Google Cloud Certified - Professional Cloud DevOps Engineer (PR000263)

You need to define SLOs for a high-traffic web application. Customers are currently happy with the application performance and availability. Based on current measurement, the 90th percentile of latency is 160 ms and the 95th percentile of latency is 300 ms over a 28-day window. What latency SLO should you publish?

You manage a critical API running on Cloud Run that serves an average of 10,000 requests per minute. You need to define service level objectives (SLOs) for availability and latency to ensure that the API meets user expectations, which include 99.9% availability and a maximum latency of 200 milliseconds for 95% of requests. You also need to ensure these SLOs are actively monitored and measured. What should you do?

You are deploying a new application on Google Kubernetes Engine (GKE) that processes personally identifiable information (PII). You need to configure Cloud Logging to collect logs from your application while ensuring that sensitive user information is not exposed. What should you do?

Your company uses Cloud Deploy with multiple delivery pipelines for deploying applications to different environments. Your development team currently lacks access to any of these pipelines. You need to grant the team access to only the development delivery pipeline, while following Google-recommended practices. What should you do?

You work for a company that manages highly sensitive user data. You are designing the Google Kubernetes Engine (GKE) infrastructure for your company, including several applications that will be deployed in development and production environments. Your design must protect data from unauthorized access from other applications, while minimizing the amount of management overhead required. What should you do?

You are developing a Node.js utility on a workstation in Cloud Workstations by using Code OSS. The utility is a simple web page, and you have already that all necessary firewall rules are in place. You tested the application by starting it on port 3000 on your workstation in Cloud Workstations, but you need to be able to access the web page from your local machine. You need to follow Google-recommended security practices. What should you do?

You are deploying a new web application on Cloud Run in your Google Cloud project. You expect traffic to range from 10 requests per second during off-peak hours to 1000 requests per second during peak hours. You want to use autoscaling to efficiently handle the changes in traffic while ensuring that the autoscaler does not exceed your project's resource quotas. What should you do?

You are configuring a Cl pipeline. The build step for your Cl pipeline integration testing requires access to APIs inside your private VPC network. Your security team requires that you do not expose API traffic publicly. You need to implement a solution that minimizes management overhead. What should you do?

Your company has an application deployed on Google Kubernetes Engine (GKE) consisting of 12 microservices. Multiple teams are working concurrently on various features across three environments: Dev, Staging, and Prod. Developers report dependency test failures and delayed re-leases due to deployments from multiple feature branches in the shared Dev GKE cluster.

You need to implement a cost-effective solution for developers to test their microservice features in a stable development environment isolated from other development activities. What should you do?

Your company allows teams to self-manage Google Cloud projects, including project-level Identity and Access Management (IAM). You are concerned that the team responsible for the Shared VPC project might accidentally delete the project, so a lien has been placed on the project. You need to design a solution to restrict Shared VPC project deletion to those with the resourcemanager.projects.updateLiens permission at the organization level. What should you do?

Your organization is running multiple Google Kubernetes Engine (GKE) clusters in a project. You need to design a highly-available solution to collect and query both domain-specific workload metrics and GKE default metrics across all clusters, while minimizing operational overhead. What should you do?

You receive a Cloud Monitoring alert indicating potential malicious activity on a node in your Google Kubernetes Engine (GKE) cluster. The alert suggests a possible compromised container running on that node. You need to isolate this node to prevent further compromise while investigating the issue. You also want to minimize disruption to applications running on the cluster. What should you do?

You work for a company that offers a free photo processing application. You are designing the infrastructure for the backend service that processes the photos. The service:

• Uses Cloud Storage to store both unprocessed and processed photos.

• Can resume processing photos in the event of a failure.

• Is not suitable for containerization.

There is no SLO for the time taken to process a photo. You need to choose the most cost-effective solution for running the service. What should you do?

You are running a web application that connects to an AlloyDB cluster by using a private IP address in your default VPC. You need to run a database schema migration in your CI/CD pipeline by using Cloud Build before deploying a new version of your application. You want to follow Google-recommended security practices. What should you do?

You are deploying a new version of your application to a multi-zone Google Kubernetes Engine (GKE) cluster. The deployment is progressing smoothly, but you notice that some Pods in a specific zone are experiencing higher error rates. You need to selectively roll back the update for the Pods experiencing errors with minimal impact to users. What should you do?

You work for a healthcare company and regulations require you to create all resources in a United States-based region. You attempted to create a secret in Secret Manager but received the following error message:

Constraint constraints/gcp.resourceLocations violated for [orgpolicy:projects/000000] attempting to create a secret in [global]

You need to resolve the error while remaining compliant with regulations. What should you do?

Your company runs applications in Google Kubernetes Engine (GKE). Application developers frequently create cloud resources to support their applications. You need to give developers the ability to manage infrastructure as code while adhering to Google-recommended practices. You want to manage infrastructure as code through Kubernetes Custom Resource Definitions (CRDs) and ensure that your chosen setup can be supported by the Google Cloud Support Portal. What should you do?

You are configuring a Cl pipeline in Cloud Build When you test the pipeline, the following cloudbuild.yaml definition results in 5 minutes each on the foo step and bar step



The foo step and bar step are independent of each other. The baz step needs both the foo and bar steps to be completed before starting. You want to use parallelism to reduce build times What should you do?

Your company runs services on Google Cloud. Each team runs their applications in a dedicated project. New teams and projects are created regularly. Your security team requires that all logs are processed by a security information and event management (SIEM) system. The SIEM ingests logs by using Pub/Sub. You must ensure that all existing and future logs are scanned by the SIEM. What should you do?

You are designing a new multi-tenant Google Kubernetes Engine (GKE) cluster for a customer. Your customer is concerned with the risks associated with long-lived credentials use. The customer requires that each GKE workload has the minimum Identity and Access Management (IAM) permissions set following the principle of least privilege (PoLP). You need to design an IAM impersonation solution while following Google-recommended practices. What should you do?

You have an application running in production on Cloud Run. Your team recently finished developing a new version (revision B) of the application. You want to test the new revision on 10% of your clients by using the least amount of effort. What should you do?

You have multiple applications exposed on a load balancer, and you are monitoring blocked requests by Google Cloud Armor. You need to create a dashboard to monitor requests for https://mountkirk.com/api only. You want to identify the parameters that are being blocked. What should you do?

You are designing the hosting architecture in Google Kubernetes Engine (GKE) for business-critical applications. These applications provide custom metrics for monitoring with Prometheus. You need to collect the application metrics for alerting and troubleshooting purposes. You want to minimize the amount of manual effort and maintenance required while following Google-recommended practices. What should you do?

Your team manages a critical service with a 99.9% availability SLO. The error budget for the quarter has been nearly depleted due to several incidents. Your team is planning on releasing new features next week. You need to ensure that you do not exceed the error budget while following Google-recommended practices. What should you do?

Your company is trying to centralize all monitoring and alerting capabilities. Your VPC network has an internally exposed webhook you can call to trigger alerts. You need to integrate your Google Cloud alerts to call this webhook. You want to minimize costs while following Google-recommended practices. What should you do?

You are managing an application on Google Kubernetes Engine (GKE) that generates a high volume of DEBUG-level logs. These logs are causing a significant increase in Cloud Logging ingestion costs. Your team has determined that DEBUG logs are not needed for real-time alerting or analysis, but they must be archived for 90 days for forensic analysis. All other log levels, such as INFO and ERROR, must remain immediately available for troubleshooting in the Logs Explorer. You need to implement a solution that minimizes cost while meeting all logging retention requirements. What should you do?

You are designing a continuous delivery (CD) strategy for a new serverless application. The application is packaged as a container image, stored in Artifact Registry, and deployed to Cloud Run. Your design requires a staging environment, a fully-managed Google Cloud service, mandatory manual approval for production deployments, and a phased rollout to production. Your solution should minimize administrative overhead. What should you do?

Your team manages a high-traffic application that generates several terabytes of logs daily. You need to reduce Cloud Logging costs while retaining critical operational and security information. What should you do?

You use Google Cloud Managed Service for Prometheus with managed collection to gather metrics from your service running on Google Kubernetes Engine (GKE). After deploying the service, there is no metric data appearing in Cloud Monitoring and you have not encountered any error messages. You need to troubleshoot this issue. What should you do?

You are developing a new containerized application that will be deployed to separate Google Kubernetes Engine (GKE) clusters for staging and production environments. You need to design a CI/CD pipeline that automatically builds and deploys the application to the staging environment whenever a developer commits code to the main branch. The pipeline must also include a manual approval step before any deployment to the production environment. You want to minimize operational overhead while following Google-recommended practices. What should you do?

You are setting up a CI/CD pipeline to containerize an application. You must ensure that you only push containers to Artifact Registry if there are no critical vulnerabilities. You also want to reduce the effort required to maintain the pipeline. What should you do?

You are designing a containerized CI pipeline to minimize reliance on public upstream container registries and improve build reproducibility and security. You need to design a pipeline to cache all containerized dependencies while minimizing the required amount of manual effort and maintenance. What should you do?

You are designing a CI/CD pipeline to deploy a containerized application from your GitHub repository to Artifact Registry. The build process needs to trigger whenever a new tag is created. The build must be approved by the gcp-developers-admins@mountkirk.com Google group. You need to avoid using static credentials or federating with any other system to meet your company's security requirements. How should you set up the CI/CD pipeline?

You are designing a secure Cloud Build pipeline for a web application that requires access to a package manager. The package manager credentials are highly sensitive and need to be protected from unauthorized access. You need to design a solution to securely retrieve credentials at build time following Google-recommended practices. You also want to keep maintenance overhead to a minimum. What should you do?

Your company uses a CI/CD pipeline with Cloud Build and Artifact Registry to deploy container images to Google Kubernetes Engine (GKE). Images are tagged with the latest commit hash and promoted to production after successful testing in the development and pre-production environments. A recent production deployment caused the application to fail due to untested integration functionality, requiring a disruptive manual rollback. During the rollback, you noticed many old and unused container images accumulating in Artifact Registry. You need to improve rollout and rollback management and clean up the old container images. What should you do?

You support a Node.js application running on Google Kubernetes Engine (GKE) in production. The application makes several HTTP requests to dependent applications. You want to anticipate which dependent applications might cause performance issues. What should you do?

You created a Stackdriver chart for CPU utilization in a dashboard within your workspace project. You want to share the chart with your Site Reliability Engineering (SRE) team only. You want to ensure you follow the principle of least privilege. What should you do?

Your organization wants to implement Site Reliability Engineering (SRE) culture and principles. Recently, a service that you support had a limited outage. A manager on another team asks you to provide a formal of what happened so they can action remediations. What should you do?

You have a set of applications running on a Google Kubernetes Engine (GKE) cluster, and you are using Stackdriver Kubernetes Engine Monitoring. You are bringing a new containerized application required by your company into production. This application is written by a third party and cannot be modified or reconfigured. The application writes its log information to /var/log/app_messages.log, and you want to send these log entries to Stackdriver Logging. What should you do?

You are running an application in a virtual machine (VM) using a custom Debian image. The image has the Stackdriver Logging agent installed. The VM has the cloud-platform scope. The application is logging information via syslog. You want to use Stackdriver Logging in the Google Cloud Platform Console to visualize the logs. You notice that syslog is not showing up in the "All logs" dropdown list of the Logs Viewer. What is the first thing you should do?

You use a multiple step Cloud Build pipeline to build and deploy your application to Google Kubernetes Engine (GKE). You want to integrate with a third-party monitoring platform by performing a HTTP POST of the build information to a webhook. You want to minimize the development effort. What should you do?

You use Spinnaker to deploy your application and have created a canary deployment stage in the pipeline. Your application has an in-memory cache that loads objects at start time. You want to automate the comparison of the canary version against the production version. How should you configure the canary analysis?

You support a high-traffic web application and want to ensure that the home page loads in a timely manner. As a first step, you decide to implement a Service Level Indicator (SLI) to represent home page request latency with an acceptable page load time set to 100 ms. What is the Google-recommended way of calculating this SLI?