Summer Sale - Special Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 44314956B5

Good News !!! Professional-Cloud-Developer Google Certified Professional - Cloud Developer is now Stable and With Pass Result

Professional-Cloud-Developer Practice Exam Questions and Answers

Google Certified Professional - Cloud Developer

Last Update 2 days ago
Total Questions : 254

Professional-Cloud-Developer is stable now with all latest exam questions are added 2 days ago. Just download our Full package and start your journey with Google Certified Professional - Cloud Developer certification. All these Google Professional-Cloud-Developer practice exam questions are real and verified by our Experts in the related industry fields.

Professional-Cloud-Developer PDF

Professional-Cloud-Developer PDF (Printable)
$54
$119.99

Professional-Cloud-Developer Testing Engine

Professional-Cloud-Developer PDF (Printable)
$63
$139.99

Professional-Cloud-Developer PDF + Testing Engine

Professional-Cloud-Developer PDF (Printable)
$79.65
$176.99
Question # 1

You are developing a web application that contains private images and videos stored in a Cloud Storage bucket. Your users are anonymous and do not have Google Accounts. You want to use your application-specific logic to control access to the images and videos. How should you configure access?

Options:

A.  

Cache each web application user's IP address to create a named IP table using Google Cloud Armor. Create a Google Cloud Armor security policy that allows users to access the backend bucket.

B.  

Grant the Storage Object Viewer IAM role to allUsers. Allow users to access the bucket after authenticating through your web application.

C.  

Configure Identity-Aware Proxy (IAP) to authenticate users into the web application. Allow users to access the bucket after authenticating through IAP.

D.  

Generate a signed URL that grants read access to the bucket. Allow users to access the URL after authenticating through your web application.

Discussion 0
Question # 2

You are a SaaS provider deploying dedicated blogging software to customers in your Google Kubernetes Engine (GKE) cluster. You want to configure a secure multi-tenant platform to ensure that each customer has access to only their own blog and can’t affect the workloads of other customers. What should you do?

Options:

A.  

Enable Application-layer Secrets on the GKE cluster to protect the cluster.

B.  

Deploy a namespace per tenant and use Network Policies in each blog deployment.

C.  

Use GKE Audit Logging to identify malicious containers and delete them on discovery.

D.  

Build a custom image of the blogging software and use Binary Authorization to prevent untrusted image deployments.

Discussion 0
Question # 3

You are developing a marquee stateless web application that will run on Google Cloud. The rate of the incoming user traffic is expected to be unpredictable, with no traffic on some days and large spikes on other days. You need the application to automatically scale up and down, and you need to minimize the cost associated with running the application. What should you do?

Options:

A.  

Build the application in Python with Firestore as the database. Deploy the application to Cloud Run.

B.  

Build the application in C# with Firestore as the database. Deploy the application to App Engine flexible environment.

C.  

Build the application in Python with CloudSQL as the database. Deploy the application to App Engine standard environment.

D.  

Build the application in Python with Firestore as the database. Deploy the application to a Compute Engine managed instance group with autoscaling.

Discussion 0
Question # 4

Your code is running on Cloud Functions in project

A.  

It is supposed to write an object in a Cloud Storage

bucket owned by project

B.  

However, the write call is failing with the error "403 Forbidden".

What should you do to correct the problem?

Options:

A.  

Grant your user account the roles/storage.objectCreator role for the Cloud Storage bucket.

B.  

Grant your user account the roles/iam.serviceAccountUser role for the service-PROJECTA@gcf-adminrobot.

iam.gserviceaccount.com service account.

C.  

Grant the service-PROJECTA@gcf-admin-robot.iam.gserviceaccount.com service account the roles/

storage.objectCreator role for the Cloud Storage bucket.

D.  

Enable the Cloud Storage API in project

B.  

Discussion 0
Question # 5

You are developing a microservice-based application that will run on Google Kubernetes Engine (GKE). Some of the services need to access different Google Cloud APIs. How should you set up authentication of these services in the cluster following Google-recommended best practices? (Choose two.)

Options:

A.  

Use the service account attached to the GKE node.

B.  

Enable Workload Identity in the cluster via the gcloud command-line tool.

C.  

Access the Google service account keys from a secret management service.

D.  

Store the Google service account keys in a central secret management service.

E.  

Use gcloud to bind the Kubernetes service account and the Google service account using roles/iam.workloadIdentity.

Discussion 0
Question # 6

You are working on a social media application. You plan to add a feature that allows users to upload images. These images will be 2 MB – 1 GB in size. You want to minimize their infrastructure operations overhead for this feature. What should you do?

Options:

A.  

Change the application to accept images directly and store them in the database that stores other user information.

B.  

Change the application to create signed URLs for Cloud Storage. Transfer these signed URLs to the client application to upload images to Cloud Storage.

C.  

Set up a web server on GCP to accept user images and create a file store to keep uploaded files. Change the application to retrieve images from the file store.

D.  

Create a separate bucket for each user in Cloud Storage. Assign a separate service account to allow write access on each bucket. Transfer service account credentials to the client application based on user information. The application uses this service account to upload images to Cloud Storage.

Discussion 0
Question # 7

Your team is responsible for maintaining an application that aggregates news articles from many different sources. Your monitoring dashboard contains publicly accessible real-time reports and runs on a Compute Engine instance as a web application. External stakeholders and analysts need to access these reports via a secure channel without authentication. How should you configure this secure channel?

Options:

A.  

Add a public IP address to the instance. Use the service account key of the instance to encrypt the traffic.

B.  

Use Cloud Scheduler to trigger Cloud Build every hour to create an export from the reports. Store the reports in a public Cloud Storage bucket.

C.  

Add an HTTP(S) load balancer in front of the monitoring dashboard. Configure Identity-Aware Proxy to secure the communication channel.

D.  

Add an HTTP(S) load balancer in front of the monitoring dashboard. Set up a Google-managed SSL certificate on the load balancer for traffic encryption.

Discussion 0
Question # 8

You are developing a new application that has the following design requirements:

Creation and changes to the application infrastructure are versioned and auditable.

The application and deployment infrastructure uses Google-managed services as much as possible.

The application runs on a serverless compute platform.

How should you design the application’s architecture?

Options:

A.  

1. Store the application and infrastructure source code in a Git repository.

2. Use Cloud Build to deploy the application infrastructure with Terraform.

3. Deploy the application to a Cloud Function as a pipeline step.

B.  

1. Deploy Jenkins from the Google Cloud Marketplace, and define a continuous integration pipeline in Jenkins.

2. Configure a pipeline step to pull the application source code from a Git repository.

3. Deploy the application source code to App Engine as a pipeline step.

C.  

1. Create a continuous integration pipeline on Cloud Build, and configure the pipeline to deploy the application infrastructure using Deployment Manager templates.

2. Configure a pipeline step to create a container with the latest application source code.

3. Deploy the container to a Compute Engine instance as a pipeline step.

D.  

1. Deploy the application infrastructure using gcloud commands.

2. Use Cloud Build to define a continuous integration pipeline for changes to the application source code.

3. Configure a pipeline step to pull the application source code from a Git repository, and create a containerized application.

4. Deploy the new container on Cloud Run as a pipeline step.

Discussion 0
Question # 9

You are deploying your applications on Compute Engine. One of your Compute Engine instances failed to launch. What should you do? (Choose two.)

Options:

A.  

Determine whether your file system is corrupted.

B.  

Access Compute Engine as a different SSH user.

C.  

Troubleshoot firewall rules or routes on an instance.

D.  

Check whether your instance boot disk is completely full.

E.  

Check whether network traffic to or from your instance is being dropped.

Discussion 0
Question # 10

You are building a new API. You want to minimize the cost of storing and reduce the latency of serving

images.

Which architecture should you use?

Options:

A.  

App Engine backed by Cloud Storage

B.  

Compute Engine backed by Persistent Disk

C.  

Transfer Appliance backed by Cloud Filestore

D.  

Cloud Content Delivery Network (CDN) backed by Cloud Storage

Discussion 0
Question # 11

You are monitoring a web application that is written in Go and deployed in Google Kubernetes Engine. You notice an increase in CPU and memory utilization. You need to determine which source code is consuming the most CPU and memory resources. What should you do?

Options:

A.  

Download, install, and start the Snapshot Debugger agent in your VM. Take debug snapshots of the functions that take the longest time. Review the call stack frame, and identify the local variables at that level in the stack.

B.  

Import the Cloud Profiler package into your application, and initialize the Profiler agent. Review the generated flame graph in the Google Cloud console to identify time-intensive functions.

C.  

Import OpenTelemetry and Trace export packages into your application, and create the trace provider.

Review the latency data for your application on the Trace overview page, and identify where bottlenecks are occurring.

D.  

Create a Cloud Logging query that gathers the web application's logs. Write a Python script that calculates the difference between the timestamps from the beginning and the end of the application's longest functions to identity time-intensive functions.

Discussion 0
Question # 12

You are creating an App Engine application that writes a file to any user's Google Drive.

How should the application authenticate to the Google Drive API?

Options:

A.  

With an OAuth Client ID that uses the https://www.googleapis.com/auth/drive.file scope to

obtain an access token for each user.

B.  

With an OAuth Client ID with delegated domain-wide authority.

C.  

With the App Engine service account and https://www.googleapis.com/auth/drive.file scope

that generates a signed JWT.

D.  

With the App Engine service account with delegated domain-wide authority.

Discussion 0
Question # 13

You are developing a web application that will be accessible over both HTTP and HTTPS and will run on Compute Engine instances. On occasion, you will need to SSH from your remote laptop into one of the Compute Engine instances to conduct maintenance on the app. How should you configure the instances while following Google-recommended best practices?

Options:

A.  

Set up a backend with Compute Engine web server instances with a private IP address behind a TCP proxy load balancer.

B.  

Configure the firewall rules to allow all ingress traffic to connect to the Compute Engine web servers, with each server having a unique external IP address.

C.  

Configure Cloud Identity-Aware Proxy API for SSH access. Then configure the Compute Engine servers with private IP addresses behind an HTTP(s) load balancer for the application web traffic.

D.  

Set up a backend with Compute Engine web server instances with a private IP address behind an HTTP(S) load balancer. Set up a bastion host with a public IP address and open firewall ports. Connect to the web instances using the bastion host.

Discussion 0
Question # 14

HipLocal wants to improve the resilience of their MySQL deployment, while also meeting their business and technical requirements.

Which configuration should they choose?

Options:

A.  

Use the current single instance MySQL on Compute Engine and several read-only MySQL servers on

Compute Engine.

B.  

Use the current single instance MySQL on Compute Engine, and replicate the data to Cloud SQL in an

external master configuration.

C.  

Replace the current single instance MySQL instance with Cloud SQL, and configure high availability.

D.  

Replace the current single instance MySQL instance with Cloud SQL, and Google provides redundancy

without further configuration.

Discussion 0
Question # 15

For this question, refer to the HipLocal case study.

HipLocal is expanding into new locations. They must capture additional data each time the application is launched in a new European country. This is causing delays in the development process due to constant schema changes and a lack of environments for conducting testing on the application changes. How should they resolve the issue while meeting the business requirements?

Options:

A.  

Create new Cloud SQL instances in Europe and North America for testing and deployment. Provide developers with local MySQL instances to conduct testing on the application changes.

B.  

Migrate data to Bigtable. Instruct the development teams to use the Cloud SDK to emulate a local Bigtable development environment.

C.  

Move from Cloud SQL to MySQL hosted on Compute Engine. Replicate hosts across regions in the Americas and Europe. Provide developers with local MySQL instances to conduct testing on the application changes.

D.  

Migrate data to Firestore in Native mode and set up instan

Discussion 0
Question # 16

HipLocal's APIs are showing occasional failures, but they cannot find a pattern. They want to collect some

metrics to help them troubleshoot.

What should they do?

Options:

A.  

Take frequent snapshots of all of the VMs.

B.  

Install the Stackdriver Logging agent on the VMs.

C.  

Install the Stackdriver Monitoring agent on the VMs.

D.  

Use Stackdriver Trace to look for performance bottlenecks.

Discussion 0
Question # 17

For this question, refer to the HipLocal case study.

Which Google Cloud product addresses HipLocal’s business requirements for service level indicators and objectives?

Options:

A.  

Cloud Profiler

B.  

Cloud Monitoring

C.  

Cloud Trace

D.  

Cloud Logging

Discussion 0
Question # 18

Which service should HipLocal use for their public APIs?

Options:

A.  

Cloud Armor

B.  

Cloud Functions

C.  

Cloud Endpoints

D.  

Shielded Virtual Machines

Discussion 0
Question # 19

In order for HipLocal to store application state and meet their stated business requirements, which database service should they migrate to?

Options:

A.  

Cloud Spanner

B.  

Cloud Datastore

C.  

Cloud Memorystore as a cache

D.  

Separate Cloud SQL clusters for each region

Discussion 0
Question # 20

For this question refer to the HipLocal case study.

HipLocal wants to reduce the latency of their services for users in global locations. They have created read replicas of their database in locations where their users reside and configured their service to read traffic using those replicas. How should they further reduce latency for all database interactions with the least amount of effort?

Options:

A.  

Migrate the database to Bigtable and use it to serve all global user traffic.

B.  

Migrate the database to Cloud Spanner and use it to serve all global user traffic.

C.  

Migrate the database to Firestore in Datastore mode and use it to serve all global user traffic.

D.  

Migrate the services to Google Kubernetes Engine and use a load balancer service to better scale the application.

Discussion 0
Question # 21

HipLocal has connected their Hadoop infrastructure to GCP using Cloud Interconnect in order to query data stored on persistent disks.

Which IP strategy should they use?

Options:

A.  

Create manual subnets.

B.  

Create an auto mode subnet.

C.  

Create multiple peered VPCs.

D.  

Provision a single instance for NAT.

Discussion 0
Question # 22

HipLocal is configuring their access controls.

Which firewall configuration should they implement?

Options:

A.  

Block all traffic on port 443.

B.  

Allow all traffic into the network.

C.  

Allow traffic on port 443 for a specific tag.

D.  

Allow all traffic on port 443 into the network.

Discussion 0
Question # 23

Which service should HipLocal use to enable access to internal apps?

Options:

A.  

Cloud VPN

B.  

Cloud Armor

C.  

Virtual Private Cloud

D.  

Cloud Identity-Aware Proxy

Discussion 0
Question # 24

For this question, refer to the HipLocal case study.

How should HipLocal increase their API development speed while continuing to provide the QA team with a stable testing environment that meets feature requirements?

Options:

A.  

Include unit tests in their code, and prevent deployments to QA until all tests have a passing status.

B.  

Include performance tests in their code, and prevent deployments to QA until all tests have a passing status.

C.  

Create health checks for the QA environment, and redeploy the APIs at a later time if the environment is unhealthy.

D.  

Redeploy the APIs to App Engine using Traffic Splitting. Do not move QA traffic to the new versions if errors are found.

Discussion 0
Question # 25

For this question, refer to the HipLocal case study.

A recent security audit discovers that HipLocal’s database credentials for their Compute Engine-hosted MySQL databases are stored in plain text on persistent disks. HipLocal needs to reduce the risk of these credentials being stolen. What should they do?

Options:

A.  

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

B.  

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

C.  

Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

D.  

Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

Discussion 0
Question # 26

In order to meet their business requirements, how should HipLocal store their application state?

Options:

A.  

Use local SSDs to store state.

B.  

Put a memcache layer in front of MySQL.

C.  

Move the state storage to Cloud Spanner.

D.  

Replace the MySQL instance with Cloud SQL.

Discussion 0
Question # 27

For this question, refer to the HipLocal case study.

How should HipLocal redesign their architecture to ensure that the application scales to support a large increase in users?

Options:

A.  

Use Google Kubernetes Engine (GKE) to run the application as a microservice. Run the MySQL database on a dedicated GKE node.

B.  

Use multiple Compute Engine instances to run MySQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

C.  

Use Memorystore to store session information and CloudSQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

D.  

Use a Cloud Storage bucket to serve the application as a static website, and use another Cloud Storage bucket to store user state information.

Discussion 0
Question # 28

You are planning to add unit tests to your application. You need to be able to assert that published Pub/Sub messages are processed by your subscriber in order. You want the unit tests to be cost-effective and reliable. What should you do?

Options:

A.  

Implement a mocking framework.

B.  

Create a topic and subscription for each tester.

C.  

Add a filter by tester to the subscription.

D.  

Use the Pub/Sub emulator.

Discussion 0
Question # 29

You are using Cloud Build build to promote a Docker image to Development, Test, and Production environments. You need to ensure that the same Docker image is deployed to each of these environments. How should you identify the Docker image in your build?

Options:

A.  

Use the latest Docker image tag.

B.  

Use a unique Docker image name.

C.  

Use the digest of the Docker image.

D.  

Use a semantic version Docker image tag.

Discussion 0
Question # 30

You recently developed an application. You need to call the Cloud Storage API from a Compute Engine instance that doesn’t have a public IP address. What should you do?

Options:

A.  

Use Carrier Peering

B.  

Use VPC Network Peering

C.  

Use Shared VPC networks

D.  

Use Private Google Access

Discussion 0
Question # 31

You are developing an application that will allow clients to download a file from your website for a specific period of time. How should you design the application to complete this task while following Google-recommended best practices?

Options:

A.  

Configure the application to send the file to the client as an email attachment.

B.  

Generate and assign a Cloud Storage-signed URL for the file. Make the URL available for the client to download.

C.  

Create a temporary Cloud Storage bucket with time expiration specified, and give download permissions to the bucket. Copy the file, and send it to the client.

D.  

Generate the HTTP cookies with time expiration specified. If the time is valid, copy the file from the Cloud Storage bucket, and make the file available for the client to download.

Discussion 0
Question # 32

HipLocal's.net-based auth service fails under intermittent load.

What should they do?

Options:

A.  

Use App Engine for autoscaling.

B.  

Use Cloud Functions for autoscaling.

C.  

Use a Compute Engine cluster for the service.

D.  

Use a dedicated Compute Engine virtual machine instance for the service.

Discussion 0
Question # 33

HipLocal wants to reduce the number of on-call engineers and eliminate manual scaling.

Which two services should they choose? (Choose two.)

Options:

A.  

Use Google App Engine services.

B.  

Use serverless Google Cloud Functions.

C.  

Use Knative to build and deploy serverless applications.

D.  

Use Google Kubernetes Engine for automated deployments.

E.  

Use a large Google Compute Engine cluster for deployments.

Discussion 0
Question # 34

Which database should HipLocal use for storing user activity?

Options:

A.  

BigQuery

B.  

Cloud SQL

C.  

Cloud Spanner

D.  

Cloud Datastore

Discussion 0
Get Professional-Cloud-Developer dumps and pass your exam in 24 hours!

Free Exams Sample Questions