Exam Details

  • Exam Code
    :PROFESSIONAL-CLOUD-DEVOPS-ENGINEER
  • Exam Name
    :Professional Cloud DevOps Engineer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :165 Q&As
  • Last Updated
    :Jun 07, 2025

Google Google Certifications PROFESSIONAL-CLOUD-DEVOPS-ENGINEER Questions & Answers

  • Question 141:

    You need to introduce postmortems into your organization. You want to ensure that the postmortem process is well received. What should you do? (Choose two.)

    A. Encourage new employees to conduct postmortems to team through practice.

    B. Create a designated team that is responsible for conducting all postmortems.

    C. Encourage your senior leadership to acknowledge and participate in postmortems.

    D. Ensure that writing effective postmortems is a rewarded and celebrated practice.

    E. Provide your organization with a forum to critique previous postmortems.

  • Question 142:

    You need to enforce several constraint templates across your Google Kubernetes Engine (GKE) clusters. The constraints include policy parameters, such as restricting the Kubernetes API. You must ensure that the policy parameters are stored in a GitHub repository and automatically applied when changes occur. What should you do?

    A. Set up a GitHub action to trigger Cloud Build when there is a parameter change. In Cloud Build, run a gcloud CLI command to apply the change.

    B. When there is a change in GitHub. use a web hook to send a request to Anthos Service Mesh, and apply the change.

    C. Configure Anthos Config Management with the GitHub repository. When there is a change in the repository, use Anthos Config Management to apply the change.

    D. Configure Config Connector with the GitHub repository. When there is a change in the repository, use Config Connector to apply the change.

  • Question 143:

    You are the Operations Lead for an ongoing incident with one of your services. The service usually runs at around 70% capacity. You notice that one node is returning 5xx errors for all requests. There has also been a noticeable increase in support cases from customers. You need to remove the offending node from the load balancer pool so that you can isolate and investigate the node. You want to follow Google-recommended practices to manage the incident and reduce the impact on users. What should you do?

    A. 1. Communicate your intent to the incident team.

    2.

    Perform a load analysis to determine if the remaining nodes can handle the increase in traffic offloaded from the removed node, and scale appropriately.

    3.

    When any new nodes report healthy, drain traffic from the unhealthy node, and remove the unhealthy node from service.

    B. 1. Communicate your intent to the incident team.

    2.

    Add a new node to the pool, and wait for the new node to report as healthy.

    3.

    When traffic is being served on the new node, drain traffic from the unhealthy node, and remove the old node from service.

    C. 1. Drain traffic from the unhealthy node and remove the node from service.

    2.

    Monitor traffic to ensure that the error is resolved and that the other nodes in the pool are handling the traffic appropriately.

    3.

    Scale the pool as necessary to handle the new load.

    4.

    Communicate your actions to the incident team.

    D. 1. Drain traffic from the unhealthy node and remove the old node from service.

    2.

    Add a new node to the pool, wait for the new node to report as healthy, and then serve traffic to the new node.

    3.

    Monitor traffic to ensure that the pool is healthy and is handling traffic appropriately.

    4.

    Communicate your actions to the incident team.

  • Question 144:

    You are configuring your CI/CD pipeline natively on Google Cloud. You want builds in a pre-production Google Kubernetes Engine (GKE) environment to be automatically load-tested before being promoted to the production GKE environment. You need to ensure that only builds that have passed this test are deployed to production. You want to follow Google-recommended practices. How should you configure this pipeline with Binary Authorization?

    A. Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using their personal private key.

    B. Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) with a service account JSON key stored as a Kubernetes Secret.

    C. Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) authenticated through Workload Identity.

    D. Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using a key stored in Cloud Key Management Service (Cloud KMS).

  • Question 145:

    You are deploying an application to Cloud Run. The application requires a password to start. Your organization requires that all passwords are rotated every 24 hours, and your application must have the latest password. You need to deploy the application with no downtime. What should you do?

    A. Store the password in Secret Manager and send the secret to the application by using environment variables.

    B. Store the password in Secret Manager and mount the secret as a volume within the application.

    C. Use Cloud Build to add your password into the application container at build time. Ensure that Artifact Registry is secured from public access.

    D. Store the password directly in the code. Use Cloud Build to rebuild and deploy the application each time the password changes.

  • Question 146:

    Your company runs applications in Google Kubernetes Engine (GKE) that are deployed following a GitOps methodology. Application developers frequently create cloud resources to support their applications. You want to give developers the ability to manage infrastructure as code, while ensuring that you follow Google-recommended practices. You need to ensure that infrastructure as code reconciles periodically to avoid configuration drift. What should you do?

    A. Install and configure Config Connector in Google Kubernetes Engine (GKE).

    B. Configure Cloud Build with a Terraform builder to execute terraform plan and terraform apply commands.

    C. Create a Pod resource with a Terraform docker image to execute terraform plan and terraform apply commands.

    D. Create a Job resource with a Terraform docker image to execute terraform plan and terraform apply commands.

  • Question 147:

    You are designing a system with three different environments: development, quality assurance (QA), and production. Each environment will be deployed with Terraform and has a Google Kubernetes Engine (GKE) cluster created so that application teams can deploy their applications. Anthos Config Management will be used and templated to deploy infrastructure level resources in each GKE cluster. All users (for example, infrastructure operators and application owners) will use GitOps. How should you structure your source control repositories for both Infrastructure as Code (IaC) and application code?

    A. Cloud Infrastructure (Terraform) repository is shared: different directories are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repository is shared: different overlay directories are different environments Application (app source code) repositories are separated: different branches are different features

    B. Cloud Infrastructure (Terraform) repository is shared: different directories are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repositories are separated: different branches are different environments Application (app source code) repositories are separated: different branches are different features

    C. Cloud Infrastructure (Terraform) repository is shared: different branches are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repository is shared: different overlay directories are different environments Application (app source code) repository is shared: different directories are different features

    D. Cloud Infrastructure (Terraform) repositories are separated: different branches are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repositories are separated: different overlay directories are different environments Application (app source code) repositories are separated: different branches are different

  • Question 148:

    You are configuring Cloud Logging for a new application that runs on a Compute Engine instance with a public IP address. A user-managed service account is attached to the instance. You confirmed that the necessary agents are running on the instance but you cannot see any log entries from the instance in Cloud Logging. You want to resolve the issue by following Google-recommended practices. What should you do?

    A. Export the service account key and configure the agents to use the key.

    B. Update the instance to use the default Compute Engine service account.

    C. Add the Logs Writer role to the service account.

    D. Enable Private Google Access on the subnet that the instance is in.

  • Question 149:

    As a Site Reliability Engineer, you support an application written in Go that runs on Google Kubernetes Engine (GKE) in production. After releasing a new version of the application, you notice the application runs for about 15 minutes and then restarts. You decide to add Cloud Profiler to your application and now notice that the heap usage grows constantly until the application restarts. What should you do?

    A. Increase the CPU limit in the application deployment.

    B. Add high memory compute nodes to the cluster.

    C. Increase the memory limit in the application deployment.

    D. Add Cloud Trace to the application, and redeploy.

  • Question 150:

    You are deploying a Cloud Build job that deploys Terraform code when a Git branch is updated. While testing, you noticed that the job fails. You see the following error in the build logs:

    Initializing the backend...

    Error: Failed to get existing workspaces: querying Cloud Storage failed: googleapi: Error 403

    You need to resolve the issue by following Google-recommended practices. What should you do?

    A. Change the Terraform code to use local state.

    B. Create a storage bucket with the name specified in the Terraform configuration.

    C. Grant the roles/owner Identity and Access Management (IAM) role to the Cloud Build service account on the project.

    D. Grant the roles/storage.objectAdmin Identity and Access Management (1AM) role to the Cloud Build service account on the state file bucket.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-DEVOPS-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.