Name: Google Professional Cloud DevOps Engineer Exam
Brand: Pass4Success
SKU: Professional Cloud DevOps Engineer
Price: 69.00 USD
Availability: InStock
Rating: 4.9 (121 reviews)

Disscuss Google Professional Cloud DevOps Engineer Topics, Questions or Ask Anything Related

Submit Cancel

Jimmy

28 days ago

In the real exam, I selected Option A (Examine the wall-clock time and the CPU time Of the application. If the difference is substantial, increase the CPU resource allocation) as one of my answers, but I'm uncertain if it's correct. Could someone confirm if Option A is indeed the right choice for determining which applications need performance tuning? Your comments would be greatly appreciated.

upvoted 1 times

...

Free Google Professional Cloud DevOps Engineer Exam Actual Questions

The questions for Professional Cloud DevOps Engineer were last updated On Apr. 10, 2024

Question #1

You are analyzing Java applications in production. All applications have Cloud Profiler and Cloud Trace installed and configured by default. You want to determine which applications need performance tuning. What should you do?

Choose 2 answers

AExamine the wall-clock time and the CPU time Of the application. If the difference is substantial, increase the CPU resource allocation.

BExamine the wall-clock time and the CPU time of the application. If the difference is substantial, increase the memory resource allocation.

C17 Examine the wall-clock time and the CPU time of the application. If the difference is substantial, increase the local disk storage allocation.

DO Examine the latency time, the wall-clock time, and the CPU time of the application. If the latency time is slowly burning down the error budget, and the difference between wall-clock time and CPU time is minimal, mark the application for optimization.

EExamine the heap usage Of the application. If the usage is low, mark the application for optimization.

Reveal Solution

Correct Answer: A, D

The correct answers are A and D)

Examine the wall-clock time and the CPU time of the application. If the difference is substantial, increase the CPU resource allocation. This is a good way to determine if the application is CPU-bound, meaning that it spends more time waiting for the CPU than performing actual computation. Increasing the CPU resource allocation can improve the performance of CPU-bound applications1.

Examine the latency time, the wall-clock time, and the CPU time of the application. If the latency time is slowly burning down the error budget, and the difference between wall-clock time and CPU time is minimal, mark the application for optimization. This is a good way to determine if the application is I/O-bound, meaning that it spends more time waiting for input/output operations than performing actual computation. Increasing the CPU resource allocation will not help I/O-bound applications, and they may need optimization to reduce the number or duration of I/O operations2.

Answer B is incorrect because increasing the memory resource allocation will not help if the application is CPU-bound or I/O-bound. Memory allocation affects how much data the application can store and access in memory, but it does not affect how fast the application can process that data.

Answer C is incorrect because increasing the local disk storage allocation will not help if the application is CPU-bound or I/O-bound. Disk storage affects how much data the application can store and access on disk, but it does not affect how fast the application can process that data.

Answer E is incorrect because examining the heap usage of the application will not help to determine if the application needs performance tuning. Heap usage affects how much memory the application allocates for dynamic objects, but it does not affect how fast the application can process those objects. Moreover, low heap usage does not necessarily mean that the application is inefficient or unoptimized.

Question #2

Your company operates in a highly regulated domain. Your security team requires that only trusted container images can be deployed to Google Kubernetes Engine (GKE). You need to implement a solution that meets the requirements of the security team, while minimizing management overhead. What should you do?

AGrant the roles/artifactregistry. writer role to the Cloud Build service account. Confirm that no employee has Artifact Registry write permission.

BUse Cloud Run to write and deploy a custom validator Enable an Eventarc trigger to perform validations when new images are uploaded.

CConfigure Kritis to run in your GKE clusters to enforce deploy-time security policies.

DConfigure Binary Authorization in your GKE clusters to enforce deploy-time security policies

Reveal Solution

Correct Answer: D

Question #3

You need to introduce postmortems into your organization during the holiday shopping season. You are expecting your web application to receive a large volume of traffic in a short period. You need to prepare your application for potential failures during the event What should you do?

Choose 2 answers

AMonitor latency of your services for average percentile latency.

BReview your increased capacity requirements and plan for the required quota management.

CCreate alerts in Cloud Monitoring for all common failures that your application experiences.

DEnsure that relevant system metrics are being captured with Cloud Monitoring and create alerts at levels of interest.

EConfigure Anthos Service Mesh on the application to identify issues on the topology map.

Reveal Solution

Correct Answer: B, D

Question #4

You are investigating issues in your production application that runs on Google Kubernetes Engine (GKE). You determined that the source Of the issue is a recently updated container image, although the exact change in code was not identified. The deployment is currently pointing to the latest tag. You need to update your cluster to run a version of the container that functions as intended. What should you do?

ACreate a new tag called stable that points to the previously working container, and change the deployment to point to the new tag.

BApply the latest tag to the previous container image, and do a rolling update on the deployment.

CBuild a new container from a previous Git tag, and do a rolling update on the deployment to the new container.

DAlter the deployment to point to the sha2 56 digest of the previously working container.

Reveal Solution

Correct Answer: D

Question #5

You are designing a new Google Cloud organization for a client. Your client is concerned with the risks associated with long-lived credentials created in Google Cloud. You need to design a solution to completely eliminate the risks associated with the use of JSON service account keys while minimizing operational overhead. What should you do?

AUse custom versions of predefined roles to exclude all iam.serviceAccountKeys. * service account role permissions.

BApply the constraints/iam.disableserviceAccountKeycreation constraint to the organization.

CApply the constraints/iam. disableServiceAccountKeyUp10ad constraint to the organization.

DGrant the roles/ iam.serviceAccountKeyAdmin IAM role to organization administrators only.

Reveal Solution

Correct Answer: B

The correct answer is B, Apply the constraints/iam.disableServiceAccountKeyCreation constraint to the organization.

According to the Google Cloud documentation, the constraints/iam.disableServiceAccountKeyCreation constraint is an organization policy constraint that prevents the creation of user-managed service account keys1. User-managed service account keys are long-lived credentials that can be downloaded as JSON or P12 files and used to authenticate as a service account2. These keys pose severe security risks if they are leaked, stolen, or misused by unauthorized entities34. By applying this constraint to the organization, you can completely eliminate the risks associated with the use of JSON service account keys and enforce a more secure alternative for authentication, such as Workload Identity or short-lived access tokens12. This also minimizes operational overhead by avoiding the need to manage, rotate, or revoke user-managed service account keys.

The other options are incorrect because they do not completely eliminate the risks associated with the use of JSON service account keys. Option A is incorrect because it only restricts the IAM permissions to create, list, get, delete, or sign service account keys, but it does not prevent existing keys from being used or leaked. Option C is incorrect because it only disables the upload of user-managed service account keys, but it does not prevent the creation or download of such keys. Option D is incorrect because it only limits the IAM role that can create and manage service account keys, but it does not prevent the keys from being distributed or exposed to unauthorized entities.

Disable user-managed service account key creation, Disable user-managed service account key creation. Service accounts, User-managed service accounts. Help keep your Google Cloud service account keys safe, Help keep your Google Cloud service account keys safe. Stop Downloading Google Cloud Service Account Keys!, Stop Downloading Google Cloud Service Account Keys! [Service Account Keys], Service Account Keys. [Disable user-managed service account key upload], Disable user-managed service account key upload. [Granting roles to service accounts], Granting roles to service accounts.

Unlock all Professional Cloud DevOps Engineer Exam Questions with Advanced Practice Test Features:

Select Question Types you want
Set your Desired Pass Percentage
Allocate Time (Hours : Minutes)
Create Multiple Practice tests with Limited Questions
Customer Support

Get Full Access Now