Most Recent Google Professional-Cloud-DevOps-Engineer Exam Dumps

Prepare for the Google Professional Cloud DevOps Engineer exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Google Professional-Cloud-DevOps-Engineer exam and achieve success.

The questions for Professional-Cloud-DevOps-Engineer were last updated on Mar 29, 2025.

Viewing page 1 out of 35 pages.
Viewing questions 1-5 out of 177 questions

Get All 177 Questions & Answers

Question No. 1

As part of your company's initiative to shift left on security, the infoSec team is asking all teams to implement guard rails on all the Google Kubernetes Engine (GKE) clusters to only allow the deployment of trusted and approved images You need to determine how to satisfy the InfoSec teams goal of shifting left on security. What should you do?

ADeploy Falco or Twistlock on GKE to monitor for vulnerabilities on your running Pods

BConfigure Identity and Access Management (1AM) policies to create a least privilege model on your GKE clusters

CUse Binary Authorization to attest images during your CI CD pipeline

DEnable Container Analysis in Artifact Registry, and check for common vulnerabilities and exposures (CVEs) in your container images

Show Answer

Correct Answer: C

The best option for implementing guard rails on all GKE clusters to only allow the deployment of trusted and approved images is to use Binary Authorization to attest images during your CI/CD pipeline. Binary Authorization is a feature that allows you to enforce signature-based validation when deploying container images. You can use Binary Authorization to create policies that specify which images are allowed or denied in your GKE clusters. You can also use Binary Authorization to attest images during your CI/CD pipeline by using tools such as Container Analysis or third-party integrations. An attestation is a digital signature that certifies that an image meets certain criteria, such as passing vulnerability scans or code reviews. By using Binary Authorization to attest images during your CI/CD pipeline, you can ensure that only trusted and approved images are deployed to your GKE clusters.

Question No. 2

You need to enforce several constraint templates across your Google Kubernetes Engine (GKE) clusters. The constraints include policy parameters, such as restricting the Kubernetes API. You must ensure that the policy parameters are stored in a GitHub repository and automatically applied when changes occur. What should you do?

ASet up a GitHub action to trigger Cloud Build when there is a parameter change. In Cloud Build, run a gcloud CLI command to apply the change.

BWhen there is a change in GitHub, use a web hook to send a request to Anthos Service Mesh, and apply the change.

CConfigure Anthos Config Management with the GitHub repository. When there is a change in the repository, use Anthos Config Management to apply the change.

DConfigure Config Connector with the GitHub repository. When there is a change in the repository, use Config Connector to apply the change.

Show Answer

Correct Answer: C

The correct answer is C. Configure Anthos Config Management with the GitHub repository. When there is a change in the repository, use Anthos Config Management to apply the change.

According to the web search results, Anthos Config Management is a service that lets you manage the configuration of your Google Kubernetes Engine (GKE) clusters from a single source of truth, such as a GitHub repository1. Anthos Config Management can enforce several constraint templates across your GKE clusters by using Policy Controller, which is a feature that integrates the Open Policy Agent (OPA) Constraint Framework into Anthos Config Management2. Policy Controller can apply constraints that include policy parameters, such as restricting the Kubernetes API3. To use Anthos Config Management and Policy Controller, you need to configure them with your GitHub repository and enable the sync mode4. When there is a change in the repository, Anthos Config Management will automatically sync and apply the change to your GKE clusters5.

The other options are incorrect because they do not use Anthos Config Management and Policy Controller. Option A is incorrect because it uses a GitHub action to trigger Cloud Build, which is a service that executes your builds on Google Cloud Platform infrastructure6. Cloud Build can run a gcloud CLI command to apply the change, but it does not use Anthos Config Management or Policy Controller. Option B is incorrect because it uses a web hook to send a request to Anthos Service Mesh, which is a service that provides a uniform way to connect, secure, monitor, and manage microservices on GKE clusters7. Anthos Service Mesh can apply the change, but it does not use Anthos Config Management or Policy Controller. Option D is incorrect because it uses Config Connector, which is a service that lets you manage Google Cloud resources through Kubernetes configuration. Config Connector can apply the change, but it does not use Anthos Config Management or Policy Controller.

Anthos Config Management documentation, Overview. Policy Controller, Policy Controller. Constraint template library, Constraint template library. Installing Anthos Config Management, Installing Anthos Config Management. Syncing configurations, Syncing configurations. Cloud Build documentation, Overview. Anthos Service Mesh documentation, Overview. [Config Connector documentation], Overview.

Question No. 3

Your organization has a containerized web application that runs on-premises As part of the migration plan to Google Cloud you need to select a deployment strategy and platform that meets the following acceptance criteria

1 The platform must be able to direct traffic from Android devices to an Android-specific microservice

2 The platform must allow for arbitrary percentage-based traffic splitting

3 The deployment strategy must allow for continuous testing of multiple versions of any microservice

What should you do?

ADeploy the canary release of the application to Cloud Run Use traffic splitting to direct 10% of user traffic to the canary release based on the revision tag

BDeploy the canary release of the application to App Engine Use traffic splitting to direct a subset of user traffic to the new version based on the IP address

CDeploy the canary release of the application to Compute Engine Use Anthos Service Mesh with Compute Engine to direct 10% of user traffic to the canary release by configuring the virtual service.

DDeploy the canary release to Google Kubernetes Engine with Anthos Sen/ice Mesh Use traffic splitting to direct 10% of user traffic to the new version based on the user-agent header configured in the virtual service

Show Answer

Correct Answer: D

The best option for deploying a containerized web application to Google Cloud with the given acceptance criteria is to use Google Kubernetes Engine (GKE) with Anthos Service Mesh. GKE is a managed service for running Kubernetes clusters on Google Cloud, and Anthos Service Mesh is a service mesh that provides observability, traffic management, and security features for microservices. With Anthos Service Mesh, you can use traffic splitting to direct traffic from Android devices to an Android-specific microservice by configuring the user-agent header in the virtual service. You can also use traffic splitting to direct arbitrary percentage-based traffic to different versions of any microservice for continuous testing. For example, you can use a canary release strategy to direct 10% of user traffic to a new version of a microservice and monitor its performance and reliability.

Question No. 4

You use Spinnaker to deploy your application and have created a canary deployment stage in the pipeline. Your application has an in-memory cache that loads objects at start time. You want to automate the comparison of the canary version against the production version. How should you configure the canary analysis?

ACompare the canary with a new deployment of the current production version.

BCompare the canary with a new deployment of the previous production version.

CCompare the canary with the existing deployment of the current production version.

DCompare the canary with the average performance of a sliding window of previous production versions.

Show Answer

Correct Answer: A

https://cloud.google.com/architecture/automated-canary-analysis-kubernetes-engine-spinnaker

https://spinnaker.io/guides/user/canary/best-practices/#compare-canary-against-baseline-not-against-production

Question No. 5

Your application images are built using Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What should you do when you push the image?

AReference the image digest in the source control tag.

BSupply the source control tag as a parameter within the image name.

CUse Cloud Build to include the release version tag in the application image.

DUse GCR digest versioning to match the image to the tag in source control.

Show Answer

Correct Answer: B

https://cloud.google.com/container-registry/docs/pushing-and-pulling

Unlock All Questions for Google Professional-Cloud-DevOps-Engineer Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 177 Questions & Answers