You are reviewing your deployment pipeline in Google Cloud Deploy. You must reduce toil in the pipeline, and you want to minimize the amount of time it takes to complete an end-to-end deployment. What should you do? (Choose two.)
A. Create a trigger to notify the required team to complete the next step when manual intervention is required.
B. Divide the automation steps into smaller tasks.
C. Use a script to automate the creation of the deployment pipeline in Google Cloud Deploy.
D. Add more engineers to finish the manual steps.
E. Automate promotion approvals from the development environment to the test environment.
You work for a global organization and are running a monolithic application on Compute Engine. You need to select the machine type for the application to use that optimizes CPU utilization by using the fewest number of steps. You want to use historical system metrics to identify the machine type for the application to use. You want to follow Google-recommended practices. What should you do?
A. Use the Recommender API and apply the suggested recommendations.
B. Create an Agent Policy to automatically install Ops Agent in all VMs.
C. Install the Ops Agent in a fleet of VMs by using the gcloud CLI.
D. Review the Cloud Monitoring dashboard for the VM and choose the machine type with the lowest CPU utilization.
You deployed an application into a large Standard Google Kubernetes Engine (GKE) cluster. The application is stateless and multiple pods run at the same time. Your application receives inconsistent traffic. You need to ensure that the user experience remains consistent regardless of changes in traffic and that the resource usage of the cluster is optimized.
What should you do?
A. Configure a cron job to scale the deployment on a schedule
B. Configure a Horizontal Pod Autoscaler.
C. Configure a Vertical Pod Autoscaler
D. Configure cluster autoscaling on the node pool.
You need to deploy a new service to production. The service needs to automatically scale using a managed instance group and should be deployed across multiple regions. The service needs a large number of resources for each instance and you need to plan for capacity. What should you do?
A. Monitor results of Cloud Trace to determine the optimal sizing.
B. Use the n2-highcpu-96 machine type in the configuration of the managed instance group.
C. Deploy the service in multiple regions and use an internal load balancer to route traffic.
D. Validate that the resource requirements are within the available project quota limits of each region.
You are analyzing Java applications in production. All applications have Cloud Profiler and Cloud Trace installed and configured by default. You want to determine which applications need performance tuning. What should you do? (Choose two.)
A. Examine the wall-clock time and the CPU time of the application. If the difference is substantial increase the CPU resource allocation.
B. Examine the wall-clock time and the CPU time of the application. If the difference is substantial, increase the memory resource allocation.
C. Examine the wall-clock time and the CPU time of the application. If the difference is substantial, increase the local disk storage allocation.
D. Examine the latency time the wall-clock time and the CPU time of the application. If the latency time is slowly burning down the error budget, and the difference between wall-clock time and CPU time is minimal mark the application for optimization.
E. Examine the heap usage of the application. If the usage is low, mark the application for optimization.
Your organization stores all application logs from multiple Google Cloud projects in a central Cloud Logging project. Your security team wants to enforce a rule that each project team can only view their respective logs and only the operations team can view all the logs. You need to design a solution that meets the security team s requirements while minimizing costs. What should you do?
A. Grant each project team access to the project _Default view in the central logging project. Grant togging viewer access to the operations team in the central logging project.
B. Create Identity and Access Management (IAM) roles for each project team and restrict access to the _Default log view in their individual Google Cloud project. Grant viewer access to the operations team in the central logging project.
C. Create log views for each project team and only show each project team their application logs. Grant the operations team access to the _AllLogs view in the central logging project.
D. Export logs to BigQuery tables for each project team. Grant project teams access to their tables. Grant logs writer access to the operations team in the central logging project.
Your company uses Jenkins running on Google Cloud VM instances for CI/CD. You need to extend the functionality to use infrastructure as code automation by using Terraform. You must ensure that the Terraform Jenkins instance is authorized to create Google Cloud resources. You want to follow Google-recommended practices. What should you do?
A. Confirm that the Jenkins VM instance has an attached service account with the appropriate Identity and Access Management (IAM) permissions.
B. Use the Terraform module so that Secret Manager can retrieve credentials.
C. Create a dedicated service account for the Terraform instance. Download and copy the secret key value to the GOOGLE_CREDENTIALS environment variable on the Jenkins server.
D. Add the gcloud auth application-default login command as a step in Jenkins before running the Terraform commands.
You encounter a large number of outages in the production systems you support. You receive alerts for all the outages, the alerts are due to unhealthy systems that are automatically restarted within a minute. You want to set up a process that would prevent staff burnout while following Site Reliability Engineering (SRE) practices. What should you do?
A. Eliminate alerts that are not actionable
B. Redefine the related SLO so that the error budget is not exhausted
C. Distribute the alerts to engineers in different time zones
D. Create an incident report for each of the alerts
As part of your company's initiative to shift left on security, the InfoSec team is asking all teams to implement guard rails on all the Google Kubernetes Engine (GKE) clusters to only allow the deployment of trusted and approved images. You need to determine how to satisfy the InfoSec team's goal of shifting left on security. What should you do?
A. Enable Container Analysis in Artifact Registry, and check for common vulnerabilities and exposures (CVEs) in your container images
B. Use Binary Authorization to attest images during your CI/CD pipeline
C. Configure Identity and Access Management (IAM) policies to create a least privilege model on your GKE clusters.
D. Deploy Falco or Twistlock on GKE to monitor for vulnerabilities on your running Pods
Your company operates in a highly regulated domain. Your security team requires that only trusted container images can be deployed to Google Kubernetes Engine (GKE). You need to implement a solution that meets the requirements of the security team while minimizing management overhead. What should you do?
A. Configure Binary Authorization in your GKE clusters to enforce deploy-time security policies.
B. Grant the roles/artifactregistry.writer role to the Cloud Build service account. Confirm that no employee has Artifact Registry write permission.
C. Use Cloud Run to write and deploy a custom validator. Enable an Eventarc trigger to perform validations when new images are uploaded.
D. Configure Kritis to run in your GKE clusters to enforce deploy-time security policies.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-DEVOPS-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.