Mock-Test Window

20 Questions

Professional cloud devops engineer Quiz

1 :-

You support the backend of a mobile phone game that runs on a Google Kubernetes Engine (GKE) cluster. The application is serving HTTP requests from users. You need to implement a solution that will reduce the network cost. What should you do?

Configure The Vpc As A Shared Vpc Host Project. Configure Your Network Services On The Standard Tier. Configure Your Kubernetes Cluster As A Private Cluster. Configure A Google Cloud Http Load Balancer As Ingress

2 :-

You are running a real-time gaming application on Compute Engine that has a production and testing environment. Each environment has their own Virtual Private Cloud (VPC) network. The application frontend and backend servers are located on different subnets in the environment’s VPC. You suspect there is a malicious process communicating intermittently in your production frontend servers. You want to ensure that network traffic is captured for analysis. What should you do?

Enable Vpc Flow Logs On The Production Vpc Network Frontend And Backend Subnets Only With A Sample Volume Scale Of 0.5. Enable Vpc Flow Logs On The Production Vpc Network Frontend And Backend Subnets Only With A Sample Volume Scale Of 1.0. Enable Vpc Flow Logs On The Testing And Production Vpc Network Frontend And Backend Subnets With A Volume Scale Of 0.5. Apply Changes In Testing Before Production. Enable Vpc Flow Logs On The Testing And Production Vpc Network Frontend And Backend Subnets With A Volume Scale Of 1.0. Apply Changes In Testing Before Production.

3 :-

Your company follows Site Reliability Engineering practices. You are the person in charge of Communications for a large, ongoing incident affecting your customer-facing applications. There is still no estimated time for a resolution of the outage. You are receiving emails from internal stakeholders who want updates on the outage, as well as emails from customers who want to know what is happening. You want to efficiently provide updates to everyone affected by the outage. What should you do?

Focus On Responding To Internal Stakeholders At Least Every 30 Minutes. Commit To “next Update" Times. Provide Periodic Updates To All Stakeholders In A Timely Manner. Commit To A “next Update" Time In All Communications. Delegate The Responding To Internal Stakeholder Emails To Another Member Of The Incident Response Team. Focus On Providing Responses Directly To Customers. Provide All Internal Stakeholder Emails To The Incident Commander And Allow Them To Manage Internal Communications. Focus On Providing Responses Directly To Customers.

4 :-

You need to deploy a new service to production. The service needs to automatically scale using a Managed Instance Group (MIG) and should be deployed over multiple regions. The service needs a large number of resources for each instance and you need to plan for capacity. What should you do?

Use The N1-highcpu-96 Machine Type In The Configuration Of The Mig. Monitor Results Of Cloud Trace To Determine The Required Amount Of Resources. Validate That The Resource Requirements Are Within The Available Quota Limits Of Each Region. Deploy The Service In One Region And Use A Global Load Balancer To Route Traffic To This Region

5 :-

You have a set of applications running on a Google Kubernetes Engine (GKE) cluster, and you are using Cloud Operations for GKE. You are bringing a new containerized application required by your company into production. This application is written by a third party and cannot be modified or reconfigured. The application writes its log information to /var/log/app_messages.log, and you want to send these log entries to Cloud Logging. What should you do?

Use The Default Cloud Operations For Gke Agent Configuration. Deploy A Fluentd Daemonset To Gke. Then Create A Customized Input And Output Configuration To Tail The Log File In The Application's Pods And Write To Cloud Logging. Install Kubernetes On Google Compute Engine (gce) And Redeploy Your Applications. Then Customize The Built-in Cloud Logging Configuration To Tail The Log File In The Application's Pods And Write To Cloud Logging. Write A Script To Tail The Log File Within The Pod And Write Entries To Standard Output. Run The Script As A Sidecar Container With The Application's Pod. Configure A Shared Volume Between The Containers To Allow The Script To Have Read Access To /var/log In The Application Container

6 :-

Your application images are built using Cloud Build and pushed to Artifact Registry. You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What should you do when you push the image?

Update The Source Control Release Version Tag With The Image Digest After Pushing To Artifact Registry. Use Cloud Build To Tag The Image With The Release Version Tag Before Pushing To Artifact Registry. Use Cloud Build To Include The Release Version Tag As An Environment Variable In The Application Image. Use Artifact Registry Digest Versioning To Match The Image To The Release Version Tag In Source Control.

7 :-

You are performing a semi-annual capacity planning exercise for your flagship service. You expect a service user growth rate of 10% month-over-month over the next six months. Your service is fully containerized and runs on Google Cloud, using a Google Kubernetes Engine (GKE) Standard regional cluster on three zones with cluster autoscaler enabled. You currently consume about 30% of your total deployed CPU capacity, and you require resilience against the failure of a zone. You want to ensure that your users experience minimal negative impact as a result of this growth or as a result of zone failure, while avoiding unnecessary costs. How should you prepare to handle the predicted growth?

8 :-

You support an application running on App Engine. The application is used globally and accessed from various device types. You want to know the number of connections. You are using Cloud Monitoring for App Engine. What metric should you use?

Flex/connections/current Tcp_ssl_proxy/new_connections Tcp_ssl_proxy/open_connections Flex/instance/connections/curren

9 :-

You are managing an application that exposes an HTTP endpoint without using a load balancer. The latency of the HTTP responses is important for the user experience. You want to understand what HTTP latencies all of your users are experiencing. You use Cloud Monitoring. What should you do?

10 :-

You use Spinnaker to deploy your application and have created a canary deployment stage in the pipeline. Your application has an in-memory cache that loads objects at start time. You want to automate the comparison of the canary version against the production version. How should you configure the canary analysis?

Compare The Canary With A New Deployment Of The Current Production Version. Compare The Canary With A New Deployment Of The Previous Production Version Compare The Canary With The Existing Deployment Of The Current Production Version Compare The Canary With The Average Performance Of A Sliding Window Of Previous Production Versions.

11 :-

You manage an application that is writing logs to Cloud Logging. You need to give some team members the ability to export logs. What should you do?

Grant The Team Members The Iam Role Of Logging.configwriter On Identity And Access Management (iam). Configure Access Context Manager To Allow Only These Members To Export Logs. Create And Grant A Custom Iam Role With The Permissions Logging.sinks.list And Logging.sink.get. Create An Organizational Policy In Iam To Allow Only These Members To Create Log Exports.

12 :-

Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach. What should you do?

Prompt Developers For Secrets At Build Time. Instruct Developers To Not Store Secrets At Rest. Store Secrets In A Separate Configuration File On Git. Provide Select Developers With Access To The Configuration File. Store Secrets In Cloud Storage Encrypted With A Key From Cloud Kms. Provide The Ci/cd Pipeline With Access To Cloud Kms Via Iam. Encrypt The Secrets And Store Them In The Source Code Repository. Store A Decryption Key In A Separate Repository And Grant Your Pipeline Access To It.

13 :-

You currently store the virtual machine (VM) utilization logs in Cloud Logging. You need to provide an easy-to-share interactive VM utilization dashboard that is updated in real time and contains information aggregated on a quarterly basis. You want to use Google Cloud solutions. What should you do?

1. Export Vm Utilization Logs From Cloud Logging To Bigquery. 2. Create A Dashboard In Data Studio. 3. Share The Dashboard With Your Stakeholders. 1. Export Vm Utilization Logs From Cloud Logging To Pub/sub 2. From Pub/sub Send The Logs To A Security Information And Event Management (siem) System. 3. Build The Dashboards In The Siem System And Share With Your Stakeholders. 1. Export Vm Utilization Logs From Cloud Logging To Bigquery. 2. From Bigquery Export The Logs To A Csv File. 3. Import The Csv File Into Google Sheets. 4. Build A Dashboard In Google Sheets And Share It With Your Stakeholders. 1. Export Vm Utilization Logs From Cloud Logging To A Cloud Storage Bucket. 2. Enable The Cloud Storage Api To Pull The Logs Programmatically. 3. Build A Custom Data Visualization Application. 4. Display The Pulled Logs In A Custom Dashboard.

14 :-

Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to the production environment. A recent security audit alerted your team that the code pushed to production could contain vulnerabilities and that the existing tooling around virtual machine (VM) vulnerabilities no longer applies to the containerized environment. You need to ensure the security and patch level of all code running through the pipeline. What should you do?

Set Up Container Analysis To Scan And Report Common Vulnerabilities And Exposures. Configure The Containers In The Build Pipeline To Always Update Themselves Before Release. Reconfigure The Existing Operating System Vulnerability Software To Exist Inside The Container. Implement Static Code Analysis Tooling Against The Docker Files Used To Create The Containers.

15 :-

You are deploying an application that needs to access sensitive information. You need to ensure that this information is encrypted and the risk of exposure is minimal if a breach occurs. What should you do?

Store The Encryption Keys In Cloud Key Management Service (kms) And Rotate The Keys Frequently Inject The Secret At The Time Of Instance Creation Via An Encrypted Configuration Management System Integrate The Application With A Single Sign-on (sso) System And Do Not Expose Secrets To The Application. Leverage A Continuous Build Pipeline That Produces Multiple Versions Of The Secret For Each Instance Of The Application.

16 :-

Your application images are built and pushed to Artifact Registry. You want to build an automated pipeline that deploys the application when the image is updated while minimizing the development effort. What should you do?

Use Cloud Build To Trigger A Spinnaker Pipeline Use Pub/sub To Trigger A Spinnaker Pipeline. Use A Custom Builder In Cloud Build To Trigger Jenkins Pipeline. Use Pub/sub To Trigger A Custom Deployment Service Running In Google Kubernetes Engine (gke).

17 :-

You need to reduce the cost of virtual machines (VM) for your organization. After reviewing different options, you decide to leverage preemptible VM instances. Which application is suitable for preemptible VMs?

A Scalable In-memory Caching System. The Organization’s Public-facing Website. A Distributed Eventually Consistent Nosql Database Cluster With Sufficient Quorum. A Gpu-accelerated Video Rendering Platform That Retrieves And Stores Videos In A Storage Bucket

18 :-

You are running an application in a virtual machine (VM) using a custom Debian image. The image has the Cloud Logging agent installed. The VM has the cloud-platform scope. The application is logging information via syslog. You want to use Cloud Logging in the Google Cloud Platform Console to visualize the logs. You notice that syslog is not showing up in the "All logs" dropdown list of the Logs Viewer. What is the first thing you should do?

Look For The Agent’s Test Log Entry In The Logs Viewer. Install The Most Recent Version Of The Cloud Logging Agent. Verify The Vm Service Account Access Scope Includes The Monitoring.write Scope Ssh To The Vm And Execute The Following Commands On Your Vm: Ps Ax | Grep Fluentd.

19 :-

Your team is designing a new application for deployment into Google Kubernetes Engine (GKE). You need to set up monitoring to collect and aggregate various application-level metrics in a centralized location. You want to use Google Cloud services while minimizing the amount of work required to set up monitoring. What should you do?

20 :-

Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to a Kubernetes cluster in the production environment. The security auditor is concerned that developers or operators could circumvent automated testing and push code changes to production without approval. What should you do to enforce approvals?

Configure The Build System With Protected Branches That Require Pull Request Approval. Use An Admission Controller To Verify That Incoming Requests Originate From Approved Sources Leverage Kubernetes Role-based Access Control (rbac) To Restrict Access To Only Approved Users. Enable Binary Authorization Inside The Kubernetes Cluster And Configure The Build Pipeline As An Attestor.

Back

Professional cloud devops engineer Quiz

🏅