Your application services run in Google Kubernetes Engine (GKE). You want to make sure that only images from your centrally-managed Google Container Registry (GCR) image registry in the altostrat-images project can be deployed to the cluster while minimizing development time. What should you do?

A.

Create a custom builder for Cloud Build that will only push images to gcr.io/altostratimages.

B.

Use a Binary Authorization policy that includes the whitelist name pattern
gcr.io/attostrat-images/.

C.

Add logic to the deployment pipeline to check that all manifests contain only images from gcr.io/altostrat-images.

D.

Add a tag to each image in gcr.io/altostrat-images and check that this tag is present when the image is deployed.

You support a high-traffic web application with a microservice architecture. The home page
of the application displays multiple widgets containing content such as the current weather,
stock prices, and news headlines. The main serving thread makes a call to a dedicated
microservice for each widget and then lays out the homepage for the user. The
microservices occasionally fail; when that happens, the serving thread serves the
homepage with some missing content. Users of the application are unhappy if this
degraded mode occurs too frequently, but they would rather have some content served
instead of no content at all. You want to set a Service Level Objective (SLO) to ensure that
the user experience does not degrade too much. What Service Level Indicator {SLI) should
you use to measure this?

A.

A quality SLI: the ratio of non-degraded responses to total responses

B.

An availability SLI: the ratio of healthy microservices to the total number of
microservices

C.

A freshness SLI: the proportion of widgets that have been updated within the last 10 minutes

D.

A latency SLI: the ratio of microservice calls that complete in under 100 ms to the total number of microservice calls

You use Cloud Build to build and deploy your application. You want to securely incorporate database credentials and other application secrets into the build pipeline. You also want to minimize the development effort. What should you do?

A.

Create a Cloud Storage bucket and use the built-in encryption at rest. Store the secrets in the bucket and grant Cloud Build access to the bucket.

B.

Encrypt the secrets and store them in the application repository. Store a decryption key
in a separate repository and grant Cloud Build access to the repository.

C.

Use client-side encryption to encrypt the secrets and store them in a Cloud Storage bucket. Store a decryption key in the bucket and grant Cloud Build access to the bucket.

D.

Use Cloud Key Management Service (Cloud KMS) to encrypt the secrets and include
them in your Cloud Build deployment configuration. Grant Cloud Build access to the
KeyRing.

You are running an application in a virtual machine (VM) using a custom Debian image. The image has the Stackdriver Logging agent installed. The VM has the cloud-platform scope. The application is logging information via syslog. You want to use Stackdriver Logging in the Google Cloud Platform Console to visualize the logs. You notice that syslog is not showing up in the "All logs" dropdown list of the Logs Viewer. What is the first thing you should do?

A.

Look for the agent's test log entry in the Logs Viewer.

B.

Install the most recent version of the Stackdriver agent.

C.

Verify the VM service account access scope includes the monitoring.write scope.

D.

SSH to the VM and execute the following commands on your VM: ps ax I grep fluentd

Your team has recently deployed an NGINX-based application into Google Kubernetes Engine (GKE) and has exposed it to the public via an HTTP Google Cloud Load Balancer (GCLB) ingress. You want to scale the deployment of the application's frontend using an appropriate Service Level Indicator (SLI). What should you do?

A.

Configure the horizontal pod autoscaler to use the average response time from the Liveness and Readiness probes.

B.

Configure the vertical pod autoscaler in GKE and enable the cluster autoscaler to scale the cluster as pods expand.

C.

Install the Stackdriver custom metrics adapter and configure a horizontal pod autoscaler to use the number of requests provided by the GCLB.

D.

Expose the NGINX stats endpoint and configure the horizontal pod autoscaler to use the request metrics exposed by the NGINX deployment.

Your application runs on Google Cloud Platform (GCP). You need to implement Jenkins for deploying application releases to GCP. You want to streamline the release process, lower operational toil, and keep user data secure. What should you do?

A.

Implement Jenkins on local workstations.

B.

Implement Jenkins on Kubernetes on-premises

C.

Implement Jenkins on Google Cloud Functions.

D.

Implement Jenkins on Compute Engine virtual machines.

You are writing a postmortem for an incident that severely affected users. You want to prevent similar incidents in the future. Which two of the following sections should you include in the postmortem? (Choose two.)

A.

An explanation of the root cause of the incident

B.

A list of employees responsible for causing the incident

C.

A list of action items to prevent a recurrence of the incident

D.

Your opinion of the incident’s severity compared to past incidents

E.

Copies of the design documents for all the services impacted by the incident

Your application images are built using Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What should you do when you push the image?

A.

Reference the image digest in the source control tag.

B.

Supply the source control tag as a parameter within the image name.

C.

Use Cloud Build to include the release version tag in the application image.

D.

Use GCR digest versioning to match the image to the tag in source control.

You use a multiple step Cloud Build pipeline to build and deploy your application to Google
Kubernetes Engine (GKE). You want to integrate with a third-party monitoring platform by
performing a HTTP POST of the build information to a webhook. You want to minimize the
development effort. What should you do?

A.

Add logic to each Cloud Build step to HTTP POST the build information to a webhook.

B.

Add a new step at the end of the pipeline in Cloud Build to HTTP POST the build information to a webhook.

C.

Use Stackdriver Logging to create a logs-based metric from the Cloud Buitd logs. Create an Alert with a Webhook notification type.

D.

Create a Cloud Pub/Sub push subscription to the Cloud Build cloud-builds PubSub topic
to HTTP POST the build information to a webhook.

You are responsible for creating and modifying the Terraform templates that define your Infrastructure. Because two new engineers will also be working on the same code, you need to define a process and adopt a tool that will prevent you from overwriting each other's code. You also want to ensure that you capture all updates in the latest version. What should you do?

A.

• Store your code in a Git-based version control system.
• Establish a process that allows developers to merge their own changes at the end of each
day.
• Package and upload code lo a versioned Cloud Storage bucket as the latest master
version.

B.

• Store your code in a Git-based version control system.
• Establish a process that includes code reviews by peers and unit testing to ensure
integrity and functionality before integration of code.
• Establish a process where the fully integrated code in the repository becomes the latest
master version.

C.

• Store your code as text files in Google Drive in a defined folder structure that organizes
the files.
• At the end of each day. confirm that all changes have been captured in the files within the
folder structure.
• Rename the folder structure with a predefined naming convention that increments the
version.

D.

• Store your code as text files in Google Drive in a defined folder structure that organizes
the files.
• At the end of each day, confirm that all changes have been captured in the files within the
folder structure and create a new .zip archive with a predefined naming convention.
• Upload the .zip archive to a versioned Cloud Storage bucket and accept it as the latest
version.

You encounter a large number of outages in the production systems you support. You receive alerts for all the outages that wake you up at night. The alerts are due to unhealthy systems that are automatically restarted within a minute. You want to set up a process that would prevent staff burnout while following Site Reliability Engineering practices. What should you do?

A.

Eliminate unactionable alerts.

B.

Create an incident report for each of the alerts.

C.

Distribute the alerts to engineers in different time zones.

D.

Redefine the related Service Level Objective so that the error budget is not exhausted

Your company is developing applications that are deployed on Google Kubernetes Engine
(GKE). Each team manages a different application. You need to create the development
and production environments for each team, while minimizing costs. Different teams should
not be able to access other teams’ environments. What should you do?

A.

Create one GCP Project per team. In each project, create a cluster for Development and
one for Production. Grant the teams IAM access to their respective clusters.

B.

Create one GCP Project per team. In each project, create a cluster with a Kubernetes
namespace for Development and one for Production. Grant the teams IAM access to their
respective clusters.

C.

Create a Development and a Production GKE cluster in separate projects. In each
cluster, create a Kubernetes namespace per team, and then configure Identity Aware
Proxy so that each team can only access its own namespace.

D.

Create a Development and a Production GKE cluster in separate projects. In each
cluster, create a Kubernetes namespace per team, and then configure Kubernetes Rolebased
access control (RBAC) so that each team can only access its own namespace