A.  

Configure the horizontal pod autoscaler to use the average response time from the Liveness and Readiness probes.

B.  

Configure the vertical pod autoscaler in GKE and enable the cluster autoscaler to scale the cluster as pods expand.

C.  

Install the Stackdriver custom metrics adapter and configure a horizontal pod autoscaler to use the number of requests provided by the GCLB.

D.  

Expose the NGINX stats endpoint and configure the horizontal pod autoscaler to use the request metrics exposed by the NGINX deployment.

A.  

1. Install a Git hook to require developers to run unit tests before pushing the code to a central repository2. Trigger Cloud Build to build the application container Deploy the application container to a testing environment, and run integration tests3. If the integration tests are successful deploy the application container to your production environment. and run acceptance tests

B.  

1. Install a Git hook to require developers to run unit tests before pushing the code to a central repositoryIf all tests are successful build a container2. Trigger Cloud Build to deploy the application container to a testing environment, and run integrationtests and acceptance tests3. If all tests are successful tag the code as production ready Trigger Cloud Build to build and deploy the application container to the production environment<

C.  

1. Trigger Cloud Build to build the application container and run unit tests with the container2. If unit tests are successful, deploy the application container to a testing environment, and run integration tests3. If the integration tests are successful the pipeline deploys the application container to the production environment After that, run acceptance tests

D.  

1. Trigger Cloud Build to run unit tests when the code is pushed If all unit tests are successful, build and push the application container to a central registry.2. Trigger Cloud Build to deploy the container to a testing environment, and run integration tests and acceptance tests3. If all tests are successful the pipeline deploys the application to the production environment and runs smoke tests

A.  

Change the Terraform code to use local state.

B.  

Create a storage bucket with the name specified in the Terraform configuration.

C.  

Grant the roles/ owner Identity and Access Management (IAM) role to the Cloud Build service account on the project.

D.  

Grant the roles/ storage. objectAdmin Identity and Access Management (IAM) role to the Cloud Build service account on the state file bucket.

A.  

Configure traffic splitting to send 100% of the traffic to the latest revision.

B.  

Configure traffic splitting to send 100% of the traffic to the previous revision.

C.  

Create a new revision using the last known good version of the application.

D.  

Identify the cause of the latency by using Cloud Trace.

A.  

Increase the memory resource limit of the microservice.

B.  

Increase the maximum number of nodes in the node pool.

C.  

Increase the maximum replica limit of the Horizontal Pod Autoscaler.

D.  

Update the node pool to use a machine type with more memory.

A.  

Configure the Ops Agent with a logging receiver Create a logs-based metric

B.  

Create a script to scrape the web server log Export the IP address request metrics to the Cloud Monitoring API

C.  

Update the application to export the IP address request metrics to the Cloud Monitoring API

D.  

Configure the Ops Agent with a metrics receiver

A.  

Store the Terraform code in a version-control system. Establish procedures for pushing new versions and merging with the master.

B.  

Store the Terraform code in a network shared folder with child folders for each version release. Ensure that everyone works on different files.

C.  

Store the Terraform code in a Cloud Storage bucket using object versioning. Give access to the bucket to every team member so they can download the files.

D.  

Store the Terraform code in a shared Google Drive folder so it syncs automatically to every team member’s computer. Organize files with a naming convention that identifies each new version.

A.  

Create a cron job to terminate any Pods that have been running for more than five hours

B.  

Add a HTTP liveness probe to the microservice s deployment

C.  

Monitor the Pods and terminate any Pods that have been running for more than five hours

D.  

Configure an alert to notify you whenever a Pod returns 403 errors

A.  

Use the default Stackdriver Kubernetes Engine Monitoring agent configuration.

B.  

Deploy a Fluentd daemonset to GKE. Then create a customized input and output configuration to tail the log file in the application's pods and write to Slackdriver Logging.

C.  

Install Kubernetes on Google Compute Engine (GCE> and redeploy your applications. Then customize the built-in Stackdriver Logging configuration to tail the log file in the application's pods and write to Stackdriver Logging.

D.  

Write a script to tail the log file within the pod and write entries to standard output. Run the script as a sidecar container with the application's pod. Configure a shared volume between the containers to allow the script to have read access to /var/log in the application container.

A.  

Store public and private charts in OCI format by using Artifact Registry

B.  

Store public and private charts by using GitHub Enterprise with Google Workspace as the identity provider

C.  

Store public and private charts by using Git repository Configure Cloud Build to synchronize contents of the repository into a Cloud Storage bucket Connect Helm to the bucket by using https: // [bucket] .srorage.googleapis.com/ [holnchart] as the Helm repository

D.  

Configure a Helm chart repository server to run in Google Kubernetes Engine (GKE) with Cloud Storage bucket as the storage backend

A.  

Create SLIs from metrics Enable Alert Policies if the services do not pass

B.  

Use the metrics from Anthos Service Mesh to measure the health of the microservices

C.  

Create a SLO Create an Alert Policy on select_slo_bum_rate

D.  

Create a SLO and configure uptime checks for your services Enable Alert Policies if the services do not pass

A.  

Your application servers' logs

B.  

Instrumentation coded directly in the client

C.  

Metrics exported from the application servers

D.  

GKE health checks for your application servers

E.  

A synthetic client that periodically sends simulated user requests

A.  

Use Cloud Build to trigger a Spinnaker pipeline.

B.  

Use Cloud Pub/Sub to trigger a Spinnaker pipeline.

C.  

Use a custom builder in Cloud Build to trigger a Jenkins pipeline.

D.  

Use Cloud Pub/Sub to trigger a custom deployment service running in Google Kubernetes Engine (GKE).

A.  

Enable VPC Service Controls for the container.googleapis.com API service.

B.  

Revoke the resourcemanager.projects.updateLiens permission from all users associated with the project.

C.  

Enable the compute.restrictXpnProjectLienRemoval organization policy constraint.

D.  

Instruct teams to only perform IAM permission management as code with Terraform.

A.  

Upgrade the GCS buckets to Multi-Regional.

B.  

Enable high availability on the CloudSQL instances.

C.  

Move the application from App Engine to Compute Engine.

D.  

Modify the App Engine configuration to have additional idle instances.

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

Runthegcioud run deploy booking-engine —no-traffic —-ag dev command Use the https://dev----booking-engine-abcdef. a. run. app URL for testing

B.  

Runthegcioud run services update-traffic booking-engine —to-revisions LATEST*! command Use the ht tps: //booking-engine-abcdef. a. run. ape URL for testing

C.  

Pass the curl -K "Authorization: Hearer S(gclcud auth print-identity-token)" auth token Use the https: / /booking-engine-abcdef. a. run. app URL to test privately

D.  

Grant the roles/run. invoker role to the developers testing the booking-engine service Use the https: //booking-engine-abcdef. private. run. app URL for testing

A.  

Create a trigger on the Cloud Build job Set the repository event setting to Pull request'

B.  

Add the owners file to the Included files filter on the trigger

C.  

Create a trigger on the Cloud Build job Set the repository event setting to Push to a branch

D.  

Configure a branch protection rule for the main branch on the repository

E.  

Enable the Approval option on the trigger

A.  

• Store your code in a Git-based version control system.• Establish a process that allows developers to merge their own changes at the end of each day.• Package and upload code lo a versioned Cloud Storage bucket as the latest master version.

B.  

• Store your code in a Git-based version control system.• Establish a process that includes code reviews by peers and unit testing to ensure integrity and functionality before integration of code.• Establish a process where the fully integrated code in the repository becomes the latest master version.

C.  

• Store your code as text files in Google Drive in a defined folder structure that organizes the files.• At the end of each day. confirm that all changes have been captured in the files within the folder structure.• Rename the folder structure with a predefined naming convention that increments the version.

D.  

• Store your code as text files in Google Drive in a defined folder structure that organizes the files.• At the end of each day, confirm that all changes have been captured in the files within the folder structure and create a new .zip archive with a predefined naming convention.• Upload the .zip archive to a versioned Cloud Storage bucket and accept it as the latest version.

A.  

Enable Data Access audit logging for Cloud Storage for all projects and folders, and configure exempted principals to include users of the CustomerService folder.

B.  

Enable Data Access audit logging for Cloud Storage at the organization level, with no additional configuration.

C.  

Enable Data Access audit logging for Cloud Storage at the organization level, and configure exempted principals to include users of the CustomerService folder.

D.  

Enable Data Access audit logging for Cloud Storage for all projects and folders other than the CustomerService folder.

A.  

Create a trigger to notify the required team to complete the next step when manual intervention is required

B.  

Divide the automation steps into smaller tasks

C.  

Use a script to automate the creation of the deployment pipeline in Google Cloud Deploy

D.  

Add more engineers to finish the manual steps.

E.  

Automate promotion approvals from the development environment to the test environment

A.  

MTTD: 5MTTR: 10MTBF: 90Impact: 33%

B.  

MTTD:5MTTR: 20MTBF: 90Impact: 33%

C.  

MTTD:5MTTR: 10MTBF: 90Impact 50%

D.  

MTTD:5MTTR: 20MTBF: 90Impact: 50%

A.  

DevOps team responsibilitiesManage the service infrastructureBe on-call for incidentsPerform code reviewsSoftware Development team responsibilitiesSubmit code to be reviewed by the DevOps teamPublish the SLOs that the DevOps team must meet

B.  

DevOps team responsibilitiesManage the service infrastructurePerform code reviewsSoftware Development team responsibilitiesSubmit code to be reviewed by the DevOps teamBe on-call for incidentsPublish the SLOs that the DevOps team must meet

C.  

DevOps team responsibilitiesShared responsibilities for code reviewsSoftware Development team responsibilitiesManage the service infrastructureBe on-call for incidents on a rotation basisAdopt and publish SLOs for the serviceSubmit code to be reviewed

D.  

DevOps team responsibilitiesManage the service infrastructureBe on-call for incidentsSoftware Development team responsibilitiesAdopt and publish SLOs for the serviceSubmit code to be reviewedShared responsibilities for code reviews

A.  

Assign the roles/logging, viewer role to each member of the security team

B.  

Assign the roles/logging. viewer role to a group with all the security team members

C.  

Assign the roles/logging.privateLogViewer role to each member of the security team

D.  

Assign the roles/logging.privateLogviewer role to a group with all the security team members

A.  

Use the filter-record-transformer Fluentd filter plugin to remove the fields from the log entries in flight.

B.  

Use the fluent-plugin-record-reformer Fluentd output plugin to remove the fields from the log entries in flight.

C.  

Wait for the application developers to patch the application, and then verify that the log entries are no longer exposing PII.

D.  

Stage log entries to Cloud Storage, and then trigger a Cloud Function to remove the fields and write the entries to Stackdriver via the Stackdriver Logging API.

A.  

• In your application, create a metric with a metricKind set to DELTA and a valueType set to DOUBLE.• In Stackdriver's Metrics Explorer, use a Slacked Bar graph to visualize the metric.

B.  

• In your application, create a metric with a metricKind set to CUMULATIVE and a valueType set to DOUBLE.• In Stackdriver's Metrics Explorer, use a Line graph to visualize the metric.

C.  

• In your application, create a metric with a metricKind set to gauge and a valueType set to distribution.• In Stackdriver's Metrics Explorer, use a Heatmap graph to visualize the metric.

D.  

• In your application, create a metric with a metricKind. set toMETRlc_KIND_UNSPECIFIEDanda valueType set to INT64.• In Stackdriver's Metrics Explorer, use a Stacked Area graph to visualize the metric.

A.  

Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using a key stored in Cloud Key Management Service (Cloud KMS).

B.  

Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) authenticated through Workload Identity.

C.  

Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) with a service account JSON key stored as a Kubernetes Secret.

D.  

Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using their personal private key.

A.  

Enable Cloud Security Scanner on the clusters.

B.  

Enable Vulnerability Analysis on the Container Registry.

C.  

Set up the Kubernetes Engine clusters as private clusters.

D.  

Set up the Kubernetes Engine clusters with Binary Authorization.

A.  

Configure the Vertical Pod Autoscaler but keep the node pool size static

B.  

Configure the Vertical Pod Autoscaler and enable the cluster autoscaler

C.  

Configure the Horizontal Pod Autoscaler but keep the node pool size static

D.  

Configure the Horizontal Pod Autoscaler and enable the cluster autoscaler

A.  

Determine if your service has exceeded its quota for writes to the Cloud Monitoring API.

B.  

Check if the Grafana service is installed on your GKE cluster.

C.  

Confirm that your service has the monitoring.servicesViewer IAM role.

D.  

Verify that your PodMonitoring configuration references a valid port.

A.  

Run integration tests in the CI pipeline.

B.  

Implement static code analysis in the CI pipeline.

C.  

Use a canary deployment strategy.

D.  

Enable Cloud Audit Logs for the deployment.

A.  

Run the gcloud container clusters update --logging—SYSTEM command for the development cluster.

B.  

Run the gcloud container clusters update logging=WORKLOAD command for the development cluster.

C.  

Run the gcloud logging sinks update _Defau1t --disabled command in the project associated with the development environment.

D.  

Add the severity >= DEBUG resource. type "k83 container" exclusion filter to the Default logging sink in the project associated with the development environment.

A.  

flex/connections/current

B.  

tcp_ssl_proxy/new_connections

C.  

tcp_ssl_proxy/open_connections

D.  

flex/instance/connections/current

A.  

Push the images to Google Container Registry (GCR) using the gcr.io hostname.

B.  

Push the images to Google Container Registry (GCR) using the us.gcr.io hostname.

C.  

Push the images to Google Container Registry (GCR) using the eu.gcr.io hostname.

D.  

Push the images to a private image registry running on a Compute Engine instance in the eu-west-1 region.

A.  

Share the workspace Project ID with the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.

B.  

Share the workspace Project ID with the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.

C.  

Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.

D.  

Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.

A.  

Create a new pipeline to delete old infrastructure stacks when they are no longer needed

B.  

Confirm that the pipeline is storing and retrieving the terraform. if state file from Cloud Storage with the Terraform gcs backend

C.  

Verify that the pipeline is storing and retrieving the terrafom.tfstat* file from a source control

D.  

Update the pipeline to remove any existing infrastructure before you apply the latest configuration

A.  

Premium Tier with a global load balancer

B.  

Premium Tier with a regional load balancer

C.  

Standard Tier with a global load balancer

D.  

Standard Tier with a regional load balancer

A.  

Allow public IP addresses in the Cloud Workstations configuration.

B.  

Use a browser running on a bastion host VM.

C.  

Run the gcloud compute start-iap-tunnel command to the Cloud Workstations VM.

D.  

Click the preview link in the Code OSS panel.

A.  

Use the n2-highcpu-96 machine type in the configuration of the MIG.

B.  

Monitor results of Stackdriver Trace to determine the required amount of resources.

C.  

Validate that the resource requirements are within the available quota limits of each region.

D.  

Deploy the service in one region and use a global load balancer to route traffic to this region.

A.  

Create an automated testing script in production to detect failures as soon as they occur.

B.  

Create a development environment with smaller server capacity and give access only to developers and testers.

C.  

Secure the production environment to ensure that developers can't change it and set up one controlled update per year.

D.  

Create a development environment for writing code and a test environment for configurations, experiments, and load testing.

A.  

Enable Personalized Service Health annotations on the dashboard.

B.  

Create an alerting policy for the system error metrics.

C.  

Create a log-based metric to track cloud service errors, and display the metric on the dashboard.

D.  

Create a logs widget to display system errors from Cloud Logging on the dashboard.

A.  

Confirm that the Stackdriver agent has been installed in the hosting virtual machine.

B.  

Confirm that your account has the proper permissions to use the Stackdriver dashboard.

C.  

Confirm that port 25 has been opened in the firewall to allow messages through to Stackdriver.

D.  

Confirm that the application is using the required client library and the service account key has proper permissions.

A.  

Add high memory compute nodes to the cluster.

B.  

Increase the memory limit in the application deployment.

C.  

Add Cloud Trace to the application, and redeploy.

D.  

Increase the CPU limit in the application deployment.

A.  

Replace the CAB with a senior manager to ensure continuous oversight from development to deployment

B.  

Let developers merge their own changes but ensure that the team's deployment platform can roll back changes if any issues are discovered

C.  

Move to a peer-review based process for individual changes that is enforced at code check-in time and supported by automated tests

D.  

Batch changes into larger but less frequent software releases

E.  

Ensure that the team's development platform enables developers to get fast feedback on the impact of their changes

A.  

Deploy the new version of the service to the staging environment Split the traffic, and allow 1 % of traffic through to the latest version Test the latest version If the test passes gradually roll out the latest version to the staging and production environments

B.  

Deploy the new version of the service to the staging environment Split the traffic, and allow 50% of traffic through to the latest version Test the latest version If the test passes, send all traffic to the latest version Repeat for the production environment

C.  

Deploy the new version of the service to the staging environment with a new-release tag without serving traffic Test the new-release version If the test passes; gradually roll out this tagged version Repeat for the production environment

D.  

Deploy a new environment with the green tag to use as the staging environment Deploy the new version of the service to the green environment and test the new version If the tests pass, send all traffic to the green environment and delete the existing staging environment Repeat for the production environment

A.  

Set up a Cloud Build private pool to access the database through a static external IP address. Configure the database to only allow connections from this IP address. Execute the schema migration script in the private pool.

B.  

Create a service account that has permission to access the database. Configure Cloud Build to use this service account and execute the schema migration script in a private pool.

C.  

Add the database username and encrypted password to the application configuration file. Use these credentials in Cloud Build to execute the schema migration script.

D.  

Add the database username and password to Secret Manager. When running the schema migration script, retrieve the username and password from Secret Manager.

A.  

Use the Recommender API and apply the suggested recommendations

B.  

Create an Agent Policy to automatically install Ops Agent in all VMs

C.  

Install the Ops Agent in a fleet of VMs by using the gcloud CLI

D.  

Review the Cloud Monitoring dashboard for the VM and choose the machine type with the lowest CPU utilization

A.  

Use Prometheus Operator to install Prometheus in every cluster and scrape the metrics. Ensure that a Thanos sidecar is enabled on every Prometheus instance. Configure Thanos in the central cluster. Query the central Thanos instance.

B.  

Use Prometheus Operator to install Prometheus in every cluster and scrape the metrics. Configure remote-write to one central Prometheus. Query the central Prometheus instance.

C.  

Enable managed collection on every GKE cluster. Query the metrics in Cloud Monitoring.

D.  

Enable managed collection on every GKE cluster. Query the metrics in BigQuery.

A.  

Compare the canary with a new deployment of the current production version.

B.  

Compare the canary with a new deployment of the previous production version.

C.  

Compare the canary with the existing deployment of the current production version.

D.  

Compare the canary with the average performance of a sliding window of previous production versions.

A.  

Install a continuous profiling tool into Compute Engine. Configure the application to send profiling data to the tool.

B.  

Periodically run the go tool pprof command against the application instance. Analyze the results by using flame graphs.

C.  

Configure Cloud Profiler, and initialize the cloud.go@gle.com/go/profiler library in the application.

D.  

Use Cloud Monitoring to assess the App Engine CPU utilization metric.

A.  

A Install a Fluent Bit sidecar container, and use a JSON parser.

B.  

Install the log agent in the Cloud Run container image, and use the log agent to forward logs to Cloud Logging.

C.  

Configure the log agent to convert log text payload to JSON payload.

D.  

Modify the application to use Cloud Logging software development kit (SDK), and send log entries with a jsonPay10ad field.

A.  

Update the Deployment app-blue to use the new version of the application

B.  

Update the Deployment ape-green to use the previous version of the application

C.  

Change the selector on the Service app-2vc to app: my-app.

D.  

Change the selector on the Service app-svc to app: my-app, version: blue

A.  

An explanation of the root cause of the incident

B.  

A list of employees responsible for causing the incident

C.  

A list of action items to prevent a recurrence of the incident

D.  

Your opinion of the incident’s severity compared to past incidents

E.  

Copies of the design documents for all the services impacted by the incident

A.  

Use Docker to configure a Cloud Storage driver pointed at the bucket owned by your organization.

B.  

Configure Container Registry as an OCI-based container registry for container images.

C.  

Configure Artifact Registry as an OCI-based container registry for both Helm charts and container images.

D.  

Configure an open source container registry server to run in GKE with a restrictive role-based access control (RBAC) configuration.

A.  

Install a toolbox container on the node in Cluster A Confirm that the routes to Cluster B are configured appropriately

B.  

Use Network Connectivity Center to perform a Connectivity Test from Cluster A to Cluster

C.  

Use a debug container to run the traceroute command from Cluster A to Cluster B and from Cluster B to Cluster A Identify the common failure point

D.  

Enable VPC Flow Logs in both VPCs and monitor packet drops

A.  

Use Cloud Logging to configure an aggregated sink at the organization level to export all logs into a BigQuery dataset

B.  

Use Cloud Logging to configure an aggregated sink at the organization level to export all logs into Cloud Storage with a seven-year retention policy and Bucket Lock

C.  

Use Cloud Logging to configure an export sink at each project level to export all logs into a BigQuery dataset

D.  

Use Cloud Logging to configure an export sink at each project level to export all logs into Cloud Storage with a seven-year retention policy and Bucket Lock

A.  

Assign the Container Developer role to the Cloud Build service account.

B.  

Specify the Container Developer role for Cloud Build in the cloudbuild.yaml file.

C.  

Create a new service account with the Container Developer role and use it to run Cloud Build.

D.  

Create a separate step in Cloud Build to retrieve service account credentials and pass these to kubectl.

A.  

Use Cloud Build private pools to connect to the private VPC.

B.  

Use Spinnaker for Google Cloud to connect to the private VPC.

C.  

Use Cloud Build as a pipeline runner. Configure Internal HTTP(S) Load Balancing for API access.

D.  

Use Cloud Build as a pipeline runner. Configure External HTTP(S) Load Balancing with a Google Cloud Armor policy for API access.