Google Google Certifications PROFESSIONAL-CLOUD-ARCHITECT Questions & Answers

• Question 91:

  Your company has an application running as a Deployment in a Google Kubernetes Engine (GKE) cluster When releasing new versions of the application via a rolling deployment, the team has been causing outages The root cause of the outages is misconfigurations with parameters that are only used in production You want to put preventive measures for this in the platform to prevent outages What should you do?

  A. Configure liveness and readiness probes in the Pod specification

  B. Configure an uptime alert in Cloud Monitoring

  C. Create a Scheduled Task to check whether the application is available

  D. Configure health checks on the managed instance group

  Correct Answer: D

  This option can help prevent outages caused by misconfigurations with parameters that are only used in production. Liveness and readiness probes are mechanisms to check the health and availability of the Pods and containers in a GKE cluster. Liveness probes determine if a container is still running, and if not, restart it. Readiness probes determine if a container is ready to serve requests, and if not, remove it from the load balancer. By configuring liveness and readiness probes in the Pod specification, you can ensure that your application can handle traffic and recover from failures gracefully during a rolling update. The other options are not optimal for this scenario, because they either do not prevent outages, but only alert or monitor them (B, C), or do not apply to GKE clusters, but to Compute Engine instances (D). References: https://cloud.google.com/kubernetes-engine/docs/how-to/updating-apps https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-setting-up-health-checks-with-readiness-and-liveness-probes

• Question 92:

  Your development team has installed a new Linux kernel module on the batch servers in Google Compute Engine (GCE) virtual machines (VMs) to speed up the nightly batch process. Two days after the installation, 50% of web application deployed in the same nightly batch run. You want to collect details on the failure to pass back to the development team.

  Which three actions should you take? Choose 3 answers

  A. Use Stackdriver Logging to search for the module log entries.

  B. Read the debug GCE Activity log using the API or Cloud Console.

  C. Use gcloud or Cloud Console to connect to the serial console and observe the logs.

  D. Identify whether a live migration event of the failed server occurred, using in the activity log.

  E. Adjust the Google Stackdriver timeline to match the failure time, and observe the batch server metrics.

  F. Export a debug VM into an image, and run the image on a local server where kernel log messages will be displayed on the native screen.

  Correct Answer: ACE

  https://www.flexera.com/blog/cloud/2013/12/google-compute-engine-live-migration-passes-the-test/ "With live migration, the virtual machines are moved without any downtime or noticeable service degradation"

• Question 93:

  You are running a cluster on Kubernetes Engine to serve a web application. Users are reporting that a specific part of the application is not responding anymore. You notice that all pods of your deployment keep restarting after 2 seconds. The application writes logs to standard output. You want to inspect the logs to find the cause of the issue. Which approach can you take?

  A. Review the Stackdriver logs for each Compute Engine instance that is serving as a node in the cluster.

  B. Review the Stackdriver logs for the specific Kubernetes Engine container that is serving the unresponsive part of the application.

  C. Connect to the cluster using gcloud credentials and connect to a container in one of the pods to read the logs.

  D. Review the Serial Port logs for each Compute Engine instance that is serving as a node in the cluster.

  Correct Answer: B

• Question 94:

  Your team will start developing a new application using microservices architecture on Kubernetes Engine. As part of the development lifecycle, any code change that has been pushed to the remote develop branch on your GitHub repository should be built and tested automatically. When the build and test are successful, the relevant microservice will be deployed automatically in the development environment. You want to ensure that all code deployed in the development environment follows this process. What should you do?

  A. Have each developer install a pre-commit hook on their workstation that tests the code and builds the container when committing on the development branch. After a successful commit, have the developer deploy the newly built container image on the development cluster.

  B. Install a post-commit hook on the remote git repository that tests the code and builds the container when code is pushed to the development branch. After a successful commit, have the developer deploy the newly built container image on the development cluster.

  C. Create a Cloud Build trigger based on the development branch that tests the code, builds the container, and stores it in Container Registry. Create a deployment pipeline that watches for new images and deploys the new image on the development cluster. Ensure only the deployment tool has access to deploy new versions.

  D. Create a Cloud Build trigger based on the development branch to build a new container image and store it in Container Registry. Rely on Vulnerability Scanning to ensure the code tests succeed. As the final step of the Cloud Build process, deploy the new container image on the development cluster. Ensure only Cloud Build has access to deploy new versions.

  Correct Answer: C

  https://cloud.google.com/container-registry/docs/overview Create a Cloud Build trigger based on the development branch that tests the code, builds the container, and stores it in Container Registry. Create a deployment pipeline that watches for new images and deploys the new image on the development cluster. Ensure only the deployment tool has access to deploy new versions.

• Question 95:

  You are deploying an application to Google Cloud. The application is part of a system. The application in Google Cloud must communicate over a private network with applications in a non-Google Cloud environment. The expected average throughput is 200 kbps.

  The business requires:

  1.

  99.99% system availability

  2.

  cost optimization

  You need to design the connectivity between the locations to meet the business requirements. What should you provision?

  A. A Classic Cloud VPN gateway connected with one tunnel to an on-premises VPN gateway.

  B. A Classic Cloud VPN gateway connected with two tunnels to an on-premises VPN gateway.

  C. An HA Cloud VPN gateway connected with two tunnels to an on-premises VPN gateway.

  D. Two HA Cloud VPN gateways connected to two on-premises VPN gateways. Configure each HA Cloud VPN gateway to have two tunnels, each connected to different on-premises VPN gateways.

  Correct Answer: C

  https://cloud.google.com/network-connectivity/docs/vpn/concepts/topologies#configurations_that_support_9999_availability

• Question 96:

  Your company is migrating its on-premises data center into the cloud. As part of the migration, you want to integrate Kubernetes Engine for workload orchestration. Parts of your architecture must also be PCI DSScompliant.

  Which of the following is most accurate?

  A. App Engine is the only compute platform on GCP that is certified for PCI DSS hosting.

  B. Kubernetes Engine cannot be used under PCI DSS because it is considered shared hosting.

  C. Kubernetes Engine and GCP provide the tools you need to build a PCI DSS-compliant environment.

  D. All Google Cloud services are usable because Google Cloud Platform is certified PCI-compliant.

  Correct Answer: D

  https://cloud.google.com/security/compliance/pci-dss

• Question 97:

  You deploy your custom java application to google app engine.

  It fails to deploy and gives you the following stack trace: A. Recompile the CLoakedServlet class using and MD5 hash instead of SHA1

  

  B. Digitally sign all of your JAR files and redeploy your application.

  C. Upload missing JAR files and redeploy your application

  Correct Answer: B

• Question 98:

  You want to allow your operations learn to store togs from all the production protects in your Organization, without during logs from other projects All of the production projects are contained in a folder. You want to ensure that all logs for existing and new production projects are captured automatically. What should you do?

  A. Create an aggregated export on the Production folder. Set the log sink to be a Cloud Storage bucket in an operations project

  B. Create an aggregated export on the Organization resource. Set the tog sink to be a Cloud Storage bucket in an operations project.

  C. Create log exports in the production projects. Set the log sinks to be a Cloud Storage bucket in an operations project.

  D. Create tog exports in the production projects. Set the tog sinks to be BigQuery datasets in the production projects and grant IAM access to the operations team to run queries on the datasets

  Correct Answer: A

  An aggregated export is a type of sink that combines and routes log entries from the Google Cloud resources contained by an organization or folder. By creating an aggregated export on the Production folder, you can capture all the logs from the existing and new production projects in that folder automatically. A log sink is a destination for log entries that match a filter. By setting the log sink to be a Cloud Storage bucket in an operations project, you can store the log entries in Cloud Storage and allow your operations team to access them.

• Question 99:

  You have an application that runs in Google Kubernetes Engine (GKE). Over the last 2 weeks, customers have reported that a specific part of the application returns errors very frequently. You currently have no logging or monitoring solution enabled on your GKE cluster. You want to diagnose the problem, but you have not been able to replicate the issue. You want to cause minimal disruption to the application. What should you do?

  A. 1. Update your GKE cluster to use Cloud Operations for GKE.

  2. Use the GKE Monitoring dashboard to investigate logs from affected Pods.

  B. 1. Create a new GKE cluster with Cloud Operations for GKE enabled. 2.Migrate the affected Pods to the new cluster, and redirect traffic for those Pods to the new cluster. 3.Use the GKE Monitoring dashboard to investigate logs from affected Pods.

  C. 1. Update your GKE cluster to use Cloud Operations for GKE, and deploy Prometheus.

  2. Set an alert to trigger whenever the application returns an error.

  D. 1. Create a new GKE cluster with Cloud Operations for GKE enabled, and deploy Prometheus. 2.Migrate the affected Pods to the new cluster, and redirect traffic for those Pods to the new cluster. 3.Set an alert to trigger whenever the application returns an error.

  Correct Answer: A

  Reference: https://cloud.google.com/blog/products/management-tools/using-logging-your-apps-running-kubernetes-engine

• Question 100:

  Your company operates nationally and plans to use GCP for multiple batch workloads, including some that are not time-critical. You also need to use GCP services that are HIPAA-certified and manage service costs.

  How should you design to meet Google best practices?

  A. Provisioning preemptible VMs to reduce cost. Discontinue use of all GCP services and APIs that are not HIPAA-compliant.

  B. Provisioning preemptible VMs to reduce cost. Disable and then discontinue use of all GCP and APIs that are not HIPAA-compliant.

  C. Provision standard VMs in the same region to reduce cost. Discontinue use of all GCP services and APIs that are not HIPAA-compliant.

  D. Provision standard VMs to the same region to reduce cost. Disable and then discontinue use of all GCP services and APIs that are not HIPAA-compliant.

  Correct Answer: B

  https://cloud.google.com/security/compliance/hipaa/