Google Cloud DevOps Engineer PROFESSIONAL-CLOUD-DEVOPS-ENGINEER Questions & Answers

• Question 21:

  You support a web application that runs on App Engine and uses CloudSQL and Cloud Storage for data storage. After a short spike in website traffic, you notice a big increase in latency for all user requests, increase in CPU use, and the

  number of processes running the application. Initial troubleshooting reveals:

  After the initial spike in traffic, load levels returned to normal but users still experience high latency.

  Requests for content from the CloudSQL database and images from Cloud Storage show the same high latency.

  No changes were made to the website around the time the latency increased.

  There is no increase in the number of errors to the users.

  You expect another spike in website traffic in the coming days and want to make sure users don't experience latency. What should you do?

  A. Upgrade the GCS buckets to Multi-Regional.

  B. Enable high availability on the CloudSQL instances.

  C. Move the application from App Engine to Compute Engine.

  D. Modify the App Engine configuration to have additional idle instances.

  Correct Answer: D

  Scaling App Engine scales the number of instances automatically in response to processing volume. This scaling factors in the automatic_scaling settings that are provided on a per-version basis in the configuration file. A service with basic scaling is configured by setting the maximum number of instances in the max_instances parameter of the basic_scaling setting. The number of live instances scales with the processing volume. You configure the number of instances of each version in that service's configuration file. The number of instances usually corresponds to the size of a dataset being held in memory or the desired throughput for offline work. You can adjust the number of instances of a manually-scaled version very quickly, without stopping instances that are currently running, using the Modules API set_num_instances function.

  https://cloud.google.com/appengine/docs/standard/python/how-instances-are-managed

• Question 22:

  You are deploying an application that needs to access sensitive information. You need to ensure that this information is encrypted and the risk of exposure is minimal if a breach occurs. What should you do?

  A. Store the encryption keys in Cloud Key Management Service (KMS) and rotate the keys frequently

  B. Inject the secret at the time of instance creation via an encrypted configuration management system.

  C. Integrate the application with a Single sign-on (SSO) system and do not expose secrets to the application.

  D. Leverage a continuous build pipeline that produces multiple versions of the secret for each instance of the application.

  Correct Answer: A

  Store the encryption keys in Cloud Key Management Service (KMS) and rotate the keys frequently. This ensures that the sensitive information is encrypted at rest and in transit, and that the encryption keys are regularly rotated to minimize the risk of exposure in the event of a breach.

• Question 23:

  You encounter a large number of outages in the production systems you support. You receive alerts for all the outages that wake you up at night. The alerts are due to unhealthy systems that are automatically restarted within a minute. You want to set up a process that would prevent staff burnout while following Site Reliability Engineering practices. What should you do?

  A. Eliminate unactionable alerts.

  B. Create an incident report for each of the alerts.

  C. Distribute the alerts to engineers in different time zones.

  D. Redefine the related Service Level Objective so that the error budget is not exhausted.

  Correct Answer: A

• Question 24:

  You use Cloud Build to build your application. You want to reduce the build time while minimizing cost and development effort. What should you do?

  A. Use Cloud Storage to cache intermediate artifacts.

  B. Run multiple Jenkins agents to parallelize the build.

  C. Use multiple smaller build steps to minimize execution time.

  D. Use larger Cloud Build virtual machines (VMs) by using the machine-type option.

  Correct Answer: A

  https://cloud.google.com/storage/docs/best-practices

• Question 25:

  You support a web application that is hosted on Compute Engine. The application provides a booking service for thousands of users. Shortly after the release of a new feature, your monitoring dashboard shows that all users are experiencing latency at login. You want to mitigate the impact of the incident on the users of your service. What should you do first?

  A. Roll back the recent release.

  B. Review the Stackdriver monitoring.

  C. Upsize the virtual machines running the login services.

  D. Deploy a new release to see whether it fixes the problem.

  Correct Answer: A

  Roll back the recent release. This would be the quickest way to remove the new feature that is causing the latency and restore the application to its previous state. This would immediately mitigate the impact on users, while you continue to investigate the issue with the new feature and identify a long-term solution.

• Question 26:

  Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to the production environment. A recent security audit alerted your team that the code pushed to production could contain vulnerabilities and that the existing tooling around virtual machine (VM) vulnerabilities no longer applies to the containerized environment. You need to

  ensure the security and patch level of all code running through the pipeline. What should you do?

  A. Set up Container Analysis to scan and report Common Vulnerabilities and Exposures.

  B. Configure the containers in the build pipeline to always update themselves before release.

  C. Reconfigure the existing operating system vulnerability software to exist inside the container.

  D. Implement static code analysis tooling against the Docker files used to create the containers.

  Correct Answer: A

  To ensure the security and patch level of all code running through the pipeline, you should set up Container Analysis to scan and report Common Vulnerabilities and Exposures. Container Analysis is a service on GCP that allows you to scan and analyze container images for vulnerabilities, malware and other issues. This will help you identify vulnerabilities in your container images and take appropriate action to address them.

• Question 27:

  You are using Stackdriver to monitor applications hosted on Google Cloud Platform (GCP). You recently deployed a new application, but its logs are not appearing on the Stackdriver dashboard.

  You need to troubleshoot the issue. What should you do?

  A. Confirm that the Stackdriver agent has been installed in the hosting virtual machine.

  B. Confirm that your account has the proper permissions to use the Stackdriver dashboard.

  C. Confirm that port 25 has been opened in the firewall to allow messages through to Stackdriver.

  D. Confirm that the application is using the required client library and the service account key has proper permissions.

  Correct Answer: A

  Using a version-control system such as Git, allows you to store different versions of the code and track changes that are made to it. This allows you to easily roll back to a previous version if necessary, and ensures that all team members are working on the same version of the code. It also allows team members to collaborate on the code and merge changes with the master version. This is the most effective way to share code and maintain versioning, as it provides a centralized location for all code and allows for easy collaboration and management of code changes.

• Question 28:

  Your team of Infrastructure DevOps Engineers is growing, and you are starting to use Terraform to manage infrastructure. You need a way to implement code versioning and to share code with other team members. What should you do?

  A. Store the Terraform code in a version-control system. Establish procedures for pushing new versions and merging with the master.

  B. Store the Terraform code in a network shared folder with child folders for each version release. Ensure that everyone works on different files.

  C. Store the Terraform code in a Cloud Storage bucket using object versioning. Give access to the bucket to every team member so they can download the files.

  D. Store the Terraform code in a shared Google Drive folder so it syncs automatically to every team member's computer. Organize files with a naming convention that identifies each new version.

  Correct Answer: A

  Reference: https://www.terraform.io/docs/cloud/guides/recommended-practices/part3.3.html

• Question 29:

  You are running a real-time gaming application on Compute Engine that has a production and testing environment. Each environment has their own Virtual Private Cloud (VPC) network. The application frontend and backend servers are located on different subnets in the environment's VPC. You suspect there is a malicious process communicating intermittently in your production frontend servers. You want to ensure that network traffic is captured for analysis. What should you do?

  A. Enable VPC Flow Logs on the production VPC network frontend and backend subnets only with a sample volume scale of 0.5.

  B. Enable VPC Flow Logs on the production VPC network frontend and backend subnets only with a sample volume scale of 1.0.

  C. Enable VPC Flow Logs on the testing and production VPC network frontend and backend subnets with a volume scale of 0.5. Apply changes in testing before production.

  D. Enable VPC Flow Logs on the testing and production VPC network frontend and backend subnets with a volume scale of 1.0. Apply changes in testing before production.

  Correct Answer: B

  https://cloud.google.com/vpc/docs/flow-logs#log-sampling

• Question 30:

  You support a stateless web-based API that is deployed on a single Compute Engine instance in the europe-west2-a zone. The Service Level Indicator (SLI) for service availability is below the specified Service Level Objective (SLO). A postmortem has revealed that requests to the API regularly time out. The time outs are due to the API having a high number of requests and running out memory. You want to improve service availability. What should you do?

  A. Change the specified SLO to match the measured SLI

  B. Move the service to higher-specification compute instances with more memory

  C. Set up additional service instances in other zones and load balance the traffic between all instances

  D. Set up additional service instances in other zones and use them as a failover in case the primary instance is unavailable

  Correct Answer: C

  This option will provide redundancy and increase the availability of the service by distributing the traffic across multiple instances. Additionally, if one instance goes down, the load balancer will redirect the traffic to the other healthy instances, minimizing the impact on the service availability.