Google Google Certifications PROFESSIONAL-CLOUD-DEVELOPER Questions & Answers

• Question 221:

  You are trying to connect to your Google Kubernetes Engine (GKE) cluster using kubectl from Cloud Shell. You have deployed your GKE cluster with a public endpoint. From Cloud Shell, you run the following command:

  

  You notice that the kubectl commands time out without returning an error message. What is the most likely cause of this issue?

  A. Your user account does not have privileges to interact with the cluster using kubectl.

  B. Your Cloud Shell external IP address is not part of the authorized networks of the cluster.

  C. The Cloud Shell is not part of the same VPC as the GKE cluster.

  D. A VPC firewall is blocking access to the cluster's endpoint.

  Correct Answer: B

  https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#cloud_shell

  If you want to use Cloud Shell to access the cluster, you must add the public IP address of your Cloud Shell to the cluster's list of authorized networks.

• Question 222:

  Your team is responsible for maintaining an application that aggregates news articles from many different sources. Your monitoring dashboard contains publicly accessible real-time reports and runs on a Compute Engine instance as a web application. External stakeholders and analysts need to access these reports via a secure channel without authentication. How should you configure this secure channel?

  A. Add a public IP address to the instance. Use the service account key of the instance to encrypt the traffic.

  B. Use Cloud Scheduler to trigger Cloud Build every hour to create an export from the reports. Store the reports in a public Cloud Storage bucket.

  C. Add an HTTP(S) load balancer in front of the monitoring dashboard. Configure Identity-Aware Proxy to secure the communication channel.

  D. Add an HTTP(S) load balancer in front of the monitoring dashboard. Set up a Google-managed SSL certificate on the load balancer for traffic encryption.

  Correct Answer: D

  https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs

• Question 223:

  You are building a mobile application that will store hierarchical data structures in a database. The application will enable users working offline to sync changes when they are back online. A backend service will enrich the data in the database using a service account. The application is expected to be very popular and needs to scale seamlessly and securely. Which database and IAM role should you use?

  A. Use Cloud SQL, and assign the roles/cloudsql.editor role to the service account.

  B. Use Bigtable, and assign the roles/bigtable.viewer role to the service account.

  C. Use Firestore in Native mode and assign the roles/datastore.user role to the service account.

  D. Use Firestore in Datastore mode and assign the roles/datastore.viewer role to the service account.

  Correct Answer: C

  https://firebase.google.com/docs/firestore/manage-data/enable-offline

  Cloud Firestore supports offline data persistence. This feature caches a copy of the Cloud Firestore data that your app is actively using, so your app can access the data when the device is offline. You can write, read, listen to, and query the cached data. When the device comes back online, Cloud Firestore synchronizes any local changes made by your app to the Cloud Firestore backend.

• Question 224:

  You are configuring a continuous integration pipeline using Cloud Build to automate the deployment of new container images to Google Kubernetes Engine (GKE). The pipeline builds the application from its source code, runs unit and integration tests in separate steps, and pushes the container to Container Registry. The application runs on a Python web server. The Dockerfile is as follows: FROM python:3.7-alpine COPY . /app WORKDIR /app RUN pip install -r requirements.txt CMD [ "gunicorn", "-w 4", "main:app" ] You notice that Cloud Build runs are taking longer than expected to complete. You want to decrease the build time. What should you do? (Choose two.)

  A. Select a virtual machine (VM) size with higher CPU for Cloud Build runs.

  B. Deploy a Container Registry on a Compute Engine VM in a VPC, and use it to store the final images.

  C. Cache the Docker image for subsequent builds using the --cache-from argument in your build config file.

  D. Change the base image in the Dockerfile to ubuntu:latest, and install Python 3.7 using a package manager utility.

  E. Store application source code on Cloud Storage, and configure the pipeline to use gsutil to download the source code.

  Correct Answer: AC

  https://cloud.google.com/build/docs/optimize-builds/increase-vcpu-for-builds

  By default, Cloud Build runs your builds on a standard virtual machine (VM). In addition to the standard VM, Cloud Build provides several high-CPU VM types to run builds. To increase the speed of your build, select a machine with a higher

  vCPU to run builds. Keep in mind that although selecting a high vCPU machine increases your build speed, it may also increase the startup time of your build as Cloud Build only starts non-standard machines on demand.

  https://cloud.google.com/build/docs/optimize-builds/speeding-up-builds#using_a_cached_docker_image

  The easiest way to increase the speed of your Docker image build is by specifying a cached image that can be used for subsequent builds. You can specify the cached image by adding the --cache-from argument in your build config file,

  which will instruct Docker to build using that image as a cache source.

• Question 225:

  You are deploying a single website on App Engine that needs to be accessible via the URL http://www.altostrat.com/. What should you do?

  A. Verify domain ownership with Webmaster Central. Create a DNS CNAME record to point to the App Engine canonical name ghs.googlehosted.com.

  B. Verify domain ownership with Webmaster Central. Define an A record pointing to the single global App Engine IP address.

  C. Define a mapping in dispatch.yaml to point the domain www.altostrat.com to your App Engine service. Create a DNS CNAME record to point to the App Engine canonical name ghs.googlehosted.com.

  D. Define a mapping in dispatch.yaml to point the domain www.altostrat.com to your App Engine service. Define an A record pointing to the single global App Engine IP address.

  Correct Answer: A

  Reference: https://cloud.google.com/appengine/docs/flexible/dotnet/mapping-custom-domains?hl=fa

• Question 226:

  You are designing a schema for a table that will be moved from MySQL to Cloud Bigtable. The MySQL table is as follows:

  

  How should you design a row key for Cloud Bigtable for this table?

  A. Set Account_id as a key.

  B. Set Account_id_Event_timestamp as a key.

  C. Set Event_timestamp_Account_id as a key.

  D. Set Event_timestamp as a key.

  Correct Answer: C

• Question 227:

  Your company's development teams want to use various open source operating systems in their Docker builds. When images are created in published containers in your company's environment, you need to scan them for Common Vulnerabilities and Exposures (CVEs). The scanning process must not impact software development agility. You want to use managed services where possible. What should you do?

  A. Enable the Vulnerability scanning setting in the Container Registry.

  B. Create a Cloud Function that is triggered on a code check-in and scan the code for CVEs.

  C. Disallow the use of non-commercially supported base images in your development environment.

  D. Use Cloud Monitoring to review the output of Cloud Build to determine whether a vulnerable version has been used.

  Correct Answer: A

  https://cloud.google.com/container-analysis/docs/os-overview