Free Google Professional-Cloud-Developer Exam Questions

Question 1

What is a possible security measure to limit access to resources in App Engine?

A : Configuration of ingress traffic

B : Analysis of exposed URLs

C : Use of default domains

D : Use of App Engine firewall

Answer: D

Question 2

A CI/CD pipeline is being developed, which includes a version control system, Cloud Build, and Container Registry. Whenever a new tag is added to the repository, a Cloud Build job is activated. This job performs unit tests on the latest code, creates a new Docker container image, and saves it to the Container Registry. The final phase of the pipeline is to deploy the updated container to the production Google Kubernetes Engine (GKE) cluster.

What options are available to choose a tool and deployment strategy that satisfies these conditions:

• No downtime should be experienced

• Automated testing should be comprehensive

• Testing before release should be possible

• Quick rollbacks should be supported

A : Trigger a Spinnaker pipeline configured as an A/B test of your new code and, if successful, deploy the container to production.

B : Trigger a Cloud Build job that utilizes Kubernetes CLI tools to deploy your new container to your GKE cluster, allowing for a canary test.

C : Trigger a Cloud Build job that utilizes Kubernetes CLI tools to deploy your new container to your GKE cluster, allowing for a shadow test.

D : Trigger a Spinnaker pipeline configured as a canary test of your new code and, if successful, deploy the container to production.

Answer: C

Question 3

Azgomi is a community application that facilitates communication between people in close proximity, used for event planning and organizing sporting events, and for businesses to connect with their local communities. Azgomi's unique style of hyper-local community communication and business outreach is in demand around the world. The executive statement is to expand the number one local community app globally. The solution concept is to expand their existing service in new regions to better serve their global customers, and hire and train a new team to support these regions in their time zones. Azgomi wants to ensure the application scales smoothly and provides clear uptime data, and that they analyze and respond to any issues that occur. Their existing technical environment is a mix of on-premises hardware and infrastructure running in Google Cloud Platform.

Azgomi's investors want to expand their footprint and support the increase in demand they are seeing. They require the application to expand availability to new regions, support 10x as many concurrent users, ensure a consistent experience for users when they travel to different regions, obtain user activity metrics to better monetize their product, ensure compliance with regulations in new regions, reduce infrastructure management time and cost, and adopt Google-recommended practices for cloud computing. The technical requirements include providing secure communications between the on-premises data center and cloud-hosted applications and infrastructure, providing usage metrics and monitoring, requiring authentication and authorization for APIs, implementing faster and more accurate validation of new features, providing actionable information for logging and performance metrics, and scaling to meet user demand.

A recent security audit discovered that Azgomi's database credentials for their Compute Engine-hosted MySQL databases are stored in plain text on persistent disks. Azgomi needs to reduce the risk of these credentials being stolen.

What actions do you suggest for them?

A : Create a service account and download its key. Use it to authenticate to Cloud KMS for database credentials.

B : Create a service account and use its key to authenticate to Cloud KMS for a decryption key to access the database credentials.

C : Create a service account and give it the roles/iam.serviceAccountUser role. Authenticate using Cloud SQL Proxy while impersonating this account.

D : Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account and use Secret Manager API to store and access the database credentials.

Answer: C

Question 4

Your web application is deployed to the corporate intranet. You need to migrate the web application to Google Cloud. The web application must be available only to company employees and accessible to employees as they travel. You need to ensure the security and accessibility of the web application while minimizing application changes. What should you do?

A : nfigure the application to check authentication credentials for each HTTP(S) request to the application.

B : nfigure Identity-Aware Proxy to allow employees to access the application through its public IP address.

C : nfigure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine instance forwards requests to and from the web application.

D : nfigure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine issues an HTTP redirect to a public IP address hosting the web application.

Answer: B

Question 5

Your company has created an application that uploads a report to a Cloud Storage bucket. When the report is uploaded to the bucket, you want to publish a message to a Cloud Pub/Sub topic. You want to implement a solution that will take a small amount to effort to implement. What should you do?

A : nfigure the Cloud Storage bucket to trigger Cloud Pub/Sub notifications when objects are modified.

B : eate an App Engine application to receive the file; when it is received, publish a message to the Cloud Pub/Sub topic.

C : eate a Cloud Function that is triggered by the Cloud Storage bucket. In the Cloud Function, publish a message to the Cloud Pub/Sub topic.

D : eate an application deployed in a Google Kubernetes Engine cluster to receive the file; when it is received, publish a message to the Cloud Pub/Sub topic.

Answer: C