
無料でゲット!最新の2024年最新の有効な練習Cloud Developer Professional-Cloud-Developer問題と解答でテストエンジン
Professional-Cloud-Developer問題集PDFで100%合格保証付き
Google Professional-Cloud-Developer 認定試験は、Google Cloud が提供する資格であり、Google Cloud プラットフォーム上でのアプリケーションの設計、開発、展開における専門知識を検証します。この認定は、Google Cloud テクノロジーで作業し、クラウドネイティブアプリケーションを作成する責任がある開発者を対象としています。試験は、ビジネス要件を満たすスケーラブルで耐障害性のあるアプリケーションを構築するために Google Cloud のツールとサービスを使用する能力を試験するように設計されています。
質問 # 136
Your team has created an application that is hosted on a Google Kubernetes Engine (GKE) cluster You need to connect the application to a legacy REST service that is deployed in two GKE clusters in two different regions. You want to connect your application to the legacy service in a way that is resilient and requires the fewest number of steps You also want to be able to run probe-based health checks on the legacy service on a separate port How should you set up the connection?
- A. Use Traffic Director with a sidecar proxy to connect the application to the service.
- B. Use a proxyless Traffic Director configuration to connect the application to the service.
- C. Configure the legacy service's firewall to allow health checks originating from the proxy.
- D. Configure the legacy service's firewall to allow health checks originating from the application.
- E. Configure the legacy service's firewall to allow health checks originating from the Traffic Director control plane.
正解:A、C
解説:
https://cloud.google.com/traffic-director/docs/advanced-setup#routing-rule-maps
https://cloud.google.com/traffic-director/docs/advanced-setup
A). Using Traffic Director with a sidecar proxy can provide resilience for your application by allowing for failover to the secondary region in the event of an outage. The sidecar proxy can route traffic to the legacy service in either of the two GKE clusters, ensuring high availability.
C). Configuring the legacy service's firewall to allow health checks originating from the proxy allows the proxy to periodically check the health of the legacy service and ensure that it is functioning properly. This helps to ensure that traffic is only routed to healthy instances of the legacy service, further improving the resilience of the setup.
質問 # 137
Your application performs well when tested locally, but it runs significantly slower when you deploy it to App Engine standard environment. You want to diagnose the problem. What should you do?
- A. Add logging commands to the application and use Stackdriver Logging to check where the latency problem occurs.
- B. Use Stackdriver Trace to determine which functions within the application have higher latency.
- C. File a ticket with Cloud Support indicating that the application performs faster locally.
- D. Use Stackdriver Debugger Snapshots to look at a point-in-time execution of the application.
正解:A
解説:
Topic 1, HipLocal Case Study
Company Overview
HipLocal is a community application designed to facilitate communication between people in close proximity. It is used for event planning and organizing sporting events, and for businesses to connect with their local communities. HipLocal launched recently in a few neighborhoods in Dallas and is rapidly growing into a global phenomenon. Its unique style of hyper-local community communication and business outreach is in demand around the world.
Executive statement
We are the number one local community app; it's time to take our local community services global. Our venture capital investors want to see rapid growth and the same great experience for new local and virtual communities that come online, whether their members are 10 or 10,000 miles away from each other.
Solution concept
HipLocal wants to expand their existing service, with updated functionality, in new regions to better serve their global customers. They want to hire and train a new team to support these regions in their time zones. They will need to ensure that the application scales smoothly and provides clear uptime data.
Existing technical environment
HipLocal's environment is a mix of on-premises hardware and infrastructure running in Google Cloud Platform. The HipLocal team understands their application well but has limited experience in global scale applications. Their existing technical environment is as follows:
* Existing APIs run on Compute Engine virtual machine instances hosted in GCP
* State is stored in a single instance MySQL database in GCP
* Data is exported to an on-premises Teradata/Vertica data warehouse
* Data analytics is performed in an on-premises Hadoop environment
* The application has no logging
* There are basic indicators of uptime; alerts are frequently fired when the APIs are unresponsive Business Requirements HipLocal's investors want to expand their footprint and support the increase in demand they are seeing. Their requirements are:
* Expand availability of the application to new regions
* Increase the number of concurrent users that can be supported
* Ensure a consistent experience for users when they travel to different regions
* Obtain user activity metrics to better understand how to monetize their product
* Ensure compliance with regulations in the new regions (for example, GDPR)
* Reduce infrastructure management time and cost
* Adopt the Google-recommended practices for cloud computing
Technical Requirements
* The application and backend must provide usage metrics and monitoring
* APIs require strong authentication and authorization
* Logging must be increased, and data should be stored in a cloud analytics platform
* Move to serverless architecture to facilitate elastic scaling
* Provide authorized access to internal apps in a secure manner
質問 # 138
You are developing an online gaming platform as a microservices application on Google Kubernetes Engine (GKE). Users on social media are complaining about long loading times for certain URL requests to the application. You need to investigate performance bottlenecks in the application and identify. which HTTP requests have a significantly high latency span in user requests What should you do?
- A. Update your microservices to log HTTP request methods and URL paths to STDOUT Use the logs router to send container logs to Cloud Logging Create filters in Cloud Logging to evaluate the latency of user requests across different methods and URL paths.
- B. Instrument your microservices by installing the OpenTelemetry tracing package Update your application code to send traces to Trace for inspection and analysis Create an analysis report on Trace to analyze user requests
- C. Configure GKE workload metrics using kubect1 Select all Pods to send their metrics to Cloud Monitoring. Create a custom dashboard of application metrics in Cloud Monitoring to determine performance bottlenecks of your GKE cluster
- D. Install tcpdump on your GKE nodes. Run tcpdump to capture network traffic over an extended period of time to collect data Analyze the data files using Wireshark to determine the cause of high latency
正解:C
質問 # 139
You have recently instrumented a new application with OpenTelemetry, and you want to check the latency of your application requests in Trace. You want to ensure that a specific request is always traced. What should you do?
- A. Wait 10 minutes, then verify that Trace captures those types of requests automatically.
- B. Use the Trace API to apply custom attributes to the trace.
- C. Add the X-Cloud-Trace-Context header to the request with the appropriate parameters.
- D. Write a custom script that sends this type of request repeatedly from your dev project.
正解:C
解説:
https://cloud.google.com/trace/docs/setup#force-trace
Cloud Trace doesn't sample every request. To force a specific request to be traced, add an X-Cloud-Trace-Context header to the request.
質問 # 140
You are building an API that will be used by Android and iOS apps The API must:
* Support HTTPs
* Minimize bandwidth cost
* Integrate easily with mobile apps
Which API architecture should you use?
- A. MQTT for APIs
- B. SOAP-based APIs
- C. RESTful APIs
- D. gRPC-based APIs
正解:C
解説:
Explanation
Explanation/Reference: https://www.devteam.space/blog/how-to-build-restful-api-for-your-mobile-app/
質問 # 141
You want to create "fully baked" or "golden" Compute Engine images for your application. You need to bootstrap your application to connect to the appropriate database according to the environment the application is running on (test, staging, production). What should you do?
- A. Embed the appropriate database connection string in the image. Create a different image for each environment.
- B. When creating the Compute Engine instance, add a tag with the name of the database to be connected. In your application, query the Compute Engine API to pull the tags for the current instance, and use the tag to construct the appropriate database connection string.
- C. When creating the Compute Engine instance, create a metadata item with a key of "DATABASE" and a value for the appropriate database connection string. In your application, query the metadata server for the "DATABASE" value, and use the value to connect to the appropriate database.
- D. When creating the Compute Engine instance, create a metadata item with a key of "DATABASE" and a value for the appropriate database connection string. In your application, read the "DATABASE" environment variable, and use the value to connect to the appropriate database.
正解:C
質問 # 142
You want to re-architect a monolithic application so that it follows a microservices model. You want to accomplish this efficiently while minimizing the impact of this change to the business.
Which approach should you take?
- A. Replace the application's features with appropriate microservices in phases.
- B. Refactor the monolithic application with appropriate microservices in a single effort and deploy it.
- C. Deploy the application to Compute Engine and turn on autoscaling.
- D. Build a new application with the appropriate microservices separate from the monolith and replace it when it is complete.
正解:B
解説:
Reference: https://cloud.google.com/solutions/migrating-a-monolithic-app-to-microservices-gke
質問 # 143
What are the features of using iCloud as a backup method for an iOS device?
- A. Always encrypts backups.
- B. Backups can be encrypted or un-encrypted.
- C. Offers up to 200 TB of storage.
- D. The customer can make backups over cellular networks.
正解:B
解説:
Explanation/Reference: https://www.pcworld.com/article/2154792/backups-via-icloud-or-itunes-the-crucial-differences-that- affect-your-data.html
質問 # 144
Your company has a new security initiative that requires all data stored in Google Cloud to be encrypted by customer-managed encryption keys. You plan to use Cloud Key Management Service (KMS) to configure access to the keys. You need to follow the "separation of duties" principle and Google-recommended best practices. What should you do? (Choose two.)
- A. Grant the roles/cloudkms.admin role to the owner of the project where the keys from Cloud KMS are being used.
- B. Provision Cloud KMS in its own project.
- C. Grant an owner role for the Cloud KMS project to a different user than the owner of the project where the keys from Cloud KMS are being used.
- D. Provision Cloud KMS in the project where the keys are being used.
- E. Do not assign an owner to the Cloud KMS project.
正解:B、E
解説:
https://cloud.google.com/kms/docs/separation-of-duties#using_separate_project
質問 # 145
You have an application deployed in production. When a new version is deployed, some issues don't arise until the application receives traffic from users in production. You want to reduce both the impact and the number of users affected.
Which deployment strategy should you use?
- A. Blue/green deployment
- B. Canary deployment
- C. Recreate deployment
- D. Rolling deployment
正解:A
質問 # 146
You are designing an application that consists of several microservices. Each microservice has its own RESTful API and will be deployed as a separate Kubernetes Service. You want to ensure that the consumers of these APIs aren't impacted when there is a change to your API, and also ensure that third-party systems aren't interrupted when new versions of the API are released. How should you configure the connection to the application following Google-recommended best practices?
- A. Use an Ingress that uses the API's URL to route requests to the appropriate backend.
- B. Leverage a Service Discovery system, and connect to the backend specified by the request.
- C. Combine multiple versions in the same service, and then specify the API version in the POST request.
- D. Use multiple clusters, and use DNS entries to route requests to separate versioned backends.
正解:A
質問 # 147
You are writing a Compute Engine hosted application in project A that needs to securely authenticate to a Cloud Pub/Sub topic in project B.
What should you do?
- A. Configure the instances with a service account owned by project A. Add the service account as a publisher on the topic.
- B. Configure the instances with a service account owned by project B. Add the service account as a Cloud Pub/Sub publisher to project A.
- C. Configure Application Default Credentials to use the private key of a service account owned by project A. Add the service account as a publisher on the topic
- D. Configure Application Default Credentials to use the private key of a service account owned by project B. Add the service account as a Cloud Pub/Sub publisher to project A.
正解:A
解説:
https://cloud.google.com/pubsub/docs/access-control
"For example, suppose a service account in Cloud Project A wants to publish messages to a topic in Cloud Project B.
You could accomplish this by granting the service account Edit permission in Cloud Project B"
質問 # 148
You are planning to deploy your application in a Google Kubernetes Engine (GKE) cluster. Your application can scale horizontally, and each instance of your application needs to have a stable network identity and its own persistent disk.
Which GKE object should you use?
- A. Deployment
- B. ReplicaController
- C. ReplicaSet
- D. StatefulSet
正解:D
解説:
Reference:
https://livebook.manning.com/book/kubernetes-in-action/chapter-10/46
質問 # 149
You have containerized a legacy application that stores its configuration on an NFS share. You need to deploy this application to Google Kubernetes Engine (GKE) and do not want the application serving traffic until after the configuration has been retrieved. What should you do?
- A. Add a startup script to the GKE instance group to mount the NFS share at node startup. Copy the configuration files into the container, and start the service using an ENTRYPOINT script.
- B. Use the COPY statement in the Dockerfile to load the configuration into the container image. Verify that the configuration is available, and start the service using an ENTRYPOINT script.
- C. Create a PersistentVolumeClaim on the GKE cluster. Access the configuration files from the volume, and start the service using an ENTRYPOINT script.
- D. Use the gsutil utility to copy files from within the Docker container at startup, and start the service using an ENTRYPOINT script.
正解:C
解説:
Reference: https://cloud.google.com/compute/docs/instances/startup-scripts/linux
質問 # 150
You are deploying your application on a Compute Engine instance that communicates with Cloud SQL. You will use Cloud SQL Proxy to allow your application to communicate to the database using the service account associated with the application's instance. You want to follow the Google-recommended best practice of providing minimum access for the role assigned to the service account. What should you do?
- A. Assign the Cloud SQL Editor role.
- B. Assign the Project Editor role.
- C. Assign the Project Owner role.
- D. Assign the Cloud SQL Client role.
正解:D
質問 # 151
You are developing a new application that has the following design requirements:
Creation and changes to the application infrastructure are versioned and auditable.
The application and deployment infrastructure uses Google-managed services as much as possible.
The application runs on a serverless compute platform.
How should you design the application's architecture?
- A. 1. Deploy the application infrastructure using gcloud commands.
2. Use Cloud Build to define a continuous integration pipeline for changes to the application source code.
3. Configure a pipeline step to pull the application source code from a Git repository, and create a containerized application. - B. 1. Store the application and infrastructure source code in a Git repository.
2. Use Cloud Build to deploy the application infrastructure with Terraform.
3. Deploy the application to a Cloud Function as a pipeline step. - C. 1. Deploy Jenkins from the Google Cloud Marketplace, and define a continuous integration pipeline in Jenkins.
2. Configure a pipeline step to pull the application source code from a Git repository.
3. Deploy the application source code to App Engine as a pipeline step. - D. 1. Create a continuous integration pipeline on Cloud Build, and configure the pipeline to deploy the application infrastructure using Deployment Manager templates.
2. Configure a pipeline step to create a container with the latest application source code.
3. Deploy the container to a Compute Engine instance as a pipeline step.
正解:A
解説:
4. Deploy the new container on Cloud Run as a pipeline step.
質問 # 152
You need to deploy resources from your laptop to Google Cloud using Terraform. Resources in your Google Cloud environment must be created using a service account. Your Cloud Identity has the roles/iam.serviceAccountTokenCreator Identity and Access Management (IAM) role and the necessary permissions to deploy the resources using Terraform. You want to set up your development environment to deploy the desired resources following Google-recommended best practices. What should you do?
- A. 1) Run the following command from a command line: gcloud auth application-default login.
2) In the browser window that opens, authenticate using your personal credentials. - B. 1) Download the service account's key file in JSON format, and store it locally on your laptop.
2) Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of your downloaded key file. - C. 1) Run the following command from a command line: gcloud config set auth/impersonate_service_account [email protected].
2) Set the GOOGLE_OAUTH_ACCESS_TOKEN environment variable to the value that is returned by the gcloud auth print-access-token command. - D. 1) Store the service account's key file in JSON format in Hashicorp Vault.
2) Integrate Terraform with Vault to retrieve the key file dynamically, and authenticate to Vault using a short-lived access token.
正解:D
解説:
https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys#file-system Whenever possible, avoid storing service account keys on a file system. If you can't avoid storing keys on disk, make sure to restrict access to the key file, configure file access auditing, and encrypt the underlying disk.
https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys#software-keystore In situations where using a hardware-based key store isn't viable, use a software-based key store to manage service account keys. Similar to hardware-based options, a software-based key store lets users or applications use service account keys without revealing the private key. Software-based key store solutions can help you control key access in a fine-grained manner and can also ensure that each key access is logged.
質問 # 153
You recently migrated an on-premises monolithic application to a microservices application on Google Kubernetes Engine (GKE). The application has dependencies on backend services on-premises, including a CRM system and a MySQL database that contains personally identifiable information (PII). The backend services must remain on-premises to meet regulatory requirements.
You established a Cloud VPN connection between your on-premises data center and Google Cloud. You notice that some requests from your microservices application on GKE to the backend services are failing due to latency issues caused by fluctuating bandwidth, which is causing the application to crash. How should you address the latency issues?
- A. Use Istio to create a service mesh that includes the microservices on GKE and the on-premises services
- B. Increase the number of Cloud VPN tunnels for the connection between Google Cloud and the on-premises services
- C. Use Memorystore to cache frequently accessed PII data from the on-premises MySQL database
- D. Decrease the network layer packet size by decreasing the Maximum Transmission Unit (MTU) value from its default value on Cloud VPN
正解:B
解説:
https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing#route-alignment
質問 # 154
You are running a web application on Google Kubernetes Engine that you inherited. You want to determine whether the application is using libraries with known vulnerabilities or is vulnerable to XSS attacks. Which service should you use?
- A. Debugger
- B. Google Cloud Armor
- C. Web Security Scanner
- D. Error Reporting
正解:C
解説:
https://cloud.google.com/security-command-center/docs/concepts-web-security-scanner-overview Web Security Scanner identifies security vulnerabilities in your App Engine, Google Kubernetes Engine (GKE), and Compute Engine web applications. It crawls your application, following all links within the scope of your starting URLs, and attempts to exercise as many user inputs and event handlers as possible.
質問 # 155
You manage your company's ecommerce platform's payment system, which runs on Google Cloud. Your company must retain user logs for 1 year for internal auditing purposes and for 3 years to meet compliance requirements. You need to store new user logs on Google Cloud to minimize on-premises storage usage and ensure that they are easily searchable. You want to minimize effort while ensuring that the logs are stored correctly. What should you do?
- A. Store the logs in Cloud Logging as custom logs with a custom retention period.
- B. Store the logs in a Cloud Storage bucket with bucket lock turned on.
- C. Store the logs in a Cloud Storage bucket with a 3-year retention period.
- D. Store the logs in a Cloud Storage bucket with a 1-year retention period. After 1 year, move the logs to another bucket with a 2-year retention period.
正解:A
解説:
Explanation
https://cloud.google.com/logging/docs/buckets#custom-retention
質問 # 156
- A. Grant the [email protected] service account the roles/ storage.objectCreator role for the Cloud Storage bucket.
- B. It is supposed to write an object in a Cloud Storage bucket owned by project B. However, the write call is failing with the error "403 Forbidden".
What should you do to correct the problem? - C. Enable the Cloud Storage API in project B.
- D. Grant your user account the roles/iam.serviceAccountUser role for the service-PROJECTA@gcf-admin- robot.iam.gserviceaccount.com service account.
- E. Grant your user account the roles/storage.objectCreator role for the Cloud Storage bucket.
正解:D
質問 # 157
You developed a JavaScript web application that needs to access Google Drive's API and obtain permission from users to store files in their Google Drives. You need to select an authorization approach for your application. What should you do?
- A. Create a service account.
- B. Create an OAuth Client ID.
- C. Create a SAML token.
- D. Create an API key.
正解:B
解説:
Reference: https://developers.google.com/drive/api/v3/about-auth
質問 # 158
You are developing a microservice-based application that will run on Google Kubernetes Engine (GKE).
Some of the services need to access different Google Cloud APIs. How should you set up authentication of these services in the cluster following Google-recommended best practices? (Choose two.)
- A. Use gcloud to bind the Kubernetes service account and the Google service account using roles/iam.workloadIdentity.
- B. Enable Workload Identity in the cluster via the gcloud command-line tool.
- C. Store the Google service account keys in a central secret management service.
- D. Access the Google service account keys from a secret management service.
- E. Use the service account attached to the GKE node.
正解:A、B
解説:
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
質問 # 159
You have a mixture of packaged and internally developed applications hosted on a Compute Engine instance that is running Linux. These applications write log records as text in local files. You want the logs to be written to Cloud Logging. What should you do?
- A. Using cron, schedule a job to copy the log files to Cloud Storage once a day.
- B. Pipe the content of the files to the Linux Syslog daemon.
- C. Install a Google version of collectd on the Compute Engine instance.
- D. Install a Google version of fluentd on the Compute Engine instance.
正解:D
質問 # 160
You are developing an ecommerce web application that uses App Engine standard environment and Memorystore for Redis. When a user logs into the app, the application caches the user's information (e.g., session, name, address, preferences), which is stored for quick retrieval during checkout.
While testing your application in a browser, you get a 502 Bad Gateway error. You have determined that the application is not connecting to Memorystore. What is the reason for this error?
- A. You configured your application to use a Serverless VPC Access connector on a different subnet in a different availability zone than your App Engine instance.
- B. The firewall rule allowing a connection between App Engine and Memorystore was removed during an infrastructure update by the DevOps team.
- C. Your Memorystore for Redis instance was deployed without a public IP address.
- D. You configured your Serverless VPC Access connector in a different region than your App Engine instance.
正解:C
解説:
Reference: https://cloud.google.com/endpoints/docs/openapi/troubleshoot-response-errors
質問 # 161
......
GoogleのProfessional-Cloud-Developer試験は、アプリケーションデプロイメント、セキュリティ、モニタリング、トラブルシューティングなど、クラウド開発に関連する広範囲なトピックをカバーしています。試験は、複数選択肢やシナリオベースの問題で構成され、候補者の知識を現実世界のシナリオに適用する能力を評価します。試験は時間制限があり、候補者は2時間で完了する必要があります。
Professional-Cloud-Developerブレーン問題集リアル試験最新問題2024年12月25日には265問題:https://jp.fast2test.com/Professional-Cloud-Developer-premium-file.html
最新Professional-Cloud-Developer問題集リアル無料テストPDF本日更新です:https://drive.google.com/open?id=1RR9QuLdCLQ3lrN22iYblNJ-0SfwI-1FN