring (APM) tool in both locations, and configure an export to a central data storage location for analysis.
• D. Import the Stackdriver Profiler package, and configure it to relay function timing data to Stackdriver for further analysis.

Answer: A

 

NEW QUESTION 18
You are managing the production deployment to a set of Google Kubernetes Engine (GKE) clusters. You want to make sure only images which are successfully built by your trusted CI/CD pipeline are deployed to production. What should you do?

• A. Set up the Kubernetes Engine clusters with Binary Authorization.
• B. Set up the Kubernetes Engine clusters as private clusters.
• C. Enable Vulnerability Analysis on the Container Registry.
• D. Enable Cloud Security Scanner on the clusters.

Answer: C

 

NEW QUESTION 19
You have a set of applications running on a Google Kubernetes Engine (GKE) cluster, and you are using Stackdriver Kubernetes Engine Monitoring. You are bringing a new containerized application required by your company into production. This application is written by a third party and cannot be modified or reconfigured. The application writes its log information to /var/log/app_messages.log, and you want to send these log entries to Stackdriver Logging. What should you do?

• A. Install Kubernetes on Google Compute Engine (GCE> and redeploy your applications. Then customize the built-in Stackdriver Logging configuration to tail the log file in the application's pods and write to Stackdriver Logging.
• B. Write a script to tail the log file within the pod and write entries to standard output. Run the script as a sidecar container with the application's pod. Configure a shared volume between the containers to allow the script to have read access to /var/log in the application container.
• C. Use the default Stackdriver Kubernetes Engine Monitoring agent configuration.
• D. Deploy a Fluentd daemonset to GKE. Then create a customized input and output configuration to tail the log file in the application's pods and write to Slackdriver Logging.

Answer: B

 

NEW QUESTION 20
You support a high-traffic web application with a microservice architecture. The home page of the application displays multiple widgets containing content such as the current weather, stock prices, and news headlines. The main serving thread makes a call to a dedicated microservice for each widget and then lays out the homepage for the user. The microservices occasionally fail; when that happens, the serving thread serves the homepage with some missing content. Users of the application are unhappy if this degraded mode occurs too frequently, but they would rather have some content served instead of no content at all. You want to set a Service Level Objective (SLO) to ensure that the user experience does not degrade too much. What Service Level Indicator {SLI) should you use to measure this?

• A. A quality SLI: the ratio of non-degraded responses to total responses
• B. A freshness SLI: the proportion of widgets that have been updated within the last 10 minutes
• C. A latency SLI: the ratio of microservice calls that complete in under 100 ms to the total number of microservice calls
• D. An availability SLI: the ratio of healthy microservices to the total number of microservices

Answer: C

 

NEW QUESTION 21
You support a multi-region web service running on Google Kubernetes Engine (GKE) behind a Global HTTP'S Cloud Load Balancer (CLB). For legacy reasons, user requests first go through a third-party Content Delivery Network (CDN). which then routes traffic to the CLB. You have already implemented an availability Service Level Indicator (SLI) at the CLB level. However, you want to increase coverage in case of a potential load balancer misconfiguration. CDN failure, or other global networking catastrophe. Where should you measure this new SLI?
Choose 2 answers

• A. Metrics exported from the application servers
• B. A synthetic client that periodically sends simulated user requests
• C. GKE health checks for your application servers
• D. Your application servers' logs
• E. Instrumentation coded directly in the client

Answer: B,E

 

NEW QUESTION 22
You support an application running on GCP and want to configure SMS notifications to your team for the most critical alerts in Stackdriver Monitoring. You have already identified the alerting policies you want to configure this for. What should you do?

• A. Download and configure a third-party integration between Stackdriver Monitoring and an SMS gateway. Ensure that your team members add their SMS/phone numbers to the external tool.
• B. Select the Webhook notifications option for each alerting policy, and configure it to use a third-party integration tool. Ensure that your team members add their SMS/phone numbers to the external tool.
• C. Configure a Slack notification for each alerting policy. Set up a Slack-to-SMS integration to send SMS messages when Slack messages are received. Ensure that your team members add their SMS/phone numbers to the external integration.
• D. Ensure that your team members set their SMS/phone numbers in their Stackdriver Profile. Select the SMS notification option for each alerting policy and then select the appropriate SMS/phone numbers from the list.

Answer: D

Explanation:
https://cloud.google.com/monitoring/support/notification-options#creating_channels To configure SMS notifications, do the following:
In the SMS section, click Add new and follow the instructions. Click Save. When you set up your alerting policy, select the SMS notification type and choose a verified phone number from the list.

 

NEW QUESTION 23
You are deploying an application that needs to access sensitive information. You need to ensure that this information is encrypted and the risk of exposure is minimal if a breach occurs. What should you do?

• A. Store the encryption keys in Cloud Key Management Service (KMS) and rotate the keys frequently
• B. Leverage a continuous build pipeline that produces multiple versions of the secret for each instance of the application.
• C. Inject the secret at the time of instance creation via an encrypted configuration management system.
• D. Integrate the application with a Single sign-on (SSO) system and do not expose secrets to the application

Answer: A

 

NEW QUESTION 24
Your company follows Site Reliability Engineering practices. You are the person in charge of Communications for a large, ongoing incident affecting your customer-facing applications. There is still no estimated time for a resolution of the outage. You are receiving emails from internal stakeholders who want updates on the outage, as well as emails from customers who want to know what is happening. You want to efficiently provide updates to everyone affected by the outage. What should you do?

• A. Provide all internal stakeholder emails to the Incident Commander, and allow them to manage internal communications. Focus on providing responses directly to customers.
• B. Delegate the responding to internal stakeholder emails to another member of the Incident Response Team. Focus on providing responses directly to customers.
• C. Focus on responding to internal stakeholders at least every 30 minutes. Commit to "next update" times.
• D. Provide periodic updates to all stakeholders in a timely manner. Commit to a "next update" time in all communications.

Answer: D

Explanation:
When disaster strikes, the person who declares the incident typically steps into the IC role and directs the high-level state of the incident. The IC concentrates on the 3Cs and does the following: Commands and coordinates the incident response, delegating roles as needed. By default, the IC assumes all roles that have not been delegated yet. Communicates effectively. Stays in control of the incident response. Works with other responders to resolve the incident. https://sre.google/workbook/incident-response/

 

NEW QUESTION 25
You are part of an organization that follows SRE practices and principles. You are taking over the management of a new service from the Development Team, and you conduct a Production Readiness Review (PRR). After the PRR analysis phase, you determine that the service cannot currently meet its Service Level Objectives (SLOs). You want to ensure that the service can meet its SLOs in production. What should you do next?

• A. Bring the service into production with no SLOs and build them when you have collected operational data.
• B. Notify the development team that they will have to provide production support for the service.
• C. djust the SLO targets to be achievable by the service so you can bring it into production.
• D. Identify recommended reliability improvements to the service to be completed before handover.

Answer: D

 

NEW QUESTION 26
Your application services run in Google Kubernetes Engine (GKE). You want to make sure that only images from your centrally-managed Google Container Registry (GCR) image registry in the altostrat-images project can be deployed to the cluster while minimizing development time. What should you do?

• A. Create a custom builder for Cloud Build that will only push images to gcr.io/altostrat-images.
• B. Add logic to the deployment pipeline to check that all manifests contain only images from gcr.io/altostrat-images.
• C. Use a Binary Authorization policy that includes the whitelist name pattern gcr.io/attostrat-images/.
• D. Add a tag to each image in gcr.io/altostrat-images and check that this tag is present when the image is deployed.

Answer: A

 

NEW QUESTION 27
You created a Stackdriver chart for CPU utilization in a dashboard within your workspace project. You want to share the chart with your Site Reliability Engineering (SRE) team only. You want to ensure you follow the principle of least privilege. What should you do?

• A. Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.
• B. Share the workspace Project ID with the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.
• C. Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.
• D. Share the workspace Project ID with the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.

Answer: B

 

NEW QUESTION 28
You deploy a new release of an internal application during a weekend maintenance window when there is minimal user traffic. After the window ends, you learn that one of the new features isn't working as expected in the production environment. After an extended outage, you roll back the new release and deploy a fix. You want to modify your release process to reduce the mean time to recovery so you can avoid extended outages in the future. What should you do?
Choose 2 answers

• A. Adopt the blue/green deployment strategy when releasing new code via a CD server.
• B. Integrate a code linting tool to validate coding standards before any code is accepted into the repository.
• C. Configure a CI server. Add a suite of unit tests to your code and have your CI server run them on commit and verify any changes.
• D. Require developers to run automated integration tests on their local development environments before release.
• E. Before merging new code, require 2 different peers to review the code changes.

Answer: A,C

 

NEW QUESTION 29
Your product is currently deployed in three Google Cloud Platform (GCP) zones with your users divided between the zones. You can fail over from one zone to another, but it causes a 10-minute service disruption for the affected users. You typically experience a database failure once per quarter and can detect it within five minutes. You are cataloging the reliability risks of a new real-time chat feature for your product. You catalog the following information for each risk:
* Mean Time to Detect (MUD} in minutes
* Mean Time to Repair (MTTR) in minutes
* Mean Time Between Failure (MTBF) in days
* User Impact Percentage
The chat feature requires a new database system that takes twice as long to successfully fail over between zones. You want to account for the risk of the new database failing in one zone. What would be the values for the risk of database failover with the new system?

• A. MTTD:5
  MTTR: 20
  MTBF: 90
  Impact: 50%
• B. MTTD:5
  MTTR: 20
  MTBF: 90
  Impact: 33%
• C. MTTD:5
  MTTR: 10
  MTBF: 90
  Impact 50%
• D. MTTD: 5
  MTTR: 10
  MTBF: 90
  Impact: 33%

Answer: B

Explanation:
https://www.atlassian.com/incident-management/kpis/common-metrics
https://linkedin.github.io/school-of-sre/

 

NEW QUESTION 30
You are running an application in a virtual machine (VM) using a custom Debian image. The image has the Stackdriver Logging agent installed. The VM has the cloud-platform scope. The application is logging information via syslog. You want to use Stackdriver Logging in the Google Cloud Platform Console to visualize the logs. You notice that syslog is not showing up in the "All logs" dropdown list of the Logs Viewer. What is the first thing you should do?

• A. Install the most recent version of the Stackdriver agent.
• B. SSH to the VM and execute the following commands on your VM: ps ax I grep fluentd
• C. Look for the agent's test log entry in the Logs Viewer.
• D. Verify the VM service account access scope includes the monitoring.write scope.

Answer: B

Explanation:
https://cloud.google.com/compute/docs/access/service-accounts#associating_a_service_account_to_an_instance

 

NEW QUESTION 31
You support the backend of a mobile phone game that runs on a Google Kubernetes Engine (GKE) cluster. The application is serving HTTP requests from users. You need to implement a solution that will reduce the network cost. What should you do?

• A. Configure your Kubernetes duster as a Private Cluster.
• B. Configure the VPC as a Shared VPC Host project.
• C. Configure a Google Cloud HTTP Load Balancer as Ingress.
• D. Configure your network services on the Standard Tier.

Answer: C

Explanation:
Costs associated with a load balancer are charged to the project containing the load balancer components. Because of these benefits, container-native load balancing is the recommended solution for load balancing through Ingress. When NEGs are used with GKE Ingress, the Ingress controller facilitates the creation of all aspects of the L7 load balancer. This includes creating the virtual IP address, forwarding rules, health checks, firewall rules, and more. https://cloud.google.com/architecture/best-practices-for-running-cost-effective-kubernetes-applications-on-gke

 

NEW QUESTION 32
Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach.
What should you do?

• A. Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it.
• B. Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.
• C. Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.
• D. Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.

Answer: C

 

NEW QUESTION 33
You are responsible for creating and modifying the Terraform templates that define your Infrastructure. Because two new engineers will also be working on the same code, you need to define a process and adopt a tool that will prevent you from overwriting each other's code. You also want to ensure that you capture all updates in the latest version. What should you do?

• A. Store your code as text files in Google Drive in a defined folder structure that organizes the files.
  * At the end of each day. confirm that all changes have been captured in the files within the folder structure.
  * Rename the folder structure with a predefined naming convention that increments the version.
• B. Store your code as text files in Google Drive in a defined folder structure that organizes the files.
  * At the end of each day, confirm that all changes have been captured in the files within the folder structure and create a new .zip archive with a predefined naming convention.
  * Upload the .zip archive to a versioned Cloud Storage bucket and accept it as the latest version.
• C. Store your code in a Git-based version control system.
  * Establish a process that includes code reviews by peers and unit testing to ensure integrity and functionality before integration of code.
  * Establish a process where the fully integrated code in the repository becomes the latest master version.
• D. Store your code in a Git-based version control system.
  * Establish a process that allows developers to merge their own changes at the end of each day.
  * Package and upload code lo a versioned Cloud Storage bucket as the latest master version.

Answer: C

 

NEW QUESTION 34
You are running an experiment to see whether your users like a new feature of a web application. Shortly after deploying the feature as a canary release, you receive a spike in the number of 500 errors sent to users, and your monitoring reports show increased latency. You want to quickly minimize the negative impact on users. What should you do first?

• A. Record data for the postmortem document of the incident.
• B. Trace the origin of 500 errors and the root cause of increased latency.
• C. Roll back the experimental canary release.
• D. Start monitoring latency, traffic, errors, and saturation.

Answer: D

 

NEW QUESTION 35
......

100% Free Cloud DevOps Engineer Professional-Cloud-DevOps-Engineer Dumps PDF Demo Cert Guide Cover: https://www.fast2test.com/Professional-Cloud-DevOps-Engineer-premium-file.html

PDF Exam Material 2021 Realistic Professional-Cloud-DevOps-Engineer Dumps Questions: https://drive.google.com/open?id=1hpfldo7hs-dUm2jGxZHaAaET0RfOma9n