Professional-Cloud-Developer Questions and Answers

Each group of developers creates a feature branch from the main branch for their work, commits their changes to their branch, and merges their code into the main branch before each major release.

Each developer commits their code to the main branch before each product release, conducts testing, and rolls back if integration issues are detected.

Each group of developers copies the repository, commits their changes to their repository, and merges their code into the main repository before each product release.

Each developer creates a branch for their own work, commits their changes to their branch, and merges their code into the main branch after peer review.

Push your source code to Artifact Registry.

Submit a Cloud Build job to push the image.

Use the pack build command with pack CLI.

Include the --source flag with the gcloud run deploy CLI command.

Include the --platform=kubernetes flag with the gcloud run deploy CLI command.

Assign the Google Cloud service account to your GKE Pod using Workload Identity.

Export the Google Cloud service account, and share it with the Pod as a Kubernetes Secret.

Export the Google Cloud service account, and embed it in the source code of the application.

Export the Google Cloud service account, and upload it to HashiCorp Vault to generate a dynamic service account for your application.

Retry the failures in batch after a set number of failures is logged.

Retry each failure at a set time interval up to a maximum number of times.

Retry each failure at increasing time intervals up to a maximum number of tries.

Retry each failure at decreasing time intervals up to a maximum number of tries.

Pipe the content of the files to the Linux Syslog daemon.

Install a Google version of fluentd on the Compute Engine instance.

Install a Google version of collectd on the Compute Engine instance.

Using cron, schedule a job to copy the log files to Cloud Storage once a day.

Create one root collection for user profiles, and store each user's post as a nested list in the user profile document.

Create one root collection for user profiles, and create one root collection for user posts.

Create one root collection for user profiles, and create one subcollection for each user's posts.

Create one root collection for user posts, and create one subcollection for each user's profile

Increase the Cloud Function's timeout to nine minutes.

Configure the sender application to publish the outgoing emails in a message to a Pub/Sub topic. Update the Cloud Function configuration to consume the Pub/Sub queue.

Configure the sender application to write emails to Memorystore and then trigger the Cloud Function. When the function is triggered, it reads the email details from Memorystore and sends them to the email service.

Configure the sender application to retry the execution of the Cloud Function every one second if a request fails.

Add a Stackdriver counter metric for path:/api/alpha/.

Add a Stackdriver counter metric for endpoint:/api/alpha/*.

Export the logs to Cloud Storage and count lines matching /api/alphA.

Export the logs to Cloud Pub/Sub and count lines matching /api/alphA.

Configure your Cloud Run service with a Cloud SQL connection.

Configure your Cloud Run service to use a Serverless VPC Access connector

Configure your application to use the Cloud SQL Java connector

Configure your application to connect to an instance of the Cloud SQL Auth proxy

Use Cloud Logging to check for error logs, and reduce Spanner processing units by small increments until you find the minimum capacity required.

Use Cloud Trace to monitor the requests per sec of incoming requests to Spanner, and reduce Spanner processing units by small increments until you find the minimum capacity required.

Use Cloud Monitoring to monitor the CPU utilization, and reduce Spanner processing units by small increments until you find the minimum capacity required.

Use Snapshot Debugger to check for application errors, and reduce Spanner processing units by small increments until you find the minimum capacity required.

Use Cloud SQL, and assign the roles/cloudsql.editor role to the service account.

Use Bigtable, and assign the roles/bigtable.viewer role to the service account.

Use Firestore in Native mode and assign the roles/datastore.user role to the service account.

Use Firestore in Datastore mode and assign the roles/datastore.viewer role to the service account.

Modernize and deploy the code on App Engine flexible environment.

Modernize and deploy the code on App Engine standard environment.

Deploy the modernized application to an n1-standard-1 Compute Engine instance.

Ask the development team to re-write the application to run as a Docker container on Google Kubernetes Engine.

Store the logs in a Cloud Storage bucket with bucket lock turned on.

Store the logs in a Cloud Storage bucket with a 3-year retention period.

Store the logs in Cloud Logging as custom logs with a custom retention period.

Store the logs in a Cloud Storage bucket with a 1-year retention period. After 1 year, move the logs to another bucket with a 2-year retention period.

Install the Ops Agent inside your container and configure it to gather application metrics.

Install the OpenTelemetry library for your respective language, and instrument your application.

Modify your application to read and forward the x-Cloud-Trace-context header when it calls the

downstream services

D Enable Managed Service for Prometheus on the GKE cluster to gather application metrics.

Create a Service Directory Namespace Use API calls to register the services during deployment, and query during runtime.

Configure your microservices to use the Cloud Run Admin and Cloud Functions APIs to query for deployed Cloud Run services and Cloud Functions in the Google Cloud project.

Deploy Hashicorp Consul on a single Compute Engine Instance Register the services with Consul during deployment and query during runtime

Rename the Cloud Functions and Cloud Run services endpoints using a well-documented naming

convention

Use Cloud Load Balancing to slowly ramp up traffic between versions. Use Cloud Monitoring to look for performance issues.

Deploy the application via a continuous delivery pipeline using canary deployments. Use Cloud Monitoring to look for performance issues. and ramp up traffic as the metrics support it.

Deploy the application via a continuous delivery pipeline using blue/green deployments. Use Cloud Monitoring to look for performance issues, and launch fully when the metrics support it.

Deploy the application using kubectl and set the spec.updateStrategv.type to RollingUpdate. Use Cloud Monitoring to look for performance issues, and run the kubectl rollback command if there are any issues.

Use HTTP signed URLs to securely provide access to the required resources.

Use the instance’s service account Application Default Credentials to authenticate to the required resources.

Generate a P12 file from the GCP Console after the instance is deployed, and copy the credentials to the host instance before starting the application.

Commit the credential JSON file into your application’s source repository, and have your CI/CD process package it with the software that is deployed to the instance.

Vertical Pod Autoscaler in Auto mode

Vertical Pod Autoscaler in Recommendation mode

Horizontal Pod Autoscaler based on an external metric

Horizontal Pod Autoscaler based on resources utilization

Create a new Cloud Storage bucket, and mount it via FUSE in the container.

Create a new persistent disk, and mount the volume as a shared PersistentVolume.

Create a new Filestore instance, and mount the volume as an NFS PersistentVolume.

Create a new ConfigMap and volumeMount to store the contents of the configuration file.

Use the service account attached to the GKE node.

Enable Workload Identity in the cluster via the gcloud command-line tool.

Access the Google service account keys from a secret management service.

Store the Google service account keys in a central secret management service.

Use gcloud to bind the Kubernetes service account and the Google service account using roles/iam.workloadIdentity.

Create an API key.

Create a SAML token.

Create a service account.

Create an OAuth Client ID.

Deployment

StatefulSet

ReplicaSet

ReplicaController

Store and retrieve the file contents using Compute Engine instance metadata.

Output the file contents to a file in /workspace. Read from the same /workspace file in the subsequent build step.

Use gsutil to output the file contents to a Cloud Storage object. Read from the same object in the subsequent build step.

Add a build argument that runs an HTTP POST via curl to a separate web server to persist the value in one builder. Use an HTTP GET via curl from the subsequent build step to read the value.

Cloud Run

Compute Engine with managed instance groups

Compute Engine with unmanaged instance groups

Google Kubernetes Engine using cluster autoscaling

Host the application on Compute Engine, and configure Cloud Endpoints for your application.

Host the application on Google Kubernetes Engine and use Identity-Aware Proxy (IAP) with Cloud Load Balancing and Google-managed certificates.

Host the application on Google Kubernetes Engine, and deploy an NGINX Ingress Controller to handle authentication.

Host the application on Google Kubernetes Engine, and deploy cert-manager to manage SSL certificates.

Use Network Policies to block traffic between applications.

Install Istio, enable proxy injection on your application namespace, and then enable mTLS.

Define Trusted Network ranges within the application, and configure the applications to allow traffic only from those networks.

Use an automated process to request SSL Certificates for your applications from Let’s Encrypt and add them to your applications.

Enable Binary Authorization, and configure it to attest that no vulnerabilities exist in a container image.

Enable the Container Scanning API in Artifact Registry, and scan the built container images for vulnerabilities.

Upload the built container images to your Docker Hub instance, and scan them for vulnerabilities.

Add Artifact Registry to your Aqua Security instance, and scan the built container images for vulnerabilities

Deploy a Fluent Bit daemonset on the GKE cluster to log data in Cloud Logging. Analyze the logs to get insights into your application code’s performance.

Create a custom dashboard in Cloud Monitoring to evaluate the CPU performance metrics of your application.

Connect to your GKE nodes using SSH. Run the top command on the shell to extract the CPU utilization of your application.

Modify your Go application to capture profiling data. Analyze the CPU metrics of your application in flame graphs in Profiler.

Directly persist each POST request’s JSON data into Datastore.

Transform the POST request’s JSON data, and stream it into BigQuery.

Transform the POST request’s JSON data, and store it in a regional Cloud SQL cluster.

Persist each POST request’s JSON data as an individual file within Cloud Storage, with the file name containing the request identifier.

Enable Identity-Aware Proxy in your project. Secure function access using its permissions.

Create a service account with the Cloud Functions Viewer role. Use that service account to invoke the function.

Create a service account with the Cloud Functions Invoker role. Use that service account to invoke the function.

Create an OAuth 2.0 client ID for your calling service in the same project as the function you want to secure. Use those credentials to invoke the function.

Rewrite the application using .NET Core, and deploy to Cloud Run. Use revisions to separate the environments.

Use Cloud Build to deploy the application as a new Compute Engine image for each build. Use this image in each environment.

Deploy the application using MS Web Deploy, and make sure to always use the latest, patched MS Windows Server base image in Compute Engine.

Use Cloud Build to package the application, and deploy to a Google Kubernetes Engine cluster. Use namespaces to separate the environments.

Use Cloud Function to monitor resources and raise alerts.

Use Cloud Pub/Sub to monitor resources and raise alerts.

Use Stackdriver Error Reporting to capture errors and raise alerts.

Use Stackdriver Monitoring to monitor resources and raise alerts.

Build a new Docker container that examines the files in /workspace and then checks and adds a copyright for each source file. Changed files are explicitly committed back to the source repository.

Build a new Docker container that examines the files in /workspace and then checks and adds a copyright for each source file. Changed files do not need to be committed back to the source repository.

Build a new Docker container that examines the files in a Cloud Storage bucket and then checks and adds a copyright for each source file. Changed files are written back to the Cloud Storage bucket.

Build a new Docker container that examines the files in a Cloud Storage bucket and then checks and adds a copyright for each source file. Changed files are explicitly committed back to the source repository.

Ask the developers to use Cloud Shell and run gcloud container clusters get-credentials to switch to another cluster.

Ask the developers to open three terminals on their workstation and use kubecrt1 config to configure access to each cluster.

Ask the developers to install the gcloud CLI on their workstation and run gcloud container clusters get-credentials to switch to another cluster

In a configuration file, define the clusters users, and contexts Email the file to the developers and ask them to use kubect1 config to add cluster, user and context details.

Cloud VPN

Cloud Armor

Virtual Private Cloud

Cloud Identity-Aware Proxy

Use Google App Engine services.

Use serverless Google Cloud Functions.

Use Knative to build and deploy serverless applications.

Use Google Kubernetes Engine for automated deployments.

Use a large Google Compute Engine cluster for deployments.

Use local SSDs to store state.

Put a memcache layer in front of MySQL.

Move the state storage to Cloud Spanner.

Replace the MySQL instance with Cloud SQL.

Cloud Profiler

Cloud Monitoring

Cloud Trace

Cloud Logging

Create new Cloud SQL instances in Europe and North America for testing and deployment. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Bigtable. Instruct the development teams to use the Cloud SDK to emulate a local Bigtable development environment.

Move from Cloud SQL to MySQL hosted on Compute Engine. Replicate hosts across regions in the Americas and Europe. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Firestore in Native mode and set up instan

Create an API key. Use the API key to interact with Google Cloud.

Use the default compute service account to interact with Google Cloud.

Create a service account for the application. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.

Create a service account for the application and for each Google Cloud API used by the application. Export and deploy the private keys used by the application. Use the service account with one Google Cloud API to interact with Google Cloud.

Create manual subnets.

Create an auto mode subnet.

Create multiple peered VPCs.

Provision a single instance for NAT.

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

Cloud Spanner

Cloud Datastore

Cloud Memorystore as a cache

Separate Cloud SQL clusters for each region

Use the Cloud Data Loss Prevention API for redaction of the review dataset.

Use the Cloud Data Loss Prevention API for de-identification of the review dataset.

Use the Cloud Natural Language Processing API for redaction of the review dataset.

Use the Cloud Natural Language Processing API for de-identification of the review dataset.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

Use the current single instance MySQL on Compute Engine and several read-only MySQL servers on

Compute Engine.

Use the current single instance MySQL on Compute Engine, and replicate the data to Cloud SQL in an

external master configuration.

Replace the current single instance MySQL instance with Cloud SQL, and configure high availability.

Replace the current single instance MySQL instance with Cloud SQL, and Google provides redundancy

without further configuration.

Use Google Kubernetes Engine (GKE) to run the application as a microservice. Run the MySQL database on a dedicated GKE node.

Use multiple Compute Engine instances to run MySQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use Memorystore to store session information and CloudSQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use a Cloud Storage bucket to serve the application as a static website, and use another Cloud Storage bucket to store user state information.

Take frequent snapshots of all of the VMs.

Install the Stackdriver Logging agent on the VMs.

Install the Stackdriver Monitoring agent on the VMs.

Use Stackdriver Trace to look for performance bottlenecks.

Cloud Armor

Cloud Functions

Cloud Endpoints

Shielded Virtual Machines

Migrate the database to Bigtable and use it to serve all global user traffic.

Migrate the database to Cloud Spanner and use it to serve all global user traffic.

Migrate the database to Firestore in Datastore mode and use it to serve all global user traffic.

Migrate the services to Google Kubernetes Engine and use a load balancer service to better scale the application.

Include unit tests in their code, and prevent deployments to QA until all tests have a passing status.

Include performance tests in their code, and prevent deployments to QA until all tests have a passing status.

Create health checks for the QA environment, and redeploy the APIs at a later time if the environment is unhealthy.

Redeploy the APIs to App Engine using Traffic Splitting. Do not move QA traffic to the new versions if errors are found.

Use App Engine for autoscaling.

Use Cloud Functions for autoscaling.

Use a Compute Engine cluster for the service.

Use a dedicated Compute Engine virtual machine instance for the service.

Block all traffic on port 443.

Allow all traffic into the network.

Allow traffic on port 443 for a specific tag.

Allow all traffic on port 443 into the network.