google professional cloud developer practice test
Professional Cloud Developer
Last exam update: Jul 20 ,2024
Question 1
Your teammate has asked you to review the code below. Its purpose is to efficiently add a large number of small rows to a
BigQuery table.
Which improvement should you suggest your teammate make?
- A. Include multiple rows with each request.
- B. Perform the inserts in parallel by creating multiple threads.
- C. Write each row to a Cloud Storage object, then load into BigQuery.
- D. Write each row to a Cloud Storage object in parallel, then load into BigQuery.
Answer:
B
Question 2
You have two tables in an ANSI-SQL compliant database with identical columns that you need to quickly combine into a
single table, removing duplicate rows from the result set.
What should you do?
- A. Use the JOIN operator in SQL to combine the tables.
- B. Use nested WITH statements to combine the tables.
- C. Use the UNION operator in SQL to combine the tables.
- D. Use the UNION ALL operator in SQL to combine the tables.
Answer:
C
Explanation:
Reference: https://www.techonthenet.com/sql/union_all.php
Question 3
You are developing a corporate tool on Compute Engine for the finance department, which needs to authenticate users and
verify that they are in the finance department. All company employees use G Suite.
What should you do?
- A. Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Verify the provided JSON Web Token within the application.
- B. Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Issue client-side certificates to everybody in the finance team and verify the certificates in the application.
- C. Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Verify the provided JSON Web Token within the application.
- D. Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Issue client side certificates to everybody in the finance team and verify the certificates in the application.
Answer:
C
Question 4
Your application is deployed in a Google Kubernetes Engine (GKE) cluster. When a new version of your application is
released, your CI/CD tool updates the spec.template.spec.containers[0].image value to reference the Docker image of your
new application version. When the Deployment object applies the change, you want to deploy at least 1 replica of the new
version and maintain the previous replicas until the new replica is healthy.
Which change should you make to the GKE Deployment object shown below?
- A. Set the Deployment strategy to RollingUpdate with maxSurge set to 0, maxUnavailable set to 1.
- B. Set the Deployment strategy to RollingUpdate with maxSurge set to 1, maxUnavailable set to 0.
- C. Set the Deployment strategy to Recreate with maxSurge set to 0, maxUnavailable set to 1.
- D. Set the Deployment strategy to Recreate with maxSurge set to 1, maxUnavailable set to 0.
Answer:
D
Question 5
Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete
each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure
that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study.
Case studies might contain exhibits and other resources that provide more information about the scenario that is described
in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make
changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of
the case study before you answer the questions. Clicking these buttons displays information such as business requirements,
existing environment, and problem statements. If the case study has an All Information tab, note that the information
displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click
the Question button to return to the question.
Company Overview
HipLocal is a community application designed to facilitate communication between people in close proximity. It is used for
event planning and organizing sporting events, and for businesses to connect with their local communities. HipLocal
launched recently in a few neighborhoods in Dallas and is rapidly growing into a global phenomenon. Its unique style of
hyper-local community communication and business outreach is in demand around the world.
Executive Statement
We are the number one local community app; it's time to take our local community services global. Our venture capital
investors want to see rapid growth and the same great experience for new local and virtual communities that come online,
whether their members are 10 or 10000 miles away from each other.
Solution Concept
HipLocal wants to expand their existing service, with updated functionality, in new regions to better serve their global
customers. They want to hire and train a new team to support these regions in their time zones. They will need to ensure that
the application scales smoothly and provides clear uptime data.
Existing Technical Environment
HipLocal's environment is a mix of on-premises hardware and infrastructure running in Google Cloud Platform. The HipLocal
team understands their application well, but has limited experience in global scale applications. Their existing technical
environment is as follows:
Existing APIs run on Compute Engine virtual machine instances hosted in GCP.
State is stored in a single instance MySQL database in GCP.
Data is exported to an on-premises Teradata/Vertica data warehouse.
Data analytics is performed in an on-premises Hadoop environment.
The application has no logging.
There are basic indicators of uptime; alerts are frequently fired when the APIs are unresponsive.
Business Requirements
HipLocal's investors want to expand their footprint and support the increase in demand they are seeing. Their requirements
are:
Expand availability of the application to new regions.
Increase the number of concurrent users that can be supported.
Ensure a consistent experience for users when they travel to different regions.
Obtain user activity metrics to better understand how to monetize their product.
Ensure compliance with regulations in the new regions (for example, GDPR).
Reduce infrastructure management time and cost.
Adopt the Google-recommended practices for cloud computing.
Technical Requirements
The application and backend must provide usage metrics and monitoring.
APIs require strong authentication and authorization.
Logging must be increased, and data should be stored in a cloud analytics platform.
Move to serverless architecture to facilitate elastic scaling.
Provide authorized access to internal apps in a secure manner.
HipLocal's .net-based auth service fails under intermittent load.
What should they do?
- A. Use App Engine for autoscaling.
- B. Use Cloud Functions for autoscaling.
- C. Use a Compute Engine cluster for the service.
- D. Use a dedicated Compute Engine virtual machine instance for the service.
Answer:
D
Explanation:
Reference: https://www.qwiklabs.com/focuses/611?parent=catalog
Question 6
You are building an API that will be used by Android and iOS apps. The API must:
Support HTTPs
Minimize bandwidth cost
Integrate easily with mobile apps
Which API architecture should you use?
- A. RESTful APIs
- B. MQTT for APIs
- C. gRPC-based APIs
- D. SOAP-based APIs
Answer:
A
Explanation:
Reference: https://www.devteam.space/blog/how-to-build-restful-api-for-your-mobile-app/
Question 7
You are developing an application that reads credit card data from a Pub/Sub subscription. You have written code and
completed unit testing. You need to test the Pub/Sub integration before deploying to Google Cloud. What should you do?
- A. Create a service to publish messages, and deploy the Pub/Sub emulator. Generate random content in the publishing service, and publish to the emulator.
- B. Create a service to publish messages to your application. Collect the messages from Pub/Sub in production, and replay them through the publishing service.
- C. Create a service to publish messages, and deploy the Pub/Sub emulator. Collect the messages from Pub/Sub in production, and publish them to the emulator.
- D. Create a service to publish messages, and deploy the Pub/Sub emulator. Publish a standard set of testing messages from the publishing service to the emulator.
Answer:
D
Question 8
You are developing a marquee stateless web application that will run on Google Cloud. The rate of the incoming user traffic
is expected to be unpredictable, with no traffic on some days and large spikes on other days. You need the application to
automatically scale up and down, and you need to minimize the cost associated with running the application. What should
you do?
- A. Build the application in Python with Firestore as the database. Deploy the application to Cloud Run.
- B. Build the application in C# with Firestore as the database. Deploy the application to App Engine flexible environment.
- C. Build the application in Python with CloudSQL as the database. Deploy the application to App Engine standard environment.
- D. Build the application in Python with Firestore as the database. Deploy the application to a Compute Engine managed instance group with autoscaling.
Answer:
C
Question 9
Your team is developing an application in Google Cloud that executes with user identities maintained by Cloud Identity. Each
of your applications users will have an associated Pub/Sub topic to which messages are published, and a Pub/Sub
subscription where the same user will retrieve published messages. You need to ensure that only authorized users can
publish and subscribe to their own specific Pub/Sub topic and subscription. What should you do?
- A. Bind the user identity to the pubsub.publisher and pubsub.subscriber roles at the resource level.
- B. Grant the user identity the pubsub.publisher and pubsub.subscriber roles at the project level.
- C. Grant the user identity a custom role that contains the pubsub.topics.create and pubsub.subscriptions.create permissions.
- D. Configure the application to run as a service account that has the pubsub.publisher and pubsub.subscriber roles.
Answer:
C
Question 10
You have a mixture of packaged and internally developed applications hosted on a Compute Engine instance that is running
Linux. These applications write log records as text in local files. You want the logs to be written to Cloud Logging. What
should you do?
- A. Pipe the content of the files to the Linux Syslog daemon.
- B. Install a Google version of fluentd on the Compute Engine instance.
- C. Install a Google version of collectd on the Compute Engine instance.
- D. Using cron, schedule a job to copy the log files to Cloud Storage once a day.
Answer:
B
Explanation:
Reference: https://cloud.google.com/logging/docs/agent/logging/configuration
Question 11
You have written a Cloud Function that accesses other Google Cloud resources. You want to secure the environment using
the principle of least privilege. What should you do?
- A. Create a new service account that has Editor authority to access the resources. The deployer is given permission to get the access token.
- B. Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to get the access token.
- C. Create a new service account that has Editor authority to access the resources. The deployer is given permission to act as the new service account.
- D. Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to act as the new service account.
Answer:
D
Explanation:
Reference: https://cloud.google.com/blog/products/application-development/least-privilege-for-cloud-functions-using-cloud-
iam
Question 12
You are designing a schema for a table that will be moved from MySQL to Cloud Bigtable. The MySQL table is as follows:
How should you design a row key for Cloud Bigtable for this table?
- A. Set Account_id as a key.
- B. Set Account_id_Event_timestamp as a key.
- C. Set Event_timestamp_Account_id as a key.
- D. Set Event_timestamp as a key.
Answer:
C
Question 13
Your application is built as a custom machine image. You have multiple unique deployments of the machine image. Each
deployment is a separate managed instance group with its own template. Each deployment requires a unique set of
configuration values. You want to provide these unique values to each deployment but use the same custom machine image
in all deployments. You want to use out-ofthe-box features of Compute Engine.
What should you do?
- A. Place the unique configuration values in the persistent disk.
- B. Place the unique configuration values in a Cloud Bigtable table.
- C. Place the unique configuration values in the instance template startup script.
- D. Place the unique configuration values in the instance template instance metadata.
Answer:
A
Explanation:
Reference: https://cloud.google.com/compute/docs/instance-groups
Question 14
You are using Cloud Build for your CI/CD pipeline to complete several tasks, including copying certain files to Compute
Engine virtual machines. Your pipeline requires a flat file that is generated in one builder in the pipeline to be accessible by
subsequent builders in the same pipeline. How should you store the file so that all the builders in the pipeline can access it?
- A. Store and retrieve the file contents using Compute Engine instance metadata.
- B. Output the file contents to a file in /workspace. Read from the same /workspace file in the subsequent build step.
- C. Use gsutil to output the file contents to a Cloud Storage object. Read from the same object in the subsequent build step.
- D. Add a build argument that runs an HTTP POST via curl to a separate web server to persist the value in one builder. Use an HTTP GET via curl from the subsequent build step to read the value.
Answer:
D
Question 15
You have an application in production. It is deployed on Compute Engine virtual machine instances controlled by a managed
instance group. Traffic is routed to the instances via a HTTP(s) load balancer. Your users are unable to access your
application. You want to implement a monitoring technique to alert you when the application is unavailable.
Which technique should you choose?
- A. Smoke tests
- B. Stackdriver uptime checks
- C. Cloud Load Balancing - heath checks
- D. Managed instance group - heath checks
Answer:
B
Explanation:
Reference: https://medium.com/google-cloud/stackdriver-monitoring-automation-part-3-uptime-checks-476b8507f59c