Professional-Cloud-DevOps-Engineer Free Exam Study Guide! (Updated 166 Questions)
Professional-Cloud-DevOps-Engineer Dumps for Cloud DevOps Engineer Certified Exam Questions and Answer
NEW QUESTION # 74
You are running an experiment to see whether your users like a new feature of a web application. Shortly after deploying the feature as a canary release, you receive a spike in the number of 500 errors sent to users, and your monitoring reports show increased latency. You want to quickly minimize the negative impact on users. What should you do first?
- A. Roll back the experimental canary release.
- B. Record data for the postmortem document of the incident.
- C. Trace the origin of 500 errors and the root cause of increased latency.
- D. Start monitoring latency, traffic, errors, and saturation.
Answer: C
NEW QUESTION # 75
You support a high-traffic web application and want to ensure that the home page loads in a timely manner. As a first step, you decide to implement a Service Level Indicator (SLI) to represent home page request latency with an acceptable page load time set to 100 ms. What is the Google-recommended way of calculating this SLI?
- A. Count the number of home page requests that load in under 100 ms. and then divide by the total number of all web application requests.
- B. Count the number of home page requests that load in under 100 ms, and then divide by the total number of home page requests.
- C. Bucketize the request latencies into ranges, and then compute the median and 90th percentiles.
- D. Buckelize Ihe request latencies into ranges, and then compute the percentile at 100 ms.
Answer: B
Explanation:
https://sre.google/workbook/implementing-slos/
In the SRE principles book, it's recommended treating the SLI as the ratio of two numbers: the number of good events divided by the total number of events. For example: Number of successful HTTP requests / total HTTP requests (success rate)
NEW QUESTION # 76
You have a CI/CD pipeline that uses Cloud Build to build new Docker images and push them to Docker Hub. You use Git for code versioning. After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline. You need to resolve the issue following Site Reliability Engineering practices. What should you do?
- A. Change the CI pipeline to push the artifacts to Container Registry instead of Docker Hub.
- B. Run a Git compare between the previous and current Cloud Build Configuration files to find and fix the bug.
- C. Upload the configuration YAML file to Cloud Storage and use Error Reporting to identify and fix the issue.
- D. Disable the CI pipeline and revert to manually building and pushing the artifacts.
Answer: A
NEW QUESTION # 77
Your organization has a containerized web application that runs on-premises As part of the migration plan to Google Cloud you need to select a deployment strategy and platform that meets the following acceptance criteria
1 The platform must be able to direct traffic from Android devices to an Android-specific microservice
2 The platform must allow for arbitrary percentage-based traffic splitting
3 The deployment strategy must allow for continuous testing of multiple versions of any microservice What should you do?
- A. Deploy the canary release to Google Kubernetes Engine with Anthos Sen/ice Mesh Use traffic splitting to direct 10% of user traffic to the new version based on the user-agent header configured in the virtual service
- B. Deploy the canary release of the application to App Engine Use traffic splitting to direct a subset of user traffic to the new version based on the IP address
- C. Deploy the canary release of the application to Cloud Run Use traffic splitting to direct 10% of user traffic to the canary release based on the revision tag
- D. Deploy the canary release of the application to Compute Engine Use Anthos Service Mesh with Compute Engine to direct 10% of user traffic to the canary release by configuring the virtual service.
Answer: A
Explanation:
The best option for deploying a containerized web application to Google Cloud with the given acceptance criteria is to use Google Kubernetes Engine (GKE) with Anthos Service Mesh. GKE is a managed service for running Kubernetes clusters on Google Cloud, and Anthos Service Mesh is a service mesh that provides observability, traffic management, and security features for microservices. With Anthos Service Mesh, you can use traffic splitting to direct traffic from Android devices to an Android-specific microservice by configuring the user-agent header in the virtual service. You can also use traffic splitting to direct arbitrary percentage-based traffic to different versions of any microservice for continuous testing. For example, you can use a canary release strategy to direct 10% of user traffic to a new version of a microservice and monitor its performance and reliability.
NEW QUESTION # 78
You are creating and assigning action items in a postmodern for an outage. The outage is over, but you need to address the root causes. You want to ensure that your team handles the action items quickly and efficiently. How should you assign owners and collaborators to action items?
- A. Assign multiple owners for each item to guarantee that the team addresses items quickly
- B. Assign the team lead as the owner for all action items because they are in charge of the SRE team.
- C. Assign collaborators but no individual owners to the items to keep the postmortem blameless.
- D. Assign one owner for each action item and any necessary collaborators.
Answer: D
NEW QUESTION # 79
You are configuring connectivity across Google Kubernetes Engine (GKE) clusters in different VPCs You notice that the nodes in Cluster A are unable to access the nodes in Cluster B You suspect that the workload access issue is due to the network configuration You need to troubleshoot the issue but do not have execute access to workloads and nodes You want to identify the layer at which the network connectivity is broken What should you do?
- A. Use a debug container to run the traceroute command from Cluster A to Cluster B and from Cluster B to Cluster A Identify the common failure point
- B. Enable VPC Flow Logs in both VPCs and monitor packet drops
- C. Install a toolbox container on the node in Cluster A Confirm that the routes to Cluster B are configured appropriately
- D. Use Network Connectivity Center to perform a Connectivity Test from Cluster A to Cluster
Answer: D
Explanation:
Explanation
The best option for troubleshooting the issue without having execute access to workloads and nodes is to use Network Connectivity Center to perform a Connectivity Test from Cluster A to Cluster B. Network Connectivity Center is a service that allows you to create, manage, and monitor network connectivity across Google Cloud, hybrid, and multi-cloud environments. You can use Network Connectivity Center to perform a Connectivity Test, which is a feature that allows you to test the reachability and latency between two endpoints, such as GKE clusters, VM instances, or IP addresses. By using Network Connectivity Center to perform a Connectivity Test from Cluster A to Cluster B, you can identify the layer at which the network connectivity is broken, such as the firewall, routing, or load balancing.
NEW QUESTION # 80
You support a large service with a well-defined Service Level Objective (SLO). The development team deploys new releases of the service multiple times a week. If a major incident causes the service to miss its SLO, you want the development team to shift its focus from working on features to improving service reliability. What should you do before a major incident occurs?
- A. Develop an appropriate error budget policy in cooperation with all service stakeholders.
- B. Add a plugin to your Jenkins pipeline that prevents new releases whenever your service is out of SLO.
- C. Negotiate with the development team to reduce the release frequency to no more than once a week.
- D. Negotiate with the product team to always prioritize service reliability over releasing new features.
Answer: A
Explanation:
Reason : Incident has not occurred yet, even when development team is already pushing new features multiple times a week. The option A says, to define an error budget "policy", not to define error budget(It is already present). Just simple means to bring in all stakeholders, and decide how to consume the error budget effectively that could bring balance between feature deployment and reliability.
The goals of this policy are to: -- Protect customers from repeated SLO misses -- Provide an incentive to balance reliability with other features https://sre.google/workbook/error-budget-policy/
NEW QUESTION # 81
You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?
- A. Configure Access Context Manager to allow only these members to export logs.
- B. Grant the team members the IAM role of logging.configWriter on Cloud IAM.
- C. Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.
- D. Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
Answer: B
Explanation:
https://cloud.google.com/logging/docs/access-control
The logging.configWriter role grants permissions to create, update, and delete log exports. This is the correct role to give team members who need to export logs2.
NEW QUESTION # 82
You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (Pll) is leaking into certain log entry fields. All Pll entries begin with the text userinfo. You want to capture these log entries in a secure location for later review and prevent them from leaking to Stackdriver Logging. What should you do?
- A. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, and then copy the entries to a Cloud Storage bucket.
- B. Create an advanced log filter matching userinfo, configure a log export in the Stackdriver console with Cloud Storage as a sink, and then configure a tog exclusion with userinfo as a filter.
- C. Create a basic log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.
- D. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, create an advanced log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.
Answer: C
NEW QUESTION # 83
Your application images are built wing Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What would you do when you push the image?
- A. Use Cloud Build to include the release version tag in the application image.
- B. Use GCR digest versioning to match the image to the tag in source control.
- C. Reference the image digest in the source control tag.
- D. Supply the source control tag as a parameter within the image name.
Answer: A
NEW QUESTION # 84
You support a high-traffic web application with a microservice architecture. The home page of the application displays multiple widgets containing content such as the current weather, stock prices, and news headlines. The main serving thread makes a call to a dedicated microservice for each widget and then lays out the homepage for the user. The microservices occasionally fail; when that happens, the serving thread serves the homepage with some missing content. Users of the application are unhappy if this degraded mode occurs too frequently, but they would rather have some content served instead of no content at all. You want to set a Service Level Objective (SLO) to ensure that the user experience does not degrade too much. What Service Level Indicator {SLI) should you use to measure this?
- A. An availability SLI: the ratio of healthy microservices to the total number of microservices
- B. A freshness SLI: the proportion of widgets that have been updated within the last 10 minutes
- C. A quality SLI: the ratio of non-degraded responses to total responses
- D. A latency SLI: the ratio of microservice calls that complete in under 100 ms to the total number of microservice calls
Answer: A
NEW QUESTION # 85
You use Spinnaker to deploy your application and have created a canary deployment stage in the pipeline. Your application has an in-memory cache that loads objects at start time. You want to automate the comparison of the canary version against the production version. How should you configure the canary analysis?
- A. Compare the canary with the existing deployment of the current production version.
- B. Compare the canary with a new deployment of the previous production version.
- C. Compare the canary with the average performance of a sliding window of previous production versions.
- D. Compare the canary with a new deployment of the current production version.
Answer: D
Explanation:
https://cloud.google.com/architecture/automated-canary-analysis-kubernetes-engine-spinnaker
https://spinnaker.io/guides/user/canary/best-practices/#compare-canary-against-baseline-not-against-production
NEW QUESTION # 86
You have an application that runs in Google Kubernetes Engine (GKE). The application consists of several microservices that are deployed to GKE by using Deployments and Services One of the microservices is experiencing an issue where a Pod returns 403 errors after the Pod has been running for more than five hours Your development team is working on a solution but the issue will not be resolved for a month You need to ensure continued operations until the microservice is fixed You want to follow Google-recommended practices and use the fewest number of steps What should you do?
- A. Add a HTTP liveness probe to the microservice s deployment
- B. Create a cron job to terminate any Pods that have been running for more than five hours
- C. Monitor the Pods and terminate any Pods that have been running for more than five hours
- D. Configure an alert to notify you whenever a Pod returns 403 errors
Answer: A
Explanation:
Explanation
The best option for ensuring continued operations until the microservice is fixed is to add a HTTP liveness probe to the microservice's deployment. A HTTP liveness probe is a type of probe that checks if a Pod is alive by sending an HTTP request and expecting a success response code. If the probe fails, Kubernetes will restart the Pod. You can add a HTTP liveness probe to your microservice's deployment by using a livenessProbe field in your Pod spec. This way, you can ensure that any Pod that returns 403 errors after running for more than five hours will be restarted automatically and resume normal operations.
NEW QUESTION # 87
Your team has recently deployed an NGINX-based application into Google Kubernetes Engine (GKE) and has exposed it to the public via an HTTP Google Cloud Load Balancer (GCLB) ingress. You want to scale the deployment of the application's frontend using an appropriate Service Level Indicator (SLI). What should you do?
- A. Expose the NGINX stats endpoint and configure the horizontal pod autoscaler to use the request metrics exposed by the NGINX deployment.
- B. Install the Stackdriver custom metrics adapter and configure a horizontal pod autoscaler to use the number of requests provided by the GCLB.
- C. Configure the vertical pod autoscaler in GKE and enable the cluster autoscaler to scale the cluster as pods expand.
- D. Configure the horizontal pod autoscaler to use the average response time from the Liveness and Readiness probes.
Answer: C
NEW QUESTION # 88
You are the Site Reliability Engineer responsible for managing your company's data services and products.
You regularly navigate operational challenges, such as unpredictable data volume and high cost, with your company's data ingestion processes. You recently learned that a new data ingestion product will be developed in Google Cloud. You need to collaborate with the product development team to provide operational input on the new product. What should you do?
- A. When the initial product version passes the quality assurance phase and compliance assessments, deploy the product to a staging environment. Share error logs and performance metrics with the product development team.
- B. Deploy the prototype product in a test environment, run a load test, and share the results with the product development team.
- C. When the new product is used by at least one internal customer in production, share error logs and monitoring metrics with the product development team.
- D. Review the design of the product with the product development team to provide feedback early in the design phase.
Answer: D
Explanation:
Explanation
The correct answer is D. Review the design of the product with the product development team to provide feedback early in the design phase.
According to the Google Cloud DevOps best practices, a Site Reliability Engineer (SRE) should collaborate with the product development team from the beginning of the product lifecycle, not just after the product is deployed or tested. This way, the SRE can provide operational input on the product design, such as scalability, reliability, security, and cost efficiency. The SRE can also help define service level objectives (SLOs) and service level indicators (SLIs) for the product, as well as monitoring and alerting strategies. By collaborating early and often, the SRE and the product development team can ensure that the product meets the operational requirements and expectations of the customers.
NEW QUESTION # 89
You are running a real-time gaming application on Compute Engine that has a production and testing environment. Each environment has their own Virtual Private Cloud (VPC) network. The application frontend and backend servers are located on different subnets in the environment's VPC. You suspect there is a malicious process communicating intermittently in your production frontend servers. You want to ensure that network traffic is captured for analysis. What should you do?
- A. Enable VPC Flow Logs on the production VPC network frontend and backend subnets only with a sample volume scale of 1.0.
- B. Enable VPC Flow Logs on the production VPC network frontend and backend subnets only with a sample volume scale of 0.5.
- C. Enable VPC Flow Logs on the testing and production VPC network frontend and backend subnets with a volume scale of 0.5. Apply changes in testing before production.
- D. Enable VPC Flow Logs on the testing and production VPC network frontend and backend subnets with a volume scale of 1.0. Apply changes in testing before production.
Answer: D
NEW QUESTION # 90
You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?
- A. Configure Access Context Manager to allow only these members to export logs.
- B. Grant the team members the IAM role of logging.configWriter on Cloud IAM.
- C. Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.
- D. Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
Answer: B
NEW QUESTION # 91
You use Terraform to manage an application deployed to a Google Cloud environment The application runs on instances deployed by a managed instance group The Terraform code is deployed by using a CI/CD pipeline When you change the machine type on the instance template used by the managed instance group, the pipeline fails at the terraform apply stage with the following error message
You need to update the instance template and minimize disruption to the application and the number of pipeline runs What should you do?
- A. Set the create_bef ore_destroy meta-argument to true in the lifecycle block on the instance template
- B. Add a new instance template update the managed instance group to use the new instance template and delete the old instance template
- C. Remove the managed instance group from the Terraform state file update the instance template and reimport the managed instance group.
- D. Delete the managed instance group and recreate it after updating the instance template
Answer: A
Explanation:
The best option for updating the instance template and minimizing disruption to the application and the number of pipeline runs is to set the create_before_destroy meta-argument to true in the lifecycle block on the instance template. The create_before_destroy meta-argument is a Terraform feature that specifies that a new resource should be created before destroying an existing one during an update. This way, you can avoid downtime and errors when updating a resource that is in use by another resource, such as an instance template that is used by a managed instance group. By setting the create_before_destroy meta-argument to true in the lifecycle block on the instance template, you can ensure that Terraform creates a new instance template with the updated machine type, updates the managed instance group to use the new instance template, and then deletes the old instance template.
NEW QUESTION # 92
You are part of an organization that follows SRE practices and principles. You are taking over the management of a new service from the Development Team, and you conduct a Production Readiness Review (PRR). After the PRR analysis phase, you determine that the service cannot currently meet its Service Level Objectives (SLOs). You want to ensure that the service can meet its SLOs in production. What should you do next?
- A. Notify the development team that they will have to provide production support for the service.
- B. Identify recommended reliability improvements to the service to be completed before handover.
- C. Adjust the SLO targets to be achievable by the service so you can bring it into production.
- D. Bring the service into production with no SLOs and build them when you have collected operational data.
Answer: A
NEW QUESTION # 93
You are performing a semi-annual capacity planning exercise for your flagship service You expect a service user growth rate of 10% month-over-month for the next six months Your service is fully containerized and runs on a Google Kubemetes Engine (GKE) standard cluster across three zones with cluster autoscaling enabled You currently consume about 30% of your total deployed CPU capacity and you require resilience against the failure of a zone. You want to ensure that your users experience minimal negative impact as a result of this growth o' as a result of zone failure while you avoid unnecessary costs How should you prepare to handle the predicted growth?
- A. Proactively add 80% more node capacity to account for six months of 10% growth rate and then perform a load test to ensure that you have enough capacity
- B. Verify the maximum node pool size enable a Horizontal Pod Autoscaler and then perform a load lest to verify your expected resource needs
- C. Because you are only using 30% of deployed CPU capacity there is significant headroom and you do not need to add any additional capacity for this rate of growth
- D. Because you deployed the service on GKE and are using a cluster autoscaler your GKE cluster will scale automatically regardless of growth rate
Answer: B
Explanation:
The best option for preparing to handle the predicted growth is to verify the maximum node pool size, enable a Horizontal Pod Autoscaler, and then perform a load test to verify your expected resource needs. The maximum node pool size is a parameter that specifies the maximum number of nodes that can be added to a node pool by the cluster autoscaler. You should verify that the maximum node pool size is sufficient to accommodate your expected growth rate and avoid hitting any quota limits. The Horizontal Pod Autoscaler is a feature that automatically adjusts the number of Pods in a deployment or replica set based on observed CPU utilization or custom metrics. You should enable a Horizontal Pod Autoscaler for your application to ensure that it runs enough Pods to handle the load. A load test is a test that simulates high user traffic and measures the performance and reliability of your application. You should perform a load test to verify your expected resource needs and identify any bottlenecks or issues.
NEW QUESTION # 94
You support a production service that runs on a single Compute Engine instance. You regularly need to spend time on recreating the service by deleting the crashing instance and creating a new instance based on the relevant image. You want to reduce the time spent performing manual operations while following Site Reliability Engineering principles. What should you do?
- A. Create a Managed Instance Group with a single instance and use health checks to determine the system status.
- B. File a bug with the development team so they can find the root cause of the crashing instance.
- C. Create a Stackdriver Monitoring dashboard with SMS alerts to be able to start recreating the crashed instance promptly after it has crashed.
- D. Add a Load Balancer in front of the Compute Engine instance and use health checks to determine the system status.
Answer: D
NEW QUESTION # 95
You have a CI/CD pipeline that uses Cloud Build to build new Docker images and push them to Docker Hub.
You use Git for code versioning. After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline. You need to resolve the issue following Site Reliability Engineering practices. What should you do?
- A. Run a Git compare between the previous and current Cloud Build Configuration files to find and fix the bug.
- B. Upload the configuration YAML file to Cloud Storage and use Error Reporting to identify and fix the issue.
- C. Disable the CI pipeline and revert to manually building and pushing the artifacts.
- D. Change the CI pipeline to push the artifacts to Container Registry instead of Docker Hub.
Answer: A
Explanation:
Explanation
"After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline"- means something wrong on the recent change not with the image registry.
NEW QUESTION # 96
You recently deployed your application in Google Kubernetes Engine (GKE) and now need to release a new version of the application You need the ability to instantly roll back to the previous version of the application in case there are issues with the new version Which deployment model should you use?
- A. Perform a rolling deployment and test your new application after the deployment is complete
- B. Perform a canary deployment, and test your new application periodically after the new version is deployed
- C. Perform a blue/green deployment and test your new application after the deployment is complete
- D. Perform A. B testing, and test your application periodically after the deployment is complete
Answer: C
Explanation:
Explanation
The best deployment model for releasing a new version of your application in GKE with the ability to instantly roll back to the previous version is to perform a blue/green deployment and test your new application after the deployment is complete. A blue/green deployment is a deployment strategy that involves creating two identical environments, one running the current version of the application (blue) and one running the new version of the application (green). The traffic is switched from blue to green after testing the new version, and if any issues are discovered, the traffic can be switched back to blue instantly. This way, you can minimize downtime and risk during deployment.
NEW QUESTION # 97
Your organization has a containerized web application that runs on-premises As part of the migration plan to Google Cloud you need to select a deployment strategy and platform that meets the following acceptance criteria
1 The platform must be able to direct traffic from Android devices to an Android-specific microservice
2 The platform must allow for arbitrary percentage-based traffic splitting
3 The deployment strategy must allow for continuous testing of multiple versions of any microservice What should you do?
- A. Deploy the canary release to Google Kubernetes Engine with Anthos Sen/ice Mesh Use traffic splitting to direct 10% of user traffic to the new version based on the user-agent header configured in the virtual service
- B. Deploy the canary release of the application to App Engine Use traffic splitting to direct a subset of user traffic to the new version based on the IP address
- C. Deploy the canary release of the application to Cloud Run Use traffic splitting to direct 10% of user traffic to the canary release based on the revision tag
- D. Deploy the canary release of the application to Compute Engine Use Anthos Service Mesh with Compute Engine to direct 10% of user traffic to the canary release by configuring the virtual service.
Answer: A
Explanation:
Explanation
The best option for deploying a containerized web application to Google Cloud with the given acceptance criteria is to use Google Kubernetes Engine (GKE) with Anthos Service Mesh. GKE is a managed service for running Kubernetes clusters on Google Cloud, and Anthos Service Mesh is a service mesh that provides observability, traffic management, and security features for microservices. With Anthos Service Mesh, you can use traffic splitting to direct traffic from Android devices to an Android-specific microservice by configuring the user-agent header in the virtual service. You can also use traffic splitting to direct arbitrary percentage-based traffic to different versions of any microservice for continuous testing. For example, you can use a canary release strategy to direct 10% of user traffic to a new version of a microservice and monitor its performance and reliability.
NEW QUESTION # 98
......
Use Real Professional-Cloud-DevOps-Engineer Dumps - 100% Free Professional-Cloud-DevOps-Engineer Exam Dumps: https://www.actual4labs.com/Google/Professional-Cloud-DevOps-Engineer-actual-exam-dumps.html
Realistic Verified Professional-Cloud-DevOps-Engineer exam dumps Q&As - Professional-Cloud-DevOps-Engineer Free Update: https://drive.google.com/open?id=155j5UBBtqMRkxOYZQ27QzqMrgfcEFV7C