You are building a mobile application that will store hierarchical data structures in a database. The application will enable users working offline to sync changes when they are back online. A backend service will enrich the data in the database using a service account. The application is expected to be very popular and needs to scale seamlessly and securely. Which database and IAM role should you use?
A. Use Cloud SQL, and assign the roles/cloudsql.editor role to the service account.
B. Use Bigtable, and assign the roles/bigtable.viewer role to the service account.
C. Use Firestore in Native mode and assign the roles/datastore.user role to the service account.
D. Use Firestore in Datastore mode and assign the roles/datastore.viewer role to the service account.
You are developing an ecommerce application that stores customer, order, and inventory data as relational tables inside Cloud Spanner. During a recent load test, you discover that Spanner performance is not scaling linearly as expected. Which of the following is the cause?
A. The use of 64-bit numeric types for 32-bit numbers.
B. The use of the STRING data type for arbitrary-precision values.
C. The use of Version 1 UUIDs as primary keys that increase monotonically.
D. The use of LIKE instead of STARTS_WITH keyword for parameterized SQL queries.
You are a lead developer working on a new retail system that runs on Cloud Run and Firestore. A web UI requirement is for the user to be able to browse through alt products. A few months after go-live, you notice that Cloud Run instances are terminated with HTTP 500: Container instances are exceeding memory limits errors during busy times
This error coincides with spikes in the number of Firestore queries
You need to prevent Cloud Run from crashing and decrease the number of Firestore queries. You want to use a solution that optimizes system performance What should you do?
A. Create a custom jndex over the products
B. Modify the query that returns the product list using cursors with limits
C. Modify the Cloud Run configuration to increase the memory limits
D. Modify the query that returns the product list using integer offsets
You are running an application on App Engine that you inherited. You want to find out whether the application is using insecure binaries or is vulnerable to XSS attacks. Which service should you use?
A. Cloud Amor
B. Stackdriver Debugger
C. Cloud Security Scanner
D. Stackdriver Error Reporting
Your team is building an application for a financial institution. The application's frontend runs on Compute Engine, and the data resides in Cloud SQL and one Cloud Storage bucket. The application will collect data containing PII, which will be stored in the Cloud SQL database and the Cloud Storage bucket. You need to secure the PII data. What should you do?
A. 1) Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database 2) Using IAM, allow only the frontend service account to access the Cloud Storage bucket
B. 1) Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database 2) Enable private access to allow the frontend to access the Cloud Storage bucket privately
C. 1) Configure a private IP address for Cloud SQL 2) Use VPC-SC to create a service perimeter 3) Add the Cloud SQL database and the Cloud Storage bucket to the same service perimeter
D. 1) Configure a private IP address for Cloud SQL 2) Use VPC-SC to create a service perimeter 3) Add the Cloud SQL database and the Cloud Storage bucket to different service perimeters
You are responsible for deploying a new API. That API will have three different URL paths:
?https://yourcompany.com/students
?https://yourcompany.com/teachers
?https://yourcompany.com/classes
You need to configure each API URL path to invoke a different function in your code. What should you do?
A. Create one Cloud Function as a backend service exposed using an HTTPS load balancer.
B. Create three Cloud Functions exposed directly.
C. Create one Cloud Function exposed directly.
D. Create three Cloud Functions as three backend services exposed using an HTTPS load balancer.
You are running a containerized application on Google Kubernetes Engine. Your container images are stored in Container Registry. Your team uses CI/CD practices. You need to prevent the deployment of containers with known critical vulnerabilities. What should you do?
A. ?Use Web Security Scanner to automatically crawl your application ?Review your application logs for scan results, and provide an attestation that the container is free of known critical vulnerabilities ?Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
B. ?Use Web Security Scanner to automatically crawl your application ?Review the scan results in the scan details page in the Cloud Console, and provide an attestation that the container is free of known critical vulnerabilities ?Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
C. ?Enable the Container Scanning API to perform vulnerability scanning ?Review vulnerability reporting in Container Registry in the Cloud Console, and provide an attestation that the container is free of known critical vulnerabilities ?Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
D. ?Enable the Container Scanning API to perform vulnerability scanning ?Programmatically review vulnerability reporting through the Container Scanning API, and provide an attestation that the container is free of known critical vulnerabilities ?Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
You developed a JavaScript web application that needs to access Google Drive's API and obtain permission from users to store files in their Google Drives. You need to select an authorization approach for your application. What should you do?
A. Create an API key.
B. Create a SAML token.
C. Create a service account.
D. Create an OAuth Client ID.
You are creating and running containers across different projects in Google Cloud. The application you are developing needs to access Google Cloud services from within Google Kubernetes Engine (GKE).
What should you do?
A. Assign a Google service account to the GKE nodes.
B. Use a Google service account to run the Pod with Workload Identity.
C. Store the Google service account credentials as a Kubernetes Secret.
D. Use a Google service account with GKE role-based access control (RBAC).
You are developing a new public-facing application that needs to retrieve specific properties in the metadata of users' objects in their respective Cloud Storage buckets. Due to privacy and data residency requirements, you must retrieve only the metadata and not the object data. You want to maximize the performance of the retrieval process. How should you retrieve the metadata?
A. Use the patch method.
B. Use the compose method.
C. Use the copy method.
D. Use the fields request parameter.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-DEVELOPER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.