
Professional-Cloud-DevOps-Engineer試験問題でリアルに更新された問題PDF
合格させる無料保証付きクイズ2025年最新の実際に出ると確認されたGoogle
Google Professional-Cloud-DevOps-Engineer(Google Cloud Certified - Professional Cloud DevOps Engineer)認定試験は、テクノロジー業界で非常に求められる認定試験です。この認定試験は、クラウドベースのアプリケーション、サービス、インフラストラクチャの開発、展開、管理に関与する専門家を対象としています。この試験は、クラウドアーキテクチャ、自動化、セキュリティ、コンプライアンス、監視など、様々な領域での候補者の知識とスキルをテストするよう設計されています。
質問 # 24
You are part of an organization that follows SRE practices and principles. You are taking over the management of a new service from the Development Team, and you conduct a Production Readiness Review (PRR). After the PRR analysis phase, you determine that the service cannot currently meet its Service Level Objectives (SLOs). You want to ensure that the service can meet its SLOs in production. What should you do next?
- A. Bring the service into production with no SLOs and build them when you have collected operational data.
- B. djust the SLO targets to be achievable by the service so you can bring it into production.
- C. Identify recommended reliability improvements to the service to be completed before handover.
- D. Notify the development team that they will have to provide production support for the service.
正解:C
質問 # 25
You use Cloud Build to build your application. You want to reduce the build time while minimizing cost and development effort. What should you do?
- A. Use multiple smaller build steps to minimize execution time.
- B. Use Cloud Storage to cache intermediate artifacts.
- C. Use larger Cloud Build virtual machines (VMs) by using the machine-type option.
- D. Run multiple Jenkins agents to parallelize the build.
正解:A
解説:
Explanation
https://cloud.google.com/storage/docs/best-practices
https://cloud.google.com/build/docs/speeding-up-builds#caching_directories_with_google_cloud_storage Caching directories with Google Cloud Storage To increase the speed of a build, reuse the results from a previous build. You can copy the results of a previous build to a Google Cloud Storage bucket, use the results for faster calculation, and then copy the new results back to the bucket. Use this method when your build takes a long time and produces a small number of files that does not take time to copy to and from Google Cloud Storage.
upvoted 2 times
質問 # 26
You are writing a postmortem for an incident that severely affected users. You want to prevent similar incidents in the future. Which two of the following sections should you include in the postmortem? (Choose two.)
- A. An explanation of the root cause of the incident
- B. Your opinion of the incident's severity compared to past incidents
- C. A list of action items to prevent a recurrence of the incident
- D. Copies of the design documents for all the services impacted by the incident
- E. A list of employees responsible for causing the incident
正解:A、C
質問 # 27
You are using Jenkins to orchestrate your CI/CD pipelines deploying your applications to GKE and on-premises VMs. After expanding your on-premises infrastructure, all resource utilization is normal, but you notice that initiating on-premises deployments is taking longer than expected. You need to accelerate the initiation of on-premises deployments. What should you do?
- A. Increase the number of Jenkins executor threads.
- B. Configure Jenkins to use an artifact repository in your on-premises environment.
- C. Implement a blue-green deployment strategy for your on-premises VMs.
- D. Upgrade your on-premises VMs to have faster CPUs and more memory.
正解:B
質問 # 28
You support a popular mobile game application deployed on Google Kubernetes Engine (GKE) across several Google Cloud regions. Each region has multiple Kubernetes clusters. You receive a report that none of the users in a specific region can connect to the application. You want to resolve the incident while following Site Reliability Engineering practices. What should you do first?
- A. Use Stackdriver Logging to filter on the clusters in the affected region, and inspect error messages in the logs.
- B. Use Stackdriver Monitoring to check for a spike in CPU or memory usage for the affected region.
- C. Add an extra node pool that consists of high memory and high CPU machine type instances to the cluster.
- D. Reroute the user traffic from the affected region to other regions that don't report issues.
正解:D
質問 # 29
You are designing a new Google Cloud organization for a client. Your client is concerned with the risks associated with long-lived credentials created in Google Cloud. You need to design a solution to completely eliminate the risks associated with the use of JSON service account keys while minimizing operational overhead. What should you do?
- A. Use custom versions of predefined roles to exclude all iam.serviceAccountKeys. * service account role permissions.
- B. Apply the constraints/iam.disableserviceAccountKeycreation constraint to the organization.
- C. Grant the roles/ iam.serviceAccountKeyAdmin IAM role to organization administrators only.
- D. Apply the constraints/iam.disableServiceAccountKeyUp10ad constraint to the organization.
正解:B
解説:
Explanation
The correct answer is B. Apply the constraints/iam.disableServiceAccountKeyCreation constraint to the organization.
According to the Google Cloud documentation, the constraints/iam.disableServiceAccountKeyCreation constraint is an organization policy constraint that prevents the creation of user-managed service account keys1. User-managed service account keys are long-lived credentials that can be downloaded as JSON or P12 files and used to authenticate as a service account2. These keys pose severe security risks if they are leaked, stolen, or misused by unauthorized entities34. By applying this constraint to the organization, you can completely eliminate the risks associated with the use of JSON service account keys and enforce a more secure alternative for authentication, such as Workload Identity or short-lived access tokens12. This also minimizes operational overhead by avoiding the need to manage, rotate, or revoke user-managed service account keys.
The other options are incorrect because they do not completely eliminate the risks associated with the use of JSON service account keys. Option A is incorrect because it only restricts the IAM permissions to create, list, get, delete, or sign service account keys, but it does not prevent existing keys from being used or leaked.
Option C is incorrect because it only disables the upload of user-managed service account keys, but it does not prevent the creation or download of such keys. Option D is incorrect because it only limits the IAM role that can create and manage service account keys, but it does not prevent the keys from being distributed or exposed to unauthorized entities.
質問 # 30
As a Site Reliability Engineer, you support an application written in GO that runs on Google Kubernetes Engine (GKE) in production. After releasing a new version Of the application, you notice the application runs for about 15 minutes and then restarts. You decide to add Cloud Profiler to your application and now notice that the heap usage grows constantly until the application restarts. What should you do?
- A. Increase the CPU limit in the application deployment.
- B. Add Cloud Trace to the application, and redeploy.
- C. Add high memory compute nodes to the cluster.
- D. Increase the memory limit in the application deployment.
正解:D
解説:
The correct answer is B, Increase the memory limit in the application deployment.
The application is experiencing a memory leak, which means that it is allocating memory that is not freed or reused. This causes the heap usage to grow constantly until it reaches the memory limit of the pod, which triggers a restart by Kubernetes. Increasing the memory limit in the application deployment can help mitigate the problem by allowing the application to run longer before reaching the limit. However, this is not a permanent solution, as the memory leak will still occur and eventually exhaust the available memory. The best solution is to identify and fix the source of the memory leak in the application code, using tools like Cloud Profiler and pprof12.
Reference:
Using Cloud Profiler with Go, Troubleshooting memory leaks. Profiling Go Programs, Heap profiles.
質問 # 31
You want to share a Cloud Monitoring custom dashboard with a partner team What should you do?
- A. Download the JSON definition of the dashboard, and send the JSON file to the partner team
- B. Export the metrics to BigQuery Use Looker Studio to create a dashboard, and share the dashboard with the partner team
- C. Provide the partner team with the dashboard URL to enable the partner team to create a copy of the dashboard
- D. Copy the Monitoring Query Language (MQL) query from the dashboard; and send the MQL query to the partner team
正解:A
質問 # 32
You are monitoring a service that uses n2-standard-2 Compute Engine instances that serve large files. Users have reported that downloads are slow. Your Cloud Monitoring dashboard shows that your VMS are running at peak network throughput. You want to improve the network throughput performance. What should you do?
- A. Deploy a Cloud NAT gateway and attach the gateway to the subnet of the VMS.
- B. Change the machine type for your VMS to n2-standard-8.
- C. Deploy the Ops Agent to export additional monitoring metrics.
- D. Add additional network interface controllers (NICs) to your VMS.
正解:B
解説:
The correct answer is C, Change the machine type for your VMs to n2-standard-8.
According to the Google Cloud documentation, the network throughput performance of a Compute Engine VM depends on its machine type1. The n2-standard-2 machine type has a maximum egress bandwidth of 4 Gbps, which can be a bottleneck for serving large files. By changing the machine type to n2-standard-8, you can increase the maximum egress bandwidth to 16 Gbps, which can improve the network throughput performance and reduce the download time for users. You also need to enable per VM Tier_1 networking performance, which is a feature that allows VMs to achieve higher network performance than the default settings2.
The other options are incorrect because they do not improve the network throughput performance of your VMs. Option A is incorrect because Cloud NAT is a service that allows private IP addresses to access the internet, but it does not increase the network bandwidth or speed3. Option B is incorrect because adding additional network interfaces (NICs) or IP addresses per NIC does not increase ingress or egress bandwidth for a VM1. Option D is incorrect because deploying the Ops Agent can help you monitor and troubleshoot your VMs, but it does not affect the network throughput performance4.
Reference:
Cloud NAT overview, Cloud NAT overview. Network bandwidth, Bandwidth summary. Installing the Ops Agent, Installing the Ops Agent. Configure per VM Tier_1 networking performance, Configure per VM Tier_1 networking performance.
質問 # 33
Your team is writing a postmortem after an incident on your external facing application Your team wants to improve the postmortem policy to include triggers that indicate whether an incident requires a postmortem Based on Site Reliability Engineenng (SRE) practices, what triggers should be defined in the postmortem policy?
Choose 2 answers
- A. An external stakeholder asks for a postmortem
- B. Data is lost due to an incident
- C. The CD pipeline detects an issue and rolls back a problematic release.
- D. The monitoring system detects that one of the instances for your application has failed
- E. An internal stakeholder requests a postmortem
正解:A、E
解説:
Explanation
The best options for defining triggers that indicate whether an incident requires a postmortem based on Site Reliability Engineering (SRE) practices are an external stakeholder asks for a postmortem and data is lost due to an incident. An external stakeholder is someone who is affected by or has an interest in the service, such as a customer or a partner. If an external stakeholder asks for a postmortem, it means that they are concerned about the impact or root cause of the incident, and they expect an explanation and remediation from the service provider. Therefore, this should trigger a postmortem to address their concerns and improve their satisfaction. Data loss is a serious consequence of an incident that can affect the integrity and reliability of the service. If data is lost due to an incident, it means that there was a failure in the backup or recovery mechanisms, or that there was a corruption or deletion of data. Therefore, this should trigger a postmortem to investigate the cause and impact of the data loss, and to prevent it from happening again.
質問 # 34
You are part of an organization that follows SRE practices and principles. You are taking over the management of a new service from the Development Team, and you conduct a Production Readiness Review (PRR). After the PRR analysis phase, you determine that the service cannot currently meet its Service Level Objectives (SLOs). You want to ensure that the service can meet its SLOs in production. What should you do next?
- A. Adjust the SLO targets to be achievable by the service so you can bring it into production.
- B. Bring the service into production with no SLOs and build them when you have collected operational data.
- C. Identify recommended reliability improvements to the service to be completed before handover.
- D. Notify the development team that they will have to provide production support for the service.
正解:D
質問 # 35
You support a service with a well-defined Service Level Objective (SLO). Over the previous 6 months, your service has consistently met its SLO and customer satisfaction has been consistently high. Most of your service's operations tasks are automated and few repetitive tasks occur frequently. You want to optimize the balance between reliability and deployment velocity while following site reliability engineering best practices.
What should you do? (Choose two.)
- A. Shift engineering time to other services that need more reliability.
- B. Increase the service's deployment velocity and/or risk.
- C. Change the implementation of your Service Level Indicators (SLIs) to increase coverage.
- D. Get the product team to prioritize reliability work over new features.
- E. Make the service's SLO more strict.
正解:A、B
解説:
(https://sre.google/workbook/implementing-slos/#slo-decision-matrix)
質問 # 36
You are on-call for an infrastructure service that has a large number of dependent systems. You receive an alert indicating that the service is failing to serve most of its requests and all of its dependent systems with hundreds of thousands of users are affected. As part of your Site Reliability Engineering (SRE) incident management protocol, you declare yourself Incident Commander (IC) and pull in two experienced people from your team as Operations Lead (OLJ and Communications Lead (CL). What should you do next?
- A. Start a postmortem, add incident information, circulate the draft internally, and ask internal stakeholders for input.
- B. Look for ways to mitigate user impact and deploy the mitigations to production.
- C. Establish a communication channel where incident responders and leads can communicate with each other.
- D. Contact the affected service owners and update them on the status of the incident.
正解:B
解説:
https://sre.google/sre-book/managing-incidents/
質問 # 37
Your company runs services by using multiple globally distributed Google Kubernetes Engine (GKE) clusters Your operations team has set up workload monitoring that uses Prometheus-based tooling for metrics alerts: and generating dashboards This setup does not provide a method to view metrics globally across all clusters You need to implement a scalable solution to support global Prometheus querying and minimize management overhead What should you do?
- A. Configure Prometheus hierarchical federation for centralized data access
- B. Configure Google Cloud Managed Service for Prometheus
- C. Configure workload metrics within Cloud Operations for GKE
- D. Configure Prometheus cross-service federation for centralized data access
正解:B
質問 # 38
You are designing a system with three different environments: development, quality assurance (QA), and production.
Each environment will be deployed with Terraform and has a Google Kubemetes Engine (GKE) cluster created so that application teams can deploy their applications. Anthos Config Management will be used and templated to deploy infrastructure level resources in each GKE cluster. All users (for example, infrastructure operators and application owners) will use GitOps. How should you structure your source control repositories for both Infrastructure as Code (laC) and application code?
- A. Cloud Infrastructure (Terraform) repository is shared: different branches are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repository is shared: different overlay directories are different environments Application (app source code) repository is shared: different directories are different features
- B. Cloud Infrastructure (Terraform) repositories are separated: different branches are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repositories are separated:
different overlay directories are different environments
Application (app source code) repositories are separated: different branches are different features - C. Cloud Infrastructure (Terraform) repository is shared: different directories are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repository is shared: different overlay directories are different environments Application (app source code) repositories are separated: different branches are different features
- D. Cloud Infrastructure (Terraform) repository is shared: different directories are different environments GKE Infrastructure (Anthos Config Management Kustomize manifests) repositories are separated:
different branches are different environments
Application (app source code) repositories are separated: different branches are different features
正解:D
解説:
The correct answer is B, Cloud Infrastructure (Terraform) repository is shared: different directories are different environments. GKE Infrastructure (Anthos Config Management Kustomize manifests) repositories are separated: different branches are different environments. Application (app source code) repositories are separated: different branches are different features.
This answer follows the best practices for using Terraform and Anthos Config Management with GitOps, as described in the following sources:
For Terraform, it is recommended to use a single repository for all environments, and use directories to separate them. This way, you can reuse the same Terraform modules and configurations across environments, and avoid code duplication and drift. You can also use Terraform workspaces to isolate the state files for each environment12.
For Anthos Config Management, it is recommended to use separate repositories for each environment, and use branches to separate the clusters within each environment. This way, you can enforce different policies and configurations for each environment, and use pull requests to promote changes across environments. You can also use Kustomize to create overlays for each cluster that apply specific patches or customizations34.
For application code, it is recommended to use separate repositories for each application, and use branches to separate the features or bug fixes for each application. This way, you can isolate the development and testing of each application, and use pull requests to merge changes into the main branch. You can also use tags or labels to trigger deployments to different environments5 .
Reference:
1: Best practices for using Terraform | Google Cloud
2: Terraform Recommended Practices - Part 1 | Terraform - HashiCorp Learn
3: Deploy Anthos on GKE with Terraform part 1: GitOps with Config Sync | Google Cloud Blog
4: Using Kustomize with Anthos Config Management | Anthos Config Management Documentation | Google Cloud
5: Deploy Anthos on GKE with Terraform part 3: Continuous Delivery with Cloud Build | Google Cloud Blog
6: GitOps-style continuous delivery with Cloud Build | Cloud Build Documentation | Google Cloud
質問 # 39
You are the Operations Lead for an ongoing incident with one of your services. The service usually runs at around 70% capacity. You notice that one node is returning 5xx errors for all requests. There has also been a noticeable increase in support cases from customers. You need to remove the offending node from the load balancer pool so that you can isolate and investigate the node. You want to follow Google-recommended practices to manage the incident and reduce the impact on users. What should you do?
- A. 1 . Drain traffic from the unhealthy node and remove the old node from service.
2. Add a new node to the pool, wait for the new node to report as healthy, and then serve traffic to the new node.
3. Monitor traffic to ensure that the pool is healthy and is handling traffic appropriately.
4. Communicate your actions to the incident team. - B. 1. Communicate your intent to the incident team.
2. Perform a load analysis to determine if the remaining nodes can handle the increase in traffic offloaded from the removed node, and scale appropriately.
3. When any new nodes report healthy, drain traffic from the unhealthy node, and remove the unhealthy node from service. - C. 1. Communicate your intent to the incident team.
2. Add a new node to the pool, and wait for the new node to report as healthy.
3. When traffic is being served on the new node, drain traffic from the unhealthy node, and remove the old node from service. - D. 1 . Drain traffic from the unhealthy node and remove the node from service.
2. Monitor traffic to ensure that the error is resolved and that the other nodes in the pool are handling the traffic appropriately.
3. Scale the pool as necessary to handle the new load.
4. Communicate your actions to the incident team.
正解:B
解説:
The correct answer is A. Communicate your intent to the incident team. Perform a load analysis to determine if the remaining nodes can handle the increase in traffic offloaded from the removed node, and scale appropriately. When any new nodes report healthy, drain traffic from the unhealthy node, and remove the unhealthy node from service.
This answer follows the Google-recommended practices for incident management, as described in the Chapter
9 - Incident Response, Google SRE Book1. According to this source, some of the best practices are:
Maintain a clear line of command. Designate clearly defined roles. Keep a working record of debugging and mitigation as you go. Declare incidents early and often.
Communicate your intent before taking any action that might affect the service or the incident response. This helps to avoid confusion, duplication of work, or unintended consequences.
Perform a load analysis before removing a node from the load balancer pool, as this might affect the capacity and performance of the service. Scale the pool as necessary to handle the expected load.
Drain traffic from the unhealthy node before removing it from service, as this helps to avoid dropping requests or causing errors for users.
Answer A follows these best practices by communicating the intent to the incident team, performing a load analysis and scaling the pool, and draining traffic from the unhealthy node before removing it.
Answer B does not follow the best practice of performing a load analysis before adding or removing nodes, as this might cause overloading or underutilization of resources.
Answer C does not follow the best practice of communicating the intent before taking any action, as this might cause confusion or conflict with other responders.
Answer D does not follow the best practice of draining traffic from the unhealthy node before removing it, as this might cause errors for users.
References:
1:Chapter 9 - Incident Response, Google SRE Book
質問 # 40
You need to reduce the cost of virtual machines (VM| for your organization. After reviewing different options, you decide to leverage preemptible VM instances. Which application is suitable for preemptible VMs?
- A. The organization's public-facing website
- B. A distributed, eventually consistent NoSQL database cluster with sufficient quorum
- C. A scalable in-memory caching system
- D. A GPU-accelerated video rendering platform that retrieves and stores videos in a storage bucket
正解:D
解説:
Explanation
https://cloud.google.com/compute/docs/instances/preemptible
質問 # 41
......
この試験は、Google Cloud Platformを使用してDevOpsプロセスとプラクティスを設計および実装する能力を評価するように設計されています。これには、継続的な統合とデリバリーパイプラインの開発と管理、監視および警告戦略の構成、自動化テストフレームワークの実装、およびインフラストラクチャのコードの管理などのスキルが含まれます。
Google Professional-Cloud-DevOps-Engineer 資格認定は、グローバルに認知され、雇用主から高く評価されています。この資格認定は、クラウドベースのソリューションを設計、実装、管理するために必要な知識とスキルを持っていることを証明します。また、Google Cloud Platform ツールとテクノロジーを使用してソフトウェアアプリケーションの開発と展開を最適化することに熟練していることを示しています。全体的に、Google Professional-Cloud-DevOps-Engineer 資格認定は、テクノロジー業界でキャリアを進めたいプロフェッショナルにとって優れた投資になります。
トップクラスのProfessional-Cloud-DevOps-Engineer練習試験問題:https://jp.fast2test.com/Professional-Cloud-DevOps-Engineer-premium-file.html
無料Cloud DevOps Engineer Professional-Cloud-DevOps-Engineer究極の学習ガイド:https://drive.google.com/open?id=1zcqLQfUH3nPpvI-pYu71-stmerNauDEQ