Professional-Cloud-Developer Google Certified Professional - Cloud Developer Questions and Answers

Define a GKE Service. Clients should use the name of the A record in Cloud DNS to find the service's

cluster IP address.

Define a GKE Service. Clients should use the service name in the URL to connect to the service.

Define a GKE Endpoint. Clients should get the endpoint name from the appropriate environment variable in

the client container.

Define a GKE Endpoint. Clients should get the endpoint name from Cloud DNS.

With an OAuth Client ID that uses the https://www.googleapis.com/auth/drive.file scope to

obtain an access token for each user.

With an OAuth Client ID with delegated domain-wide authority.

With the App Engine service account and https://www.googleapis.com/auth/drive.file scope

that generates a signed JWT.

With the App Engine service account with delegated domain-wide authority.

Read application configuration and static data from the database on application startup.

Package application configuration and static data into the application image during build time.

Perform as much work as possible in the background after the response has been returned to the user.

Ensure that timeout exceptions and errors cause the Cloud Run instance to exit quickly so a replacement instance can be started.

Store the logs in a Cloud Storage bucket with bucket lock turned on.

Store the logs in a Cloud Storage bucket with a 3-year retention period.

Store the logs in Cloud Logging as custom logs with a custom retention period.

Store the logs in a Cloud Storage bucket with a 1-year retention period. After 1 year, move the logs to another bucket with a 2-year retention period.

A linked list

A hash table

A two-dimensional array

A comma-delimited string

Enable the Vulnerability scanning setting in the Container Registry.

Create a Cloud Function that is triggered on a code check-in and scan the code for CVEs.

Disallow the use of non-commercially supported base images in your development environment.

Use Cloud Monitoring to review the output of Cloud Build to determine whether a vulnerable version has been used.

Manually trigger the build for new releases.

Create a build trigger on a Git tag pattern. Use a Git tag convention for new releases.

Create a build trigger on a Git branch name pattern. Use a Git branch naming convention for new releases.

Commit your source code to a second Cloud Source Repositories repository with a second Cloud Build trigger. Use this repository for new releases only.

Use Cloud Load Balancing to slowly ramp up traffic between versions. Use Cloud Monitoring to look for performance issues.

Deploy the application via a continuous delivery pipeline using canary deployments. Use Cloud Monitoring to look for performance issues. and ramp up traffic as the metrics support it.

Deploy the application via a continuous delivery pipeline using blue/green deployments. Use Cloud Monitoring to look for performance issues, and launch fully when the metrics support it.

Deploy the application using kubectl and set the spec.updateStrategv.type to RollingUpdate. Use Cloud Monitoring to look for performance issues, and run the kubectl rollback command if there are any issues.

gsutil cp [LOCAL_OBJECT] gs://[DESTINATION_BUCKET_NAME]/

gcloud cp [LOCAL_OBJECT] gs://[DESTINATION_BUCKET_NAME]/

hadoop fs cp [LOCAL_OBJECT] gs://[DESTINATION_BUCKET_NAME]/

gcloud dataproc cp [LOCAL_OBJECT] gs://[DESTINATION_BUCKET_NAME]/

Create a Cloud SQL table that has TransactionId and CustomerId configured as primary keys. Use an incremental number for the TransactionId.

Create a Cloud SQL table that has TransactionId and CustomerId configured as primary keys. Use a random string (UUID) for the Transactionid.

Create a Cloud Spanner table that has TransactionId and CustomerId configured as primary keys. Use a random string (UUID) for the TransactionId.

Create a Cloud Spanner table that has TransactionId and CustomerId configured as primary keys. Use an incremental number for the TransactionId.

Set the Deployment strategy to RollingUpdate with maxSurge set to 0, maxUnavailable set to 1.

Set the Deployment strategy to RollingUpdate with maxSurge set to 1, maxUnavailable set to 0.

Set the Deployment strategy to Recreate with maxSurge set to 0, maxUnavailable set to 1.

Set the Deployment strategy to Recreate with maxSurge set to 1, maxUnavailable set to 0.

Define a new Ingress resource with a host rule matching the new domain

Modify the existing Ingress resource with a host rule matching the new domain

Create a new Service of type LoadBalancer specifying the existing IP address as the loadBalancerIP

Generate a new Ingress resource and specify the existing IP address as the kubernetes.io/ingress.global-static-ip-name annotation value

Deploy a Fluent Bit daemonset on the GKE cluster to log data in Cloud Logging. Analyze the logs to get insights into your application code’s performance.

Create a custom dashboard in Cloud Monitoring to evaluate the CPU performance metrics of your application.

Connect to your GKE nodes using SSH. Run the top command on the shell to extract the CPU utilization of your application.

Modify your Go application to capture profiling data. Analyze the CPU metrics of your application in flame graphs in Profiler.

Write an exponential backoff process around the client library call.

Write a one-second wait time backoff process around the client library call.

Design a retry button in the application and ask users to click if the error occurs.

Create a queue for the object and inform the users that the application will try again in 10 minutes.

gsutil cp --project “my-gcp-project” -r ~/local-scripts/ gcp-instance-name:~/

server-scripts/ --zone “us-east1-b”

gsutil cp --project “my-gcp-project” -R ~/local-scripts/ gcp-instance-name:~/

server-scripts/ --zone “us-east1-b”

gcloud compute scp --project “my-gcp-project” --recurse ~/local-scripts/ gcpinstance-

name:~/server-scripts/ --zone “us-east1-b”

gcloud compute mv --project “my-gcp-project” --recurse ~/local-scripts/ gcpinstance-

name:~/server-scripts/ --zone “us-east1-b”

You attempted the read operation without the base64-encoded SHA256 hash of the encryption key.

You entered the same encryption algorithm specified by the customer when attempting the read operation.

You attempted the read operation on the object with the base64-encoded SHA256 hash of the customer's key.

You attempted the read operation on the object with the customers base64-encoded key.

Download, install, and start the Snapshot Debugger agent in your VM. Take debug snapshots of the functions that take the longest time. Review the call stack frame, and identify the local variables at that level in the stack.

Import the Cloud Profiler package into your application, and initialize the Profiler agent. Review the generated flame graph in the Google Cloud console to identify time-intensive functions.

Import OpenTelemetry and Trace export packages into your application, and create the trace provider.

Review the latency data for your application on the Trace overview page, and identify where bottlenecks are occurring.

Create a Cloud Logging query that gathers the web application's logs. Write a Python script that calculates the difference between the timestamps from the beginning and the end of the application's longest functions to identity time-intensive functions.

Use Cloud Code to develop applications.

Use the Cloud Shell integrated Code Editor to edit code and configuration files.

Use a Cloud Notebook instance to ingest and process data and deploy models.

Use Cloud Shell to manage your infrastructure and applications from the command line.

Add the label “AUTOSCALE” to the instance group template.

Decrease the cool-down period for instances added to the group.

Increase the target CPU usage for the instance group autoscaler.

Decrease the target CPU usage for the instance group autoscaler.

Remove the health-check for individual VMs in the instance group.

Distribute the uploads across a large number of individual storage buckets.

Use the XML API instead of the JSON API for interfacing with Cloud Storage.

Pass the HTTP response codes back to clients that are invoking the uploads from your application.

Limit the upload rate from your application clients so that the dormant bucket's peak request rate is

reached more gradually.

Configure the application to send the file to the client as an email attachment.

Generate and assign a Cloud Storage-signed URL for the file. Make the URL available for the client to download.

Create a temporary Cloud Storage bucket with time expiration specified, and give download permissions to the bucket. Copy the file, and send it to the client.

Generate the HTTP cookies with time expiration specified. If the time is valid, copy the file from the Cloud Storage bucket, and make the file available for the client to download.

Grant your user account the roles/storage.objectCreator role for the Cloud Storage bucket.

Grant your user account the roles/iam.serviceAccountUser role for the service-PROJECTA@gcf-adminrobot.

iam.gserviceaccount.com service account.

Grant the service-PROJECTA@gcf-admin-robot.iam.gserviceaccount.com service account the roles/

storage.objectCreator role for the Cloud Storage bucket.

Enable the Cloud Storage API in project B.

Perform Read-Only transactions.

Perform stale reads using single-read methods.

Perform strong reads using single-read methods.

Perform stale reads using read-write transactions.

Use Traffic Director with a sidecar proxy to connect the application to the service.

Use a proxyless Traffic Director configuration to connect the application to the service.

Configure the legacy service's firewall to allow health checks originating from the proxy.

Configure the legacy service's firewall to allow health checks originating from the application.

Configure the legacy service's firewall to allow health checks originating from the Traffic Director control plane.

Configure the instances with a service account owned by project B. Add the service account as a Cloud Pub/Sub publisher to project A.

Configure the instances with a service account owned by project A. Add the service account as a publisher on the topic.

Configure Application Default Credentials to use the private key of a service account owned by project B. Add the service account as a Cloud Pub/Sub publisher to project A.

Configure Application Default Credentials to use the private key of a service account owned by project A. Add the service account as a publisher on the topic

Create a pull subscription with both ordering and exactly-once delivery turned off

Create a pull subscription with exactly-once delivery enabled

Create a push subscription with exactly-once delivery enabled

Create a push subscription with both ordering and exactly-once delivery turned off

Verify domain ownership with Webmaster Central. Create a DNS CNAME record to point to the App Engine canonical name ghs.googlehosted.com.

Verify domain ownership with Webmaster Central. Define an A record pointing to the single global App Engine IP address.

Define a mapping in dispatch.yaml to point the domain www.altostrat.com to your App Engine service. Create a DNS CNAME record to point to the App Engine canonical name ghs.googlehosted.com.

Define a mapping in dispatch.yaml to point the domain www.altostrat.com to your App Engine service. Define an A record pointing to the single global App Engine IP address.

Create a Google service account with BigQuery access. Add the JSON key to Secret Manager, and use the Go client library to access the JSON key.

Create a Google service account with BigQuery access. Add the Google service account JSON key as a Kubernetes secret, and configure the application to use this secret.

Create a Google service account with BigQuery access. Add the Google service account JSON key to Secret Manager, and use an init container to access the secret for the application to use.

Create a Google service account and a Kubernetes service account. Configure Workload Identity on the GKE cluster, and reference the Kubernetes service account on the application Deployment.

1 Configure your Cl/CD pipeline to update the Deployment manifest file by replacing the container version with the latest version.

2 Recreate the Pods in your cluster by applying the Deployment manifest file.

3 Validate the application's performance by comparing its functionality with the previous release version and roll back if an issue arises.

1 install the Anthos Service Mesh on your GKE cluster.

2 Create two Deployments on the GKE cluster and label them with different version names.

3 Create a VirtualService with a routing rule to send a small percentage of traffic to the Deployment that references the new version of the application.

1 Create a second namespace on GKE for the new release version.

2 Create a Deployment configuration for the second namespace with the desired number of Pods.

3 Deploy new container versions in the second namespace.

4 Update the ingress configuration to route traffic to the namespace with the new container versions.

1. Implement a rolling update pattern by replacing the Pods gradually with the new release versify.

2 Validate the application's performance for the new subset of users during the rollout and roll back if an issue arises.

Deploy the third-party solution as a DaemonSet

Modify your container image to include the monitoring software

Use SSH to connect to the GKE node, and install the software manually

Deploy the third-party solution using Terraform and deploy the logging Pod as a Kubernetes Deployment

Determine whether your file system is corrupted.

Access Compute Engine as a different SSH user.

Troubleshoot firewall rules or routes on an instance.

Check whether your instance boot disk is completely full.

Check whether network traffic to or from your instance is being dropped.

Create a new Cloud Storage bucket, and mount it via FUSE in the container.

Create a new persistent disk, and mount the volume as a shared PersistentVolume.

Create a new Filestore instance, and mount the volume as an NFS PersistentVolume.

Create a new ConfigMap and volumeMount to store the contents of the configuration file.

Cache each web application user's IP address to create a named IP table using Google Cloud Armor. Create a Google Cloud Armor security policy that allows users to access the backend bucket.

Grant the Storage Object Viewer IAM role to allUsers. Allow users to access the bucket after authenticating through your web application.

Configure Identity-Aware Proxy (IAP) to authenticate users into the web application. Allow users to access the bucket after authenticating through IAP.

Generate a signed URL that grants read access to the bucket. Allow users to access the URL after authenticating through your web application.

Build a test harness to generate requests and deploy it to Cloud Run. Analyze the VPC Flow Logs using Cloud Logging.

Create a Google Kubernetes Engine cluster running the Locust or JMeter images to dynamically generate load tests. Analyze the results using Cloud Trace.

Create a Cloud Task to generate a test load. Use Cloud Scheduler to run 60,000 Cloud Task transactions per minute for 10 minutes. Analyze the results using Cloud Monitoring.

Create a Compute Engine instance that uses a LAMP stack image from the Marketplace, and use Apache Bench to generate load tests against the service. Analyze the results using Cloud Trace.

Migrate your data stored in Hadoop to BigQuery. Change your jobs to source their information from BigQuery instead of the on-premises Hadoop environment.

Create Compute Engine instances with HDD instead of SSD to save costs. Then perform a full migration of your existing environment into the new one in Compute Engine instances.

Create a Cloud Dataproc cluster on Google Cloud Platform, and then migrate your Hadoop environment to the new Cloud Dataproc cluster. Move your HDFS data into larger HDD disks to save on storage costs.

Create a Cloud Dataproc cluster on Google Cloud Platform, and then migrate your Hadoop code objects to the new cluster. Move your data to Cloud Storage and leverage the Cloud Dataproc connector to run jobs on that data.

Configure a GKE Ingress resource.

Configure a GKE Service resource.

Configure a GKE Ingress resource with type: LoadBalancer.

Configure a GKE Service resource with type: LoadBalancer.

Use the gcloud CLI to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.

Enable Container Analysis, and upload new container images to Artifact Registry. Review the vulnerability results before each deployment.

Enable Container Analysis, and upload new container images to Artifact Registry. Review the critical vulnerability results before each deployment.

Use the Container Analysis REST API to call Container Analysis to scan new container images. Review the vulnerability results before each deployment.

Create new Cloud SQL instances in Europe and North America for testing and deployment. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Bigtable. Instruct the development teams to use the Cloud SDK to emulate a local Bigtable development environment.

Move from Cloud SQL to MySQL hosted on Compute Engine. Replicate hosts across regions in the Americas and Europe. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Firestore in Native mode and set up instan

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

Use the Cloud Data Loss Prevention API for redaction of the review dataset.

Use the Cloud Data Loss Prevention API for de-identification of the review dataset.

Use the Cloud Natural Language Processing API for redaction of the review dataset.

Use the Cloud Natural Language Processing API for de-identification of the review dataset.

Use local SSDs to store state.

Put a memcache layer in front of MySQL.

Move the state storage to Cloud Spanner.

Replace the MySQL instance with Cloud SQL.

Cloud Spanner

Cloud Datastore

Cloud Memorystore as a cache

Separate Cloud SQL clusters for each region

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

Create manual subnets.

Create an auto mode subnet.

Create multiple peered VPCs.

Provision a single instance for NAT.

Cloud Profiler

Cloud Monitoring

Cloud Trace

Cloud Logging

Use Google App Engine services.

Use serverless Google Cloud Functions.

Use Knative to build and deploy serverless applications.

Use Google Kubernetes Engine for automated deployments.

Use a large Google Compute Engine cluster for deployments.

Create an API key. Use the API key to interact with Google Cloud.

Use the default compute service account to interact with Google Cloud.

Create a service account for the application. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.

Create a service account for the application and for each Google Cloud API used by the application. Export and deploy the private keys used by the application. Use the service account with one Google Cloud API to interact with Google Cloud.

Migrate the database to Bigtable and use it to serve all global user traffic.

Migrate the database to Cloud Spanner and use it to serve all global user traffic.

Migrate the database to Firestore in Datastore mode and use it to serve all global user traffic.

Migrate the services to Google Kubernetes Engine and use a load balancer service to better scale the application.

Block all traffic on port 443.

Allow all traffic into the network.

Allow traffic on port 443 for a specific tag.

Allow all traffic on port 443 into the network.

Cloud Armor

Cloud Functions

Cloud Endpoints

Shielded Virtual Machines

Use App Engine for autoscaling.

Use Cloud Functions for autoscaling.

Use a Compute Engine cluster for the service.

Use a dedicated Compute Engine virtual machine instance for the service.

Cloud VPN

Cloud Armor

Virtual Private Cloud

Cloud Identity-Aware Proxy

Use Google Kubernetes Engine (GKE) to run the application as a microservice. Run the MySQL database on a dedicated GKE node.

Use multiple Compute Engine instances to run MySQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use Memorystore to store session information and CloudSQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use a Cloud Storage bucket to serve the application as a static website, and use another Cloud Storage bucket to store user state information.

Include unit tests in their code, and prevent deployments to QA until all tests have a passing status.

Include performance tests in their code, and prevent deployments to QA until all tests have a passing status.

Create health checks for the QA environment, and redeploy the APIs at a later time if the environment is unhealthy.

Redeploy the APIs to App Engine using Traffic Splitting. Do not move QA traffic to the new versions if errors are found.

Take frequent snapshots of all of the VMs.

Install the Stackdriver Logging agent on the VMs.

Install the Stackdriver Monitoring agent on the VMs.

Use Stackdriver Trace to look for performance bottlenecks.

Use the current single instance MySQL on Compute Engine and several read-only MySQL servers on

Compute Engine.

Use the current single instance MySQL on Compute Engine, and replicate the data to Cloud SQL in an

external master configuration.

Replace the current single instance MySQL instance with Cloud SQL, and configure high availability.

Replace the current single instance MySQL instance with Cloud SQL, and Google provides redundancy

without further configuration.