
信頼できるCloud DevOps Engineer Professional-Cloud-DevOps-Engineer問題集PDF 2023年11月20日最近更新された問題
必ず合格できるGoogle Professional-Cloud-DevOps-Engineer試験正確な164問題と解答あります
Google Professional-Cloud-Devops-Engineer認定試験は、Google Cloud Platform(GCP)およびDevOpsの実践で専門知識を実証したい専門家向けに設計されています。認定試験では、DevOpsの原則を使用してGCPソリューションを設計、開発、管理する候補者の能力のテストに焦点を当てています。この試験は、GCPでアプリケーションの開発と管理の経験があり、DevOpsの実践と原則を十分に理解している専門家向けです。
質問 # 21
Your Cloud Run application writes unstructured logs as text strings to Cloud Logging. You want to convert the unstructured logs to JSON-based structured logs. What should you do?
- A. Modify the application to use Cloud Logging software development kit (SDK), and send log entries with a jsonPay10ad field.
- B. Install the log agent in the Cloud Run container image, and use the log agent to forward logs to Cloud Logging.
- C. Configure the log agent to convert log text payload to JSON payload.
- D. A Install a Fluent Bit sidecar container, and use a JSON parser.
正解:A
解説:
Explanation
The correct answer is D. Modify the application to use Cloud Logging software development kit (SDK), and send log entries with a jsonPayload field.
Cloud Logging SDKs are libraries that allow you to write structured logs from your Cloud Run application.
You can use the SDKs to create log entries with a jsonPayload field, which contains a JSON object with the properties of your log entry. The jsonPayload field allows you to use advanced features of Cloud Logging, such as filtering, querying, and exporting logs based on the properties of your log entry1.
To use Cloud Logging SDKs, you need to install the SDK for your programming language, and then use the SDK methods to create and send log entries to Cloud Logging. For example, if you are using Node.js, you can use the following code to write a structured log entry with a jsonPayload field2:
// Imports the Google Cloud client library
const {Logging} = require('@google-cloud/logging');
// Creates a client
const logging = new Logging();
// Selects the log to write to
const log = logging.log('my-log');
// The data to write to the log
const text = 'Hello, world!';
const metadata = {
// Set the Cloud Run service name and revision as labels
labels: {
service_name: process.env.K_SERVICE || 'unknown',
revision_name: process.env.K_REVISION || 'unknown',
},
// Set the log entry payload type and value
jsonPayload: {
message: text,
timestamp: new Date(),
},
};
// Prepares a log entry
const entry = log.entry(metadata);
// Writes the log entry
await log.write(entry);
console.log(`Logged: ${text}`);
Using Cloud Logging SDKs is the best way to convert unstructured logs to structured logs, as it provides more flexibility and control over the format and content of your log entries.
Using a Fluent Bit sidecar container is not a good option, as it adds complexity and overhead to your Cloud Run application. Fluent Bit is a lightweight log processor and forwarder that can be used to collect and parse logs from various sources and send them to different destinations3. However, Cloud Run does not support sidecar containers, so you would need to run Fluent Bit as part of your main container image. This would require modifying your Dockerfile and configuring Fluent Bit to read logs from supported locations and parse them as JSON. This is more cumbersome and less reliable than using Cloud Logging SDKs.
Using the log agent in the Cloud Run container image is not possible, as the log agent is not supported on Cloud Run. The log agent is a service that runs on Compute Engine or Google Kubernetes Engine instances and collects logs from various applications and system components. However, Cloud Run does not allow you to install or run any agents on its underlying infrastructure, as it is a fully managed service that abstracts away the details of the underlying platform.
Storing the password directly in the code is not a good practice, as it exposes sensitive information and makes it hard to change or rotate the password. It also requires rebuilding and redeploying the application each time the password changes, which adds unnecessary work and downtime.
References:
1: Writing structured logs | Cloud Run Documentation | Google Cloud
2: Write structured logs | Cloud Run Documentation | Google Cloud
3: Fluent Bit - Fast and Lightweight Log Processor & Forwarder
Logging Best Practices for Serverless Applications - Google Codelabs
About the logging agent | Cloud Logging Documentation | Google Cloud
Cloud Run FAQ | Google Cloud
質問 # 22
You are running a real-time gaming application on Compute Engine that has a production and testing environment. Each environment has their own Virtual Private Cloud (VPC) network. The application frontend and backend servers are located on different subnets in the environment's VPC. You suspect there is a malicious process communicating intermittently in your production frontend servers. You want to ensure that network traffic is captured for analysis. What should you do?
- A. Enable VPC Flow Logs on the testing and production VPC network frontend and backend subnets with a volume scale of 1.0. Apply changes in testing before production.
- B. Enable VPC Flow Logs on the production VPC network frontend and backend subnets only with a sample volume scale of 1.0.
- C. Enable VPC Flow Logs on the testing and production VPC network frontend and backend subnets with a volume scale of 0.5. Apply changes in testing before production.
- D. Enable VPC Flow Logs on the production VPC network frontend and backend subnets only with a sample volume scale of 0.5.
正解:A
質問 # 23
Your company runs services by using Google Kubernetes Engine (GKE). The GKE clusters in the development environment run applications with verbose logging enabled. Developers view logs by using the kubect1 logs command and do not use Cloud Logging. Applications do not have a uniform logging structure defined. You need to minimize the costs associated with application logging while still collecting GKE operational logs.
What should you do?
- A. Run the gcloud logging sinks update _Defau1t --disabled command in the project associated with the development environment.
- B. Run the gcloud container clusters update logging=WORKLOAD command for the development cluster.
- C. Add the severity >= DEBUG resource. type "k83 container" exclusion filter to the Default logging sink in the project associated with the development environment.
- D. Run the gcloud container clusters update --logging-SYSTEM command for the development cluster.
正解:D
質問 # 24
You support a high-traffic web application that runs on Google Cloud Platform (GCP). You need measure application reliability from a user perspective without making any engineering changes to it. What should you do? (Choose two.)
- A. Modify the code to capture additional information for user interaction.
- B. Review current application metrics and add new ones as needed.
- C. Create new synthetic clients to simulate a user journey using the application.
- D. Use current and historic Request Logs to trace customer interaction with the application.
- E. Analyze the web proxy logs only and capture response time of each request.
正解:A、C
質問 # 25
You have a CI/CD pipeline that uses Cloud Build to build new Docker images and push them to Docker Hub.
You use Git for code versioning. After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline. You need to resolve the issue following Site Reliability Engineering practices. What should you do?
- A. Upload the configuration YAML file to Cloud Storage and use Error Reporting to identify and fix the issue.
- B. Disable the CI pipeline and revert to manually building and pushing the artifacts.
- C. Run a Git compare between the previous and current Cloud Build Configuration files to find and fix the bug.
- D. Change the CI pipeline to push the artifacts is Container Registry instead of Docker Hub.
正解:D
質問 # 26
You need to build a CI/CD pipeline for a containerized application in Google Cloud Your development team uses a central Git repository for trunk-based development You want to run all your tests in the pipeline for any new versions of the application to improve the quality What should you do?
- A. 1. Install a Git hook to require developers to run unit tests before pushing the code to a central repository If all tests are successful build a container
2. Trigger Cloud Build to deploy the application container to a testing environment, and run integration tests and acceptance tests
3. If all tests are successful tag the code as production ready Trigger Cloud Build to build and deploy the application container to the production environment - B. 1. Trigger Cloud Build to build the application container and run unit tests with the container
2. If unit tests are successful, deploy the application container to a testing environment, and run integration tests
3. If the integration tests are successful the pipeline deploys the application container to the production environment After that, run acceptance tests - C. 1. Trigger Cloud Build to run unit tests when the code is pushed If all unit tests are successful, build and push the application container to a central registry.
2. Trigger Cloud Build to deploy the container to a testing environment, and run integration tests and acceptance tests
3. If all tests are successful the pipeline deploys the application to the production environment and runs smoke tests - D. 1. Install a Git hook to require developers to run unit tests before pushing the code to a central repository
2. Trigger Cloud Build to build the application container Deploy the application container to a testing environment, and run integration tests
3. If the integration tests are successful deploy the application container to your production environment.
and run acceptance tests
正解:C
解説:
Explanation
The best option for building a CI/CD pipeline for a containerized application in Google Cloud is to trigger Cloud Build to run unit tests when the code is pushed, if all unit tests are successful, build and push the application container to a central registry, trigger Cloud Build to deploy the container to a testing environment, and run integration tests and acceptance tests, and if all tests are successful, the pipeline deploys the application to the production environment and runs smoke tests. This option follows the best practices for CI/CD pipelines, such as running tests at different stages of the pipeline, using a central registry for storing and managing containers, deploying to different environments, and using Cloud Build as a unified tool for building, testing, and deploying.
質問 # 27
Your development team has created a new version of their service's API. You need to deploy the new versions of the API with the least disruption to third-party developers and end users of third-party installed applications.
What should you do?
- A. Introduce the new version of the API.
Announce deprecation of the old version of the API.
Deprecate the old version of the API.
Contact remaining users of the old API.
Provide best effort support to users of the old API.
Turn down the old version of the API. - B. Announce deprecation of the old version of the API.
Contact remaining users on the old API.
Introduce the new version of the API.
Deprecate the old version of the API.
Provide best effort support to users of the old API.
Turn down the old version of the API. - C. Introduce the new version of the API.
Contact remaining users of the old API.
Announce deprecation of the old version of the API.
Deprecate the old version of the API.
Turn down the old version of the API.
Provide best effort support to users of the old API. - D. Announce deprecation of the old version of the API.
Introduce the new version of the API.
Contact remaining users on the old API.
Deprecate the old version of the API.
Turn down the old version of the API.
Provide best effort support to users of the old API.
正解:A
質問 # 28
You deploy a new release of an internal application during a weekend maintenance window when there is minimal user traffic. After the window ends, you learn that one of the new features isn't working as expected in the production environment. After an extended outage, you roll back the new release and deploy a fix. You want to modify your release process to reduce the mean time to recovery so you can avoid extended outages in the future. What should you do?
Choose 2 answers
- A. Integrate a code linting tool to validate coding standards before any code is accepted into the repository.
- B. Adopt the blue/green deployment strategy when releasing new code via a CD server.
- C. Require developers to run automated integration tests on their local development environments before release.
- D. Before merging new code, require 2 different peers to review the code changes.
- E. Configure a CI server. Add a suite of unit tests to your code and have your CI server run them on commit and verify any changes.
正解:A、D
質問 # 29
You need to run a business-critical workload on a fixed set of Compute Engine instances for several months.
The workload is stable with the exact amount of resources allocated to it. You want to lower the costs for this workload without any performance implications. What should you do?
- A. Purchase Committed Use Discounts.
- B. Convert the instances to preemptible virtual machines.
- C. Create an Unmanaged Instance Group for the instances used to run the workload.
- D. Migrate the instances to a Managed Instance Group.
正解:A
質問 # 30
You encounter a large number of outages in the production systems you support. You receive alerts for all the outages that wake you up at night. The alerts are due to unhealthy systems that are automatically restarted within a minute. You want to set up a process that would prevent staff burnout while following Site Reliability Engineering practices. What should you do?
- A. Eliminate unactionable alerts.
- B. Create an incident report for each of the alerts.
- C. Distribute the alerts to engineers in different time zones.
- D. Redefine the related Service Level Objective so that the error budget is not exhausted.
正解:A
解説:
Explanation
Eliminate bad monitoring : Unactionable alerts (i.e., spam)
https://cloud.google.com/blog/products/management-tools/meeting-reliability-challenges-with-sre-principles agree with kyubiblaze about having to remove unactionable items aka spam: "good monitoring alerts on actionable problems" @
https://cloud.google.com/blog/products/management-tools/meeting-reliability-challenges-with-sre-principles
質問 # 31
Your company recently migrated to Google Cloud. You need to design a fast, reliable, and repeatable solution for your company to provision new projects and basic resources in Google Cloud. What should you do?
- A. Use the Terraform repositories from the Cloud Foundation Toolkit. Apply the code with appropriate parameters to create the Google Cloud project and related resources.
- B. Use the Google Cloud console to create projects.
- C. Write a Terraform module and save it in your source control repository. Copy and run the apply command to create the new project.
- D. Write a script by using the gcloud CLI that passes the appropriate parameters from the request. Save the script in a Git repository.
正解:A
解説:
Explanation
Terraform is an open-source tool that allows you to define and provision infrastructure as code1. Terraform can be used to create and manage Google Cloud resources, such as projects, networks, and services2. The Cloud Foundation Toolkit is a set of open-source Terraform modules and tools that provide best practices and guidance for deploying Google Cloud infrastructure3. The Cloud Foundation Toolkit includes Terraform repositories for creating Google Cloud projects and related resources, such as IAM policies, APIs, service accounts, and billing4. By using the Terraform repositories from the Cloud Foundation Toolkit, you can design a fast, reliable, and repeatable solution for your company to provision new projects and basic resources in Google Cloud. You can also customize the Terraform code to suit your specific needs and preferences.
質問 # 32
You are running an experiment to see whether your users like a new feature of a web application. Shortly after deploying the feature as a canary release, you receive a spike in the number of 500 errors sent to users, and your monitoring reports show increased latency. You want to quickly minimize the negative impact on users. What should you do first?
- A. Roll back the experimental canary release.
- B. Start monitoring latency, traffic, errors, and saturation.
- C. Trace the origin of 500 errors and the root cause of increased latency.
- D. Record data for the postmortem document of the incident.
正解:A
質問 # 33
You support a large service with a well-defined Service Level Objective (SLO). The development team deploys new releases of the service multiple times a week. If a major incident causes the service to miss its SLO, you want the development team to shift its focus from working on features to improving service reliability. What should you do before a major incident occurs?
- A. Negotiate with the product team to always prioritize service reliability over releasing new features.
- B. Develop an appropriate error budget policy in cooperation with all service stakeholders.
- C. Negotiate with the development team to reduce the release frequency to no more than once a week.
- D. Add a plugin to your Jenkins pipeline that prevents new releases whenever your service is out of SLO.
正解:A
質問 # 34
Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to a Kubernetes cluster in the production environment. The security auditor is concerned that developers or operators could circumvent automated testing and push code changes to production without approval. What should you do to enforce approvals?
- A. Use an Admission Controller to verify that incoming requests originate from approved sources.
- B. Configure the build system with protected branches that require pull request approval.
- C. Leverage Kubernetes Role-Based Access Control (RBAC) to restrict access to only approved users.
- D. Enable binary authorization inside the Kubernetes cluster and configure the build pipeline as an attestor.
正解:D
解説:
The keywords here is "developers or operators". Option A the operators could push images to production without approval (operators could touch the cluster directly and the cluster cannot do any action against them). Rest same as francisco_guerra.
質問 # 35
You recently deployed your application in Google Kubernetes Engine (GKE) and now need to release a new version of the application You need the ability to instantly roll back to the previous version of the application in case there are issues with the new version Which deployment model should you use?
- A. Perform A. B testing, and test your application periodically after the deployment is complete
- B. Perform a canary deployment, and test your new application periodically after the new version is deployed
- C. Perform a blue/green deployment and test your new application after the deployment is complete
- D. Perform a rolling deployment and test your new application after the deployment is complete
正解:C
解説:
Explanation
The best deployment model for releasing a new version of your application in GKE with the ability to instantly roll back to the previous version is to perform a blue/green deployment and test your new application after the deployment is complete. A blue/green deployment is a deployment strategy that involves creating two identical environments, one running the current version of the application (blue) and one running the new version of the application (green). The traffic is switched from blue to green after testing the new version, and if any issues are discovered, the traffic can be switched back to blue instantly. This way, you can minimize downtime and risk during deployment.
質問 # 36
You are writing a postmortem for an incident that severely affected users. You want to prevent similar incidents in the future. Which two of the following sections should you include in the postmortem? (Choose two.)
- A. A list of action items to prevent a recurrence of the incident
- B. Copies of the design documents for all the services impacted by the incident
- C. An explanation of the root cause of the incident
- D. A list of employees responsible for causing the incident
- E. Your opinion of the incident's severity compared to past incidents
正解:C、D
質問 # 37
You are developing a strategy for monitoring your Google Cloud Platform (GCP) projects in production using Stackdriver Workspaces. One of the requirements is to be able to quickly identify and react to production environment issues without false alerts from development and staging projects. You want to ensure that you adhere to the principle of least privilege when providing relevant team members with access to Stackdriver Workspaces. What should you do?
- A. Grant relevant team members read access to all GCP production projects. Create Stackdriver workspaces inside each project.
- B. Choose an existing GCP production project to host the monitoring workspace. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.
- C. Create a new GCP monitoring project, and create a Stackdriver Workspace inside it. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.
- D. Grant relevant team members the Project Viewer IAM role on all GCP production projects. Create Slackdriver workspaces inside each project.
正解:C
解説:
Explanation
"A Project can host many Projects and appear in many Projects, but it can only be used as the scoping project once. We recommend that you create a new Project for the purpose of having multiple Projects in the same scope."
質問 # 38
You are deploying an application that needs to access sensitive information. You need to ensure that this information is encrypted and the risk of exposure is minimal if a breach occurs. What should you do?
- A. Integrate the application with a Single sign-on (SSO) system and do not expose secrets to the application
- B. Inject the secret at the time of instance creation via an encrypted configuration management system.
- C. Store the encryption keys in Cloud Key Management Service (KMS) and rotate the keys frequently
- D. Leverage a continuous build pipeline that produces multiple versions of the secret for each instance of the application.
正解:C
質問 # 39
You encountered a major service outage that affected all users of the service for multiple hours. After several hours of incident management, the service returned to normal, and user access was restored. You need to provide an incident summary to relevant stakeholders following the Site Reliability Engineering recommended practices. What should you do first?
- A. Require the engineer responsible to write an apology email to all stakeholders.
- B. Call individual stakeholders lo explain what happened.
- C. Develop a post-mortem to be distributed to stakeholders.
- D. Send the Incident State Document to all the stakeholders.
正解:D
質問 # 40
Your company is developing applications that are deployed on Google Kubernetes Engine (GKE). Each team manages a different application. You need to create the development and production environments for each team, while minimizing costs. Different teams should not be able to access other teams' environments. What should you do?
- A. Create one GCP Project per team. In each project, create a cluster for Development and one for Production. Grant the teams IAM access to their respective clusters.
- B. Create a Development and a Production GKE cluster in separate projects. In each cluster, create a Kubernetes namespace per team, and then configure Kubernetes Role-based access control (RBAC) so that each team can only access its own namespace.
- C. Create a Development and a Production GKE cluster in separate projects. In each cluster, create a Kubernetes namespace per team, and then configure Identity Aware Proxy so that each team can only access its own namespace.
- D. Create one GCP Project per team. In each project, create a cluster with a Kubernetes namespace for Development and one for Production. Grant the teams IAM access to their respective clusters.
正解:B
解説:
Explanation
https://cloud.google.com/architecture/prep-kubernetes-engine-for-prod#roles_and_groups
質問 # 41
As part of your company's initiative to shift left on security, the infoSec team is asking all teams to implement guard rails on all the Google Kubernetes Engine (GKE) clusters to only allow the deployment of trusted and approved images You need to determine how to satisfy the InfoSec teams goal of shifting left on security.
What should you do?
- A. Use Binary Authorization to attest images during your CI CD pipeline
- B. Enable Container Analysis in Artifact Registry, and check for common vulnerabilities and exposures (CVEs) in your container images
- C. Deploy Falco or Twistlock on GKE to monitor for vulnerabilities on your running Pods
- D. Configure Identity and Access Management (1AM) policies to create a least privilege model on your GKE clusters
正解:A
解説:
Explanation
The best option for implementing guard rails on all GKE clusters to only allow the deployment of trusted and approved images is to use Binary Authorization to attest images during your CI/CD pipeline. Binary Authorization is a feature that allows you to enforce signature-based validation when deploying container images. You can use Binary Authorization to create policies that specify which images are allowed or denied in your GKE clusters. You can also use Binary Authorization to attest images during your CI/CD pipeline by using tools such as Container Analysis or third-party integrations. An attestation is a digital signature that certifies that an image meets certain criteria, such as passing vulnerability scans or code reviews. By using Binary Authorization to attest images during your CI/CD pipeline, you can ensure that only trusted and approved images are deployed to your GKE clusters.
質問 # 42
Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach.
What should you do?
- A. Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.
- B. Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it.
- C. Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.
- D. Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.
正解:A
質問 # 43
You support an application deployed on Compute Engine. The application connects to a Cloud SQL instance to store and retrieve data. After an update to the application, users report errors showing database timeout messages. The number of concurrent active users remained stable. You need to find the most probable cause of the database timeout. What should you do?
- A. Check the serial port logs of the Compute Engine instance.
- B. Use Stackdriver Profiler to visualize the resources utilization throughout the application.
- C. Use Cloud Security Scanner to see whether your Cloud SQL is under a Distributed Denial of Service (DDoS) attack.
- D. Determine whether there is an increased number of connections to the Cloud SQL instance.
正解:D
解説:
Explanation
The most probable cause of the database timeout is an increased number of connections to the Cloud SQL instance. This could happen if the application does not close connections properly or if it creates too many connections at once. You can check the number of connections to the Cloud SQL instance using Cloud Monitoring or Cloud SQL Admin API .
質問 # 44
......
2023年最新の実際にある検証済みのProfessional-Cloud-DevOps-Engineer問題集:https://jp.fast2test.com/Professional-Cloud-DevOps-Engineer-premium-file.html
合格させるProfessional-Cloud-DevOps-Engineer試験で更新された164問題あります:https://drive.google.com/open?id=1FOHmN1aNX9L_PXbTx029irmMuiM9dm7a