
Professional-Cloud-DevOps-Engineer試験問題集合格させるのは2024年最新の認証済み試験問題
Professional-Cloud-DevOps-Engineer試験問題でリアルに更新された問題PDF
Google Professional-Cloud-Devops-Enginer認定試験は、DevOpsの原則と実践を深く理解すること、およびクラウド環境に適用する能力を必要とする挑戦的な試験です。これは、幅広いトピックをカバーする包括的な試験であり、候補者が実践的なエクササイズを通じて実践的なスキルを実証する必要があります。
質問 # 42
You are working with a government agency that requires you to archive application logs for seven years. You need to configure Stackdriver to export and store the logs while minimizing costs of storage. What should you do?
- A. Create a sink in Stackdriver, name it, create a bucket on Cloud Storage for storing archived logs, and then select the bucket as the log export destination.
- B. Create an export in Stackdriver and configure Cloud Pub/Sub to store logs in permanent storage for seven years.
- C. Develop an App Engine application that pulls the logs from Stackdriver and saves them in BigQuery.
- D. Create a Cloud Storage bucket and develop your application to send logs directly to the bucket.
正解:A
解説:
https://cloud.google.com/logging/docs/routing/overview
質問 # 43
You support a large service with a well-defined Service Level Objective (SLO). The development team deploys new releases of the service multiple times a week. If a major incident causes the service to miss its SLO, you want the development team to shift its focus from working on features to improving service reliability. What should you do before a major incident occurs?
- A. Negotiate with the product team to always prioritize service reliability over releasing new features.
- B. Negotiate with the development team to reduce the release frequency to no more than once a week.
- C. Develop an appropriate error budget policy in cooperation with all service stakeholders.
- D. Add a plugin to your Jenkins pipeline that prevents new releases whenever your service is out of SLO.
正解:C
解説:
Reason : Incident has not occurred yet, even when development team is already pushing new features multiple times a week. The option A says, to define an error budget "policy", not to define error budget(It is already present). Just simple means to bring in all stakeholders, and decide how to consume the error budget effectively that could bring balance between feature deployment and reliability.
The goals of this policy are to: -- Protect customers from repeated SLO misses -- Provide an incentive to balance reliability with other features https://sre.google/workbook/error-budget-policy/
質問 # 44
You use Spinnaker to deploy your application and have created a canary deployment stage in the pipeline. Your application has an in-memory cache that loads objects at start time. You want to automate the comparison of the canary version against the production version. How should you configure the canary analysis?
- A. Compare the canary with a new deployment of the previous production version.
- B. Compare the canary with a new deployment of the current production version.
- C. Compare the canary with the existing deployment of the current production version.
- D. Compare the canary with the average performance of a sliding window of previous production versions.
正解:D
質問 # 45
You are analyzing Java applications in production. All applications have Cloud Profiler and Cloud Trace installed and configured by default. You want to determine which applications need performance tuning. What should you do?
Choose 2 answers
- A. O Examine the latency time, the wall-clock time, and the CPU time of the application. If the latency time is slowly burning down the error budget, and the difference between wall-clock time and CPU time is minimal, mark the application for optimization.
- B. Examine the heap usage Of the application. If the usage is low, mark the application for optimization.
- C. 17 Examine the wall-clock time and the CPU time of the application. If the difference is substantial, increase the local disk storage allocation.
- D. Examine the wall-clock time and the CPU time of the application. If the difference is substantial, increase the memory resource allocation.
- E. Examine the wall-clock time and the CPU time Of the application. If the difference is substantial, increase the CPU resource allocation.
正解:A、E
解説:
The correct answers are A and D.
Examine the wall-clock time and the CPU time of the application. If the difference is substantial, increase the CPU resource allocation. This is a good way to determine if the application is CPU-bound, meaning that it spends more time waiting for the CPU than performing actual computation. Increasing the CPU resource allocation can improve the performance of CPU-bound applications1.
Examine the latency time, the wall-clock time, and the CPU time of the application. If the latency time is slowly burning down the error budget, and the difference between wall-clock time and CPU time is minimal, mark the application for optimization. This is a good way to determine if the application is I/O-bound, meaning that it spends more time waiting for input/output operations than performing actual computation.
Increasing the CPU resource allocation will not help I/O-bound applications, and they may need optimization to reduce the number or duration of I/O operations2.
Answer B is incorrect because increasing the memory resource allocation will not help if the application is CPU-bound or I/O-bound. Memory allocation affects how much data the application can store and access in memory, but it does not affect how fast the application can process that data.
Answer C is incorrect because increasing the local disk storage allocation will not help if the application is CPU-bound or I/O-bound. Disk storage affects how much data the application can store and access on disk, but it does not affect how fast the application can process that data.
Answer E is incorrect because examining the heap usage of the application will not help to determine if the application needs performance tuning. Heap usage affects how much memory the application allocates for dynamic objects, but it does not affect how fast the application can process those objects. Moreover, low heap usage does not necessarily mean that the application is inefficient or unoptimized.
質問 # 46
You are using Stackdriver to monitor applications hosted on Google Cloud Platform (GCP). You recently deployed a new application, but its logs are not appearing on the Stackdriver dashboard.
You need to troubleshoot the issue. What should you do?
- A. Confirm that the application is using the required client library and the service account key has proper permissions.
- B. Confirm that the Stackdriver agent has been installed in the hosting virtual machine.
- C. Confirm that port 25 has been opened in the firewall to allow messages through to Stackdriver.
- D. Confirm that your account has the proper permissions to use the Stackdriver dashboard.
正解:D
質問 # 47
Your company experiences bugs, outages, and slowness in its production systems. Developers use the production environment for new feature development and bug fixes. Configuration and experiments are done in the production environment, causing outages for users. Testers use the production environment for load testing, which often slows the production systems. You need to redesign the environment to reduce the number of bugs and outages in production and to enable testers to load test new features. What should you do?
- A. Create an automated testing script in production to detect failures as soon as they occur.
- B. Create a development environment with smaller server capacity and give access only to developers and testers.
- C. Secure the production environment to ensure that developers can't change it and set up one controlled update per year.
- D. Create a development environment for writing code and a test environment for configurations, experiments, and load testing.
正解:D
質問 # 48
You support a user-facing web application. When analyzing the application's error budget over the previous six months, you notice that the application has never consumed more than 5% of its error budget in any given time window. You hold a Service Level Objective (SLO) review with business stakeholders and confirm that the SLO is set appropriately. You want your application's SLO to more closely reflect its observed reliability.
What steps can you take to further that goal while balancing velocity, reliability, and business needs? (Choose two.)
- A. Have more frequent or potentially risky application releases.
- B. Add more serving capacity to all of your application's zones.
- C. Implement and measure additional Service Level Indicators (SLIs) fro the application.
- D. Announce planned downtime to consume more error budget, and ensure that users are not depending on a tighter SLO.
- E. Tighten the SLO match the application's observed reliability.
正解:C、D
解説:
Explanation
https://sre.google/sre-book/service-level-objectives/
You want the application's SLO to more closely reflect it's observed reliability. The key here is error budget never goes over 5%. This means they can have additional downtime and still stay within their budget.
質問 # 49
You use Spinnaker to deploy your application and have created a canary deployment stage in the pipeline.
Your application has an in-memory cache that loads objects at start time. You want to automate the comparison of the canary version against the production version. How should you configure the canary analysis?
- A. Compare the canary with a new deployment of the previous production version.
- B. Compare the canary with the average performance of a sliding window of previous production versions.
- C. Compare the canary with a new deployment of the current production version.
- D. Compare the canary with the existing deployment of the current production version.
正解:C
解説:
Explanation
https://cloud.google.com/architecture/automated-canary-analysis-kubernetes-engine-spinnaker
https://spinnaker.io/guides/user/canary/best-practices/#compare-canary-against-baseline-not-against-production
質問 # 50
You are configuring connectivity across Google Kubernetes Engine (GKE) clusters in different VPCs You notice that the nodes in Cluster A are unable to access the nodes in Cluster B You suspect that the workload access issue is due to the network configuration You need to troubleshoot the issue but do not have execute access to workloads and nodes You want to identify the layer at which the network connectivity is broken What should you do?
- A. Install a toolbox container on the node in Cluster A Confirm that the routes to Cluster B are configured appropriately
- B. Enable VPC Flow Logs in both VPCs and monitor packet drops
- C. Use Network Connectivity Center to perform a Connectivity Test from Cluster A to Cluster
- D. Use a debug container to run the traceroute command from Cluster A to Cluster B and from Cluster B to Cluster A Identify the common failure point
正解:C
解説:
The best option for troubleshooting the issue without having execute access to workloads and nodes is to use Network Connectivity Center to perform a Connectivity Test from Cluster A to Cluster B. Network Connectivity Center is a service that allows you to create, manage, and monitor network connectivity across Google Cloud, hybrid, and multi-cloud environments. You can use Network Connectivity Center to perform a Connectivity Test, which is a feature that allows you to test the reachability and latency between two endpoints, such as GKE clusters, VM instances, or IP addresses. By using Network Connectivity Center to perform a Connectivity Test from Cluster A to Cluster B, you can identify the layer at which the network connectivity is broken, such as the firewall, routing, or load balancing.
質問 # 51
You are implementing a CI'CD pipeline for your application in your company s multi-cloud environment Your application is deployed by using custom Compute Engine images and the equivalent in other cloud providers You need to implement a solution that will enable you to build and deploy the images to your current environment and is adaptable to future changes Which solution stack should you use'?
- A. Cloud Build with Packer
- B. Cloud Build with kpt
- C. Cloud Build with Google Cloud Deploy
- D. Google Kubernetes Engine with Google Cloud Deploy
正解:C
解説:
Cloud Build is a fully managed continuous integration and continuous delivery (CI/CD) service that helps you automate your builds, tests, and deployments. Google Cloud Deploy is a service that automates the deployment of your applications to Google Kubernetes Engine (GKE).
Together, Cloud Build and Google Cloud Deploy can be used to build and deploy your application's custom Compute Engine images to your current environment and to other cloud providers in the future.
Here are the steps involved in using Cloud Build and Google Cloud Deploy to implement a CI/CD pipeline for your application:
Create a Cloud Build trigger that fires whenever a change is made to your application's code.
In the Cloud Build trigger, configure Cloud Build to build your application's Docker image.
Create a Google Cloud Deploy configuration file that specifies how to deploy your application's Docker image to GKE.
In Google Cloud Deploy, create a deployment that uses your configuration file.
Once you have created the Cloud Build trigger and Google Cloud Deploy configuration file, any changes made to your application's code will trigger Cloud Build to build a new Docker image. Google Cloud Deploy will then deploy the new Docker image to GKE.
This solution stack is adaptable to future changes because it uses a cloud-agnostic approach. Cloud Build can be used to build Docker images for any cloud provider, and Google Cloud Deploy can be used to deploy Docker images to any Kubernetes cluster.
The other solution stacks are not as adaptable to future changes. For example, solution stack A (Cloud Build with Packer) is limited to building Docker images for Compute Engine. Solution stack C (Google Kubernetes Engine with Google Cloud Deploy) is limited to deploying Docker images to GKE. Solution stack D (Cloud Build with kpt) is a newer solution that is not yet as mature as Cloud Build and Google Cloud Deploy.
Overall, the best solution stack for implementing a CI/CD pipeline for your application in a multi-cloud environment is Cloud Build with Google Cloud Deploy. This solution stack is fully managed, cloud-agnostic, and adaptable to future changes.
質問 # 52
You use Cloud Build to build your application. You want to reduce the build time while minimizing cost and development effort. What should you do?
- A. Use multiple smaller build steps to minimize execution time.
- B. Run multiple Jenkins agents to parallelize the build.
- C. Use larger Cloud Build virtual machines (VMs) by using the machine-type option.
- D. Use Cloud Storage to cache intermediate artifacts.
正解:A
解説:
Explanation
https://cloud.google.com/storage/docs/best-practices
https://cloud.google.com/build/docs/speeding-up-builds#caching_directories_with_google_cloud_storage Caching directories with Google Cloud Storage To increase the speed of a build, reuse the results from a previous build. You can copy the results of a previous build to a Google Cloud Storage bucket, use the results for faster calculation, and then copy the new results back to the bucket. Use this method when your build takes a long time and produces a small number of files that does not take time to copy to and from Google Cloud Storage.
upvoted 2 times
質問 # 53
You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?
- A. Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.
- B. Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
- C. Configure Access Context Manager to allow only these members to export logs.
- D. Grant the team members the IAM role of logging.configWriter on Cloud IAM.
正解:D
解説:
Explanation/Reference: https://cloud.google.com/logging/docs/access-control
質問 # 54
You created a Stackdriver chart for CPU utilization in a dashboard within your workspace project. You want to share the chart with your Site Reliability Engineering (SRE) team only. You want to ensure you follow the principle of least privilege. What should you do?
- A. Share the workspace Project ID with the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.
- B. Share the workspace Project ID with the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.
- C. Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.
- D. Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.
正解:D
解説:
Explanation
https://cloud.google.com/monitoring/access-control
質問 # 55
Your product is currently deployed in three Google Cloud Platform (GCP) zones with your users divided between the zones. You can fail over from one zone to another, but it causes a 10-minute service disruption for the affected users. You typically experience a database failure once per quarter and can detect it within five minutes. You are cataloging the reliability risks of a new real-time chat feature for your product. You catalog the following information for each risk:
* Mean Time to Detect (MUD} in minutes
* Mean Time to Repair (MTTR) in minutes
* Mean Time Between Failure (MTBF) in days
* User Impact Percentage
The chat feature requires a new database system that takes twice as long to successfully fail over between zones. You want to account for the risk of the new database failing in one zone. What would be the values for the risk of database failover with the new system?
- A. MTTD:5
MTTR: 20
MTBF: 90
Impact: 33% - B. MTTD:5
MTTR: 10
MTBF: 90
Impact 50% - C. MTTD: 5
MTTR: 10
MTBF: 90
Impact: 33% - D. MTTD:5
MTTR: 20
MTBF: 90
Impact: 50%
正解:C
質問 # 56
You have deployed a fleet Of Compute Engine instances in Google Cloud. You need to ensure that monitoring metrics and logs for the instances are visible in Cloud Logging and Cloud Monitoring by your company's operations and cyber security teams. You need to grant the required roles for the Compute Engine service account by using Identity and Access Management (IAM) while following the principle of least privilege. What should you do?
- A. Grant the logging.editor and monitoring.metricwriter roles to the Compute Engine service accounts.
- B. Grant the logging. logwriter and monitoring. editor roles to the Compute Engine service accounts.
- C. Grant the logging. logWriter and monitoring. metricWriter roles to the Compute Engine service accounts.
- D. Grant the Logging. admin and monitoring . editor roles to the Compute Engine service accounts.
正解:A
解説:
The correct answer is D. Grant the logging.logWriter and monitoring.metricWriter roles to the Compute Engine service accounts.
According to the Google Cloud documentation, the Compute Engine service account is a Google-managed service account that is automatically created when you enable the Compute Engine API1. This service account is used by default to run your Compute Engine instances and access other Google Cloud services on your behalf1. To ensure that monitoring metrics and logs for the instances are visible in Cloud Logging and Cloud Monitoring, you need to grant the following IAM roles to the Compute Engine service account23:
The logging.logWriter role allows the service account to write log entries to Cloud Logging4.
The monitoring.metricWriter role allows the service account to write custom metrics to Cloud Monitoring5.
These roles grant the minimum permissions that are needed for logging and monitoring, following the principle of least privilege. The other roles are either unnecessary or too broad for this purpose. For example, the logging.editor role grants permissions to create and update logs, log sinks, and log exclusions, which are not required for writing log entries6. The logging.admin role grants permissions to delete logs, log sinks, and log exclusions, which are not required for writing log entries and may pose a security risk if misused. The monitoring.editor role grants permissions to create and update alerting policies, uptime checks, notification channels, dashboards, and groups, which are not required for writing custom metrics.
Reference:
Service accounts, Service accounts. Setting up Stackdriver Logging for Compute Engine, Setting up Stackdriver Logging for Compute Engine. Setting up Stackdriver Monitoring for Compute Engine, Setting up Stackdriver Monitoring for Compute Engine. Predefined roles, Predefined roles. Predefined roles, Predefined roles. Predefined roles, Predefined roles. [Predefined roles], Predefined roles. [Predefined roles], Predefined roles.
質問 # 57
You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?
- A. Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.
- B. Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
- C. Configure Access Context Manager to allow only these members to export logs.
- D. Grant the team members the IAM role of logging.configWriter on Cloud IAM.
正解:D
解説:
Explanation
https://cloud.google.com/logging/docs/access-control
The logging.configWriter role grants permissions to create, update, and delete log exports. This is the correct role to give team members who need to export logs2.
質問 # 58
Your company runs services by using multiple globally distributed Google Kubernetes Engine (GKE) clusters Your operations team has set up workload monitoring that uses Prometheus-based tooling for metrics alerts: and generating dashboards This setup does not provide a method to view metrics globally across all clusters You need to implement a scalable solution to support global Prometheus querying and minimize management overhead What should you do?
- A. Configure Prometheus hierarchical federation for centralized data access
- B. Configure Prometheus cross-service federation for centralized data access
- C. Configure Google Cloud Managed Service for Prometheus
- D. Configure workload metrics within Cloud Operations for GKE
正解:C
解説:
The best option for implementing a scalable solution to support global Prometheus querying and minimize management overhead is to use Google Cloud Managed Service for Prometheus. Google Cloud Managed Service for Prometheus is a fully managed service that allows you to collect, query, and visualize metrics from your GKE clusters using Prometheus-based tooling. You can use Google Cloud Managed Service for Prometheus to query metrics across multiple clusters and regions using a global view. You can also use Google Cloud Managed Service for Prometheus to integrate with other Google Cloud services, such as Cloud Monitoring, Cloud Logging, and BigQuery. By using Google Cloud Managed Service for Prometheus, you can avoid managing and scaling your own Prometheus servers and focus on your application performance.
質問 # 59
Your company is developing applications that are deployed on Google Kubernetes Engine (GKE). Each team manages a different application. You need to create the development and production environments for each team, while minimizing costs. Different teams should not be able to access other teams' environments. What should you do?
- A. Create a Development and a Production GKE cluster in separate projects. In each cluster, create a Kubernetes namespace per team, and then configure Identity Aware Proxy so that each team can only access its own namespace.
- B. Create one GCP Project per team. In each project, create a cluster for Development and one for Production. Grant the teams IAM access to their respective clusters.
- C. Create a Development and a Production GKE cluster in separate projects. In each cluster, create a Kubernetes namespace per team, and then configure Kubernetes Role-based access control (RBAC) so that each team can only access its own namespace.
- D. Create one GCP Project per team. In each project, create a cluster with a Kubernetes namespace for Development and one for Production. Grant the teams IAM access to their respective clusters.
正解:C
解説:
Explanation
https://cloud.google.com/architecture/prep-kubernetes-engine-for-prod#roles_and_groups
質問 # 60
You are using Stackdriver to monitor applications hosted on Google Cloud Platform (GCP). You recently deployed a new application, but its logs are not appearing on the Stackdriver dashboard.
You need to troubleshoot the issue. What should you do?
- A. Confirm that your account has the proper permissions to use the Stackdriver dashboard.
- B. Confirm that the application is using the required client library and the service account key has proper permissions.
- C. Confirm that the Stackdriver agent has been installed in the hosting virtual machine.
- D. Confirm that port 25 has been opened in the firewall to allow messages through to Stackdriver.
正解:C
解説:
https://cloud.google.com/monitoring/agent/monitoring/troubleshooting#checklist
質問 # 61
Your application images are built using Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What should you do when you push the image?
- A. Use Cloud Build to include the release version tag in the application image.
- B. Use GCR digest versioning to match the image to the tag in source control.
- C. Supply the source control tag as a parameter within the image name.
- D. Reference the image digest in the source control tag.
正解:C
解説:
Explanation
https://cloud.google.com/container-registry/docs/pushing-and-pulling
質問 # 62
Your company has a Google Cloud resource hierarchy with folders for production test and development Your cyber security team needs to review your company's Google Cloud security posture to accelerate security issue identification and resolution You need to centralize the logs generated by Google Cloud services from all projects only inside your production folder to allow for alerting and near-real time analysis. What should you do?
- A. Create a central Cloud Monitoring workspace and attach all related projects
- B. Create an aggregated log sink associated with the production folder that uses a Pub Sub topic as the destination
- C. Create an aggregated log sink associated with the production folder that uses a Cloud Logging bucket as the destination
- D. Enable the Workflows API and route all the logs to Cloud Logging
正解:C
解説:
The best option for centralizing the logs generated by Google Cloud services from all projects only inside your production folder is to create an aggregated log sink associated with the production folder that uses a Cloud Logging bucket as the destination. An aggregated log sink is a log sink that collects logs from multiple sources, such as projects, folders, or organizations. A Cloud Logging bucket is a storage location for logs that can be used as a destination for log sinks. By creating an aggregated log sink with a Cloud Logging bucket, you can collect and store all the logs from the production folder in one place and allow for alerting and near-real time analysis using Cloud Monitoring and Cloud Operations.
質問 # 63
You need to reduce the cost of virtual machines (VM| for your organization. After reviewing different options, you decide to leverage preemptible VM instances. Which application is suitable for preemptible VMs?
- A. A distributed, eventually consistent NoSQL database cluster with sufficient quorum
- B. A scalable in-memory caching system
- C. A GPU-accelerated video rendering platform that retrieves and stores videos in a storage bucket
- D. The organization's public-facing website
正解:C
質問 # 64
......
Google Professional-Cloud-Devops-Engineer認定は、業界で非常に評価されており、クラウドベースのDevOpsの分野での卓越性のマークとして認識されています。この認定は、DevOpsとCloud Computingでキャリアを促進しようとしている専門家や、Google Cloud Technologiesとの協力に興味がある専門家に最適です。この認定を取得することにより、専門家はGoogleクラウドでDevOpsワークフローを設計、実装、および管理する能力を実証し、雇用主とクライアントとの信頼性を高めることができます。
Google Professional-Cloud-Devops-Engineer認定試験は、Google Cloud Platform(GCP)およびDevOpsの実践で専門知識を実証したい専門家向けに設計されています。認定試験では、DevOpsの原則を使用してGCPソリューションを設計、開発、管理する候補者の能力のテストに焦点を当てています。この試験は、GCPでアプリケーションの開発と管理の経験があり、DevOpsの実践と原則を十分に理解している専門家向けです。
合格させる保証付き無料クイズ2024年最新の実際に出ると確認されたGoogle:https://jp.fast2test.com/Professional-Cloud-DevOps-Engineer-premium-file.html
無料Cloud DevOps Engineer Professional-Cloud-DevOps-Engineer究極の学習ガイド:https://drive.google.com/open?id=1p8k_SzpQ0mkIXbDrIMTm8gSmKN-2Q8D-