A.  

Add more serving capacity to all of your application’s zones.

B.  

Have more frequent or potentially risky application releases.

C.  

Tighten the SLO match the application’s observed reliability.

D.  

Implement and measure additional Service Level Indicators (SLIs) fro the application.

E.  

Announce planned downtime to consume more error budget, and ensure that users are not depending on a tighter SLO.

A.  

Create a Cloud Storage bucket and use the built-in encryption at rest. Store the secrets in the bucket and grant Cloud Build access to the bucket.

B.  

Encrypt the secrets and store them in the application repository. Store a decryption key in a separate repository and grant Cloud Build access to the repository.

C.  

Use client-side encryption to encrypt the secrets and store them in a Cloud Storage bucket. Store a decryption key in the bucket and grant Cloud Build access to the bucket.

D.  

Use Cloud Key Management Service (Cloud KMS) to encrypt the secrets and include them in your Cloud Build deployment configuration. Grant Cloud Build access to the KeyRing.

A.  

In the Google Cloud Platform Console, use the Cost Breakdown section to visualize the costs per system.

B.  

Assign all instances a label specific to the system they run. Configure BigQuery billing export and query costs per label.

C.  

Enrich all instances with metadata specific to the system they run. Configure Stackdriver Logging to export to BigQuery, and query costs based on the metadata.

D.  

Name each virtual machine (VM) after the system it runs. Set up a usage report export to a Cloud Storage bucket. Configure the bucket as a source in BigQuery to query costs based on VM name.

A.  

Create an automated testing script in production to detect failures as soon as they occur.

B.  

Create a development environment with smaller server capacity and give access only to developers and testers.

C.  

Secure the production environment to ensure that developers can't change it and set up one controlled update per year.

D.  

Create a development environment for writing code and a test environment for configurations, experiments, and load testing.

A.  

Purchase Committed Use Discounts.

B.  

Migrate the instances to a Managed Instance Group.

C.  

Convert the instances to preemptible virtual machines.

D.  

Create an Unmanaged Instance Group for the instances used to run the workload.

A.  

Use Cloud Storage to cache intermediate artifacts.

B.  

Run multiple Jenkins agents to parallelize the build.

C.  

Use multiple smaller build steps to minimize execution time.

D.  

Use larger Cloud Build virtual machines (VMs) by using the machine-type option.

A.  

Use Stackdriver Kubernetes Engine Monitoring.

B.  

Use Prometheus to collect and aggregate logs per container, and then analyze the results in Grafana.

C.  

Use the Stackdriver Monitoring API to create custom metrics, and then organize your containers using groups.

D.  

Use Stackdriver Logging to export application logs to BigOuery. aggregate logs per container, and then analyze CPU and memory consumption.

A.  

Disable the CI pipeline and revert to manually building and pushing the artifacts.

B.  

Change the CI pipeline to push the artifacts to Container Registry instead of Docker Hub.

C.  

Upload the configuration YAML file to Cloud Storage and use Error Reporting to identify and fix the issue.

D.  

Run a Git compare between the previous and current Cloud Build Configuration files to find and fix the bug.

A.  

Store the encryption keys in Cloud Key Management Service (KMS) and rotate the keys frequently

B.  

Inject the secret at the time of instance creation via an encrypted configuration management system.

C.  

Integrate the application with a Single sign-on (SSO) system and do not expose secrets to the application

D.  

Leverage a continuous build pipeline that produces multiple versions of the secret for each instance of the application.

A.  

Set up Container Analysis to scan and report Common Vulnerabilities and Exposures.

B.  

Configure the containers in the build pipeline to always update themselves before release.

C.  

Reconfigure the existing operating system vulnerability software to exist inside the container.

D.  

Implement static code analysis tooling against the Docker files used to create the containers.

A.  

File a bug with the development team so they can find the root cause of the crashing instance.

B.  

Create a Managed Instance Group with a single instance and use health checks to determine the system status.

C.  

Add a Load Balancer in front of the Compute Engine instance and use health checks to determine the system status.

D.  

Create a Stackdriver Monitoring dashboard with SMS alerts to be able to start recreating the crashed instance promptly after it has crashed.

A.  

Push the images to Google Container Registry (GCR) using the gcr.io hostname.

B.  

Push the images to Google Container Registry (GCR) using the us.gcr.io hostname.

C.  

Push the images to Google Container Registry (GCR) using the eu.gcr.io hostname.

D.  

Push the images to a private image registry running on a Compute Engine instance in the eu-west-1 region.

A.  

Export logs to BigQuery tables for each project team. Grant project teams access to their tables. Grant logs writer access to the operations team in the central logging project.

B.  

Create log views for each project team, and only show each project team their application logs. Grant the operations team access to the _ Al Il-jogs View in the central logging project.

C.  

Grant each project team access to the project _ Default view in the central logging project. Grant logging viewer access to the operations team in the central logging project.

D.  

Create Identity and Access Management (IAM) roles for each project team and restrict access to the _ Default log view in their individual Google Cloud project. Grant viewer access to the operations team in the central logging project.

A.  

Add the Logs Writer role to the service account.

B.  

Enable Private Google Access on the subnet that the instance is in.

C.  

Update the instance to use the default Compute Engine service account.

D.  

Export the service account key and configure the agents to use the key.

A.  

Publish various metrics from the application directly to the Slackdriver Monitoring API, and then observe these custom metrics in Stackdriver.

B.  

Install the Cloud Pub/Sub client libraries, push various metrics from the application to various topics, and then observe the aggregated metrics in Stackdriver.

C.  

Install the OpenTelemetry client libraries in the application, configure Stackdriver as the export destination for the metrics, and then observe the application's metrics in Stackdriver.

D.  

Emit all metrics in the form of application-specific log messages, pass these messages from the containers to the Stackdriver logging collector, and then observe metrics in Stackdriver.

A.  

Review current application metrics and add new ones as needed.

B.  

Modify the code to capture additional information for user interaction.

C.  

Analyze the web proxy logs only and capture response time of each request.

D.  

Create new synthetic clients to simulate a user journey using the application.

E.  

Use current and historic Request Logs to trace customer interaction with the application.

A.  

Before merging new code, require 2 different peers to review the code changes.

B.  

Adopt the blue/green deployment strategy when releasing new code via a CD server.

C.  

Integrate a code linting tool to validate coding standards before any code is accepted into the repository.

D.  

Require developers to run automated integration tests on their local development environments before release.

E.  

Configure a CI server. Add a suite of unit tests to your code and have your CI server run them on commit and verify any changes.

A.  

Store the Terraform code in a version-control system. Establish procedures for pushing new versions and merging with the master.

B.  

Store the Terraform code in a network shared folder with child folders for each version release. Ensure that everyone works on different files.

C.  

Store the Terraform code in a Cloud Storage bucket using object versioning. Give access to the bucket to every team member so they can download the files.

D.  

Store the Terraform code in a shared Google Drive folder so it syncs automatically to every team member’s computer. Organize files with a naming convention that identifies each new version.

A.  

Download and configure a third-party integration between Stackdriver Monitoring and an SMS gateway. Ensure that your team members add their SMS/phone numbers to the external tool.

B.  

Select the Webhook notifications option for each alerting policy, and configure it to use a third-party integration tool. Ensure that your team members add their SMS/phone numbers to the external tool.

C.  

Ensure that your team members set their SMS/phone numbers in their Stackdriver Profile. Select the SMS notification option for each alerting policy and then select the appropriate SMS/phone numbers from the list.

D.  

Configure a Slack notification for each alerting policy. Set up a Slack-to-SMS integration to send SMS messages when Slack messages are received. Ensure that your team members add their SMS/phone numbers to the external integration.

A.  

Instrument all applications with Stackdriver Profiler.

B.  

Instrument all applications with Stackdriver Trace and review inter-service HTTP requests.

C.  

Use Stackdriver Debugger to review the execution of logic within each application to instrument all applications.

D.  

Modify the Node.js application to log HTTP request and response times to dependent applications. Use Stackdriver Logging to find dependent applications that are performing poorly.

A.  

Enable Packet Mirroring on the VPC

B.  

Install the Ops Agent on the Compute Engine instances.

C.  

Enable logging on the firewall rule

D.  

Enable VPC Flow Logs on the subnet

A.  

Call individual stakeholders lo explain what happened.

B.  

Develop a post-mortem to be distributed to stakeholders.

C.  

Send the Incident State Document to all the stakeholders.

D.  

Require the engineer responsible to write an apology email to all stakeholders.

A.  

Create a new pipeline to delete old infrastructure stacks when they are no longer needed

B.  

Confirm that the pipeline is storing and retrieving the terraform. if state file from Cloud Storage with the Terraform gcs backend

C.  

Verify that the pipeline is storing and retrieving the terrafom.tfstat* file from a source control

D.  

Update the pipeline to remove any existing infrastructure before you apply the latest configuration

A.  

1. Export VM utilization logs from Stackdriver to BigOuery.

2. Create a dashboard in Data Studio.

3. Share the dashboard with your stakeholders.

B.  

1. Export VM utilization logs from Stackdriver to Cloud Pub/Sub.

2. From Cloud Pub/Sub, send the logs to a Security Information and Event Management (SIEM) system.

3. Build the dashboards in the SIEM system and share with your stakeholders.

C.  

1. Export VM utilization logs (rom Stackdriver to BigQuery.

2. From BigQuery. export the logs to a CSV file.

3. Import the CSV file into Google Sheets.

4. Build a dashboard in Google Sheets and share it with your stakeholders.

D.  

1. Export VM utilization logs from Stackdriver to a Cloud Storage bucket.

2. Enable the Cloud Storage API to pull the logs programmatically.

3. Build a custom data visualization application.

4. Display the pulled logs in a custom dashboard.

A.  

90th percentile - 150 ms

95th percentile - 290 ms

B.  

90th percentile - 160 ms

95th percentile - 300 ms

C.  

90th percentile - 190 ms

95th percentile - 330 ms

D.  

90th percentile - 300 ms

95th percentile - 450 ms

A.  

Add high memory compute nodes to the cluster.

B.  

Increase the memory limit in the application deployment.

C.  

Add Cloud Trace to the application, and redeploy.

D.  

Increase the CPU limit in the application deployment.

A.  

Select a latency metric for a request-based method of evaluation.

B.  

Select a latency metric for a window-based method of evaluation.

C.  

Select an availability metric for a request-based method of evaluation.

D.  

Select an availability metric for a window-based method Of evaluation.

A.  

Store public and private charts in OCI format by using Artifact Registry

B.  

Store public and private charts by using GitHub Enterprise with Google Workspace as the identity provider

C.  

Store public and private charts by using Git repository Configure Cloud Build to synchronize contents of the repository into a Cloud Storage bucket Connect Helm to the bucket by using https: // [bucket] .srorage.googleapis.com/ [holnchart] as the Helm repository

D.  

Configure a Helm chart repository server to run in Google Kubernetes Engine (GKE) with Cloud Storage bucket as the storage backend

A.  

Make the service’s SLO more strict.

B.  

Increase the service’s deployment velocity and/or risk.

C.  

Shift engineering time to other services that need more reliability.

D.  

Get the product team to prioritize reliability work over new features.

E.  

Change the implementation of your Service Level Indicators (SLIs) to increase coverage.

A.  

Update the Deployment app-blue to use the new version of the application

B.  

Update the Deployment ape-green to use the previous version of the application

C.  

Change the selector on the Service app-2vc to app: my-app.

D.  

Change the selector on the Service app-svc to app: my-app, version: blue

A.  

Notify the team that their error budget is used up. Negotiate with the team for a launch freeze or tolerate a slightly worse user experience.

B.  

Look through other metrics related to the product and find SLOs with remaining error budget. Reallocate the error budgets and allow the feature launch.

C.  

Escalate the situation and request additional error budget.

D.  

Notify the team about the lack of error budget and ensure that all their tests are successful so the launch will not further risk the error budget.

A.  

Save the API key in Secret Manager as a secret Reference the secret as an environment variable in the Cloud Run application

B.  

Save the API key in Secret Manager as a secret key Mount the secret key under the /sys/api_key directory and decrypt the key in the Cloud Run application

C.  

Save the API key in Cloud Key Management Service (Cloud KMS) as a key Reference the key as an environment variable in the Cloud Run application

D.  

Encrypt the API key by using Cloud Key Management Service (Cloud KMS) and pass the key to Cloud Run as an environment variable Decrypt and use the key in Cloud Run

A.  

Premium Tier with a global load balancer

B.  

Premium Tier with a regional load balancer

C.  

Standard Tier with a global load balancer

D.  

Standard Tier with a regional load balancer

A.  

Focus on developing new features rather than avoiding the outages from recurring.

B.  

Focus on identifying the contributing causes of the incident rather than the individual responsible for the cause.

C.  

Plan individual meetings with all the engineers involved. Determine who approved and pushed the new release to production.

D.  

Use the Git history to find the related code commit. Prevent the engineer who made that commit from working on production services.

A.  

Store the password in Secret Manager and send the secret to the application by using environment variables.

B.  

Store the password in Secret Manager and mount the secret as a volume within the application.

C.  

Use Cloud Build to add your password into the application container at build time. Ensure that Artifact Registry is secured from public access.

D.  

Store the password directly in the code. Use Cloud Build to rebuild and deploy the application each time the password changes.

A.  

Check the serial port logs of the Compute Engine instance.

B.  

Use Stackdriver Profiler to visualize the resources utilization throughout the application.

C.  

Determine whether there is an increased number of connections to the Cloud SQL instance.

D.  

Use Cloud Security Scanner to see whether your Cloud SQL is under a Distributed Denial of Service (DDoS) attack.

A.  

Set up a GitHub action to trigger Cloud Build when there is a parameter change. In Cloud Build, run a gcloud CLI command to apply the change.

B.  

When there is a change in GitHub, use a web hook to send a request to Anthos Service Mesh, and apply the change.

C.  

Configure Anthos Config Management with the GitHub repository. When there is a change in the repository, use Anthos Config Management to apply the change.

D.  

Configure Config Connector with the GitHub repository. When there is a change in the repository, use Config Connector to apply the change.

A.  

flex/connections/current

B.  

tcp_ssl_proxy/new_connections

C.  

tcp_ssl_proxy/open_connections

D.  

flex/instance/connections/current

A.  

MTTD: 5

MTTR: 10

MTBF: 90

Impact: 33%

B.  

MTTD:5

MTTR: 20

MTBF: 90

Impact: 33%

C.  

MTTD:5

MTTR: 10

MTBF: 90

Impact 50%

D.  

MTTD:5

MTTR: 20

MTBF: 90

Impact: 50%

A.  

Reroute the user traffic from the affected region to other regions that don’t report issues.

B.  

Use Stackdriver Monitoring to check for a spike in CPU or memory usage for the affected region.

C.  

Add an extra node pool that consists of high memory and high CPU machine type instances to the cluster.

D.  

Use Stackdriver Logging to filter on the clusters in the affected region, and inspect error messages in the logs.

A.  

Verify the maximum node pool size enable a Horizontal Pod Autoscaler and then perform a load lest to verify your expected resource needs

B.  

Because you deployed the service on GKE and are using a cluster autoscaler your GKE cluster will scale automatically regardless of growth rate

C.  

Because you are only using 30% of deployed CPU capacity there is significant headroom and you do not need to add any additional capacity for this rate of growth

D.  

Proactively add 80% more node capacity to account for six months of 10% growth rate and then perform a load test to ensure that you have enough capacity

A.  

Grant relevant team members read access to all GCP production projects. Create Stackdriver workspaces inside each project.

B.  

Grant relevant team members the Project Viewer IAM role on all GCP production projects. Create Slackdriver workspaces inside each project.

C.  

Choose an existing GCP production project to host the monitoring workspace. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.

D.  

Create a new GCP monitoring project, and create a Stackdriver Workspace inside it. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.

A.  

Check the node/ephemeral_storage/used_bytes metric by using Metrics Explorer.

B.  

Check the metric by using Metrics Explorer.

C.  

Locate all the Pods with emptyDir volumes. use the df-h command to measure volume disk usage.

D.  

Locate all the Pods with emptyDir volumes. Use the du -sh * command to measure volume disk usage.

A.  

Develop an appropriate error budget policy in cooperation with all service stakeholders.

B.  

Negotiate with the product team to always prioritize service reliability over releasing new features.

C.  

Negotiate with the development team to reduce the release frequency to no more than once a week.

D.  

Add a plugin to your Jenkins pipeline that prevents new releases whenever your service is out of SLO.

A.  

Configure the build system with protected branches that require pull request approval.

B.  

Use an Admission Controller to verify that incoming requests originate from approved sources.

C.  

Leverage Kubernetes Role-Based Access Control (RBAC) to restrict access to only approved users.

D.  

Enable binary authorization inside the Kubernetes cluster and configure the build pipeline as an attestor.

A.  

Deploy Falco or Twistlock on GKE to monitor for vulnerabilities on your running Pods

B.  

Configure Identity and Access Management (1AM) policies to create a least privilege model on your GKE clusters

C.  

Use Binary Authorization to attest images during your CI CD pipeline

D.  

Enable Container Analysis in Artifact Registry, and check for common vulnerabilities and exposures (CVEs) in your container images

A.  

Compare the canary with a new deployment of the current production version.

B.  

Compare the canary with a new deployment of the previous production version.

C.  

Compare the canary with the existing deployment of the current production version.

D.  

Compare the canary with the average performance of a sliding window of previous production versions.

A.  

Use Cloud Storage to cache intermediate artifacts.

B.  

Run multiple Jenkins agents to parallelize the build.

C.  

Use multiple smaller build steps to minimize execution time.

D.  

Use larger Cloud Build virtual machines (VMs) by using the machine-type option.

A.  

Install and configure Config Connector in Google Kubernetes Engine (GKE).

B.  

Configure Cloud Build with a Terraform builder to execute plan and apply commands.

C.  

Create a Pod resource with a Terraform docker image to execute terraform plan and terraform apply commands.

D.  

Create a Job resource with a Terraform docker image to execute terraforrm plan and terraform apply commands.

A.  

Implement Jenkins on local workstations.

B.  

Implement Jenkins on Kubernetes on-premises

C.  

Implement Jenkins on Google Cloud Functions.

D.  

Implement Jenkins on Compute Engine virtual machines.

A.  

Use the gcloud CLI to install the Ops Agent on each VM listed in the Cloud Asset Inventory

B.  

Select all VMs with an Agent status of Not detected on the Cloud Operations VMs dashboard Then select Install agents

C.  

Use the gcloud CLI to create an Agent Policy.

D.  

Install the Ops Agent on the Compute Engine image by using a startup script

A.  

Share the workspace Project ID with the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.

B.  

Share the workspace Project ID with the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.

C.  

Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.

D.  

Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.

A.  

90th percentile – 100ms

95th percentile – 250ms

B.  

90th percentile – 120ms

95th percentile – 275ms

C.  

90th percentile – 150ms

95th percentile – 300ms

D.  

90th percentile – 250ms

95th percentile – 400ms

A.  

Create a Cloud Storage bucket and use the built-in encryption at rest. Store the secrets in the bucket and grant Cloud Build access to the bucket.

B.  

Encrypt the secrets and store them in the application repository. Store a decryption key in a separate repository and grant Cloud Build access to the repository.

C.  

Use client-side encryption to encrypt the secrets and store them in a Cloud Storage bucket. Store a decryption key in the bucket and grant Cloud Build access to the bucket.

D.  

Use Cloud Key Management Service (Cloud KMS) to encrypt the secrets and include them in your Cloud Build deployment configuration. Grant Cloud Build access to the KeyRing.

A.  

Upgrade the GCS buckets to Multi-Regional.

B.  

Enable high availability on the CloudSQL instances.

C.  

Move the application from App Engine to Compute Engine.

D.  

Modify the App Engine configuration to have additional idle instances.

A.  

Perform a rolling deployment and test your new application after the deployment is complete

B.  

Perform A. B testing, and test your application periodically after the deployment is complete

C.  

Perform a canary deployment, and test your new application periodically after the new version is deployed

D.  

Perform a blue/green deployment and test your new application after the deployment is complete