Free Access to Google.Professional-Cloud-DevOps-Engineer.v2024-08-12.q133 with Valid Practice Test (Page 11)

Question 46

You are creating a CI/CD pipeline in Cloud Build to build an application container image The application code is stored in GitHub Your company requires thai production image builds are only run against the main branch and that the change control team approves all pushes to the main branch You want the image build to be as automated as possible What should you do?
Choose 2 answers

A.Create a trigger on the Cloud Build job Set the repository event setting to Pull request'
B.Add the owners file to the Included files filter on the trigger
C.Create a trigger on the Cloud Build job Set the repository event setting to Push to a branch
D.Configure a branch protection rule for the main branch on the repository
E.Enable the Approval option on the trigger

Question 47

Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach. What should you do?

A.Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.
B.Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it
C.Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.
D.Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.

Question 48

Your uses Jenkins running on Google Cloud VM instances for CI/CD. You need to extend the functionality to use infrastructure as code automation by using Terraform. You must ensure that the Terraform Jenkins instance is authorized to create Google Cloud resources. You want to follow Google-recommended practices- What should you do?

A.Add the auth application-default command as a step in Jenkins before running the Terraform commands.
B.Create a dedicated service account for the Terraform instance. Download and copy the secret key value to the GOOGLE environment variable on the Jenkins server.
C.Confirm that the Jenkins VM instance has an attached service account with the appropriate Identity and Access Management (IAM) permissions.
D.use the Terraform module so that Secret Manager can retrieve credentials.

Correct Answer: C

The correct answer is C)
Confirming that the Jenkins VM instance has an attached service account with the appropriate Identity and Access Management (IAM) permissions is the best way to ensure that the Terraform Jenkins instance is authorized to create Google Cloud resources. This follows the Google-recommended practice of using service accounts to authenticate and authorize applications running on Google Cloud1. Service accounts are associated with private keys that can be used to generate access tokens for Google Cloud APIs2. By attaching a service account to the Jenkins VM instance, Terraform can use the Application Default Credentials (ADC) strategy to automatically find and use the service account credentials3.
Answer A is incorrect because the auth application-default command is used to obtain user credentials, not service account credentials. User credentials are not recommended for applications running on Google Cloud, as they are less secure and less scalable than service account credentials1.
Answer B is incorrect because it involves downloading and copying the secret key value of the service account, which is not a secure or reliable way of managing credentials. The secret key value should be kept private and not exposed to any other system or user2. Moreover, setting the GOOGLE environment variable on the Jenkins server is not a valid way of providing credentials to Terraform. Terraform expects the credentials to be either in a file pointed by the GOOGLE_APPLICATION_CREDENTIALS environment variable, or in a provider block with the credentials argument3.
Answer D is incorrect because it involves using the Terraform module for Secret Manager, which is a service that stores and manages sensitive data such as API keys, passwords, and certificates. While Secret Manager can be used to store and retrieve credentials, it is not necessary or sufficient for authorizing the Terraform Jenkins instance. The Terraform Jenkins instance still needs a service account with the appropriate IAM permissions to access Secret Manager and other Google Cloud resources.

Question 49

Your company experiences bugs, outages, and slowness in its production systems. Developers use the production environment for new feature development and bug fixes. Configuration and experiments are done in the production environment, causing outages for users. Testers use the production environment for load testing, which often slows the production systems. You need to redesign the environment to reduce the number of bugs and outages in production and to enable testers to load test new features. What should you do?

A.Create a development environment with smaller server capacity and give access only to developers and testers.
B.Create a development environment for writing code and a test environment for configurations, experiments, and load testing.
C.Secure the production environment to ensure that developers can't change it and set up one controlled update per year.
D.Create an automated testing script in production to detect failures as soon as they occur.

Question 50

You have an application running in Google Kubernetes Engine. The application invokes multiple services per request but responds too slowly. You need to identify which downstream service or services are causing the delay. What should you do?

A.Analyze VPC flow logs along the path of the request.
B.Use a distributed tracing framework such as OpenTelemetry or Stackdriver Trace.
C.Create a Dataflow pipeline to analyze service metrics in real time.
D.Investigate the Liveness and Readiness probes for each service.

Question 46

Question 47

Question 48

Question 49

Question 50

Download PDF File