[2024年07月04日]Professional-Cloud-DevOps-Engineer問題集PDFとテストエンジン 試験問題 [Q11-Q35]

Share

[2024年07月04日]Professional-Cloud-DevOps-Engineer問題集PDFとテストエンジン 試験問題

検証済みのProfessional-Cloud-DevOps-Engineerテスト問題集と解答で正確な166問題解答あります


Google Professional-Cloud-DevOps-Engineer認定を取得するには、複数選択式の質問を含む2時間のオンライン試験に合格する必要があります。この試験は、Google Cloud Platformツールやサービスを使用してDevOpsプラクティスを実装し、継続的な統合およびデリバリーパイプラインを設計および管理し、インフラストラクチャをコード化し、アプリケーションを監視およびトラブルシューティングする能力をテストするために設計されています。この認定は2年間有効であり、最新のクラウド技術やトレンドに合わせて再認定する必要があります。この認定を取得することで、プロフェッショナルはGoogle Cloud Platform上のDevOpsプラクティスとテクノロジーに関する専門知識を示し、競争力のある求人市場で差別化することができます。


認定試験では、Google CloudプラットフォームでDevOpsカルチャーを設計、実装、および管理する候補者の能力をテストします。この試験では、インフラストラクチャの自動化、構成管理、継続的な統合と配信、監視とロギング、インシデント管理など、幅広いトピックをカバーしています。候補者は、Kubernetes、Terraform、Cloud BuildなどのGoogle Cloudツールで実践的な経験をすることも期待されています。

 

質問 # 11
You are currently planning how to display Cloud Monitoring metrics for your organization's Google Cloud projects. Your organization has three folders and six projects:

You want to configure Cloud Monitoring dashboards lo only display metrics from the projects within one folder You need to ensure that the dashboards do not display metrics from projects in the other folders You want to follow Google-recommended practices What should you do?

  • A. Use the current app-one-dev, app-one-staging and app-one-prod projects as the scoping project for each folder
  • B. Create a single new scoping project
  • C. Create new scoping projects for each folder
  • D. Use the current app-one-prod project as the scoping project

正解:C

解説:
Explanation
The best option for configuring Cloud Monitoring dashboards to only display metrics from the projects within one folder is to create new scoping projects for each folder. A scoping project is a project that defines which resources are monitored by Cloud Monitoring. You can create new scoping projects for each folder by using the gcloud monitoring register-project command. This way, you can associate each scoping project with a folder and only monitor the resources within that folder. You can then configure Cloud Monitoring dashboards to use the scoping projects as data sources and only display metrics from the projects within one folder.


質問 # 12
Your company experiences bugs, outages, and slowness in its production systems. Developers use the production environment for new feature development and bug fixes. Configuration and experiments are done in the production environment, causing outages for users. Testers use the production environment for load testing, which often slows the production systems. You need to redesign the environment to reduce the number of bugs and outages in production and to enable testers to load test new features. What should you do?

  • A. Create a development environment for writing code and a test environment for configurations, experiments, and load testing.
  • B. Secure the production environment to ensure that developers can't change it and set up one controlled update per year.
  • C. Create a development environment with smaller server capacity and give access only to developers and testers.
  • D. Create an automated testing script in production to detect failures as soon as they occur.

正解:D


質問 # 13
You are responsible for creating and modifying the Terraform templates that define your Infrastructure.
Because two new engineers will also be working on the same code, you need to define a process and adopt a tool that will prevent you from overwriting each other's code. You also want to ensure that you capture all updates in the latest version. What should you do?

  • A. * Store your code in a Git-based version control system.
    * Establish a process that includes code reviews by peers and unit testing to ensure integrity and functionality before integration of code.
    * Establish a process where the fully integrated code in the repository becomes the latest master version.
  • B. * Store your code in a Git-based version control system.
    * Establish a process that allows developers to merge their own changes at the end of each day.
    * Package and upload code lo a versioned Cloud Storage bucket as the latest master version.
  • C. * Store your code as text files in Google Drive in a defined folder structure that organizes the files.
    * At the end of each day, confirm that all changes have been captured in the files within the folder structure and create a new .zip archive with a predefined naming convention.
    * Upload the .zip archive to a versioned Cloud Storage bucket and accept it as the latest version.
  • D. * Store your code as text files in Google Drive in a defined folder structure that organizes the files.
    * At the end of each day. confirm that all changes have been captured in the files within the folder structure.
    * Rename the folder structure with a predefined naming convention that increments the version.

正解:A


質問 # 14
You are creating Cloud Logging sinks to export log entries from Cloud Logging to BigQuery for future analysis Your organization has a Google Cloud folder named Dev that contains development projects and a folder named Prod that contains production projects Log entries for development projects must be exported to dev_dataset. and log entries for production projects must be exported to prod_dataset You need to minimize the number of log sinks created and you want to ensure that the log sinks apply to future projects What should you do?

  • A. Create two aggregated log sinks at the organization level, and filter by project ID
  • B. Create a single aggregated log sink at the organization level.
  • C. Create an aggregated Iog sink in the Dev and Prod folders
  • D. Create a log sink in each project

正解:C

解説:
The best option for minimizing the number of log sinks created and ensuring that the log sinks apply to future projects is to create an aggregated log sink in the Dev and Prod folders. An aggregated log sink is a log sink that collects logs from multiple sources, such as projects, folders, or organizations. By creating an aggregated log sink in each folder, you can export log entries for development projects to dev_dataset and log entries for production projects to prod_dataset. You can also use filters to specify which logs you want to export. Additionally, by creating an aggregated log sink at the folder level, you can ensure that the log sink applies to future projects that are created under that folder.


質問 # 15
You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?

  • A. Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
  • B. Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.
  • C. Configure Access Context Manager to allow only these members to export logs.
  • D. Grant the team members the IAM role of logging.configWriter on Cloud IAM.

正解:D


質問 # 16
Your development team has created a new version of their service's API. You need to deploy the new versions of the API with the least disruption to third-party developers and end users of third-party installed applications. What should you do?

  • A. Introduce the new version of the API.
    Announce deprecation of the old version of the API.
    Deprecate the old version of the API.
    Contact remaining users of the old API.
    Provide best effort support to users of the old API.
    Turn down the old version of the API.
  • B. Announce deprecation of the old version of the API.
    Contact remaining users on the old API.
    Introduce the new version of the API.
    Deprecate the old version of the API.
    Provide best effort support to users of the old API.
    Turn down the old version of the API.
  • C. Introduce the new version of the API.
    Contact remaining users of the old API.
    Announce deprecation of the old version of the API.
    Deprecate the old version of the API.
    Turn down the old version of the API.
    Provide best effort support to users of the old API.
  • D. Announce deprecation of the old version of the API.
    Introduce the new version of the API.
    Contact remaining users on the old API.
    Deprecate the old version of the API.
    Turn down the old version of the API.
    Provide best effort support to users of the old API.

正解:D


質問 # 17
You work for a global organization and are running a monolithic application on Compute Engine You need to select the machine type for the application to use that optimizes CPU utilization by using the fewest number of steps You want to use historical system metncs to identify the machine type for the application to use You want to follow Google-recommended practices What should you do?

  • A. Use the Recommender API and apply the suggested recommendations
  • B. Review the Cloud Monitoring dashboard for the VM and choose the machine type with the lowest CPU utilization
  • C. Install the Ops Agent in a fleet of VMs by using the gcloud CLI
  • D. Create an Agent Policy to automatically install Ops Agent in all VMs

正解:A

解説:
Explanation
The best option for selecting the machine type for the application to use that optimizes CPU utilization by using the fewest number of steps is to use the Recommender API and apply the suggested recommendations.
The Recommender API is a service that provides recommendations for optimizing your Google Cloud resources, such as Compute Engine instances, disks, and firewalls. You can use the Recommender API to get recommendations for changing the machine type of your Compute Engine instances based on historical system metrics, such as CPU utilization. You can also apply the suggested recommendations by using the Recommender API or Cloud Console. This way, you can optimize CPU utilization by using the most suitable machine type for your application with minimal effort.


質問 # 18
Your company follows Site Reliability Engineering practices. You are the person in charge of Communications for a large, ongoing incident affecting your customer-facing applications. There is still no estimated time for a resolution of the outage. You are receiving emails from internal stakeholders who want updates on the outage, as well as emails from customers who want to know what is happening. You want to efficiently provide updates to everyone affected by the outage. What should you do?

  • A. Delegate the responding to internal stakeholder emails to another member of the Incident Response Team. Focus on providing responses directly to customers.
  • B. Focus on responding to internal stakeholders at least every 30 minutes. Commit to "next update" times.
  • C. Provide all internal stakeholder emails to the Incident Commander, and allow them to manage internal communications. Focus on providing responses directly to customers.
  • D. Provide periodic updates to all stakeholders in a timely manner. Commit to a "next update" time in all communications.

正解:B


質問 # 19
You are managing the production deployment to a set of Google Kubernetes Engine (GKE) clusters. You want to make sure only images which are successfully built by your trusted CI/CD pipeline are deployed to production. What should you do?

  • A. Set up the Kubernetes Engine clusters as private clusters.
  • B. Enable Cloud Security Scanner on the clusters.
  • C. Set up the Kubernetes Engine clusters with Binary Authorization.
  • D. Enable Vulnerability Analysis on the Container Registry.

正解:D


質問 # 20
You support an application that stores product information in cached memory. For every cache miss, an entry is logged in Stackdriver Logging. You want to visualize how often a cache miss happens over time. What should you do?

  • A. Configure BigOuery as a sink for Stackdriver Logging. Create a scheduled query to filter the cache miss logs and write them to a separate table
  • B. Link Stackdriver Logging as a source in Google Data Studio. Filler (he logs on the cache misses.
  • C. Create a logs-based metric in Stackdriver Logging and a dashboard for that metric in Stackdriver Monitoring.
  • D. Configure Stackdriver Profiler to identify and visualize when the cache misses occur based on the logs.

正解:C


質問 # 21
Your company is developing applications that are deployed on Google Kubernetes Engine (GKE) Each team manages a different application You need to create the development and production environments for each team while you minimize costs Different teams should not be able to access other teams environments You want to follow Google-recommended practices What should you do?

  • A. Create one Google Cloud project per team In each project create a cluster with a Kubernetes namespace for development and one for production Grant the teams Identity and Access Management (1AM) access to their respective clusters.
  • B. Create a development and a production GKE cluster in separate projects In each cluster create a Kubernetes namespace per team and then configure Kubernetes role-based access control (RBAC) so that each team can only access its own namespace
  • C. Create a development and a production GKE cluster in separate projects In each cluster create a Kubernetes namespace per team and then configure Identity-Aware Proxy so that each team can only access its own namespace
  • D. Create one Google Cloud project per team In each project create a cluster for development and one for production Grant the teams Identity and Access Management (1AM) access to their respective clusters

正解:B

解説:
The best option for creating the development and production environments for each team while minimizing costs and ensuring isolation is to create a development and a production GKE cluster in separate projects, in each cluster create a Kubernetes namespace per team, and then configure Kubernetes role-based access control (RBAC) so that each team can only access its own namespace. This option allows you to use fewer clusters and projects than creating one project or cluster per team, which reduces costs and complexity. It also allows you to isolate each team's environment by using namespaces and RBAC, which prevents teams from accessing other teams' environments.


質問 # 22
You want to share a Cloud Monitoring custom dashboard with a partner team What should you do?

  • A. Copy the Monitoring Query Language (MQL) query from the dashboard; and send the MQL query to the partner team
  • B. Provide the partner team with the dashboard URL to enable the partner team to create a copy of the dashboard
  • C. Export the metrics to BigQuery Use Looker Studio to create a dashboard, and share the dashboard with the partner team
  • D. Download the JSON definition of the dashboard, and send the JSON file to the partner team

正解:B

解説:
Explanation
The best option for sharing a Cloud Monitoring custom dashboard with a partner team is to provide the partner team with the dashboard URL to enable the partner team to create a copy of the dashboard. A Cloud Monitoring custom dashboard is a dashboard that allows you to create and customize charts and widgets to display metrics, logs, and traces from your Google Cloud resources and applications. You can share a custom dashboard with a partner team by providing them with the dashboard URL, which is a link that allows them to view the dashboard in their browser. The partner team can then create a copy of the dashboard in their own project by using the Copy Dashboard option. This way, they can access and modify the dashboard without affecting the original one.


質問 # 23
You created a Stackdriver chart for CPU utilization in a dashboard within your workspace project. You want to share the chart with your Site Reliability Engineering (SRE) team only. You want to ensure you follow the principle of least privilege. What should you do?

  • A. Share the workspace Project ID with the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.
  • B. Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.
  • C. Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.
  • D. Share the workspace Project ID with the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.

正解:C

解説:
https://cloud.google.com/monitoring/access-control


質問 # 24
Your company is developing applications that are deployed on Google Kubernetes Engine (GKE). Each team manages a different application. You need to create the development and production environments for each team, while minimizing costs. Different teams should not be able to access other teams' environments. What should you do?

  • A. Create one GCP Project per team. In each project, create a cluster for Development and one for Production. Grant the teams IAM access to their respective clusters.
  • B. Create a Development and a Production GKE cluster in separate projects. In each cluster, create a Kubernetes namespace per team, and then configure Identity Aware Proxy so that each team can only access its own namespace.
  • C. Create a Development and a Production GKE cluster in separate projects. In each cluster, create a Kubernetes namespace per team, and then configure Kubernetes Role-based access control (RBAC) so that each team can only access its own namespace.
  • D. Create one GCP Project per team. In each project, create a cluster with a Kubernetes namespace for Development and one for Production. Grant the teams IAM access to their respective clusters.

正解:C

解説:
https://cloud.google.com/architecture/prep-kubernetes-engine-for-prod#roles_and_groups


質問 # 25
Your Cloud Run application writes unstructured logs as text strings to Cloud Logging. You want to convert the unstructured logs to JSON-based structured logs. What should you do?

  • A. A Install a Fluent Bit sidecar container, and use a JSON parser.
  • B. Install the log agent in the Cloud Run container image, and use the log agent to forward logs to Cloud Logging.
  • C. Configure the log agent to convert log text payload to JSON payload.
  • D. Modify the application to use Cloud Logging software development kit (SDK), and send log entries with a jsonPay10ad field.

正解:D

解説:
Explanation
The correct answer is D. Modify the application to use Cloud Logging software development kit (SDK), and send log entries with a jsonPayload field.
Cloud Logging SDKs are libraries that allow you to write structured logs from your Cloud Run application.
You can use the SDKs to create log entries with a jsonPayload field, which contains a JSON object with the properties of your log entry. The jsonPayload field allows you to use advanced features of Cloud Logging, such as filtering, querying, and exporting logs based on the properties of your log entry1.
To use Cloud Logging SDKs, you need to install the SDK for your programming language, and then use the SDK methods to create and send log entries to Cloud Logging. For example, if you are using Node.js, you can use the following code to write a structured log entry with a jsonPayload field2:
// Imports the Google Cloud client library
const {Logging} = require('@google-cloud/logging');
// Creates a client
const logging = new Logging();
// Selects the log to write to
const log = logging.log('my-log');
// The data to write to the log
const text = 'Hello, world!';
const metadata = {
// Set the Cloud Run service name and revision as labels
labels: {
service_name: process.env.K_SERVICE || 'unknown',
revision_name: process.env.K_REVISION || 'unknown',
},
// Set the log entry payload type and value
jsonPayload: {
message: text,
timestamp: new Date(),
},
};
// Prepares a log entry
const entry = log.entry(metadata);
// Writes the log entry
await log.write(entry);
console.log(`Logged: ${text}`);
Using Cloud Logging SDKs is the best way to convert unstructured logs to structured logs, as it provides more flexibility and control over the format and content of your log entries.
Using a Fluent Bit sidecar container is not a good option, as it adds complexity and overhead to your Cloud Run application. Fluent Bit is a lightweight log processor and forwarder that can be used to collect and parse logs from various sources and send them to different destinations3. However, Cloud Run does not support sidecar containers, so you would need to run Fluent Bit as part of your main container image. This would require modifying your Dockerfile and configuring Fluent Bit to read logs from supported locations and parse them as JSON. This is more cumbersome and less reliable than using Cloud Logging SDKs.
Using the log agent in the Cloud Run container image is not possible, as the log agent is not supported on Cloud Run. The log agent is a service that runs on Compute Engine or Google Kubernetes Engine instances and collects logs from various applications and system components. However, Cloud Run does not allow you to install or run any agents on its underlying infrastructure, as it is a fully managed service that abstracts away the details of the underlying platform.
Storing the password directly in the code is not a good practice, as it exposes sensitive information and makes it hard to change or rotate the password. It also requires rebuilding and redeploying the application each time the password changes, which adds unnecessary work and downtime.
References:
1: Writing structured logs | Cloud Run Documentation | Google Cloud
2: Write structured logs | Cloud Run Documentation | Google Cloud
3: Fluent Bit - Fast and Lightweight Log Processor & Forwarder
Logging Best Practices for Serverless Applications - Google Codelabs
About the logging agent | Cloud Logging Documentation | Google Cloud
Cloud Run FAQ | Google Cloud


質問 # 26
Your company follows Site Reliability Engineering principles. You are writing a postmortem for an incident, triggered by a software change, that severely affected users. You want to prevent severe incidents from happening in the future. What should you do?

  • A. Follow up with the employees who reviewed the changes and prescribe practices they should follow in the future.
  • B. Identify engineers responsible for the incident and escalate to their senior management.
  • C. Design a policy that will require on-call teams to immediately call engineers and management to discuss a plan of action if an incident occurs.
  • D. Ensure that test cases that catch errors of this type are run successfully before new software releases.

正解:A


質問 # 27
Your company runs services by using Google Kubernetes Engine (GKE). The GKE clusters in the development environment run applications with verbose logging enabled. Developers view logs by using the kubect1 logs command and do not use Cloud Logging. Applications do not have a uniform logging structure defined. You need to minimize the costs associated with application logging while still collecting GKE operational logs.
What should you do?

  • A. Add the severity >= DEBUG resource. type "k83 container" exclusion filter to the Default logging sink in the project associated with the development environment.
  • B. Run the gcloud logging sinks update _Defau1t --disabled command in the project associated with the development environment.
  • C. Run the gcloud container clusters update logging=WORKLOAD command for the development cluster.
  • D. Run the gcloud container clusters update --logging-SYSTEM command for the development cluster.

正解:D


質問 # 28
You have a CI/CD pipeline that uses Cloud Build to build new Docker images and push them to Docker Hub.
You use Git for code versioning. After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline. You need to resolve the issue following Site Reliability Engineering practices. What should you do?

  • A. Change the CI pipeline to push the artifacts to Container Registry instead of Docker Hub.
  • B. Disable the CI pipeline and revert to manually building and pushing the artifacts.
  • C. Upload the configuration YAML file to Cloud Storage and use Error Reporting to identify and fix the issue.
  • D. Run a Git compare between the previous and current Cloud Build Configuration files to find and fix the bug.

正解:D

解説:
Explanation
"After making a change in the Cloud Build YAML configuration, you notice that no new artifacts are being built by the pipeline"- means something wrong on the recent change not with the image registry.


質問 # 29
You use Cloud Build to build and deploy your application. You want to securely incorporate database credentials and other application secrets into the build pipeline. You also want to minimize the development effort. What should you do?

  • A. Create a Cloud Storage bucket and use the built-in encryption at rest. Store the secrets in the bucket and grant Cloud Build access to the bucket.
  • B. Use Cloud Key Management Service (Cloud KMS) to encrypt the secrets and include them in your Cloud Build deployment configuration. Grant Cloud Build access to the KeyRing.
  • C. Use client-side encryption to encrypt the secrets and store them in a Cloud Storage bucket. Store a decryption key in the bucket and grant Cloud Build access to the bucket.
  • D. Encrypt the secrets and store them in the application repository. Store a decryption key in a separate repository and grant Cloud Build access to the repository.

正解:B

解説:
Explanation
https://cloud.google.com/build/docs/securing-builds/use-encrypted-credentials


質問 # 30
You are using Stackdriver to monitor applications hosted on Google Cloud Platform (GCP). You recently deployed a new application, but its logs are not appearing on the Stackdriver dashboard.
You need to troubleshoot the issue. What should you do?

  • A. Confirm that the application is using the required client library and the service account key has proper permissions.
  • B. Confirm that port 25 has been opened in the firewall to allow messages through to Stackdriver.
  • C. Confirm that the Stackdriver agent has been installed in the hosting virtual machine.
  • D. Confirm that your account has the proper permissions to use the Stackdriver dashboard.

正解:C

解説:
https://cloud.google.com/monitoring/agent/monitoring/troubleshooting#checklist


質問 # 31
You support a high-traffic web application that runs on Google Cloud Platform (GCP). You need to measure application reliability from a user perspective without making any engineering changes to it. What should you do?
Choose 2 answers

  • A. Modify the code to capture additional information for user interaction.
  • B. Analyze the web proxy logs only and capture response time of each request.
  • C. Review current application metrics and add new ones as needed.
  • D. Use current and historic Request Logs to trace customer interaction with the application.
  • E. Create new synthetic clients to simulate a user journey using the application.

正解:B、D

解説:
https://cloud.google.com/architecture/adopting-slos?hl=en


質問 # 32
You support a high-traffic web application that runs on Google Cloud Platform (GCP). You need measure application reliability from a user perspective without making any engineering changes to it. What should you do? (Choose two.)

  • A. Modify the code to capture additional information for user interaction.
  • B. Review current application metrics and add new ones as needed.
  • C. Use current and historic Request Logs to trace customer interaction with the application.
  • D. Create new synthetic clients to simulate a user journey using the application.
  • E. Analyze the web proxy logs only and capture response time of each request.

正解:A、D


質問 # 33
Your company runs services by using Google Kubernetes Engine (GKE). The GKE clusters in the development environment run applications with verbose logging enabled. Developers view logs by using the kubect1 logs command and do not use Cloud Logging. Applications do not have a uniform logging structure defined. You need to minimize the costs associated with application logging while still collecting GKE operational logs. What should you do?

  • A. Add the severity >= DEBUG resource. type "k83 container" exclusion filter to the Default logging sink in the project associated with the development environment.
  • B. Run the gcloud logging sinks update _Defau1t --disabled command in the project associated with the development environment.
  • C. Run the gcloud container clusters update logging=WORKLOAD command for the development cluster.
  • D. Run the gcloud container clusters update --logging-SYSTEM command for the development cluster.

正解:D


質問 # 34
Your applications performance in Google Cloud has degraded since the last release You suspect that downstream dependencies might be causing some requests to take longer to complete You need to investigate the issue with your application to determine the cause What should you do?

  • A. Configure Cloud Profiler in your application
  • B. Configure Google Cloud Managed Service for Prometheus in your application
  • C. Configure Error Reporting in your application
  • D. Configure Cloud Trace in your application

正解:D

解説:
The best option for investigating the issue with your application's performance in Google Cloud is to configure Cloud Trace in your application. Cloud Trace is a service that allows you to collect and analyze latency data from your application. You can use Cloud Trace to trace requests across different components of your application, such as downstream dependencies, and identify where they take longer to complete. You can also use Cloud Trace to compare latency data across different versions of your application, and detect any performance degradation or improvement. By using Cloud Trace, you can diagnose and troubleshoot performance issues with your application in Google Cloud.


質問 # 35
......

Google Professional-Cloud-DevOps-EngineerテストエンジンPDFで完全版無料問題集:https://jp.fast2test.com/Professional-Cloud-DevOps-Engineer-premium-file.html

最新をゲットせよ!Professional-Cloud-DevOps-Engineer認定有効な試験問題集解答:https://drive.google.com/open?id=1zcqLQfUH3nPpvI-pYu71-stmerNauDEQ


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어