Your solution is producing performance bugs in production that you did not see in staging and test
environments. You want to adjust your test and deployment procedures to avoid this problem in the future. What should you do?

A.

Deploy fewer changes to production.

B.

Deploy smaller changes to production.

C.

Increase the load on your test and staging environments.

D.

Deploy changes to a small subset of users before rolling out to production.

A news teed web service has the following code running on Google App Engine. During peak load, users
report that they can see news articles they already viewed. What is the most likely cause of this problem?

A.

The session variable is local to just a single instance.

B.

The session variable is being overwritten in Cloud Datastore.

C.

The URL of the API needs to be modified to prevent caching.

D.

The HTTP Expires header needs to be set to -1 to stop caching.

Your organization wants to control IAM policies for different departments independently, but centrally.
Which approach should you take?

A.

Multiple Organizations with multiple Folders

B.

Multiple Organizations, one for each department

C.

A single Organization with Folder for each department

D.

A single Organization with multiple projects, each with a central owner

Your development team has installed a new Linux kernel module on the batch servers in Google Compute
Engine (GCE) virtual machines (VMs) to speed up the nightly batch process. Two days after the installation,
50% of the batch servers failed the nightly batch run. You want to collect details on the failure to pass back to
the development team. Which three actions should you take? Choose 3 answers

A.

Use Stackdriver Logging to search for the module log entries.

B.

Read the debug GCE Activity log using the API or Cloud Console.

C.

Use gcloud or Cloud Console to connect to the serial console and observe the logs.

D.

Identify whether a live migration event of the failed server occurred, using in the activity log.

E.

Adjust the Google Stackdriver timeline to match the failure time, and observe the batch server metrics.

F.

Export a debug VM into an image, and run the image on a local server where kernel log messages will
be displayed on the native screen.

You set up an autoscaling instance group to serve web traffic for an upcoming launch. After configuring the instance group as a backend service to an HTTP(S) load balancer, you notice that virtual machine (VM) instances are being terminated and re-launched every minute. The instances do not have a public IP address. You have verified the appropriate web response is coming from each instance using the curl command. You want to ensure the backend is configured correctly. What should you do?

A.

Ensure that a firewall rule exists to allow source traffic on HTTP/HTTPS to reach the load balancer.

B.

Assign a public IP to each instance and configure a firewall rule to allow the load balancer to reach the
instance public IP.

C.

Ensure that a firewall rule exists to allow load balancer health checks to reach the instances in the
instance group.

D.

Create a tag on each instance with the name of the load balancer. Configure a firewall rule with the
name of the load balancer as the source and the instance tag as the destination.

Your company wants to try out the cloud with low risk. They want to archive approximately 100 TB of their log data to the cloud and test the analytics features available to them there, while also retaining that data as a long-term disaster recovery backup. Which two steps should they take? Choose 2 answers

A.

Load logs into Google BigQuery.

B.

Load logs into Google Cloud SQL.

C.

Import logs into Google Stackdriver.

D.

Insert logs into Google Cloud Bigtable.

E.

Upload log files into Google Cloud Storage.

You are designing a mobile chat application. You want to ensure people cannot spoof chat messages, by
providing a message were sent by a specific user.
What should you do

A.

Tag messages client side with the originating user identifier and the destination user.

B.

Encrypt the message client side using block-based encryption with a shared key.

C.

Use public key infrastructure (PKI) to encrypt the message client side using the originating user's private
key.

D.

Use a trusted certificate authority to enable SSL connectivity between the client application and the
server.

Your company has successfully migrated to the cloud and wants to analyze their data stream to optimize
operations. They do not have any existing code for this analysis, so they are exploring all their options. These
options include a mix of batch and stream processing, as they are running some hourly jobs and
live-processing some data as it comes in. Which technology should they use for this?

A.

Google Cloud Dataproc

B.

Google Cloud Dataflow

C.

Google Container Engine with Bigtable

D.

Google Compute Engine with Google BigQuery

You have been asked to select the storage system for the click-data of your company's large portfolio of
websites. This data is streamed in from a custom website analytics package at a typical rate of 6,000 clicks per
minute, with bursts of up to 8,500 clicks per second. It must been stored for future analysis by your data
science and user experience teams. Which storage infrastructure should you choose?

A.

Google Cloud SQL

B.

Google Cloud Bigtable

C.

Google Cloud Storage

D.

Google cloud Datastore

Auditors visit your teams every 12 months and ask to review all the Google Cloud Identity and Access
Management (Cloud IAM) policy changes in the previous 12 months. You want to streamline and expedite the analysis and audit process. What should you do?

A.

Create custom Google Stackdriver alerts and send them to the auditor.

B.

Enable Logging export to Google BigQuery and use ACLs and views to scope the data shared with the
auditor.

C.

Use cloud functions to transfer log entries to Google Cloud SQL and use ACLS and views to limit an
auditor's view.

D.

Enable Google Cloud Storage (GCS) log export to audit logs Into a GCS bucket and delegate access to
the bucket

Your application needs to process credit card transactions. You want the smallest scope of Payment Card
Industry (PCI) compliance without compromising the ability to analyze transactional data and trends relating to which payment methods are used. How should you design your architecture?

A.

Create a tokenizer service and store only tokenized data.

B.

Create separate projects that only process credit card data.

C.

Create separate subnetworks and isolate the components that process credit card data.

D.

Streamline the audit discovery phase by labeling all of the virtual machines (VMs) that process PCI
data.

E.

Enable Logging export to Google BigQuery and use ACLs and views to scope the data shared with the
auditor

Your company places a high value on being responsive and meeting customer needs quickly. Their primary
business objectives are release speed and agility. You want to reduce the chance of security errors being
accidentally introduced. Which two actions can you take? Choose 2 answers

A.

Ensure every code check-in is peer reviewed by a security SME.

B.

Use source code security analyzers as part of the CI/CD pipeline.

C.

Ensure you have stubs to unit test all interfaces between components.

D.

Enable code signing and a trusted binary repository integrated with your CI/CD pipeline.

E.

Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD)
pipeline.