You need to define Service Level Objectives (SLOs) for a high-traffic multi-region web application. Customers expect the application to always be available and have fast response times. Customers are currently happy with the application performance and availability. Based on current measurement, you observe that the 90th percentile of latency is 120ms and the 95th percentile of latency is 275ms over a 28-day window. What latency SLO would you recommend to the team to publish?

A.

90th percentile – 100ms
95th percentile – 250ms

B.

90th percentile – 120ms
95th percentile – 275ms

C.

90th percentile – 150ms
95th percentile – 300ms

D.

90th percentile – 250ms
95th percentile – 400ms

You support a large service with a well-defined Service Level Objective (SLO). The development team deploys new releases of the service multiple times a week. If a major incident causes the service to miss its SLO, you want the development team to shift its focus from working on features to improving service reliability. What should you do before a major incident occurs?

A.

Develop an appropriate error budget policy in cooperation with all service stakeholders.

B.

Negotiate with the product team to always prioritize service reliability over releasing new
features.

C.

Negotiate with the development team to reduce the release frequency to no more than
once a week.

D.

Add a plugin to your Jenkins pipeline that prevents new releases whenever your service
is out of SLO.

Your company experiences bugs, outages, and slowness in its production systems. Developers use the production environment for new feature development and bug fixes. Configuration and experiments are done in the production environment, causing outages for users. Testers use the production environment for load testing, which often slows the
production systems. You need to redesign the environment to reduce the number of bugs
and outages in production and to enable testers to load test new features. What should you
do?

A.

Create an automated testing script in production to detect failures as soon as they occur.

B.

Create a development environment with smaller server capacity and give access only to developers and testers.

C.

Secure the production environment to ensure that developers can't change it and set up one controlled update per year.

D.

Create a development environment for writing code and a test environment for
configurations, experiments, and load testing.

You support an application that stores product information in cached memory. For every
cache miss, an entry is logged in Stackdriver Logging. You want to visualize how often a
cache miss happens over time. What should you do?

A.

Link Stackdriver Logging as a source in Google Data Studio. Filler (he logs on the cache misses.

B.

Configure Stackdriver Profiler to identify and visualize when the cache misses occur based on the logs.

C.

Create a logs-based metric in Stackdriver Logging and a dashboard for that metric in Stackdriver Monitoring.

D.

Configure BigOuery as a sink for Stackdriver Logging. Create a scheduled query to filter
the cache miss logs and write them to a separate table

Your team is designing a new application for deployment into Google Kubernetes Engine (GKE). You need to set up monitoring to collect and aggregate various application-level metrics in a centralized location. You want to use Google Cloud Platform services while minimizing the amount of work required to set up monitoring. What should you do?

A.

Publish various metrics from the application directly to the Slackdriver Monitoring API,
and then observe these custom metrics in Stackdriver.

B.

Install the Cloud Pub/Sub client libraries, push various metrics from the application to
various topics, and then observe the aggregated metrics in Stackdriver.

C.

Install the OpenTelemetry client libraries in the application, configure Stackdriver as the
export destination for the metrics, and then observe the application's metrics in Stackdriver.

D.

Emit all metrics in the form of application-specific log messages, pass these messages
from the containers to the Stackdriver logging collector, and then observe metrics in
Stackdriver.

You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?

A.

Grant the team members the IAM role of logging.configWriter on Cloud IAM.

B.

Configure Access Context Manager to allow only these members to export logs.

C.

Create and grant a custom IAM role with the permissions logging.sinks.list and
logging.sink.get.

D.

Create an Organizational Policy in Cloud IAM to allow only these members to create log
exports.

You are running an application on Compute Engine and collecting logs through Stackdriver.
You discover that some personally identifiable information (Pll) is leaking into certain log
entry fields. All Pll entries begin with the text userinfo. You want to capture these log entries
in a secure location for later review and prevent them from leaking to Stackdriver Logging.
What should you do?

A.

Create a basic log filter matching userinfo, and then configure a log export in the Stackdriver console with Cloud Storage as a sink.

B.

Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing userinfo, and then copy the entries to a Cloud Storage bucket.

C.

Create an advanced log filter matching userinfo, configure a log export in the Stackdriver console with Cloud Storage as a sink, and then configure a tog exclusion with userinfo as a
filter.

D.

Use a Fluentd filter plugin with the Stackdriver Agent to remove log entries containing
userinfo, create an advanced log filter matching userinfo, and then configure a log export in
the Stackdriver console with Cloud Storage as a sink.

You are working with a government agency that requires you to archive application logs for
seven years. You need to configure Stackdriver to export and store the logs while
minimizing costs of storage. What should you do?

A.

Create a Cloud Storage bucket and develop your application to send logs directly to the bucket.

B.

Develop an App Engine application that pulls the logs from Stackdriver and saves them
in BigQuery.

C.

Create an export in Stackdriver and configure Cloud Pub/Sub to store logs in permanent
storage for seven years.

D.

Create a sink in Stackdriver, name it, create a bucket on Cloud Storage for storing
archived logs, and then select the bucket as the log export destination.

You support an application deployed on Compute Engine. The application connects to a
Cloud SQL instance to store and retrieve data. After an update to the application, users
report errors showing database timeout messages. The number of concurrent active users
remained stable. You need to find the most probable cause of the database timeout. What
should you do?

A.

Check the serial port logs of the Compute Engine instance.

B.

Use Stackdriver Profiler to visualize the resources utilization throughout the application.

C.

Determine whether there is an increased number of connections to the Cloud SQL
instance.

D.

Use Cloud Security Scanner to see whether your Cloud SQL is under a Distributed Denial of Service (DDoS) attack.

Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach. What should you do?

A.

Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.

B.

Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.

C.

Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.

D.

Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it

Your team of Infrastructure DevOps Engineers is growing, and you are starting to use Terraform to manage infrastructure. You need a way to implement code versioning and to share code with other team members. What should you do?

A.

Store the Terraform code in a version-control system. Establish procedures for pushing new versions and merging with the master.

B.

Store the Terraform code in a network shared folder with child folders for each version release. Ensure that everyone works on different files.

C.

Store the Terraform code in a Cloud Storage bucket using object versioning. Give
access to the bucket to every team member so they can download the files.

D.

Store the Terraform code in a shared Google Drive folder so it syncs automatically to every team member’s computer. Organize files with a naming convention that identifies each new version.

You use Spinnaker to deploy your application and have created a canary deployment stage
in the pipeline. Your application has an in-memory cache that loads objects at start time.
You want to automate the comparison of the canary version against the production version.
How should you configure the canary analysis?

A.

Compare the canary with a new deployment of the current production version.

B.

Compare the canary with a new deployment of the previous production version.

C.

Compare the canary with the existing deployment of the current production version.

D.

Compare the canary with the average performance of a sliding window of previous
production versions.