A.  

Use Cloud Deploy to define a single delivery pipeline that promotes a release between a staging target and a production target. Configure the production target to require approval and to automatically execute a phased rollout that incrementally shifts traffic.

B.  

Use a Cloud Build trigger to initiate a GitOps workflow. Configure the trigger to update a manifest in a Git repository, which a controller on a GKE Autopilot cluster then synchronizes to manage a phased traffic rollout to the new revision.

C.  

Use Cloud Build to create a multi-stage pipeline. Configure the trigger to require approval before starting the build. Use the deploy command with the --traffic flag to incrementally shift traffic to the new revision in production.

D.  

Define two separate Cloud Deploy pipelines. Configure the first pipeline to deploy to staging, and configure the second pipeline to trigger and execute a phased, canary rollout to the production Cloud Run service.

A.  

Add logic to each Cloud Build step to HTTP POST the build information to a webhook.

B.  

Add a new step at the end of the pipeline in Cloud Build to HTTP POST the build information to a webhook.

C.  

Use Stackdriver Logging to create a logs-based metric from the Cloud Buitd logs. Create an Alert with a Webhook notification type.

D.  

Create a Cloud Pub/Sub push subscription to the Cloud Build cloud-builds PubSub topic to HTTP POST the build information to a webhook.

A.  

• Store your code in a Git-based version control system.• Establish a process that allows developers to merge their own changes at the end of each day.• Package and upload code lo a versioned Cloud Storage bucket as the latest master version.

B.  

• Store your code in a Git-based version control system.• Establish a process that includes code reviews by peers and unit testing to ensure integrity and functionality before integration of code.• Establish a process where the fully integrated code in the repository becomes the latest master version.

C.  

• Store your code as text files in Google Drive in a defined folder structure that organizes the files.• At the end of each day. confirm that all changes have been captured in the files within the folder structure.• Rename the folder structure with a predefined naming convention that increments the version.

D.  

• Store your code as text files in Google Drive in a defined folder structure that organizes the files.• At the end of each day, confirm that all changes have been captured in the files within the folder structure and create a new .zip archive with a predefined naming convention.• Upload the .zip archive to a versioned Cloud Storage bucket and accept it as the latest version.

A.  

Delete the managed instance group and recreate it after updating the instance template

B.  

Add a new instance template update the managed instance group to use the new instance template and delete the old instance template

C.  

Remove the managed instance group from the Terraform state file update the instance template and reimport the managed instance group.

D.  

Set the create_bef ore_destroy meta-argument to true in the lifecycle block on the instance template

A.  

Install the Stackdriver Error Reporting library for Python, and then run your code on a Compute Engine VM.

B.  

Install the Stackdriver Error Reporting library for Python, and then run your code on Google Kubernetes Engine.

C.  

Install the Stackdriver Error Reporting library for Python, and then run your code on App Engine flexible environment.

D.  

Use the Stackdriver Error Reporting API to write errors from your application to ReportedErrorEvent, and then generate log entries with properly formatted error messages in Stackdriver Logging.

A.  

Create a designated team that is responsible for conducting all postmortems.

B.  

Encourage new employees to conduct postmortems to learn through practice.

C.  

Ensure that writing effective postmortems is a rewarded and celebrated practice.

D.  

Encourage your senior leadership to acknowledge and participate in postmortems.

E.  

Provide your organization with a forum to critique previous postmortems.

A.  

Implement Jenkins on local workstations.

B.  

Implement Jenkins on Kubernetes on-premises

C.  

Implement Jenkins on Google Cloud Functions.

D.  

Implement Jenkins on Compute Engine virtual machines.

A.  

Store the Terraform code in a version-control system. Establish procedures for pushing new versions and merging with the master.

B.  

Store the Terraform code in a network shared folder with child folders for each version release. Ensure that everyone works on different files.

C.  

Store the Terraform code in a Cloud Storage bucket using object versioning. Give access to the bucket to every team member so they can download the files.

D.  

Store the Terraform code in a shared Google Drive folder so it syncs automatically to every team member’s computer. Organize files with a naming convention that identifies each new version.

A.  

Identify engineers responsible for the incident and escalate to their senior management.

B.  

Ensure that test cases that catch errors of this type are run successfully before new software releases.

C.  

Follow up with the employees who reviewed the changes and prescribe practices they should follow in the future.

D.  

Design a policy that will require on-call teams to immediately call engineers and management to discuss a plan of action if an incident occurs.

A.  

Create a trigger on the Cloud Build job Set the repository event setting to Pull request'

B.  

Add the owners file to the Included files filter on the trigger

C.  

Create a trigger on the Cloud Build job Set the repository event setting to Push to a branch

D.  

Configure a branch protection rule for the main branch on the repository

E.  

Enable the Approval option on the trigger

A.  

Grant the logging.editor and monitoring.metricwriter roles to the Compute Engine service accounts.

B.  

Grant the Logging. admin and monitoring . editor roles to the Compute Engine service accounts.

C.  

Grant the logging. logwriter and monitoring. editor roles to the Compute Engine service accounts.

D.  

Grant the logging. logWriter and monitoring. metricWriter roles to the Compute Engine service accounts.

A.  

Create a basic log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.

B.  

Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, and then copy the entries to a Cloud Storage bucket.

C.  

Create an advanced log filter matching userinfo, configure a log export in the Stackdriver console with Cloud Storage as a sink, and then configure a tog exclusion with userinfo as a filter.

D.  

Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, create an advanced log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.

A.  

Create SLIs from metrics Enable Alert Policies if the services do not pass

B.  

Use the metrics from Anthos Service Mesh to measure the health of the microservices

C.  

Create a SLO Create an Alert Policy on select_slo_bum_rate

D.  

Create a SLO and configure uptime checks for your services Enable Alert Policies if the services do not pass

A.  

Cloud Build with Packer

B.  

Cloud Build with Google Cloud Deploy

C.  

Google Kubernetes Engine with Google Cloud Deploy

D.  

Cloud Build with kpt

A.  

An explanation of the root cause of the incident

B.  

A list of employees responsible for causing the incident

C.  

A list of action items to prevent a recurrence of the incident

D.  

Your opinion of the incident’s severity compared to past incidents

E.  

Copies of the design documents for all the services impacted by the incident

A.  

Confirm that the Stackdriver agent has been installed in the hosting virtual machine.

B.  

Confirm that your account has the proper permissions to use the Stackdriver dashboard.

C.  

Confirm that port 25 has been opened in the firewall to allow messages through to Stackdriver.

D.  

Confirm that the application is using the required client library and the service account key has proper permissions.

A.  

Create an automated testing script in production to detect failures as soon as they occur.

B.  

Create a development environment with smaller server capacity and give access only to developers and testers.

C.  

Secure the production environment to ensure that developers can't change it and set up one controlled update per year.

D.  

Create a development environment for writing code and a test environment for configurations, experiments, and load testing.

A.  

Add N+1 redundancy to your service by adding additional compute resources to the service

B.  

Identify, measure and eliminate toil by automating repetitive tasks

C.  

Define an error budget for your service level availability and minimize the remaining error budget

D.  

Allocate available engineers to the feature backlog while you ensure that the sen/ice remains within the availability target

A.  

Create a single aggregated log sink at the organization level.

B.  

Create a log sink in each project

C.  

Create two aggregated log sinks at the organization level, and filter by project ID

D.  

Create an aggregated Iog sink in the Dev and Prod folders

A.  

File a bug with the development team so they can find the root cause of the crashing instance.

B.  

Create a Managed Instance Group with a single instance and use health checks to determine the system status.

C.  

Add a Load Balancer in front of the Compute Engine instance and use health checks to determine the system status.

D.  

Create a Stackdriver Monitoring dashboard with SMS alerts to be able to start recreating the crashed instance promptly after it has crashed.

A.  

Verity the maximum node pool size, enable a horizontal pod autoscaler, and then perform a load test to verity your expected resource needs.

B.  

Because you are deployed on GKE and are using a cluster autoscaler. your GKE cluster will scale automatically, regardless of growth rate.

C.  

Because you are at only 30% utilization, you have significant headroom and you won't need to add any additional capacity for this rate of growth.

D.  

Proactively add 60% more node capacity to account for six months of 10% growth rate, and then perform a load test to make sure you have enough capacity.

A.  

Instrument all applications with Stackdriver Profiler.

B.  

Instrument all applications with Stackdriver Trace and review inter-service HTTP requests.

C.  

Use Stackdriver Debugger to review the execution of logic within each application to instrument all applications.

D.  

Modify the Node.js application to log HTTP request and response times to dependent applications. Use Stackdriver Logging to find dependent applications that are performing poorly.

A.  

Use Prometheus Operator to install Prometheus in every cluster and scrape the metrics. Ensure that a Thanos sidecar is enabled on every Prometheus instance. Configure Thanos in the central cluster. Query the central Thanos instance.

B.  

Use Prometheus Operator to install Prometheus in every cluster and scrape the metrics. Configure remote-write to one central Prometheus. Query the central Prometheus instance.

C.  

Enable managed collection on every GKE cluster. Query the metrics in Cloud Monitoring.

D.  

Enable managed collection on every GKE cluster. Query the metrics in BigQuery.

A.  

Before merging new code, require 2 different peers to review the code changes.

B.  

Adopt the blue/green deployment strategy when releasing new code via a CD server.

C.  

Integrate a code linting tool to validate coding standards before any code is accepted into the repository.

D.  

Require developers to run automated integration tests on their local development environments before release.

E.  

Configure a CI server.Add a suite of unit tests to your code and have your CI server run them on commit and verify any changes.

A.  

Enable VPC Flow Logs on the production VPC network frontend and backend subnets only with a sample volume scale of 0.5.

B.  

Enable VPC Flow Logs on the production VPC network frontend and backend subnets only with a sample volume scale of 1.0.

C.  

Enable VPC Flow Logs on the testing and production VPC network frontend and backend subnets with a volume scale of 0.5. Apply changes intesting before production.

D.  

Enable VPC Flow Logs on the testing and production VPC network frontend and backend subnets with a volume scale of 1.0. Apply changes in testing before production.

A.  

Use custom versions of predefined roles to exclude all iam.serviceAccountKeys. * service account role permissions.

B.  

Apply the constraints/iam.disableserviceAccountKeycreation constraint to the organization.

C.  

Apply the constraints/iam. disableServiceAccountKeyUp10ad constraint to the organization.

D.  

Grant the roles/ iam.serviceAccountKeyAdmin IAM role to organization administrators only.

A.  

Use a partitioned rolling update.

B.  

Use Node taints with NoExecute.

C.  

Use a replica set in the deployment specification.

D.  

Use a stateful set with parallel pod management policy.

A.  

Buckelize Ihe request latencies into ranges, and then compute the percentile at 100 ms.

B.  

Bucketize the request latencies into ranges, and then compute the median and 90th percentiles.

C.  

Count the number of home page requests that load in under 100 ms, and then divide by the total number of home page requests.

D.  

Count the number of home page requests that load in under 100 ms. and then divide by the total number of all web application requests.

A.  

Assign one owner for each action item and any necessary collaborators.

B.  

Assign multiple owners for each item to guarantee that the team addresses items quickly

C.  

Assign collaborators but no individual owners to the items to keep the postmortem blameless.

D.  

Assign the team lead as the owner for all action items because they are in charge of the SRE team.

A.  

Create a Google service account.

Create a Kubernetes service account in a Workload Identity-enabled cluster.

Link the Google service account with the Kubernetes service account by using the roles/iam.workloadIdentityUser role and iam.gke.io/gcp-service-account annotation.

Map the Kubernetes service account to the workload.

Repeat for each workload.

B.  

Create a Google service account.

Create a node pool, and set the Google service account as the default identity.

Ensure that workloads can only run on the designated node pool by using node selectors, taints, and tolerations.

Repeat for each workload.

C.  

Create a Google service account.

Create a service account key for the Google service account.

Create a Kubernetes secret with a service account key.

Ensure that workload mounts the secret and set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point at the mount path.

Repeat for each workload.

D.  

Create a Google service account.

Create a node pool without taints, and set the Google service account as the default identity.

Grant IAM permissions to the Google service account.

A.  

Configure Error Reporting in your application

B.  

Configure Google Cloud Managed Service for Prometheus in your application

C.  

Configure Cloud Profiler in your application

D.  

Configure Cloud Trace in your application

A.  

Create one GCP Project per team. In each project, create a cluster for Development and one for Production. Grant the teams IAM access to their respective clusters.

B.  

Create one GCP Project per team. In each project, create a cluster with a Kubernetes namespace for Development and one for Production. Grant the teams IAM access to their respective clusters.

C.  

Create a Development and a Production GKE cluster in separate projects. In each cluster, create a Kubernetes namespace per team, and then configure Identity Aware Proxy so that each team can only access its own namespace.

D.  

Create a Development and a Production GKE cluster in separate projects. In each cluster, create a Kubernetes namespace per team, and then configure Kubernetes Role-based access control (RBAC) so that each team can only access its own namespace.

A.  

flex/connections/current

B.  

tcp_ssl_proxy/new_connections

C.  

tcp_ssl_proxy/open_connections

D.  

flex/instance/connections/current

A.  

Look for the agent's test log entry in the Logs Viewer.

B.  

Install the most recent version of the Stackdriver agent.

C.  

Verify the VM service account access scope includes the monitoring.write scope.

D.  

SSH to the VM and execute the following commands on your VM: ps ax I grep fluentd

A.  

Notify the team that their error budget is used up. Negotiate with the team for a launch freeze or tolerate a slightly worse user experience.

B.  

Look through other metrics related to the product and find SLOs with remaining error budget. Reallocate the error budgets and allow the feature launch.

C.  

Escalate the situation and request additional error budget.

D.  

Notify the team about the lack of error budget and ensure that all their tests are successful so the launch will not further risk the error budget.

A.  

Your application servers' logs

B.  

Instrumentation coded directly in the client

C.  

Metrics exported from the application servers

D.  

GKE health checks for your application servers

E.  

A synthetic client that periodically sends simulated user requests

A.  

Use the --cache-from parameter, and point to Artifact Registry. Add the most frequently modified files to the later stages of the build process.

B.  

Use the --cache-from parameter, and point to Artifact Registry. Add the most frequently modified files to the earlier stages of the build process.

C.  

Cache the container layers of the build process to Cloud Storage. Add the most frequently modified files to the earlier stages of the build process.

D.  

Cache the container layers of the build process to Cloud Storage. Add the most frequently modified files to the later stages of the build process.

A.  

Add more serving capacity to all of your application's zones

B.  

Implement and measure all other available SLIs for the application

C.  

Announce planned downtime to consume more error budget and ensure that users are not depending on a tighter SLO

D.  

Have more frequent or potentially risky application releases

E.  

Tighten the SLO to match the application's observed reliability

A.  

Set up a GitHub action to trigger Cloud Build when there is a parameter change. In Cloud Build, run a gcloud CLI command to apply the change.

B.  

When there is a change in GitHub, use a webhook to send a request to Cloud Service Mesh, and apply the change.

C.  

Configure Config Sync with the GitHub repository. When there is a change in the repository, use Config Sync to apply the change.

D.  

Configure Config Connector with the GitHub repository. When there is a change in the repository, use Config Connector to apply the change.

A.  

Configure the Ops Agent with a logging receiver Create a logs-based metric

B.  

Create a script to scrape the web server log Export the IP address request metrics to the Cloud Monitoring API

C.  

Update the application to export the IP address request metrics to the Cloud Monitoring API

D.  

Configure the Ops Agent with a metrics receiver

A.  

Use Cloud Storage to cache intermediate artifacts.

B.  

Run multiple Jenkins agents to parallelize the build.

C.  

Use multiple smaller build steps to minimize execution time.

D.  

Use larger Cloud Build virtual machines (VMs) by using the machine-type option.

A.  

A scalable in-memory caching system

B.  

The organization's public-facing website

C.  

A distributed, eventually consistent NoSQL database cluster with sufficient quorum

D.  

A GPU-accelerated video rendering platform that retrieves and stores videos in a storage bucket

A.  

Store the encryption keys in Cloud Key Management Service (KMS) and rotate the keys frequently

B.  

Inject the secret at the time of instance creation via an encrypted configuration management system.

C.  

Integrate the application with a Single sign-on (SSO) system and do not expose secrets to the application

D.  

Leverage a continuous build pipeline that produces multiple versions of the secret for each instance of the application.

A.  

Ensure that full autonomy and permissions are only granted to the on-call team.

B.  

Automate common tasks to analyze key impact information and intelligently suggest mitigating actions for the on-call team.

C.  

Ensure that all teams can modify the production environment to resolve issues.

D.  

Create an alerting mechanism for your SRE team based on your system's internal behavior.

E.  

Create up-to-date playbooks with instructions for debugging and mitigating issues.

A.  

Use the gcloud CLI to install the Ops Agent on each VM listed in the Cloud Asset Inventory

B.  

Select all VMs with an Agent status of Not detected on the Cloud Operations VMs dashboard Then select Install agents

C.  

Use the gcloud CLI to create an Agent Policy.

D.  

Install the Ops Agent on the Compute Engine image by using a startup script

A.  

Add more serving capacity to all of your application’s zones.

B.  

Have more frequent or potentially risky application releases.

C.  

Tighten the SLO match the application’s observed reliability.

D.  

Implement and measure additional Service Level Indicators (SLIs) fro the application.

E.  

Announce planned downtime to consume more error budget, and ensure that users are not depending on a tighter SLO.

A.  

A Install a Fluent Bit sidecar container, and use a JSON parser.

B.  

Install the log agent in the Cloud Run container image, and use the log agent to forward logs to Cloud Logging.

C.  

Configure the log agent to convert log text payload to JSON payload.

D.  

Modify the application to use Cloud Logging software development kit (SDK), and send log entries with a jsonPay10ad field.

A.  

Use Flex Start mode for both the Research and Production teams.

B.  

Use Flex Start mode for the Research team and Calendar mode for the Production team.

C.  

Use Calendar mode for both the Research and Production teams.

D.  

Use Calendar mode for the Research team and Flex Start mode for the Production team.

A.  

Develop a postmortem that includes the root causes, resolution, lessons learned, and a prioritized list of action items. Share it with the manager only.

B.  

Develop a postmortem that includes the root causes, resolution, lessons learned, and a prioritized list of action items. Share it on the engineering organization's document portal.

C.  

Develop a postmortem that includes the root causes, resolution, lessons learned, the list of people responsible, and a list of action items for each person. Share it with the manager only.

D.  

Develop a postmortem that includes the root causes, resolution, lessons learned, the list of people responsible, and a list of action items for each person. Share it on the engineering organization's document portal.

A.  

Configure Artifact Registry to automatically trigger vulnerability scans for new image tags, and view scan results. Use Cloud Audit Logs to track image tag creation events.

B.  

Configure Artifact Registry to automatically scan new images and periodically re-scan all images. Use Cloud Audit Logs to track image uploads and identify the user who pushed each image.

C.  

Configure Artifact Registry to automatically re-scan images daily. Enable Cloud Audit Logs to track these scans, and use Logs Explorer to identify vulnerabilities.

D.  

Configure Artifact Registry to send vulnerability scan results to a Cloud Storage bucket. Use a separate script to parse results and notify a security team.

A.  

Deploy the prototype product in a test environment, run a load test, and share the results with the product development team.

B.  

When the initial product version passes the quality assurance phase and compliance assessments, deploy the product to a staging environment. Share error logs and performancemetrics with the product development team.

C.  

When the new product is used by at least one internal customer in production, share error logs and monitoring metrics with the product development team.

D.  

Review the design of the product with the product development team to provide feedback early in the design phase.

A.  

Configure the Vertical Pod Autoscaler but keep the node pool size static

B.  

Configure the Vertical Pod Autoscaler and enable the cluster autoscaler

C.  

Configure the Horizontal Pod Autoscaler but keep the node pool size static

D.  

Configure the Horizontal Pod Autoscaler and enable the cluster autoscaler

A.  

Import the Stackdriver Profiler package, and configure it to relay function timing data to Stackdriver for further analysis.

B.  

Import the Stackdriver Debugger package, and configure the application to emit debug messages with timing information.

C.  

Instrument the code using a timing library, and publish the metrics via a health check endpoint that is scraped by Stackdriver.

D.  

Install an Application Performance Monitoring (APM) tool in both locations, and configure an export to a central data storage location for analysis.

A.  

1. Communicate your intent to the incident team.2. Perform a load analysis to determine if the remaining nodes can handle the increase in traffic offloaded from the removed node, and scale appropriately.3. When any new nodes report healthy, drain traffic from the unhealthy node, and remove the unhealthy node from service.

B.  

1. Communicate your intent to the incident team.2. Add a new node to the pool, and wait for the new node to report as healthy.3. When traffic is being served on the new node, drain traffic from the unhealthy node, and remove the old node from service.

C.  

1 . Drain traffic from the unhealthy node and remove the node from service.2. Monitor traffic to ensure that the error is resolved and that the other nodes in the pool are handling the traffic appropriately.3. Scale the pool as necessary to handle the new load.4. Communicate your actions to the incident team.

D.  

1 . Drain traffic from the unhealthy node and remove the old node from service.2. Add a new node to the pool, wait for the new node to report as healthy, and then serve traffic to the new node.3. Monitor traffic to ensure that the pool is healthy and is handling traffic appropriately.4. Communicate your actions to the incident team.

A.  

Create the secret with an automatic replication policy.

B.  

Create the secret with a user-managed replication policy.

C.  

Remove the organization policy referenced in the error message.

D.  

Add the global region to the organization policy referenced in the error message.

A.  

Runthegcioud run deploy booking-engine —no-traffic —-ag dev command Use the https://dev----booking-engine-abcdef. a. run. app URL for testing

B.  

Runthegcioud run services update-traffic booking-engine —to-revisions LATEST*! command Use the ht tps: //booking-engine-abcdef. a. run. ape URL for testing

C.  

Pass the curl -K "Authorization: Hearer S(gclcud auth print-identity-token)" auth token Use the https: / /booking-engine-abcdef. a. run. app URL to test privately

D.  

Grant the roles/run. invoker role to the developers testing the booking-engine service Use the https: //booking-engine-abcdef. private. run. app URL for testing

A.  

Run the gcloud container clusters update --logging—SYSTEM command for the development cluster.

B.  

Run the gcloud container clusters update logging=WORKLOAD command for the development cluster.

C.  

Run the gcloud logging sinks update _Defau1t --disabled command in the project associated with the development environment.

D.  

Add the severity >= DEBUG resource. type "k83 container" exclusion filter to the Default logging sink in the project associated with the development environment.

A.  

Install a toolbox container on the node in Cluster A Confirm that the routes to Cluster B are configured appropriately

B.  

Use Network Connectivity Center to perform a Connectivity Test from Cluster A to Cluster

C.  

Use a debug container to run the traceroute command from Cluster A to Cluster B and from Cluster B to Cluster A Identify the common failure point

D.  

Enable VPC Flow Logs in both VPCs and monitor packet drops

A.  

Assign the roles/logging, viewer role to each member of the security team

B.  

Assign the roles/logging. viewer role to a group with all the security team members

C.  

Assign the roles/logging.privateLogViewer role to each member of the security team

D.  

Assign the roles/logging.privateLogviewer role to a group with all the security team members

A.  

Enable the Workflows API and route all the logs to Cloud Logging

B.  

Create a central Cloud Monitoring workspace and attach all related projects

C.  

Create an aggregated log sink associated with the production folder that uses a Pub Sub topic as the destination

D.  

Create an aggregated log sink associated with the production folder that uses a Cloud Logging bucket as the destination