You are developing a Java Web Server that needs to interact with Google Cloud services via the Google Cloud API on the user's behalf. Users should be able to authenticate to the Google Cloud API using their Google Cloud identities. Which workflow should you implement in your web application?

A. 1) When a user arrives at your application, prompt them for their Google username and password.
2) Store an SHA password hash in your application's database along with the user's username.
3) The application authenticates to the Google Cloud API using HTTPs requests with the user's username and password hash in the Authorization request header.

B. 1) When a user arrives at your application, prompt them for their Google username and password.
2) Forward the user's username and password in an HTTPS request to the Google Cloud authorization server, and request an access token.
3) The Google server validates the user's credentials and returns an access token to the application.
4) The application uses the access token to call the Google Cloud API.

C. 1) When a user arrives at your application, route them to a Google Cloud consent screen with a list of requested permissions that prompts the user to sign in with SSO to their Google Account.
2) After the user signs in and provides consent, your application receives an authorization code from a Google server.
3) The Google server returns the authorization code to the user, which is stored in the browser's cookies.
4) The user authenticates to the Google Cloud API using the authorization code in the cookie.

D. 1) When a user arrives at your application, route them to a Google Cloud consent screen with a list of requested permissions that prompts the user to sign in with SSO to their Google Account.
2) After the user signs in and provides consent, your application receives an authorization code from a Google server.
3) The application requests a Google Server to exchange the authorization code with an access token.
4) The Google server responds with the access token that is used by the application to call the Google Cloud API.

You are a developer at a large organization Your team uses Git for source code management (SCM). You want to ensure that your team follows Google-recommended best practices to manage code to drive higher rates of software delivery. Which SCM process should your team use?

A. Each developer commits their code to the main branch before each product release, conducts testing, and rolls back if integration issues are detected.

B. Each group of developers copies the repository, commits their changes to their repository, and merges their code into the main repository before each product release.

C. Each developer creates a branch for their own work, commits their changes to their branch, and merges their code into the main branch daily.

D. Each group of developers creates a feature branch from the main branch for their work, commits their changes to their branch, and merges their code into the main branch after the change advisory board approves it.

You developed a JavaScript web application that needs to access Google Drive’s API and obtain permission from users to store files in their Google Drives. You need to select an authorization approach for your application. What should you do?

A. Create an API key.

B. Create a SAML token.

C. Create a service account.

D. Create an OAuth Client ID.

You are creating and running containers across different projects in Google Cloud. The application you are developing needs to access Google Cloud services from within Google Kubernetes Engine (GKE). What should you do?

A. Assign a Google service account to the GKE nodes.

B. Use a Google service account to run the Pod with Workload Identity.

C. Store the Google service account credentials as a Kubernetes Secret.

D. Use a Google service account with GKE role-based access control (RBAC).

You are developing a new public-facing application that needs to retrieve specific properties in the metadata of users’ objects in their respective Cloud Storage buckets. Due to privacy and data residency requirements, you must retrieve only the metadata and not the object data. You want to maximize the performance of the retrieval process. How should you retrieve the metadata?

A. Use the patch method

B. Use the compose method

C. Use the copy method

D. Use the fields request parameter.

You are supporting a business-critical application in production deployed on Cloud Run. The application is reporting HTTP 500 errors that are affecting the usability of the application. You want to be alerted when the number of errors exceeds 15% of the requests within a specific time window. What should you do?

A. Navigate to the Cloud Run page in the Google Cloud console, and select the service from the services list. Use the Metrics tab to visualize the number of errors for that revision and refresh the page daily.

B. Create a Cloud Function that consumes the Cloud Monitoring API Use Cloud Composer to trigger the Cloud Function daily and alert you if the number of errors is above the defined threshold.

C. Create an alerting policy in Cloud Monitoring that alerts you if the number of errors is above the defined threshold.

D. Create a Cloud Function that consumes the Cloud Monitoring API Use Cloud Scheduler to trigger the Cloud Function daily and alert you if the number of errors is above the defined threshold.

You are running a containerized application on Google Kubernetes Engine. Your container images are stored in Container Registry. Your team uses CI/CD practices. You need to prevent the deployment of containers with known critical vulnerabilities. What should you do?

A.

• Use Web Security Scanner to automatically crawl your application.
• Review your application logs for scan results, and provide an attestation that the container is free of known critical vulnerabilities.
• Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed.

B.

• Use Web Security Scanner to automatically crawl your application
• Review the scan results in the scan details page in the Cloud Console, and provide an attestation that the container is free of known critical vulnerabilities
• Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed

C.

• Enable the Container Scanning API to perform vulnerability scanning
• Review vulnerability reporting in Container Registry in the Cloud Console, and provide an attestation that the container is free of known critical vulnerabilities
• Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed

D.

• Enable the Container Scanning API to perform vulnerability scanning
• Programmatically review vulnerability reporting through the Container Scanning API, and provide an attestation that the container is free of known critical vulnerabilities
• Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed

You are developing an ecommerce application that stores customer, order, and inventory data as relational tables inside Cloud Spanner. During a recent load test, you discover that Spanner performance is not scaling linearly as expected. Which of the following is the cause?

A. The use of 64-bit numeric types for 32-bit numbers.

B. The use of the STRING data type for arbitrary-precision values.

C. The use of Version 1 UUIDs as primary keys that increase monotonically

D. The use of LIKE instead of STARTS_WITH keyword for parameterized SQL queries

You are a lead developer working on a new retail system that runs on Cloud Run and Firestore. A web UI requirement is for the user to be able to browse through alt products. A few months after go-live, you notice that Cloud Run instances are terminated with HTTP 500: Container instances are exceeding memory limits errors during busy times.
This error coincides with spikes in the number of Firestore queries
You need to prevent Cloud Run from crashing and decrease the number of Firestore queries. You want to use a solution that optimizes system performance What should you do?

A. Create a custom index over the products

B. Modify the query that returns the product list using cursors with limits

C. Modify the Cloud Run configuration to increase the memory limits

D. Modify the query that returns the product list using integer offsets

You are running an application on App Engine that you inherited. You want to find out whether the application is using insecure binaries or is vulnerable to XSS attacks. Which service should you use?

A. Cloud Amor

B. Stackdriver Debugger

C. Cloud Security Scanner

D. Stackdriver Error Reporting

Your team is building an application for a financial institution. The application's frontend runs on Compute Engine, and the data resides in Cloud SQL and one Cloud Storage bucket. The application will collect data containing PII, which will be stored in the Cloud SQL database and the Cloud Storage bucket. You need to secure the PII data. What should you do?

A. 1) Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database
2) Using IAM, allow only the frontend service account to access the Cloud Storage bucket

B. 1) Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database
2) Enable private access to allow the frontend to access the Cloud Storage bucket privately

C. 1) Configure a private IP address for Cloud SQL
2) Use VPC-SC to create a service perimeter
3) Add the Cloud SQL database and the Cloud Storage bucket to the same service perimeter

D. 1) Configure a private IP address for Cloud SQL
2) Use VPC-SC to create a service perimeter
3) Add the Cloud SQL database and the Cloud Storage bucket to different service perimeters

You are responsible for deploying a new API. That API will have three different URL paths:
• https://yourcompany.com/students
• https://yourcompany.com/teachers
• https://yourcompany.com/classes
You need to configure each API URL path to invoke a different function in your code. What should you do?

A. Create one Cloud Function as a backend service exposed using an HTTPS load balancer.

B. Create three Cloud Functions exposed directly

C. Create one Cloud Function exposed directly

D. Create three Cloud Functions as three backend services exposed using an HTTPS load balancer.