You use a multiple step Cloud Build pipeline to build and deploy your application to Google Kubernetes Engine (GKE). You want to integrate with a third-party monitoring platform by performing a HTTP POST of the build information to a webhook. You want to minimize the development effort. What should you do?
A. Add logic to each Cloud Build step to HTTP POST the build information to a webhook.
B. Add a new step at the end of the pipeline in Cloud Build to HTTP POST the build information to a webhook.
C. Use Stackdriver Logging to create a logs-based metric from the Cloud Build logs. Create an Alert with a Webhook notification type.
D. Create a Cloud Pub/Sub push subscription to the Cloud Build cloud-builds PubSub topic to HTTP POST the build information to a webhook.
You are responsible for creating and modifying the Terraform templates that define your Infrastructure. Because two new engineers will also be working on the same code, you need to define a process and adopt a tool that will prevent you from overwriting each other's code. You also want to ensure that you capture all updates in the latest version. What should you do?
A. Store your code in a Git-based version control system. Establish a process that allows developers to merge their own changes at the end of each day. Package and upload code to a versioned Cloud Storage basket as the latest master version.
B. Store your code in a Git-based version control system. Establish a process that includes code reviews by peers and unit testing to ensure integrity and functionality before integration of code. Establish a process where the fully integrated code in the repository becomes the latest master version.
C. Store your code as text files in Google Drive in a defined folder structure that organizes the files. At the end of each day, confirm that all changes have been captured in the files within the folder structure. Rename the folder structure with a predefined naming convention that increments the version.
D. Store your code as text files in Google Drive in a defined folder structure that organizes the files. At the end of each day, confirm that all changes have been captured in the files within the folder structure and create a new .zip archive with a predefined naming convention. Upload the .zip archive to a versioned Cloud Storage bucket and accept it as the latest version.
Your team is designing a new application for deployment into Google Kubernetes Engine (GKE). You need to set up monitoring to collect and aggregate various application-level metrics in a centralized location. You want to use Google Cloud Platform services while minimizing the amount of work required to set up monitoring. What should you do?
A. Publish various metrics from the application directly to the Stackdriver Monitoring API, and then observe these custom metrics in Stackdriver.
B. Install the Cloud Pub/Sub client libraries, push various metrics from the application to various topics, and then observe the aggregated metrics in Stackdriver.
C. Install the OpenTelemetry client libraries in the application, configure Stackdriver as the export destination for the metrics, and then observe the application's metrics in Stackdriver.
D. Emit all metrics in the form of application-specific log messages, pass these messages from the containers to the Stackdriver logging collector, and then observe metrics in Stackdriver.
You are managing an application that exposes an HTTP endpoint without using a load balancer. The latency of the HTTP responses is important for the user experience. You want to understand what HTTP latencies all of your users are experiencing. You use Stackdriver Monitoring. What should you do?
A. In your application, create a metric with a metricKind set to DELTA and a valueType set to DOUBLE. In Stackdriver's Metrics Explorer, use a Stacked Bar graph to visualize the metric.
B. In your application, create a metric with a metricKind set to CUMULATIVE and a valueType set to DOUBLE. In Stackdriver's Metrics Explorer, use a Line graph to visualize the metric.
C. In your application, create a metric with a metricKind set to GAUGE and a valueType set to DISTRIBUTION. In Stackdriver's Metrics Explorer, use a Heatmap graph to visualize the metric.
D. In your application, create a metric with a metricKind set to METRIC_KIND_UNSPECIFIED and a valueType set to INT64. In Stackdriver's Metrics Explorer, use a Stacked Area graph to visualize the metric.
Your team of Infrastructure DevOps Engineers is growing, and you are starting to use Terraform to manage infrastructure. You need a way to implement code versioning and to share code with other team members. What should you do?
A. Store the Terraform code in a version-control system. Establish procedures for pushing new versions and merging with the master.
B. Store the Terraform code in a network shared folder with child folders for each version release. Ensure that everyone works on different files.
C. Store the Terraform code in a Cloud Storage bucket using object versioning. Give access to the bucket to every team member so they can download the files.
D. Store the Terraform code in a shared Google Drive folder so it syncs automatically to every team member's computer. Organize files with a naming convention that identifies each new version.
You are running an application on Compute Engine and collecting logs through Stackdriver. You discover that some personally identifiable information (PII) is leaking into certain log entry fields. You want to prevent these fields from being written in new log entries as quickly as possible. What should you do?
A. Use the filter-record-transformer Fluentd filter plugin to remove the fields from the log entries in flight.
B. Use the fluent-plugin-record-reformer Fluentd output plugin to remove the fields from the log entries in flight.
C. Wait for the application developers to patch the application, and then verify that the log entries are no longer exposing PII.
D. Stage log entries to Cloud Storage, and then trigger a Cloud Function to remove the fields and write the entries to Stackdriver via the Stackdriver Logging API.
You are using Terraform to manage infrastructure as code within a CI/CD pipeline. You notice that multiple copies of the entire infrastructure stack exist in your Google Cloud project, and a new copy is created each time a change to the existing infrastructure is made. You need to optimize your cloud spend by ensuring that only a single instance of your infrastructure stack exists at a time. You want to follow Google-recommended practices. What should you do?
A. Create a new pipeline to delete old infrastructure stacks when they are no longer needed.
B. Confirm that the pipeline is storing and retrieving the terraform.tfstate file from Cloud Storage with the Terraform gcs backend.
C. Verify that the pipeline is storing and retrieving the terraform.tfstate file from a source control.
D. Update the pipeline to remove any existing infrastructure before you apply the latest configuration.
Your company's security team needs to have read-only access to Data Access audit logs in the _Required bucket. You want to provide your security team with the necessary permissions following the principle of least privilege and Google-recommended practices. What should you do?
A. Assign the roles/logging.viewer role to each member of the security team.
B. Assign the roles/logging.viewer role to a group with all the security team members.
C. Assign the roles/logging.privateLogViewer role to each member of the security team.
D. Assign the roles/logging.privateLogViewer role to a group with all the security team members.
As part of your company's initiative to shift left on security, the InfoSec team is asking all teams to implement guard rails on all the Google Kubernetes Engine (GKE) clusters to only allow the deployment of trusted and approved images. You need to determine how to satisfy the InfoSec team's goal of shifting left on security. What should you do?
A. Enable Container Analysis in Artifact Registry, and check for common vulnerabilities and exposures (CVEs) in your container images
B. Use Binary Authorization to attest images during your CI/CD pipeline
C. Configure Identity and Access Management (IAM) policies to create a least privilege model on your GKE clusters.
D. Deploy Falco or Twistlock on GKE to monitor for vulnerabilities on your running Pods
Your company runs applications in Google Kubernetes Engine (GKE). Several applications rely on ephemeral volumes. You noticed some applications were unstable due to the DiskPressure node condition on the worker nodes. You need to identify which Pods are causing the issue, but you do not have execute access to workloads and nodes. What should you do?
A. Check the node/ephemeral_storage/used_bytes metric by using Metrics Explorer.
B. Check the container/ephemeral_storage/used_bytes metric by using Metrics Explorer.
C. Locate all the Pods with emptyDir volumes. Use the df -h command to measure volume disk usage.
D. Locate all the Pods with emptyDir volumes. Use the df -sh * command to measure volume disk usage.
