Free Professional-Cloud-Developer braindumps download (Professional-Cloud-Developer exam dumps Free Updated May 09, 2023)
Professional-Cloud-Developer Dumps for Pass Guaranteed - Pass Professional-Cloud-Developer Exam 2023
Section 4: Integrating Google Cloud Services
The aim of this domain is to evaluate the learners based on their capacity to integrate an app with storage & data services, integrate an app with compute services, as well as integrate Cloud APIs with apps.
NEW QUESTION 48
You are developing an application that will handle requests from end users. You need to secure a Cloud Function called by the application to allow authorized end users to authenticate to the function via the application while restricting access to unauthorized users. You will integrate Google Sign-In as part of the solution and want to follow Google-recommended best practices. What should you do?
- A. Deploy from a source code repository and grant users the roles/cloudfunctions.viewer role.
- B. Deploy from a source code repository and grant users the roles/cloudfunctions.invoker role
- C. Deploy from your local machine using gcloud and grant users the roles/cloudfunctions.admin role
- D. Deploy from your local machine using gcloud and grant users the roles/cloudfunctions.developer role
Answer: C
NEW QUESTION 49
You are planning to migrate a MySQL database to the managed Cloud SQL database for Google Cloud. You have Compute Engine virtual machine instances that will connect with this Cloud SQL instance. You do not want to whitelist IPs for the Compute Engine instances to be able to access Cloud SQL.
What should you do?
- A. Enable private IP for the Cloud SQL instance.
- B. Create a role in Cloud SQL that allows access to the database from external instances, and assign the Compute Engine instances to that role.
- C. Whitelist a project to access Cloud SQL, and add Compute Engine instances in the whitelisted project.
- D. Create a CloudSQL instance on one project. Create Compute engine instances in a different project.
Create a VPN between these two projects to allow internal access to CloudSQL.
Answer: B
Explanation:
Reference: https://cloud.google.com/sql/docs/mysql/connect-external-app
NEW QUESTION 50
You are creating an App Engine application that writes a file to any user's Google Drive.
How should the application authenticate to the Google Drive API?
- A. With the App Engine service account and https://www.googleapis.com/auth/drive.filescope that generates a signed JWT.
- B. With an OAuth Client ID with delegated domain-wide authority.
- C. With the App Engine service account with delegated domain-wide authority.
- D. With an OAuth Client ID that uses the https://www.googleapis.com/auth/drive.filescope to obtain an access token for each user.
Answer: B
Explanation:
Explanation/Reference: https://developers.google.com/drive/api/v3/about-auth
NEW QUESTION 51
HipLocal is configuring their access controls.
Which firewall configuration should they implement?
- A. Block all traffic on port 443.
- B. Allow all traffic on port 443 into the network.
- C. Allow traffic on port 443 for a specific tag.
- D. Allow all traffic into the network.
Answer: B
NEW QUESTION 52
When would a technician need to use a positive 'no' with a customer? (Choose three.)
- A. Apple introduces new product.
- B. The device is eligible for repair.
- C. The device is out of warranty.
- D. The customer is misinformed about service options.
- E. The technician does not feel like helping the customer.
- F. The device is an obsolete device that we no longer service.
- G. The customer wants to purchase a new device.
Answer: C,D,F
NEW QUESTION 53
Your team develops services that run on Google Cloud. You want to process messages sent to a Pub/Sub topic, and then store them. Each message must be processed exactly once to avoid duplication of data and any data conflicts. You need to use the cheapest and most simple solution. What should you do?
- A. Process the messages with a Dataproc job, and write the output to storage.
- B. Process the messages with a Cloud Function, and write the results to a BigQuery location where you can run a job to deduplicate the data.
- C. Retrieve the messages with a Dataflow streaming pipeline, store them in Cloud Bigtable, and use another Dataflow streaming pipeline to deduplicate messages.
- D. Process the messages with a Dataflow streaming pipeline using Apache Beam's PubSubIO package, and write the output to storage.
Answer: D
Explanation:
Explanation
https://cloud.google.com/dataflow/docs/concepts/streaming-with-cloud-pubsub
NEW QUESTION 54
Which service should HipLocal use to enable access to internal apps?
- A. Cloud Identity-Aware Proxy
- B. Cloud Armor
- C. Virtual Private Cloud
- D. Cloud VPN
Answer: A
Explanation:
Reference: https://cloud.google.com/iap/docs/cloud-iap-for-on-prem-apps-overview
NEW QUESTION 55
You are developing a microservice-based application that will be deployed on a Google Kubernetes Engine cluster. The application needs to read and write to a Spanner database. You want to follow security best practices while minimizing code changes. How should you configure your application to retrieve Spanner credentials?
- A. Store the application credentials as Kubernetes Secrets, and expose them as environment variables.
- B. Configure the appropriate routing rules, and use a VPC-native cluster to directly connect to the database.
- C. Store the application credentials using Cloud Key Management Service, and retrieve them whenever a database connection is made.
- D. Configure the appropriate service accounts, and use Workload Identity to run the pods.
Answer: D
Explanation:
https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity
NEW QUESTION 56
You have containerized a legacy application that stores its configuration on an NFS share. You need to deploy this application to Google Kubernetes Engine (GKE) and do not want the application serving traffic until after the configuration has been retrieved. What should you do?
- A. Add a startup script to the GKE instance group to mount the NFS share at node startup. Copy the configuration files into the container, and start the service using an ENTRYPOINT script.
- B. Create a PersistentVolumeClaim on the GKE cluster. Access the configuration files from the volume, and start the service using an ENTRYPOINT script.
- C. Use the gsutil utility to copy files from within the Docker container at startup, and start the service using an ENTRYPOINT script.
- D. Use the COPY statement in the Dockerfile to load the configuration into the container image. Verify that the configuration is available, and start the service using an ENTRYPOINT script.
Answer: A
NEW QUESTION 57
You are designing a chat room application that will host multiple rooms and retain the message history for each room. You have selected Firestore as your database. How should you represent the data in Firestore?
- A. Create a collection for the rooms. For each room, create a collection that contains a document for each message

- B. Create a collection for the rooms. For each room, create a document that lists the contents of the messages

- C. Create a collection for the rooms, and create a document for each room. Create a separate collection for messages, with one document per message. Each room's document contains a list of references to the messages.

- D. Create a collection for the rooms. For each room, create a document that contains a collection for documents, each of which contains a message.

Answer: D
Explanation:
Explanation
https://firebase.google.com/docs/firestore/data-model#hierarchical-data
NEW QUESTION 58
Your application requires service accounts to be authenticated to GCP products via credentials stored on its host Compute Engine virtual machine instances. You want to distribute these credentials to the host instances as securely as possible.
What should you do?
- A. Use the instance's service account Application Default Credentials to authenticate to the required resources.
- B. Generate a P12 file from the GCP Console after the instance is deployed, and copy the credentials to the host instance before starting the application.
- C. Use HTTP signed URLs to securely provide access to the required resources.
- D. Commit the credential JSON file into your application's source repository, and have your CI/CD process package it with the software that is deployed to the instance.
Answer: A
Explanation:
Explanation/Reference: https://cloud.google.com/compute/docs/api/how-tos/authorization
NEW QUESTION 59
You are developing an application that reads credit card data from a Pub/Sub subscription. You have written code and completed unit testing. You need to test the Pub/Sub integration before deploying to Google Cloud.
What should you do?
- A. Create a service to publish messages, and deploy the Pub/Sub emulator. Publish a standard set of testing messages from the publishing service to the emulator.
- B. Create a service to publish messages, and deploy the Pub/Sub emulator. Generate random content in the publishing service, and publish to the emulator.
- C. Create a service to publish messages to your application. Collect the messages from Pub/Sub in production, and replay them through the publishing service.
- D. Create a service to publish messages, and deploy the Pub/Sub emulator. Collect the messages from Pub/Sub in production, and publish them to the emulator.
Answer: A
NEW QUESTION 60
You are designing a resource-sharing policy for applications used by different teams in a Google Kubernetes Engine cluster. You need to ensure that all applications can access the resources needed to run. What should you do? (Choose two.)
- A. Create a Kubernetes service account (KSA) for each application, and assign each KSA to the namespace.
- B. Use the Anthos Policy Controller to enforce label annotations on all namespaces. Use taints and tolerations to allow resource sharing for namespaces.
- C. Create a namespace for each team, and attach resource quotas to each namespace.
- D. Specify the resource limits and requests in the object specifications.
- E. Create a LimitRange to specify the default compute resource requirements for each namespace.
Answer: C,E
Explanation:
Explanation
https://kubernetes.io/docs/concepts/policy/resource-quotas/
https://kubernetes.io/docs/concepts/policy/limit-range/
https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-li
NEW QUESTION 61
Your development team has been tasked with maintaining a .NET legacy application. The application incurs occasional changes and was recently updated. Your goal is to ensure that the application provides consistent results while moving through the CI/CD pipeline from environment to environment. You want to minimize the cost of deployment while making sure that external factors and dependencies between hosting environments are not problematic. Containers are not yet approved in your organization. What should you do?
- A. Use Cloud Build to deploy the application as a new Compute Engine image for each build. Use this image in each environment.
- B. Rewrite the application using .NET Core, and deploy to Cloud Run. Use revisions to separate the environments.
- C. Deploy the application using MS Web Deploy, and make sure to always use the latest, patched MS Windows Server base image in Compute Engine.
- D. Use Cloud Build to package the application, and deploy to a Google Kubernetes Engine cluster. Use namespaces to separate the environments.
Answer: A
Explanation:
Explanation
https://cloud.google.com/architecture/modernization-path-dotnet-applications-google-cloud#phase_1_rehost_in_
https://cloud.google.com/architecture/modernization-path-dotnet-applications-google-cloud
NEW QUESTION 62
Your App Engine standard configuration is as follows:
service: production
instance_class: B1
You want to limit the application to 5 instances. Which code snippet should you include in your configuration?
- A. manual_scaling:max_instances: 5idle_timeout: 10m
- B. basic_scaling:max_instances: 5idle_timeout: 10m
- C. basic_scaling:instances: 5min_pending_latency: 30ms
- D. manual_scaling:instances: 5min_pending_latency: 30ms
Answer: C
NEW QUESTION 63
Your team develops stateless services that run on Google Kubernetes Engine (GKE). You need to deploy a new service that will only be accessed by other services running in the GKE cluster. The service will need to scale as quickly as possible to respond to changing load. What should you do?
- A. Use a Vertical Pod Autoscaler to scale the containers, and expose them via a NodePort Service.
- B. Use a Vertical Pod Autoscaler to scale the containers, and expose them via a ClusterIP Service.
- C. Use a Horizontal Pod Autoscaler to scale the containers, and expose them via a NodePort Service.
- D. Use a Horizontal Pod Autoscaler to scale the containers, and expose them via a ClusterIP Service.
Answer: D
Explanation:
Explanation
https://cloud.google.com/kubernetes-engine/docs/concepts/service
NEW QUESTION 64
You are developing a new web application using Cloud Run and committing code to Cloud Source Repositories. You want to deploy new code in the most efficient way possible. You have already created a Cloud Build YAML file that builds a container and runs the following command: gcloud run deploy. What should you do next?
- A. Create a Cron job that runs the following command every 24 hours: gcloud builds submit.
- B. Create a webhook build trigger that runs the build file in response to HTTP POST calls to the webhook URL.
- C. Create a build trigger that runs the build file in response to a repository code being pushed to the development branch.
- D. Create a Pub/Sub topic to be notified when code is pushed to the repository. Create a Pub/Sub trigger that runs the build file when an event is published to the topic.
Answer: C
Explanation:
Explanation
https://cloud.google.com/build/docs/triggers
Cloud Build uses build triggers to enable CI/CD automation. You can configure triggers to listen for incoming events, such as when a new commit is pushed to a repository or when a pull request is initiated, and then automatically execute a build when new events come in. You can also configure triggers to build code on any changes to your source repository or only on changes that match certain criteria.
NEW QUESTION 65
You are using Cloud Build build to promote a Docker image to Development, Test, and Production environments. You need to ensure that the same Docker image is deployed to each of these environments.
How should you identify the Docker image in your build?
- A. Use a semantic version Docker image tag.
- B. Use a unique Docker image name.
- C. Use the latest Docker image tag.
- D. Use the digest of the Docker image.
Answer: A
Explanation:
Explanation/Reference:
NEW QUESTION 66
You work for a web development team at a small startup. Your team is developing a Node.js application using Google Cloud services, including Cloud Storage and Cloud Build. The team uses a Git repository for version control. Your manager calls you over the weekend and instructs you to make an emergency update to one of the company's websites, and you're the only developer available. You need to access Google Cloud to make the update, but you don't have your work laptop. You are not allowed to store source code locally on a non-corporate computer. How should you set up your developer environment?
- A. Use a text editor and the Git command line to send your source code updates as pull requests from a public computer.
- B. Use a text editor and the Git command line to send your source code updates as pull requests from a virtual machine running on a public computer.
- C. Use a Cloud Storage bucket to store the source code that you need to edit. Mount the bucket to a public computer as a drive, and use a code editor to update the code. Turn on versioning for the bucket, and point it to the team's Git repository.
- D. Use Cloud Shell and the built-in code editor for development. Send your source code updates as pull requests.
Answer: D
Explanation:
https://cloud.google.com/shell/docs
NEW QUESTION 67
You are running an application on App Engine that you inherited. You want to find out whether the application is using insecure binaries or is vulnerable to XSS attacks. Which service should you use?
- A. Stackdriver Debugger
- B. Stackdriver Error Reporting
- C. Cloud Security Scanner
- D. Cloud Amor
Answer: C
Explanation:
Reference:
https://cloud.google.com/security-scanner
NEW QUESTION 68
You have two tables in an ANSI-SQL compliant database with identical columns that you need to quickly combine into a single table, removing duplicate rows from the result set.
What should you do?
- A. Use the UNION ALL operator in SQL to combine the tables.
- B. Use the UNION operator in SQL to combine the tables.
- C. Use the JOIN operator in SQL to combine the tables.
- D. Use nested WITH statements to combine the tables.
Answer: B
NEW QUESTION 69
You are using Cloud Build build to promote a Docker image to Development, Test, and Production environments. You need to ensure that the same Docker image is deployed to each of these environments. How should you identify the Docker image in your build?
- A. Use a semantic version Docker image tag.
- B. Use a unique Docker image name.
- C. Use the latest Docker image tag.
- D. Use the digest of the Docker image.
Answer: A
NEW QUESTION 70
You are developing a corporate tool on Compute Engine for the finance department, which needs to authenticate users and verify that they are in the finance department. All company employees use G Suite.
What should you do?
- A. Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Verify the provided JSON Web Token within the application.
- B. Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Verify the provided JSON Web Token within the application.
- C. Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Issue client side certificates to everybody in the finance team and verify the certificates in the application.
- D. Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Issue client-side certificates to everybody in the finance team and verify the certificates in the application.
Answer: A
Explanation:
https://cloud.google.com/iap/docs/signed-headers-howto#securing_iap_headers (https://cloud.google.com/endpoints/docs/openapi/authenticating-users-google-id).
https://cloud.google.com/armor/docs/security-policy-overview#:~:text=Google%20Cloud%20Armor%20security%20policies%20enable%20you%20to%20allow%20or,Private%20Cloud%20(VPC)%20networks
"Google Cloud Armor security policies protect your application by providing Layer 7 filtering and by scrubbing incoming requests for common web attacks or other Layer 7 attributes to potentially block traffic before it reaches your load balanced backend services or backend buckets"
NEW QUESTION 71
You are creating an App Engine application that writes a file to any user's Google Drive.
How should the application authenticate to the Google Drive API?
- A. With an OAuth Client ID that uses the https://www.googleapis.com/auth/drive.file scope to obtain an access token for each user.
- B. With the App Engine service account and https://www.googleapis.com/auth/drive.file scope that generates a signed JWT.
- C. With an OAuth Client ID with delegated domain-wide authority.
- D. With the App Engine service account with delegated domain-wide authority.
Answer: C
Explanation:
Reference: https://developers.google.com/drive/api/v3/about-auth
NEW QUESTION 72
You have an on-premises application that authenticates to the Cloud Storage API using a user-managed service account with a user-managed key. The application connects to Cloud Storage using Private Google Access over a Dedicated Interconnect link. You discover that requests from the application to access objects in the Cloud Storage bucket are failing with a 403 Permission Denied error code. What is the likely cause of this issue?
- A. The service account key has been rotated but not updated on the application server.
- B. The Interconnect link from the on-premises data center to Google Cloud is experiencing a temporary outage.
- C. The permissions of the service account's predefined role have changed.
- D. The folder structure inside the bucket and object paths have changed.
Answer: A
NEW QUESTION 73
......
Revision Books
Let’s now focus on the details of the revision books that will supplement the above training programs well:
- Building Secure & Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems (1st Edition)
The authors of this book (Heather Adkins, Piotr Lewandoski, Betsy Beyer, Ana Oprea, and others) created this comprehensive self-study tool with an aim to help candidates learn how to accommodate security and reliability solutions in the lifecycle of systems and software. This material gives explicit knowledge of highly secure systems through coding, debugging, and testing practices, design techniques, and strategies required to address security incidents. Check it out from Amazon and get easy access to one of the most valuable study resources you will ever find for the Google Professional Cloud Developer exam preparation.
- Cloud Native DevOps with Kubernetes: Building, Deploying, and Scaling Modern Applications in the Cloud (1st Edition)
This book is perfectly designed to cover everything there’s to know about Kubernetes. It is a valuable study material that addresses vital details starting with what Kubernetes is, its origin, and what the future holds for this platform. You will build a high-level knowledge of containers including how they work, how to manage them, and most importantly, the tips for designing cloud-native infrastructure and similar services.
This guide suits both experienced IT professionals and beginner-level individuals who are only getting started with Kubernetes. Through this resource, candidates will gain important hands-on skills related to the writing and deployment of Kubernetes apps, configuration and operation of Kubernetes clusters, and cloud infrastructure automation using popular tools such as Helm. What’s more, this book will also help you build fundamental knowledge of Kubernetes security, including Role Based Access Control (RBAC). When opting to study using this book, be sure to get the official resource that’s written by John Arundel alongside Justin Domingus.
Verified Professional-Cloud-Developer dumps Q&As - Pass Guarantee Exam Dumps Test Engine: https://www.2pass4sure.com/Cloud-Developer/Professional-Cloud-Developer-actual-exam-braindumps.html
Verified Professional-Cloud-Developer dumps and 228 unique questions: https://drive.google.com/open?id=1n2fR3BKTZNTteTR15vRvOJLPkBsjLqvP