Google exams lab exactprep Professional-cloud-devops-engineer Questions by Santino q73 vce pdf

Page: 8 / 14

Exam Name:	Google Cloud Certified - Professional Cloud DevOps Engineer Exam
Exam Code:	Professional-Cloud-DevOps-Engineer Dumps
Vendor:	Google	Certification:	Cloud DevOps Engineer
Questions:	194 Q&A's	Shared By:	santino

Question 32

You need to reduce the cost of virtual machines (VM| for your organization. After reviewing different options, you decide to leverage preemptible VM instances. Which application is suitable for preemptible VMs?

Options:

A scalable in-memory caching system

The organization's public-facing website

A distributed, eventually consistent NoSQL database cluster with sufficient quorum

A GPU-accelerated video rendering platform that retrieves and stores videos in a storage bucket

Discussion

Question 33

You are responsible for creating and modifying the Terraform templates that define your Infrastructure. Because two new engineers will also be working on the same code, you need to define a process and adopt a tool that will prevent you from overwriting each other's code. You also want to ensure that you capture all updates in the latest version. What should you do?

Options:

• Store your code in a Git-based version control system.• Establish a process that allows developers to merge their own changes at the end of each day.• Package and upload code lo a versioned Cloud Storage bucket as the latest master version.

• Store your code in a Git-based version control system.• Establish a process that includes code reviews by peers and unit testing to ensure integrity and functionality before integration of code.• Establish a process where the fully integrated code in the repository becomes the latest master version.

• Store your code as text files in Google Drive in a defined folder structure that organizes the files.• At the end of each day. confirm that all changes have been captured in the files within the folder structure.• Rename the folder structure with a predefined naming convention that increments the version.

• Store your code as text files in Google Drive in a defined folder structure that organizes the files.• At the end of each day, confirm that all changes have been captured in the files within the folder structure and create a new .zip archive with a predefined naming convention.• Upload the .zip archive to a versioned Cloud Storage bucket and accept it as the latest version.

Discussion

Question 34

Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to the production environment. A recent security audit alerted your team that the code pushed to production could contain vulnerabilities and that the existing tooling around virtual machine (VM) vulnerabilities no longer applies to the containerized environment. You need to ensure the security and patch level of all code running through the pipeline. What should you do?

Options:

Set up Container Analysis to scan and report Common Vulnerabilities and Exposures.

Configure the containers in the build pipeline to always update themselves before release.

Reconfigure the existing operating system vulnerability software to exist inside the container.

Implement static code analysis tooling against the Docker files used to create the containers.

Discussion

Question 35

You are deploying a Cloud Build job that deploys Terraform code when a Git branch is updated. While testing, you noticed that the job fails. You see the following error in the build logs:

Initializing the backend. ..

Error: Failed to get existing workspaces : querying Cloud Storage failed: googleapi : Error

403

You need to resolve the issue by following Google-recommended practices. What should you do?

Options:

Change the Terraform code to use local state.

Create a storage bucket with the name specified in the Terraform configuration.

Grant the roles/ owner Identity and Access Management (IAM) role to the Cloud Build service account on the project.

Grant the roles/ storage. objectAdmin Identity and Access Management (IAM) role to the Cloud Build service account on the state file bucket.

Discussion

Answer:

Explanation:

The correct answer is D. Grant the roles/storage.objectAdmin Identity and Access Management (IAM) role to the Cloud Build service account on the state file bucket.

According to the Google Cloud documentation, Cloud Build is a service that executes your builds on Google Cloud Platform infrastructure1. Cloud Build uses a service account to execute your build steps and access resources, such as Cloud Storage buckets2. Terraform is an open-source tool that allows you to define and provision infrastructure as code3. Terraform uses a state file to store and track the state of your infrastructure4. You can configure Terraform to use a Cloud Storage bucket as a backend to store and share the state file across multiple users or environments5.

The error message indicates that Cloud Build failed to access the Cloud Storage bucket that contains the Terraform state file. This is likely because the Cloud Build service account does not have the necessary permissions to read and write objects in the bucket. To resolve this issue, you need to grant the roles/storage.objectAdmin IAM role to the Cloud Build service account on the state file bucket. This role allows the service account to create, delete, and manage objects in the bucket6. You can use the gcloud command-line tool or the Google Cloud Console to grant this role.

The other options are incorrect because they do not follow Google-recommended practices. Option A is incorrect because it changes the Terraform code to use local state, which is not recommended for production or collaborative environments, as it can cause conflicts, data loss, or inconsistency. Option B is incorrect because it creates a new storage bucket with the name specified in the Terraform configuration, but it does not grant any permissions to the Cloud Build service account on the new bucket. Option C is incorrect because it grants the roles/owner IAM role to the Cloud Build service account on the project, which is too broad and violates the principle of least privilege. The roles/owner role grants full access to all resources in the project, which can pose a security risk if misused or compromised.

[Reference:, Cloud Build Documentation, Overview. Service accounts, Service accounts. Terraform by HashiCorp, Terraform by HashiCorp. State, State. Google Cloud Storage Backend, Google Cloud Storage Backend. Predefined roles, Predefined roles. [Granting roles to service accounts for specific resources], Granting roles to service accounts for specific resources. [Local Backend], Local Backend. [Understanding roles], Understanding roles., , , , ]

Robin

Cramkey is highly recommended.

Jonah Oct 16, 2024

Definitely. If you're looking for a reliable and effective study resource, look no further than Cramkey Dumps. They're simply wonderful!

Madeleine

Passed my exam with my dream score…. Guys do give these dumps a try. They are authentic.

Ziggy Sep 3, 2024

That's really impressive. I think I might give Cramkey Dumps a try for my next certification exam.

Amy

I passed my exam and found your dumps 100% relevant to the actual exam.

Lacey Aug 9, 2024

Yeah, definitely. I experienced the same.