Professional Cloud DevOps Engineer v1.0

Page:    1 / 12   
Exam contains 166 questions

Your team is designing a new application for deployment into Google Kubernetes Engine (GKE). You need to set up monitoring to collect and aggregate various application-level metrics in a centralized location. You want to use Google Cloud Platform services while minimizing the amount of work required to set up monitoring. What should you do?

  • A. Publish various metrics from the application directly to the Stackdriver Monitoring API, and then observe these custom metrics in Stackdriver.
  • B. Install the Cloud Pub/Sub client libraries, push various metrics from the application to various topics, and then observe the aggregated metrics in Stackdriver.
  • C. Install the OpenTelemetry client libraries in the application, configure Stackdriver as the export destination for the metrics, and then observe the application's metrics in Stackdriver.
  • D. Emit all metrics in the form of application-specific log messages, pass these messages from the containers to the Stackdriver logging collector, and then observe metrics in Stackdriver.


Answer : C

You support a production service that runs on a single Compute Engine instance. You regularly need to spend time on recreating the service by deleting the crashing instance and creating a new instance based on the relevant image. You want to reduce the time spent performing manual operations while following Site
Reliability Engineering principles. What should you do?

  • A. File a bug with the development team so they can find the root cause of the crashing instance.
  • B. Create a Managed instance Group with a single instance and use health checks to determine the system status.
  • C. Add a Load Balancer in front of the Compute Engine instance and use health checks to determine the system status.
  • D. Create a Stackdriver Monitoring dashboard with SMS alerts to be able to start recreating the crashed instance promptly after it was crashed.


Answer : A

Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach. What should you do?

  • A. Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.
  • B. Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.
  • C. Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.
  • D. Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it.


Answer : C

Your company follows Site Reliability Engineering practices. You are the person in charge of Communications for a large, ongoing incident affecting your customer-facing applications. There is still no estimated time for a resolution of the outage. You are receiving emails from internal stakeholders who want updates on the outage, as well as emails from customers who want to know what is happening. You want to efficiently provide updates to everyone affected by the outage.
What should you do?

  • A. Focus on responding to internal stakeholders at least every 30 minutes. Commit to ג€next updateג€ times.
  • B. Provide periodic updates to all stakeholders in a timely manner. Commit to a ג€next updateג€ time in all communications.
  • C. Delegate the responding to internal stakeholder emails to another member of the Incident Response Team. Focus on providing responses directly to customers.
  • D. Provide all internal stakeholder emails to the Incident Commander, and allow them to manage internal communications. Focus on providing responses directly to customers.


Answer : C

Your team uses Cloud Build for all CI/CD pipelines. You want to use the kubectl builder for Cloud Build to deploy new images to Google Kubernetes Engine
(GKE). You need to authenticate to GKE while minimizing development effort. What should you do?

  • A. Assign the Container Developer role to the Cloud Build service account.
  • B. Specify the Container Developer role for Cloud Build in the cloudbuild.yaml file.
  • C. Create a new service account with the Container Developer role and use it to run Cloud Build.
  • D. Create a separate step in Cloud Build to retrieve service account credentials and pass these to kubectl.


Answer : C

You support an application that stores product information in cached memory. For every cache miss, an entry is logged in Stackdriver Logging. You want to visualize how often a cache miss happens over time. What should you do?

  • A. Link Stackdriver Logging as a source in Google Data Studio. Filter the logs on the cache misses.
  • B. Configure Stackdriver Profiler to identify and visualize when the cache misses occur based on the logs.
  • C. Create a logs-based metric in Stackdriver Logging and a dashboard for that metric in Stackdriver Monitoring.
  • D. Configure BigQuery as a sink for Stackdriver Logging. Create a scheduled query to filter the cache miss logs and write them to a separate table.


Answer : C

You need to deploy a new service to production. The service needs to automatically scale using a Managed Instance Group (MIG) and should be deployed over multiple regions. The service needs a large number of resources for each instance and you need to plan for capacity. What should you do?

  • A. Use the n1-highcpu-96 machine type in the configuration of the MIG.
  • B. Monitor results of Stackdriver Trace to determine the required amount of resources.
  • C. Validate that the resource requirements are within the available quota limits of each region.
  • D. Deploy the service in one region and use a global load balancer to route traffic to this region.


Answer : D

You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (PII) is leaking into certain log entry fields. All PII entries begin with the text userinfo. You want to capture these log entries in a secure location for later review and prevent them from leaking to Stackdriver Logging. What should you do?

  • A. Create a basic log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.
  • B. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, and then copy the entries to a Cloud Storage bucket.
  • C. Create an advanced log filter matching userinfo, configure a log export in the Stackdriver console with Cloud Storage as a sink, and then configure a log exclusion with userinfo as a filter.
  • D. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, create an advanced log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.


Answer : A

You have a CI/CD pipeline that uses Cloud Build to build new Docker images and push them to Docker Hub. You use Git for code versioning. After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline. You need to resolve the issue following Site
Reliability Engineering practices. What should you do?

  • A. Disable the CI pipeline and revert to manually building and pushing the artifacts.
  • B. Change the CI pipeline to push the artifacts is Container Registry instead of Docker Hub.
  • C. Upload the configuration YAML file to Cloud Storage and use Error Reporting to identify and fix the issue.
  • D. Run a Git compare between the previous and current Cloud Build Configuration files to find and fix the bug.


Answer : B

Your company follows Site Reliability Engineering principles. You are writing a postmortem for an incident, triggered by a software change, that severely affected users. You want to prevent severe incidents from happening in the future. What should you do?

  • A. Identify engineers responsible for the incident and escalate to their senior management.
  • B. Ensure that test cases that catch errors of this type are run successfully before new software releases.
  • C. Follow up with the employees who reviewed the changes and prescribe practices they should follow in the future.
  • D. Design a policy that will require on-call teams to immediately call engineers and management to discuss a plan of action if an incident occurs.


Answer : C

You support a high-traffic web application that runs on Google Cloud Platform (GCP). You need to measure application reliability from a user perspective without making any engineering changes to it. What should you do? (Choose two.)

  • A. Review current application metrics and add new ones as needed.
  • B. Modify the code to capture additional information for user interaction.
  • C. Analyze the web proxy logs only and capture response time of each request.
  • D. Create new synthetic clients to simulate a user journey using the application.
  • E. Use current and historic Request Logs to trace customer interaction with the application.


Answer : BD

You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?

  • A. Grant the team members the IAM role of logging.configWriter on Cloud IAM.
  • B. Configure Access Context Manager to allow only these members to export logs.
  • C. Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
  • D. Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.


Answer : A

Reference:
https://cloud.google.com/logging/docs/access-control

Your application services run in Google Kubernetes Engine (GKE). You want to make sure that only images from your centrally-managed Google Container
Registry (GCR) image registry in the altostrat-images project can be deployed to the cluster while minimizing development time. What should you do?

  • A. Create a custom builder for Cloud Build that will only push images to gcr.io/altostrat-images.
  • B. Use a Binary Authorization policy that includes the whitelist name pattern gcr.io/altostrat-images/.
  • C. Add logic to the deployment pipeline to check that all manifests contain only images from gcr.io/altostrat-images.
  • D. Add a tag to each image in gcr.io/altostrat-images and check that this tag is present when the image is deployed.


Answer : D

Your team has recently deployed an NGINX-based application into Google Kubernetes Engine (GKE) and has exposed it to the public via an HTTP Google Cloud
Load Balancer (GCLB) ingress. You want to scale the deployment of the application's frontend using an appropriate Service Level Indicator (SLI). What should you do?

  • A. Configure the horizontal pod autoscaler to use the average response time from the Liveness and Readiness probes.
  • B. Configure the vertical pod autoscaler in GKE and enable the cluster autoscaler to scale the cluster as pods expand.
  • C. Install the Stackdriver custom metrics adapter and configure a horizontal pod autoscaler to use the number of requests provided by the GCLB.
  • D. Expose the NGINX stats endpoint and configure the horizontal pod autoscaler to use the request metrics exposed by the NGINX deployment.


Answer : B

Your company follows Site Reliability Engineering practices. You are the Incident Commander for a new, customer-impacting incident. You need to immediately assign two incident management roles to assist you in an effective incident response. What roles should you assign? (Choose two.)

  • A. Operations Lead
  • B. Engineering Lead
  • C. Communications Lead
  • D. Customer Impact Assessor
  • E. External Customer Communications Lead


Answer : AE

Page:    1 / 12   
Exam contains 166 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy