You have a pool of application servers running on Compute Engine. You need to provide a secure solution that requires the least amount of configuration and allows developers to easily access application logs for troubleshooting. How would you implement the solution on GCP?

• A.* Deploy the Stackdriver logging agent to the application servers.
  * Give the developers the IAM Logs Viewer role to access Stackdriver and view logs.
• B.* Deploy the Stackdriver logging agent to the application servers.
  * Give the developers the IAM Logs Private Logs Viewer role to access Stackdriver and view logs.
• C.* Deploy the Stackdriver monitoring agent to the application servers.
  * Give the developers the IAM Monitoring Viewer role to access Stackdriver and view metrics.
• D.* Install the gsutil command line tool on your application servers.
  * Write a script using gsutil to upload your application log to a Cloud Storage bucket, and then schedule it to run via cron every 5 minutes.

Comment: *

Name: *

Email: *

Verification: *

You use a multiple step Cloud Build pipeline to build and deploy your application to Google Kubernetes Engine (GKE). You want to integrate with a third-party monitoring platform by performing a HTTP POST of the build information to a webhook. You want to minimize the development effort. What should you do?

• A.Use Stackdriver Logging to create a logs-based metric from the Cloud Buitd logs. Create an Alert with a Webhook notification type.
• B.Create a Cloud Pub/Sub push subscription to the Cloud Build cloud-builds PubSub topic to HTTP POST the build information to a webhook.
• C.Add a new step at the end of the pipeline in Cloud Build to HTTP POST the build information to a webhook.
• D.Add logic to each Cloud Build step to HTTP POST the build information to a webhook.

Comment: *

Name: *

Email: *

Verification: *

You are part of an organization that follows SRE practices and principles. You are taking over the management of a new service from the Development Team, and you conduct a Production Readiness Review (PRR). After the PRR analysis phase, you determine that the service cannot currently meet its Service Level Objectives (SLOs). You want to ensure that the service can meet its SLOs in production. What should you do next?

• A.Notify the development team that they will have to provide production support for the service.
• B.Bring the service into production with no SLOs and build them when you have collected operational data.
• C.Identify recommended reliability improvements to the service to be completed before handover.
• D.djust the SLO targets to be achievable by the service so you can bring it into production.

Comment: *

Name: *

Email: *

Verification: *

Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach.
What should you do?

• A.Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.
• B.Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.
• C.Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.
• D.Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it.

Comment: *

Name: *

Email: *

Verification: *

Your application services run in Google Kubernetes Engine (GKE). You want to make sure that only images from your centrally-managed Google Container Registry (GCR) image registry in the altostrat-images project can be deployed to the cluster while minimizing development time. What should you do?

• A.Use a Binary Authorization policy that includes the whitelist name pattern gcr.io/attostrat-images/.
• B.Add a tag to each image in gcr.io/altostrat-images and check that this tag is present when the image is deployed.
• C.Add logic to the deployment pipeline to check that all manifests contain only images from gcr.io/altostrat-images.
• D.Create a custom builder for Cloud Build that will only push images to gcr.io/altostrat-images.

Comment: *

Name: *

Email: *

Verification: *