Your organization has a containerized web application that runs on-premises As part of the migration plan to Google Cloud you need to select a deployment strategy and platform that meets the following acceptance criteria
1 The platform must be able to direct traffic from Android devices to an Android-specific microservice
2 The platform must allow for arbitrary percentage-based traffic splitting
3 The deployment strategy must allow for continuous testing of multiple versions of any microservice What should you do?

• A.Deploy the canary release of the application to Cloud Run Use traffic splitting to direct 10% of user traffic to the canary release based on the revision tag
• B.Deploy the canary release of the application to App Engine Use traffic splitting to direct a subset of user traffic to the new version based on the IP address
• C.Deploy the canary release of the application to Compute Engine Use Anthos Service Mesh with Compute Engine to direct 10% of user traffic to the canary release by configuring the virtual service.
• D.Deploy the canary release to Google Kubernetes Engine with Anthos Sen/ice Mesh Use traffic splitting to direct 10% of user traffic to the new version based on the user-agent header configured in the virtual service

Comment: *

Name: *

Email: *

Verification: *

Your team uses Cloud Build for all CI/CO pipelines. You want to use the kubectl builder for Cloud Build to deploy new images to Google Kubernetes Engine (GKE). You need to authenticate to GKE while minimizing development effort. What should you do?

• A.Assign the Container Developer role to the Cloud Build service account.
• B.Specify the Container Developer role for Cloud Build in the cloudbuild.yaml file.
• C.Create a new service account with the Container Developer role and use it to run Cloud Build.
• D.Create a separate step in Cloud Build to retrieve service account credentials and pass these to kubectl.

Comment: *

Name: *

Email: *

Verification: *

Your company is developing applications that are deployed on Google Kubernetes Engine (GKE) Each team manages a different application You need to create the development and production environments for each team while you minimize costs Different teams should not be able to access other teams environments You want to follow Google-recommended practices What should you do?

• A.Create one Google Cloud project per team In each project create a cluster for development and one for production Grant the teams Identity and Access Management (1AM) access to their respective clusters
• B.Create one Google Cloud project per team In each project create a cluster with a Kubernetes namespace for development and one for production Grant the teams Identity and Access Management (1AM) access to their respective clusters.
• C.Create a development and a production GKE cluster in separate projects In each cluster create a Kubernetes namespace per team and then configure Identity-Aware Proxy so that each team can only access its own namespace
• D.Create a development and a production GKE cluster in separate projects In each cluster create a Kubernetes namespace per team and then configure Kubernetes role-based access control (RBAC) so that each team can only access its own namespace

Comment: *

Name: *

Email: *

Verification: *

Your company follows Site Reliability Engineering principles. You are writing a postmortem for an incident, triggered by a software change, that severely affected users. You want to prevent severe incidents from happening in the future. What should you do?

• A.Ensure that test cases that catch errors of this type are run successfully before new software releases.
• B.Identify engineers responsible for the incident and escalate to their senior management.
• C.Follow up with the employees who reviewed the changes and prescribe practices they should follow in the future.
• D.Design a policy that will require on-call teams to immediately call engineers and management to discuss a plan of action if an incident occurs.

Comment: *

Name: *

Email: *

Verification: *

Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach. What should you do?

• A.Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.
• B.Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it
• C.Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.
• D.Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.

Comment: *

Name: *

Email: *

Verification: *