You are deploying a Python application to Cloud Run using Cloud Build. The Cloud Build pipeline is shown below:

You want to optimize deployment times and avoid unnecessary steps What should you do?

A. Remove the step that pushes the container to Artifact Registry.

B. Add the —cache-from argument to the Docker build step in your build config file.

C. Store image artifacts in a Cloud Storage bucket in the same region as the Cloud Run instance.

D. Deploy a new Docker registry in a VPC and use Cloud Build worker pools inside the VPC to run the build pipeline.

You are a developer at a large corporation You manage three Google Kubernetes Engine clusters. Your team’s developers need to switch from one cluster to another regularly without losing access to their preferred development tools. You want to configure access to these clusters using the fewest number of steps while following Google-recommended best practices. What should you do?

A. Ask the developers to use Cloud Shell and run gcloud container clusters get-credentials to switch to another cluster.

B. Ask the developers to open three terminals on their workstation and use kubecrt1 config to configure access to each cluster.

C. Ask the developers to install the gcloud CLI on their workstation and run gcloud container clusters get-credentials to switch to another cluster

D. In a configuration file, define the clusters users, and contexts Email the file to the developers and ask them to use kubect1 config to add cluster, user and context details.

You have written a Cloud Function that accesses other Google Cloud resources. You want to secure the environment using the principle of least privilege. What should you do?

A. Create a new service account that has Editor authority to access the resources. The deployer is given permission to get the access token.

B. Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to get the access token.

C. Create a new service account that has Editor authority to access the resources. The deployer is given permission to act as the new service account.

D. Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to act as the new service account.

Your teammate has asked you to review the code below, which is adding a credit to an account balance in Cloud Datastore. Which improvement should you suggest your teammate make?

A. Get the entity with an ancestor query.

B. Get and put the entity in a transaction.

C. Use a strongly consistent transactional database.

D. Don’t return the account entity from the function.

Your service adds text to images that it reads from Cloud Storage. During busy times of the year, requests to Cloud Storage fail with an HTTP 429 "Too Many Requests" status code. How should you handle this error?

A. Add a cache-control header to the objects.

B. Request a quota increase from the GCP Console.

C. Retry the request with a truncated exponential backoff strategy.

D. Change the storage class of the Cloud Storage bucket to Multi-regional.

Your company uses Cloud Logging to manage large volumes of log data. You need to build a real-time log analysis architecture that pushes logs to a third-party application for processing. What should you do?

A. Create a Cloud Logging log export to Pub/Sub.

B. Create a Cloud Logging log export to BigQuery.

C. Create a Cloud Logging log export to Cloud Storage.

D. Create a Cloud Function to read Cloud Logging log entries and send them to the thirdparty application.

You need to migrate an internal file upload API with an enforced 500-MB file size limit to App Engine. What should you do?

A. Use FTP to upload files.

B. Use CPanel to upload files.

C. Use signed URLs to upload files.

D. Change the API to be a multipart file upload API.

Your team detected a spike of errors in an application running on Cloud Run in your production project. The application is configured to read messages from Pub/Sub topic A, process the messages, and write the messages to topic B. You want to conduct tests to identify the cause of the errors. You can use a set of mock messages for testing. What should you do?

A. Deploy the Pub/Sub and Cloud Run emulators on your local machine. Deploy the application locally, and change the logging level in the application to DEBUG or INFO. Write mock messages to topic A, and then analyze the logs.

B. Use the gcloud CLI to write mock messages to topic A. Change the logging level in the application to DEBUG or INFO, and then analyze the logs.

C. Deploy the Pub/Sub emulator on your local machine. Point the production application to your local Pub/Sub topics. Write mock messages to topic A, and then analyze the logs.

D. Use the Google Cloud console to write mock messages to topic A. Change the logging level in the application to DEBUG or INFO, and then analyze the logs.

You are deploying your application on a Compute Engine instance that communicates with Cloud SQL. You will use Cloud SQL Proxy to allow your application to communicate to the database using the service account associated with the application’s instance. You want to follow the Google-recommended best practice of providing minimum access for the role assigned to the service account. What should you do?

A. Assign the Project Editor role.

B. Assign the Project Owner role.

C. Assign the Cloud SQL Client role.

D. Assign the Cloud SQL Editor role.

You are developing a new application. You want the application to be triggered only when a given file is updated in your Cloud Storage bucket. Your trigger might change, so your process must support different types of triggers. You want the configuration to be simple so that multiple team members can update the triggers in the future. What should you do?

A. Create an Eventarc trigger that monitors your Cloud Storage bucket for a specific filename, and set the target as Cloud Run.

B. Configure Cloud Storage events to be sent to Pub/Sub, and use Pub/Sub events to trigger a Cloud Build job that executes your application.

C. Configure a Firebase function that executes your application and is triggered when an object is updated in Cloud Storage.

D. Configure a Cloud Function that executes your application and is triggered when an object is updated in Cloud Storage.

Your App Engine standard configuration is as follows:
service: production
instance_class: B1
You want to limit the application to 5 instances. Which code snippet should you include in your configuration?

A. manual_scaling:instances: 5min_pending_latency: 30ms

B. manual_scaling:max_instances: 5idle_timeout: 10m

C. basic_scaling:instances: 5min_pending_latency: 30ms

D. basic_scaling:max_instances: 5idle_timeout: 10m

You have an on-premises application that authenticates to the Cloud Storage API using a user-managed service account with a user-managed key. The application connects to Cloud Storage using Private Google Access over a Dedicated Interconnect link. You discover that requests from the application to access objects in the Cloud Storage bucket are failing with a 403 Permission Denied error code. What is the likely cause of this issue?

A. The folder structure inside the bucket and object paths have changed.

B. The permissions of the service account’s predefined role have changed.

C. The service account key has been rotated but not updated on the application server.

D. The Interconnect link from the on-premises data center to Google Cloud is experiencing a temporary outage.