New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

New Release Professional-Cloud-DevOps-Engineer Cloud DevOps Engineer Questions

Page: 10 / 11
Question 40

You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (PII) is leaking into certain log entry fields. You want to prevent these fields from being written in new log entries as quickly as possible. What should you do?

Options:

A.

Use the filter-record-transformer Fluentd filter plugin to remove the fields from the log entries in flight.

B.

Use the fluent-plugin-record-reformer Fluentd output plugin to remove the fields from the log entries in flight.

C.

Wait for the application developers to patch the application, and then verify that the log entries are no longer exposing PII.

D.

Stage log entries to Cloud Storage, and then trigger a Cloud Function to remove the fields and write the entries to Stackdriver via the Stackdriver Logging API.

Question 41

You are configuring your CI/CD pipeline natively on Google Cloud. You want builds in a pre-production Google Kubernetes Engine (GKE) environment to be automatically load-tested before being promoted to the production GKE environment. You need to ensure that only builds that have passed this test are deployed to production. You want to follow Google-recommended practices. How should you configure this pipeline with Binary Authorization?

Options:

A.

Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using a key stored in Cloud Key Management Service (Cloud KMS).

B.

Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) authenticated through Workload Identity.

C.

Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) with a service account JSON key stored as a Kubernetes Secret.

D.

Create an attestation for the builds that pass the load test by requiring the lead quality assurance engineer to sign the attestation by using their personal private key.

Question 42

You have a pool of application servers running on Compute Engine. You need to provide a secure solution that requires the least amount of configuration and allows developers to easily access application logs for troubleshooting. How would you implement the solution on GCP?

Options:

A.

• Deploy the Stackdriver logging agent to the application servers.

• Give the developers the IAM Logs Viewer role to access Stackdriver and view logs.

B.

• Deploy the Stackdriver logging agent to the application servers.

• Give the developers the IAM Logs Private Logs Viewer role to access Stackdriver and view logs.

C.

• Deploy the Stackdriver monitoring agent to the application servers.

• Give the developers the IAM Monitoring Viewer role to access Stackdriver and view metrics.

D.

• Install the gsutil command line tool on your application servers.

• Write a script using gsutil to upload your application log to a Cloud Storage bucket, and then schedule it to run via cron every 5 minutes.

• Give the developers IAM Object Viewer access to view the logs in the specified bucket.

Question 43

You are deploying an application to Cloud Run. The application requires a password to start. Your organization requires that all passwords are rotated every 24 hours, and your application must have the latest password. You need to deploy the application with no downtime. What should you do?

Options:

A.

Store the password in Secret Manager and send the secret to the application by using environment variables.

B.

Store the password in Secret Manager and mount the secret as a volume within the application.

C.

Use Cloud Build to add your password into the application container at build time. Ensure that Artifact Registry is secured from public access.

D.

Store the password directly in the code. Use Cloud Build to rebuild and deploy the application each time the password changes.

Page: 10 / 11
Exam Name: Google Cloud Certified - Professional Cloud DevOps Engineer Exam
Last Update: Dec 22, 2024
Questions: 162
Professional-Cloud-DevOps-Engineer pdf

Professional-Cloud-DevOps-Engineer PDF

$25.5  $84.99
Professional-Cloud-DevOps-Engineer Engine

Professional-Cloud-DevOps-Engineer Testing Engine

$28.5  $94.99
Professional-Cloud-DevOps-Engineer PDF + Engine

Professional-Cloud-DevOps-Engineer PDF + Testing Engine

$40.5  $134.99