[Mar 02, 2024] Professional-Cloud-Developer PDF Recently Updated Questions Dumps to Improve Exam Score [Q113-Q133]

[Mar 02, 2024] Professional-Cloud-Developer PDF Recently Updated Questions Dumps to Improve Exam Score

Professional-Cloud-Developer Dumps Full Questions with Free PDF Questions to Pass

To prepare for the exam, it is recommended that you have a strong understanding of cloud computing concepts and experience in developing and deploying applications on a cloud platform. You should also have experience using Google Cloud technologies and services. Google provides a range of resources to help you prepare for the exam, including online training courses, documentation, and practice exams. By passing the Google Professional-Cloud-Developer exam, you can demonstrate your expertise in cloud development and gain recognition as a Google Cloud certified professional.

 

NEW QUESTION # 113
You are planning to migrate a MySQL database to the managed Cloud SQL database for Google Cloud. You have Compute Engine virtual machine instances that will connect with this Cloud SQL instance. You do not want to whitelist IPs for the Compute Engine instances to be able to access Cloud SQL.
What should you do?

• A. Whitelist a project to access Cloud SQL, and add Compute Engine instances in the whitelisted project.
• B. Enable private IP for the Cloud SQL instance.
• C. Create a CloudSQL instance on one project. Create Compute engine instances in a different project.Create a VPN between these two projects to allow internal access to CloudSQL.
• D. Create a role in Cloud SQL that allows access to the database from external instances, and assign the Compute Engine instances to that role.

Answer: D

NEW QUESTION # 114
You are developing a Java Web Server that needs to interact with Google Cloud services via the Google Cloud API on the user's behalf. Users should be able to authenticate to the Google Cloud API using their Google Cloud identities. Which workflow should you implement in your web application?

• A. 1) When a user arrives at your application, route them to a Google Cloud consent screen with a list of requested permissions that prompts the user to sign in with SSO to their Google Account.
  2) After the user signs in and provides consent, your application receives an authorization code from a Google server.
  3) The Google server returns the authorization code to the user, which is stored in the browser's cookies.
  4) The user authenticates to the Google Cloud API using the authorization code in the cookie.
• B. 1) When a user arrives at your application, prompt them for their Google username and password.
  2) Forward the user's username and password in an HTTPS request to the Google Cloud authorization server, and request an access token.
  3) The Google server validates the user's credentials and returns an access token to the application.
  4) The application uses the access token to call the Google Cloud API.
• C. 1) When a user arrives at your application, route them to a Google Cloud consent screen with a list of requested permissions that prompts the user to sign in with SSO to their Google Account.
  2) After the user signs in and provides consent, your application receives an authorization code from a Google server.
  3) The application requests a Google Server to exchange the authorization code with an access token.
  4) The Google server responds with the access token that is used by the application to call the Google Cloud API.
• D. 1) When a user arrives at your application, prompt them for their Google username and password.
  2) Store an SHA password hash in your application's database along with the user's username.
  3) The application authenticates to the Google Cloud API using HTTPs requests with the user's username and password hash in the Authorization request header.

Answer: C

Explanation:
Explanation
https://developers.google.com/identity/protocols/oauth2#webserver
The Google OAuth 2.0 endpoint supports web server applications that use languages and frameworks such as PHP, Java, Python, Ruby, and ASP.NET. The authorization sequence begins when your application redirects a browser to a Google URL; the URL includes query parameters that indicate the type of access being requested.
Google handles the user authentication, session selection, and user consent. The result is an authorization code, which the application can exchange for an access token and a refresh token.

NEW QUESTION # 115
Your company has deployed a new API to App Engine Standard environment. During testing, the API is not behaving as expected. You want to monitor the application over time to diagnose the problem within the application code without redeploying the application.
Which tool should you use?

• A. Stackdriver Debug Logpoints
• B. Stackdriver Trace
• C. Stackdriver Debug Snapshots
• D. Stackdriver Monitoring

Answer: D

Explanation:
Reference:
https://rominirani.com/gcp-stackdriver-tutorial-debug-snapshots-traces-logging-and-logpoints-
1ba49e4780e6

NEW QUESTION # 116
You are a developer at a large organization. You have an application written in Go running in a production Google Kubernetes Engine (GKE) cluster. You need to add a new feature that requires access to BigQuery. You want to grant BigQuery access to your GKE cluster following Google-recommended best practices. What should you do?

• A. Create a Google service account with BigQuery access. Add the JSON key to Secret Manager, and use the Go client library to access the JSON key.
• B. Create a Google service account and a Kubernetes service account. Configure Workload Identity on the GKE cluster, and reference the Kubernetes service account on the application Deployment.
• C. Create a Google service account with BigQuery access. Add the Google service account JSON key to Secret Manager, and use an init container to access the secret for the application to use.
• D. Create a Google service account with BigQuery access. Add the Google service account JSON key as a Kubernetes secret, and configure the application to use this secret.

Answer: B

Explanation:
https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#what_is Applications running on GKE might need access to Google Cloud APIs such as Compute Engine API, BigQuery Storage API, or Machine Learning APIs.
Workload Identity allows a Kubernetes service account in your GKE cluster to act as an IAM service account. Pods that use the configured Kubernetes service account automatically authenticate as the IAM service account when accessing Google Cloud APIs. Using Workload Identity allows you to assign distinct, fine-grained identities and authorization for each application in your cluster.

NEW QUESTION # 117
HipLocal is configuring their access controls.
Which firewall configuration should they implement?

• A. Block all traffic on port 443.
• B. Allow traffic on port 443 for a specific tag.
• C. Allow all traffic into the network.
• D. Allow all traffic on port 443 into the network.

Answer: D

NEW QUESTION # 118
You have an application in production. It is deployed on Compute Engine virtual machine instances controlled by a managed instance group. Traffic is routed to the instances via a HTTP(s) load balancer. Your users are unable to access your application. You want to implement a monitoring technique to alert you when the application is unavailable.
Which technique should you choose?

• A. Stackdriver uptime checks
• B. Managed instance group - heath checks
• C. Smoke tests
• D. Cloud Load Balancing - heath checks

Answer: A

Explanation:
Reference:
https://medium.com/google-cloud/stackdriver-monitoring-automation-part-3-uptime-checks-
476b8507f59c

NEW QUESTION # 119
You are developing an HTTP API hosted on a Compute Engine virtual machine instance that needs to be invoked by multiple clients within the same Virtual Private Cloud (VPC). You want clients to be able to get the IP address of the service.
What should you do?

• A. Reserve a static external IP address and assign it to an HTTP(S) load balancing service's forwarding rule.
  Then, define an A record in Cloud DNS. Clients should use the name of the A record to connect to the service.
• B. Ensure that clients use Compute Engine internal DNS by connecting to the instance name with the url https://[INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal/.
• C. Ensure that clients use Compute Engine internal DNS by connecting to the instance name with the url https://[API_NAME]/[API_VERSION]/.
• D. Reserve a static external IP address and assign it to an HTTP(S) load balancing service's forwarding rule.
  Clients should use this IP address to connect to the service.

Answer: C

NEW QUESTION # 120
For this question, refer to the HipLocal case study.
HipLocal's application uses Cloud Client Libraries to interact with Google Cloud. HipLocal needs to configure authentication and authorization in the Cloud Client Libraries to implement least privileged access for the application. What should they do?

• A. Create an API key. Use the API key to interact with Google Cloud.
• B. Create a service account for the application. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.
• C. Create a service account for the application and for each Google Cloud API used by the application.
  Export and deploy the private keys used by the application. Use the service account with one Google Cloud API to interact with Google Cloud.
• D. Use the default compute service account to interact with Google Cloud.

Answer: A

NEW QUESTION # 121
You have decided to migrate your Compute Engine application to Google Kubernetes Engine. You need to build a container image and push it to Artifact Registry using Cloud Build. What should you do? (Choose two.) A) Run gcloud builds submit in the directory that contains the application source code.
B)
Run gcloud run deploy app-name --image gcr.io/$PROJECT_ID/app-name in the directory that contains the application source code.
C)
Run gcloud container images add-tag gcr.io/$PROJECT_ID/app-name gcr.io/$PROJECT_ID/app-name:latest in the directory that contains the application source code.
D)
In the application source directory, create a file named cloudbuild.yaml that contains the following contents:

E)
In the application source directory, create a file named cloudbuild.yaml that contains the following contents:

• A. Option E
• B. Option D
• C. Option A
• D. Option C
• E. Option B

Answer: B,C

Explanation:
Explanation
https://cloud.google.com/sdk/gcloud/reference/builds/submit
https://cloud.google.com/artifact-registry/docs/configure-cloud-build

NEW QUESTION # 122
April states she would like to use the cellular network from her iPhone to access the Internet for free on her Mac. What true statement can you give April?

• A. "Personal Hotspot only works on CDMA networks."
• B. "Personal Hotspot can come with additional charges. You should contact your carrier."
• C. "Personal Hotspot is a great way to access the Internet for free!"
• D. "You must enable Personal Hotspot on your iPhone before the feature can work for free."

Answer: B

NEW QUESTION # 123
Case Study
Company Overview
HipLocal is a community application designed to facilitate communication between people in close proximity. It is used for event planning and organizing sporting events, and for businesses to connect with their local communities. HipLocal launched recently in a few neighborhoods in Dallas and is rapidly growing into a global phenomenon. Its unique style of hyper-local community communication and business outreach is in demand around the world.
Executive Statement
We are the number one local community app; it's time to take our local community services global. Our venture capital investors want to see rapid growth and the same great experience for new local and virtual communities that come online, whether their members are 10 or 10000 miles away from each other.
Solution Concept
HipLocal wants to expand their existing service, with updated functionality, in new regions to better serve their global customers. They want to hire and train a new team to support these regions in their time zones. They will need to ensure that the application scales smoothly and provides clear uptime data.
Existing Technical Environment
HipLocal's environment is a mix of on-premises hardware and infrastructure running in Google Cloud Platform.
The HipLocal team understands their application well, but has limited experience in global scale applications.
Their existing technical environment is as follows:
* Existing APIs run on Compute Engine virtual machine instances hosted in GCP.
* State is stored in a single instance MySQL database in GCP.
* Data is exported to an on-premises Teradata/Vertica data warehouse.
* Data analytics is performed in an on-premises Hadoop environment.
* The application has no logging.
* There are basic indicators of uptime; alerts are frequently fired when the APIs are unresponsive.
Business Requirements
HipLocal's investors want to expand their footprint and support the increase in demand they are seeing. Their requirements are:
* Expand availability of the application to new regions.
* Increase the number of concurrent users that can be supported.
* Ensure a consistent experience for users when they travel to different regions.
* Obtain user activity metrics to better understand how to monetize their product.
* Ensure compliance with regulations in the new regions (for example, GDPR).
* Reduce infrastructure management time and cost.
* Adopt the Google-recommended practices for cloud computing.
Technical Requirements
* The application and backend must provide usage metrics and monitoring.
* APIs require strong authentication and authorization.
* Logging must be increased, and data should be stored in a cloud analytics platform.
* Move to serverless architecture to facilitate elastic scaling.
* Provide authorized access to internal apps in a secure manner.
HipLocal wants to reduce the number of on-call engineers and eliminate manual scaling.
Which two services should they choose? (Choose two.)

• A. Use Google App Engine services.
• B. Use serverless Google Cloud Functions.
• C. Use Google Kubernetes Engine for automated deployments.
• D. Use a large Google Compute Engine cluster for deployments.
• E. Use Knative to build and deploy serverless applications.

Answer: B,E

Explanation:
Explanation/Reference:

NEW QUESTION # 124
You have an ecommerce application hosted in Google Kubernetes Engine (GKE) that receives external requests and forwards them to third-party APIs external to Google Cloud. The third-party APIs are responsible for credit card processing, shipping, and inventory management using the process shown in the diagram.
Your customers are reporting that the ecommerce application is running slowly at unpredictable times. The application doesn't report any metrics You need to determine the cause of the inconsistent performance What should you do?

• A. Install the OpenTelemetry library for your respective language, and instrument your application.
• B. Modify your application to read and forward the x-Cloud-Trace-context header when it calls the
• C. Install the Ops Agent inside your container and configure it to gather application metrics.

Answer: A

Explanation:
downstream services
D Enable Managed Service for Prometheus on the GKE cluster to gather application metrics.

NEW QUESTION # 125
Your team develops services that run on Google Kubernetes Engine. You need to standardize their log data using Google-recommended practices and make the data more useful in the fewest number of steps. What should you do? (Choose two.)

• A. Write log output to standard output (stdout) as single-line JSON to be ingested into Cloud Logging as structured logs.
• B. Create aggregated exports on application logs to Cloud Storage to facilitate log analytics.
• C. Mandate the use of the Pub/Sub API to write structured data to Pub/Sub and create a Dataflow streaming pipeline to normalize logs and write them to BigQuery for analytics.
• D. Create aggregated exports on application logs to BigQuery to facilitate log analytics.
• E. Mandate the use of the Logging API in the application code to write structured logs to Cloud Logging.

Answer: A,D

Explanation:
https://cloud.google.com/stackdriver/docs/solutions/gke/managing-logs#best_practices

NEW QUESTION # 126
You are writing a Compute Engine hosted application in project A that needs to securely authenticate to a Cloud Pub/Sub topic in project B.
What should you do?

• A. Configure Application Default Credentials to use the private key of a service account owned by project B.
  Add the service account as a Cloud Pub/Sub publisher to project A.
• B. Configure the instances with a service account owned by project A. Add the service account as a publisher on the topic.
• C. Configure Application Default Credentials to use the private key of a service account owned by project A.
  Add the service account as a publisher on the topic
• D. Configure the instances with a service account owned by project B. Add the service account as a Cloud Pub/Sub publisher to project A.

Answer: B

NEW QUESTION # 127
Your teammate has asked you to review the code below. Its purpose is to efficiently add a large number of small rows to a BigQuery table.

Which improvement should you suggest your teammate make?

• A. Perform the inserts in parallel by creating multiple threads.
• B. Include multiple rows with each request.
• C. Write each row to a Cloud Storage object in parallel, then load into BigQuery.
• D. Write each row to a Cloud Storage object, then load into BigQuery.

Answer: A

NEW QUESTION # 128
You are deploying your application on a Compute Engine instance that communicates with Cloud SQL. You will use Cloud SQL Proxy to allow your application to communicate to the database using the service account associated with the application's instance. You want to follow the Google-recommended best practice of providing minimum access for the role assigned to the service account. What should you do?

• A. Assign the Project Editor role.
• B. Assign the Project Owner role.
• C. Assign the Cloud SQL Client role.
• D. Assign the Cloud SQL Editor role.

Answer: C

NEW QUESTION # 129
Your application is deployed in a Google Kubernetes Engine (GKE) cluster. When a new version of your application is released, your CI/CD tool updates the spec.template.spec.containers[0].image value to reference the Docker image of your new application version. When the Deployment object applies the change, you want to deploy at least 1 replica of the new version and maintain the previous replicas until the new replica is healthy.
Which change should you make to the GKE Deployment object shown below?

• A. Set the Deployment strategy to RollingUpdate with maxSurge set to 1, maxUnavailable set to 0.
• B. Set the Deployment strategy to RollingUpdate with maxSurge set to 0, maxUnavailable set to 1.
• C. Set the Deployment strategy to Recreate with maxSurge set to 0, maxUnavailable set to 1.
• D. Set the Deployment strategy to Recreate with maxSurge set to 1, maxUnavailable set to 0.

Answer: D

NEW QUESTION # 130
Your application is composed of a set of loosely coupled services orchestrated by code executed on Compute Engine. You want your application to easily bring up new Compute Engine instances that find and use a specific version of a service. How should this be configured?

• A. Define your service endpoint information to be retrieved from an environment variable at runtime and used to connect to the desired service.
• B. Define your service endpoint information as label data that is retrieved at runtime and used to connect to the desired service.
• C. Define your service to use a fixed hostname and port to connect to the desired service. Replace the service at the endpoint with your new version.
• D. Define your service endpoint information as metadata that is retrieved at runtime and used to connect to the desired service.

Answer: D

Explanation:
https://cloud.google.com/service-infrastructure/docs/service-metadata/reference/rest#service-endpoint

NEW QUESTION # 131
You are supporting a business-critical application in production deployed on Cloud Run. The application is reporting HTTP 500 errors that are affecting the usability of the application. You want to be alerted when the number of errors exceeds 15% of the requests within a specific time window. What should you do?

• A. Create a Cloud Function that consumes the Cloud Monitoring API Use Cloud Composer to trigger the Cloud Function daily and alert you if the number of errors is above the defined threshold.
• B. Create a Cloud Function that consumes the Cloud Monitoring API Use Cloud Scheduler to trigger the Cloud Function daily and alert you if the number of errors is above the defined threshold
• C. Create an alerting policy in Cloud Monitoring that alerts you if the number of errors is above the defined threshold.
• D. Navigate to the Cloud Run page in the Google Cloud console, and select the service from the services list.
  Use the Metrics tab to visualize the number of errors for that revision and refresh the page daily.

Answer: A

NEW QUESTION # 132
You are building a CI/CD pipeline that consists of a version control system, Cloud Build, and Container Registry. Each time a new tag is pushed to the repository, a Cloud Build job is triggered, which runs unit tests on the new code builds a new Docker container image, and pushes it into Container Registry. The last step of your pipeline should deploy the new container to your production Google Kubernetes Engine (GKE) cluster.
You need to select a tool and deployment strategy that meets the following requirements:
* Zero downtime is incurred
* Testing is fully automated
* Allows for testing before being rolled out to users
* Can quickly rollback if needed
What should you do?

• A. Trigger a Spinnaker pipeline configured as an A/B test of your new code and, if it is successful, deploy the container to production.
• B. Trigger another Cloud Build job that uses the Kubernetes CLI tools to deploy your new container to your GKE cluster, where you can perform a canary test.
• C. Trigger a Spinnaker pipeline configured as a canary test of your new code and, if it is successful, deploy the container to production.
• D. Trigger another Cloud Build job that uses the Kubernetes CLI tools to deploy your new container to your GKE cluster, where you can perform a shadow test.

Answer: D

Explanation:
Explanation
https://cloud.google.com/architecture/implementing-deployment-and-testing-strategies-on-gke#perform_a_shado With a shadow test, you test the new version of your application by mirroring user traffic from the current application version without impacting the user requests.

NEW QUESTION # 133
......

100% Updated Google Professional-Cloud-Developer Enterprise PDF Dumps: https://certkingdom.practicedump.com/Professional-Cloud-Developer-practice-dumps.html