Your team uses Cloud Build for all CI/CO pipelines. You want to use the kubectl builder for Cloud Build to deploy new images to Google Kubernetes Engine (GKE). You need to authenticate to GKE while minimizing development effort. What should you do?
A. Assign the Container Developer role to the Cloud Build service account.
B. Create a separate step in Cloud Build to retrieve service account credentials and pass these to kubectl.
C. Specify the Container Developer role for Cloud Build in the cloudbuild.yaml file.
D. Create a new service account with the Container Developer role and use it to run Cloud Build.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
You are deploying an application that needs to access sensitive information. You need to ensure that this information is encrypted and the risk of exposure is minimal if a breach occurs. What should you do?
A. Inject the secret at the time of instance creation via an encrypted configuration management system.
B. Store the encryption keys in Cloud Key Management Service (KMS) and rotate the keys frequently
C. Integrate the application with a Single sign-on (SSO) system and do not expose secrets to the application
D. Leverage a continuous build pipeline that produces multiple versions of the secret for each instance of the application.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
You need to define Service Level Objectives (SLOs) for a high-traffic multi-region web application. Customers expect the application to always be available and have fast response times. Customers are currently happy with the application performance and availability. Based on current measurement, you observe that the 90th percentile of latency is 120ms and the 95th percentile of latency is 275ms over a 28-day window. What latency SLO would you recommend to the team to publish?
A. 90th percentile - 150ms
95th percentile - 300ms
B. 90th percentile - 120ms
95th percentile - 275ms
C. 90th percentile - 250ms
95th percentile - 400ms
D. 90th percentile - 100ms
95th percentile - 250ms
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Your team is building a service that performs compute-heavy processing on batches of data The data is processed faster based on the speed and number of CPUs on the machine These batches of data vary in size and may arrive at any time from multiple third-party sources You need to ensure that third parties are able to upload their data securely. You want to minimize costs while ensuring that the data is processed as quickly as possible What should you do?
A. * Provide a Cloud Storage bucket so that third parties can upload batches of data, and provide appropriate Identity and Access Management (1AM) access to the bucket
* Use a standard Google Kubernetes Engine (GKE) cluster and maintain two services one that processes the batches of data and one that monitors Cloud Storage for new batches of data
* Stop the processing service when there are no batches of data to process
B. * Provide a Cloud Storage bucket so that third parties can upload batches of data, and provide appropriate Identity and Access Management (1AM) access to the bucket
* Use Cloud Monitoring to detect new batches of data in the bucket and trigger a Cloud Function that processes the data
* Set a Cloud Function to use the largest CPU possible to minimize the runtime of the processing
C. * Provide a secure file transfer protocol (SFTP) server on a Compute Engine instance so that third parties can upload batches of data and provide appropriate credentials to the server
* Create a Cloud Function with a google.storage, object, finalize Cloud Storage trigger Write code so that the function can scale up a Compute Engine autoscaling managed instance group
* Use an image pre-loaded with the data processing software that terminates the instances when processing completes
D. * Provide a Cloud Storage bucket so that third parties can upload batches of data, and provide appropriate identity and Access Management (1AM) access to the bucket
* Create a Cloud Function with a google, storage, object .finalise Cloud Storage trigger Write code so that the function can scale up a Compute Engine autoscaling managed instance group
* Use an image pre-loaded with the data processing software that terminates the instances when processing completes
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
You are configuring the frontend tier of an application deployed in Google Cloud The frontend tier is hosted in ngmx and deployed using a managed instance group with an Envoy-based external HTTP(S) load balancer in front The application is deployed entirely within the europe-west2 region: and only serves users based in the United Kingdom. You need to choose the most cost-effective network tier and load balancing configuration What should you use?
A. Standard Tier with a global load balancer
B. Standard Tier with a regional load balancer
C. Premium Tier with a regional load balancer
D. Premium Tier with a global load balancer
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Your team has recently deployed an NGINX-based application into Google Kubernetes Engine (GKE) and has exposed it to the public via an HTTP Google Cloud Load Balancer (GCLB) ingress. You want to scale the deployment of the application's frontend using an appropriate Service Level Indicator (SLI). What should you do?
A. Expose the NGINX stats endpoint and configure the horizontal pod autoscaler to use the request metrics exposed by the NGINX deployment.
B. Configure the horizontal pod autoscaler to use the average response time from the Liveness and Readiness probes.
C. Install the Stackdriver custom metrics adapter and configure a horizontal pod autoscaler to use the number of requests provided by the GCLB.
D. Configure the vertical pod autoscaler in GKE and enable the cluster autoscaler to scale the cluster as pods expand.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (Pll) is leaking into certain log entry fields. All Pll entries begin with the text userinfo. You want to capture these log entries in a secure location for later review and prevent them from leaking to Stackdriver Logging. What should you do?
A. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, and then copy the entries to a Cloud Storage bucket.
B. Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, create an advanced log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.
C. Create an advanced log filter matching userinfo, configure a log export in the Stackdriver console with Cloud Storage as a sink, and then configure a tog exclusion with userinfo as a filter.
D. Create a basic log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
You created a Stackdriver chart for CPU utilization in a dashboard within your workspace project. You want to share the chart with your Site Reliability Engineering (SRE) team only. You want to ensure you follow the principle of least privilege. What should you do?
A. Share the workspace Project ID with the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.
B. Share the workspace Project ID with the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.
C. Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.
D. Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
You are configuring Cloud Logging for a new application that runs on a Compute Engine instance with a public IP address.
A user-managed service account is attached to the instance.
You confirmed that the necessary agents are running on the instance but you cannot see any log entries from the instance in Cloud Logging. You want to resolve the issue by following Google-recommended practices.
What should you do?
A. Enable Private Google Access on the subnet that the instance is in.
B. Add the Logs Writer role to the service account.
C. Export the service account key and configure the agents to use the key.
D. Update the instance to use the default Compute Engine service account.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
Aoki -
本当に試験対策になっていて、試験に出てくる問題はほぼこの問題集にも出てました。試験の内容がほぼ問題集の内容に一致していてびっくりしました。スムーズにかけたし、合格することもできました。