Free GCP-PCDOE Sample Questions — Google Cloud Platform - Professional Cloud DevOps Engineer

Your company wants to implement a CD pipeline in Cloud Deploy for a web service deployed to GKE. The web service currently does not have any automated testing. The Quality Assurance team must manually verify any new releases of the web service before any production traffic is processed. You need to design the CD pipeline. What should you do?

• A. Create a single pipeline stage, and use a standard deployment strategy
• B. Create a single pipeline stage, and use a canary deployment strategy
• C. Create two pipeline stages, and use a canary deployment strategy
• D. Create two pipeline stages, and use a standard deployment strategy

Your company follows Site Reliability Engineering principles. You are writing a postmortem for an incident, triggered by a software change, that severely affected users. You want to prevent severe incidents from happening in the future. What should you do?

• A. Identify engineers responsible for the incident and escalate to their senior management
• B. Ensure that test cases that catch errors of this type are run successfully before new software releases
• C. Follow up with the employees who reviewed the changes and prescribe practices they should follow in the future
• D. Design a policy that will require on-call teams to immediately call engineers and management to discuss a plan of action if an incident occurs

You are the Site Reliability Engineer responsible for managing your company's data services and products. You regularly navigate operational challenges, such as unpredictable data volume and high cost, with your company's data ingestion processes. You recently learned that a new data ingestion product will be developed in Google Cloud. You need to collaborate with the product development team to provide operational input on the new product. What should you do?

• A. Deploy the prototype product in a test environment, run a load test, and share the results with the product development team
• B. When the initial product version passes the quality assurance phase and compliance assessments, deploy the product to a staging environment. Share error logs and performance metrics with the product development team
• C. When the new product is used by at least one internal customer in production, share error logs and monitoring metrics with the product development team
• D. Review the design of the product with the product development team to provide feedback early in the design phase

Your application's performance in Google Cloud has degraded since the last release. You suspect that downstream dependencies might be causing some requests to take longer to complete. You need to investigate the issue with your application to determine the cause. What should you do?

• A. Configure Error Reporting in your application
• B. Configure Google Cloud Managed Service for Prometheus in your application
• C. Configure Cloud Profiler in your application
• D. Configure Cloud Trace in your application

You are building the CI/CD pipeline for an application deployed to Google Kubernetes Engine (GKE). The application is deployed by using a Kubernetes Deployment, Service, and Ingress. The application team asked you to deploy the application by using the blue/green deployment methodology. You need to implement the rollback actions. What should you do?

• A. Run the kubectl rollout undo command
• B. Delete the new container image, and delete the running Pods
• C. Update the Kubernetes Service to point to the previous Kubernetes Deployment
• D. Scale the new Kubernetes Deployment to zero

You recently migrated an ecommerce application to Google Cloud. You now need to prepare the application for the upcoming peak traffic season. You want to follow Google-recommended practices. What should you do first to prepare for the busy season?

• A. Migrate the application to Cloud Run, and use autoscaling
• B. Create a Terraform configuration for the application's underlying infrastructure to quickly deploy to additional regions
• C. Load test the application to profile its performance for scaling
• D. Pre-provision the additional compute power that was used last season, and expect growth

You have a CI/CD pipeline that uses Cloud Build to build new Docker images and push them to Docker Hub. You use Git for code versioning. After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline. You need to resolve the issue following Site Reliability Engineering practices. What should you do?

• A. Disable the CI pipeline and revert to manually building and pushing the artifacts
• B. Change the CI pipeline to push the artifacts is Container Registry instead of Docker Hub
• C. Upload the configuration YAML file to Cloud Storage and use Error Reporting to identify and fix the issue
• D. Run a Git compare between the previous and current Cloud Build Configuration files to find and fix the bug

You are designing a deployment technique for your applications on Google Cloud. As part of your deployment planning, you want to use live traffic to gather performance metrics for new versions of your applications. You need to test against the full production load before your applications are launched. What should you do?

• A. Use A/B testing with blue/green deployment
• B. Use canary testing with continuous deployment
• C. Use canary testing with rolling updates deployment
• D. Use shadow testing with continuous deployment

You are implementing a CI/CD pipeline for your application in your company’s multi-cloud environment. Your application is deployed by using custom Compute Engine images and the equivalent in other cloud providers. You need to implement a solution that will enable you to build and deploy the images to your current environment and is adaptable to future changes. Which solution stack should you use?

• A. Cloud Build with Packer
• B. Cloud Build with Google Cloud Deploy
• C. Google Kubernetes Engine with Google Cloud Deploy
• D. Cloud Build with kpt

You are building and running client applications in Cloud Run and Cloud Functions. Your client requires that all logs must be available for one year so that the client can import the logs into their logging service. You must minimize required code changes. What should you do?

• A. Update all images in Cloud Run and all functions in Cloud Functions to send logs to both Cloud Logging and the client's logging service. Ensure that all the ports required to send logs are open in the VPC firewall
• B. Create a Pub/Sub topic, subscription, and logging sink. Configure the logging sink to send all logs into the topic. Give your client access to the topic to retrieve the logs
• C. Create a storage bucket and appropriate VPC firewall rules. Update all images in Cloud Run and all functions in Cloud Functions to send logs to a file within the storage bucket
• D. Create a logs bucket and logging sink. Set the retention on the logs bucket to 365 days. Configure the logging sink to send logs to the bucket. Give your client access to the bucket to retrieve the logs

You support a stateless web-based API that is deployed on a single Compute Engine instance in the europe-west2-a zone. The Service Level Indicator (SLI) for service availability is below the specified Service Level Objective (SLO). A postmortem has revealed that requests to the API regularly time out. The time outs are due to the API having a high number of requests and running out memory. You want to improve service availability. What should you do?

• A. Change the specified SLO to match the measured SLI
• B. Move the service to higher-specification compute instances with more memory
• C. Set up additional service instances in other zones and load balance the traffic between all instances
• D. Set up additional service instances in other zones and use them as a failover in case the primary instance is unavailable

Your company operates in a highly regulated domain. Your security team requires that only trusted container images can be deployed to Google Kubernetes Engine (GKE). You need to implement a solution that meets the requirements of the security team while minimizing management overhead. What should you do?

• A. Configure Binary Authorization in your GKE clusters to enforce deploy-time security policies
• B. Grant the roles/artifactregistry.writer role to the Cloud Build service account. Confirm that no employee has Artifact Registry write permission
• C. Use Cloud Run to write and deploy a custom validator. Enable an Eventarc trigger to perform validations when new images are uploaded
• D. Configure Kritis to run in your GKE clusters to enforce deploy-time security policies

You are designing a new multi-tenant Google Kubernetes Engine (GKE) cluster for a customer. Your customer is concerned with the risks associated with long-lived credentials use. The customer requires that each GKE workload has the minimum Identity and Access Management (IAM) permissions set following the principle of least privilege (PoLP). You need to design an IAM impersonation solution while following Google-recommended practices. What should you do?

• A. 1. Create a Google service account. 2. Create a node pool, and set the Google service account as the default identity. 3. Ensure that workloads can only run on the designated node pool by using node selectors, taints, and tolerations. 4. Repeat for each workload
• B. 1. Create a Google service account. 2. Create a node pool without taints, and set the Google service account as the default identity. 3. Grant IAM permissions to the Google service account
• C. 1. Create a Google service account. 2. Create a Kubernetes service account in a Workload Identity-enabled cluster. 3. Link the Google service account with the Kubernetes service account by using the roles/iam.workloadIdentityUser role and iam.gke.io/gcp-service-account annotation. 4. Map the Kubernetes service account to the workload. 5. Repeat for each workload
• D. 1. Create a Google service account. 2. Create a service account key for the Google service account. 3. Create a Kubernetes secret with a service account key. 4. Ensure that workload mounts the secret and set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point at the mount path. 5. Repeat for each workload

You are the Operations Lead for an ongoing incident with one of your services. The service usually runs at around 70% capacity. You notice that one node is returning 5xx errors for all requests. There has also been a noticeable increase in support cases from customers. You need to remove the offending node from the load balancer pool so that you can isolate and investigate the node. You want to follow Google-recommended practices to manage the incident and reduce the impact on users. What should you do?

• A. 1. Communicate your intent to the incident team. 2. Perform a load analysis to determine if the remaining nodes can handle the increase in traffic offloaded from the removed node, and scale appropriately. 3. When any new nodes report healthy, drain traffic from the unhealthy node, and remove the unhealthy node from service
• B. 1. Communicate your intent to the incident team. 2. Add a new node to the pool, and wait for the new node to report as healthy. 3. When traffic is being served on the new node, drain traffic from the unhealthy node, and remove the old node from service
• C. 1. Drain traffic from the unhealthy node and remove the node from service. 2. Monitor traffic to ensure that the error is resolved and that the other nodes in the pool are handling the traffic appropriately. 3. Scale the pool as necessary to handle the new load. 4. Communicate your actions to the incident team
• D. 1. Drain traffic from the unhealthy node and remove the old node from service. 2. Add a new node to the pool, wait for the new node to report as healthy, and then serve traffic to the new node. 3. Monitor traffic to ensure that the pool is healthy and is handling traffic appropriately. 4. Communicate your actions to the incident team

You are troubleshooting a failed deployment in your CI/CD pipeline. The deployment logs indicate that the application container failed to start due to a missing environment variable. You need to identify the root cause and implement a solution within your CI/CD workflow to prevent this issue from recurring. What should you do?

• A. Use a canary deployment strategy
• B. Implement static code analysis in the CI pipeline
• C. Run integration tests in the CI pipeline
• D. Enable Cloud Audit Logs for the deployment

Your team is designing a new application for deployment both inside and outside Google Cloud Platform (GCP). You need to collect detailed metrics such as system resource utilization. You want to use centralized GCP services while minimizing the amount of work required to set up this collection system. What should you do?

• A. Import the Stackdriver Profiler package, and configure it to relay function timing data to Stackdriver for further analysis
• B. Import the Stackdriver Debugger package, and configure the application to emit debug messages with timing information
• C. Instrument the code using a timing library, and publish the metrics via a health check endpoint that is scraped by Stackdriver
• D. Install an Application Performance Monitoring (APM) tool in both locations, and configure an export to a central data storage location for analysis

You are configuring Cloud Logging for a new application that runs on a Compute Engine instance with a public IP address. A user-managed service account is attached to the instance. You confirmed that the necessary agents are running on the instance but you cannot see any log entries from the instance in Cloud Logging. You want to resolve the issue by following Google-recommended practices. What should you do?

• A. Export the service account key and configure the agents to use the key
• B. Update the instance to use the default Compute Engine service account
• C. Add the Logs Writer role to the service account
• D. Enable Private Google Access on the subnet that the instance is in

You support an application running on GCP and want to configure SMS notifications to your team for the most critical alerts in Stackdriver Monitoring. You have already identified the alerting policies you want to configure this for. What should you do?

• A. Download and configure a third-party integration between Stackdriver Monitoring and an SMS gateway. Ensure that your team members add their SMS/phone numbers to the external tool
• B. Select the Webhook notifications option for each alerting policy, and configure it to use a third-party integration tool. Ensure that your team members add their SMS/phone numbers to the external tool
• C. Ensure that your team members set their SMS/phone numbers in their Stackdriver Profile. Select the SMS notification option for each alerting policy and then select the appropriate SMS/phone numbers from the list
• D. Configure a Slack notification for each alerting policy. Set up a Slack-to-SMS integration to send SMS messages when Slack messages are received. Ensure that your team members add their SMS/phone numbers to the external integration

Your CTO has asked you to implement a postmortem policy on every incident for internal use. You want to define what a good postmortem is to ensure that the policy is successful at your company. What should you do? (Choose two.)

• A. Ensure that all postmortems include what caused the incident, identify the person or team responsible for causing the incident, and how to prevent a future occurrence of the incident
• B. Ensure that all postmortems include what caused the incident, how the incident could have been worse, and how to prevent a future occurrence of the incident
• C. Ensure that all postmortems include the severity of the incident, how to prevent a future occurrence of the incident, and what caused the incident without naming internal system components
• D. Ensure that all postmortems include how the incident was resolved and what caused the incident without naming customer information
• E. Ensure that all postmortems include all incident participants in postmortem authoring and share postmortems as widely as possible

You support a user-facing web application. When analyzing the application's error budget over the previous six months, you notice that the application has never consumed more than 5% of its error budget in any given time window. You hold a Service Level Objective (SLO) review with business stakeholders and confirm that the SLO is set appropriately. You want your application's SLO to more closely reflect its observed reliability. What steps can you take to further that goal while balancing velocity, reliability, and business needs? (Choose two.)

• A. Add more serving capacity to all of your application's zones
• B. Have more frequent or potentially risky application releases
• C. Tighten the SLO match the application's observed reliability
• D. Implement and measure additional Service Level Indicators (SLIs) fro the application
• E. Announce planned downtime to consume more error budget, and ensure that users are not depending on a tighter SLO