Google Exam Practice Questions - Page 39

Google Practice Questions, Discussions & Exam Topics by our Authors

A development team at your company has created a dockerized HTTPS web application. You need to deploy the application on Google Kubernetes Engine (GKE) and make sure t...

To deploy a dockerized HTTPS web application on Google Kubernetes Engine (GKE) and ensure that the application scales automatically, the solution must meet two requirements: 1. Scaling the application automatically: This can be done through Kubernetes native autoscaling mechanisms. 2. Load balancing HTTPS traffic: The traffic should be routed efficiently to the containers. Let's review the options and see which best fits the scenario: Option A: - Use the Horizontal Pod Autoscaler and enable cluster autoscaling. Use an Ingress resource to load-balance the HTTPS traffic. Analysis: - Horizontal Pod Autoscaler (HPA): Automatically adjusts the number of pods in a deployment based on CPU or memory utilization, or custom metrics. This is the correct way to scale the application itself within GKE. - Cluster Autoscaling: Scales the number of nodes in the cluster depending on resource usage (e.g., if pods cannot be scheduled due to insufficient resources, it adds more nodes). - Ingress Resource: Ingress provides HTTP(S) load balancing and is designed to route traffic to the appropriate services within the cluster. With HTTPS, Ingress can be configured to handle the SSL termination as well. - This option is valid because it provides Kubernetes-native autoscaling (HPA and cluster autoscaling) and uses Ingress to handle HTTPS traffic, which is the recommended way to expose services securely and manage traffic efficiently in Kubernetes. Option B: - Use the Horizontal Pod Autoscaler and enable cluster autoscaling on the Kubernetes cluster. Use a Service resource of type LoadBalancer to load-balance the HTTPS traffic. Analysis: - Horizontal Pod Autoscaler (HPA): Correctly scales the pods based on resource usage. - Cluster Autoscaling: Works as expected by adjusting the number of nodes when needed. - Service of type LoadBalancer: This type of service provisions an external IP and automatically sets up a cloud load balancer (e.g., Google Cloud Load Balancer) to distribute traffic to the pods. This is also a valid way to expose the application and handle ...

Author: NebulaEagle11 · Last updated May 10, 2026

You need to design a solution for global load balancing based on the URL path being requested. You need to ensure operations reliability and end-to-end in- tr...

To design a solution for global load balancing based on the URL path, ensuring operations reliability and end-to-end in-transit encryption according to Google best practices, let’s evaluate each option: Option A: Create a cross-region load balancer with URL Maps. Analysis: - Cross-region load balancer: This option refers to a global HTTP(S) load balancer that automatically routes traffic to the nearest available backend, based on both the region and the URL path. This would effectively support global traffic distribution and reliability. - URL Maps: URL Maps allow you to route requests based on URL paths, which is essential for directing traffic to different services or applications based on the requested URL. This is exactly what you need for path-based routing. - End-to-end encryption: Google Cloud's HTTPS load balancers support automatic SSL termination, ensuring that traffic is encrypted between the client and the load balancer. You can configure the backends to support encrypted traffic as well, ensuring end-to-end encryption. - This option is ideal for global load balancing with path-based routing, SSL termination, and the ability to scale based on traffic demands. It aligns with Google best practices and ensures reliability, encryption, and high availability. Option B: Create an HTTPS load balancer with URL Maps. Analysis: - HTTPS load balancer: This is essentially the global load balancer that we want to use, and it supports end-to-end encryption. It can handle HTTPS traffic, providing SSL termination at the load balancer level. - URL Maps: This feature allows for path-based routing, which is necessary for directing traffic to different services depending on the URL. - This option is also correct because it provides global load balancing, SSL termination, and URL path-based routing. However, it’s less spe...

Author: SilverBear · Last updated May 10, 2026

You have an application that makes HTTP requests to Cloud Storage. Occasionally the requests fail with HTTP status codes of 5xx...

When dealing with HTTP status codes of 5xx (server errors) and 429 (too many requests), the main concern is ensuring the resilience of your application to temporary errors, as these typically indicate transient issues with the server or rate limiting. Let's evaluate each option to determine how best to handle these errors: Option A: Use gRPC instead of HTTP for better performance. Analysis: - gRPC is a high-performance, low-latency remote procedure call (RPC) framework, but it is not specifically designed to address the issue of handling HTTP status codes like 5xx or 429. The main concern here is that switching to gRPC may not directly address the underlying problem of error handling; it’s more about communication protocol performance. - This option is rejected because gRPC does not solve the issue of handling transient errors like rate-limiting or server-side errors. The HTTP error handling approach is still necessary regardless of the protocol used. Option B: Implement retry logic using a truncated exponential backoff strategy. Analysis: - Exponential backoff is a well-established strategy for handling retries in the event of transient errors (e.g., 5xx or 429). It increases the wait time between successive retries, reducing the load on the server and giving it time to recover. A truncated version of exponential backoff ensures that retries are attempted, but with a cap on the maximum wait time to avoid excessive delays. - This is the recommended approach for handling errors like 5xx (server errors) and 429 (rate-limiting) because it accounts for temporary failures and prevents overwhelming the system. This strategy is specifically designed to handle such issu...

Author: William · Last updated May 10, 2026

You need to develop procedures to test a disaster plan for a mission-critical application. You want to use Google-recommended practice...

To develop procedures to test a disaster recovery plan for a mission-critical application in Google Cloud Platform (GCP), it's essential to ensure automation, monitoring, and debugging during the testing process. The ideal solution would leverage GCP's native capabilities to ensure smooth, repeatable, and manageable operations. Evaluating the Options: 1. Option A: Use Deployment Manager to automate service provisioning. Use Activity Logs to monitor and debug your tests. - Deployment Manager: This is a GCP tool used to define and automate infrastructure as code, which can help with provisioning resources for the disaster recovery test. - Activity Logs: These logs capture all user-initiated and system-generated activity. While helpful for auditing actions, they are not optimal for debugging complex tests, as they do not provide in-depth insights into system performance or issues. - Why rejected: Activity Logs are primarily for audit and tracking purposes and are not as robust for in-depth diagnostics or monitoring as Stackdriver. 2. Option B: Use Deployment Manager to automate service provisioning. Use Stackdriver to monitor and debug your tests. - Deployment Manager: Same as in Option A, this is ideal for automating the creation and provisioning of GCP resources. - Stackdriver (now part of Google Cloud Operations Suite): This is a comprehensive monitoring and debugging solution that provides detailed logs, metrics, and error reporting. It's highly suited for troubleshooting, monitoring system health, and providing insights during disaster recovery testing. - Why selected: Stackdriver provides more detailed, actionable monitoring and debugging capabilities. It also offers integrated logging, performance monitoring, and error reporting—critical for validating disaster recovery efforts. 3. Option C: Use gcloud scripts to automate service provisioning. Use Activity Logs to monitor and debug your tests. - gcloud scripts: While you can use `gcloud` commands in scripts to automate provisioning, it lacks ...

Author: RadiantJaguar56 · Last updated May 10, 2026

Your company creates rendering software which users can download from the company website. Your company has customers all over the world. You want to minimize latency for all your customers....

When aiming to minimize latency for customers across the globe, it's essential to choose a storage solution that optimizes file access speed, considering both geographical distribution and redundancy. Let's evaluate each option based on Google-recommended practices: Option A: Save the files in a Multi-Regional Cloud Storage bucket. - Multi-Regional Buckets: These are designed for serving data globally with low latency. They store data across multiple geographic locations (typically in multiple regions within the same continent) and automatically choose the best location to serve the file to the user, based on their proximity. - Why selected: This is the most suitable option when the goal is to minimize latency for a global customer base. Files are replicated across multiple regions, ensuring faster access regardless of user location. This option leverages GCP's global network infrastructure, which is optimized for performance and scalability. Option B: Save the files in a Regional Cloud Storage bucket, one bucket per zone of the region. - Regional Buckets: These store data within a specific GCP region (and a single zone within that region). While this setup offers lower latency for users close to the region, it does not help customers who are far from that region. - Why rejected: This option limits access speed for users outside the region, as the files are not replicated globally. The approach can result in higher latency for users from other regions and does not scale well for a global customer base. Option C: Save the files in multiple Regional Cloud Storage buckets, one bucket per zone per region. - Multiple Regional Buckets: Storing files in different zones within a region can improve availability and fault tolerance within that region. However, this setup does not optimize latency for users outside the specific regi...

Author: Amira99 · Last updated May 10, 2026

Your company acquired a healthcare startup and must retain its customers' medical information for up to 4 more years, depending on when it was created. Your corporate policy is to securely retain this ...

To address the need to securely retain medical information while adhering to the regulatory requirements, the selected solution must ensure both compliance and efficiency in handling the data over the specified retention period. Let's evaluate each option: Option A: Store the data in Google Drive and manually delete records as they expire. - Google Drive: Google Drive is designed for general file storage and collaboration rather than for storing sensitive or regulated data like medical records. It does not have built-in features for enforcing retention policies or automating secure deletion. - Why rejected: While you could manually delete records, this introduces a significant risk of human error and inefficiency. It does not meet corporate compliance requirements for secure, automated deletion, especially for regulated industries like healthcare. Furthermore, Drive isn’t typically used for long-term data retention in sensitive environments due to its lack of specialized controls. Option B: Anonymize the data using the Cloud Data Loss Prevention API and store it indefinitely. - Cloud Data Loss Prevention (DLP) API: This tool is used to detect and classify sensitive data and anonymize it. While anonymizing data can help mitigate privacy concerns, it may not be appropriate for regulated medical data, as regulations often require retaining the data in its original, identifiable form for auditing, reporting, and healthcare purposes. - Why rejected: Anonymizing data may not align with healthcare regulations, which often require data to be retained in its full, identifiable form for a specific duration. Storing data indefinitely without adhering to retention periods could also violate regulations such as HIPAA or GDPR, which mandate the deletion of data after a set retention period. Option C: Store the data in Cloud Storage and use lifecycle management to delete files when they expire. - Cloud Storage Lifecycle Management: Google Cloud Storage offers lifecycle policies that allow you to automate the retention and deletion of data based on custom conditions, such as the age of the data. This is a secure and compliant approach, ensuring that data i...

Author: StarryEagle42 · Last updated May 10, 2026

You are deploying a PHP App Engine Standard service with Cloud SQL as the backend. You want to minimize the number...

When deploying a PHP App Engine Standard service with Cloud SQL as the backend, the goal is to minimize the number of database queries while ensuring efficient use of caching and performance. Let's evaluate each option: Option A: Set the memcache service level to dedicated. Create a key from the hash of the query, and return database values from memcache before issuing a query to Cloud SQL. - Dedicated Memcache Service: A dedicated memcache service provides more reliable and faster caching performance since it is isolated from other services. - Key from Query Hash: Storing query results in memcache using a hashed key is a common approach to prevent repeated queries from hitting the database. If the query is found in the cache, the result can be returned without querying the database again. - Why selected: This approach allows for caching query results effectively and reduces the number of database calls. Using a dedicated memcache service helps ensure optimal performance and scalability, particularly for an application with high traffic. It’s also a highly flexible and scalable method that can cache different types of queries independently. - Key Factors: Reduces database load by serving cached results quickly and minimizes caching overhead using a dedicated memcache instance. Option B: Set the memcache service level to dedicated. Create a cron task that runs every minute to populate the cache with keys containing query results. - Dedicated Memcache Service: While a dedicated service provides better performance, running a cron task every minute to pre-populate the cache with all query results can lead to unnecessary overhead. The cache would be populated with results even for queries that haven’t been made yet, which isn’t optimal. - Why rejected: Pre-populating the cache with every query result on a schedule can be wasteful and inefficient, especially if many queries are not requested within that minute. This approach doesn't respond dynamically to actual query demand, leading to inefficient use of resources. Option C: Set the memcache service level to shared. Create a cron task that runs every minute to save all expected queries to a key called `cached_queries`. - Shared Memcache Service: Shared memcache may provide lower performance compared to a dedicated instance since it is shared among multiple App Engine instances. Th...

Author: Lucas · Last updated May 10, 2026

You need to ensure reliability for your application and operations by supporting reliable task scheduling for compute on GCP....

To ensure reliable task scheduling and operations on Google Cloud Platform (GCP), we need a solution that is scalable, decoupled, and resilient. Let's evaluate each option using Google’s best practices for reliability, scalability, and maintainability. Option A: Using the Cron service provided by App Engine, publish messages directly to a message-processing utility service running on Compute Engine instances. - App Engine Cron: App Engine provides a cron service that allows you to schedule tasks, but it is mostly designed for lightweight applications and often works best for services running within App Engine itself. - Direct Communication with Compute Engine: Sending messages directly to Compute Engine instances from App Engine introduces tight coupling between the services. This approach lacks scalability and fault tolerance since the App Engine service would need to manage the interaction with Compute Engine directly. Additionally, Compute Engine doesn't have built-in capabilities for message queuing or decoupling the tasks, making it harder to scale or handle failures effectively. - Why rejected: This option introduces direct dependencies between services (App Engine and Compute Engine), which is less resilient, less flexible, and harder to scale compared to a decoupled approach like Pub/Sub. Option B: Using the Cron service provided by App Engine, publish messages to a Cloud Pub/Sub topic. Subscribe to that topic using a message-processing utility service running on Compute Engine instances. - App Engine Cron: This is used for scheduling tasks, and it’s a good fit for lightweight applications. - Cloud Pub/Sub: Cloud Pub/Sub is a fully managed, reliable, and scalable messaging service that decouples the sender from the receiver, ensuring high availability and resiliency. By publishing messages to a Pub/Sub topic, the communication becomes asynchronous, allowing for greater flexibility and reliability, particularly under heavy load. - Compute Engine Subscriber: The subscriber service on Compute Engine instances can handle the message processing asynchronously, ensuring that the application can scale and handle any failure or traffic spikes more effectively. - Why selected: This option is optimal because it leverages Cloud Pub/Sub for decoupling the task scheduling and message processing. Pub/Sub provides automatic retries, fault tolerance, and scalability, making the architecture more resilient and easier to manage. Option C: Using the Cron service provided by Google Kubernetes Engine (GKE), publish messages directly to a message-processing utility service running on Compute Engine instances. - GKE Cron: GKE can run cron jobs throu...

Author: Aria · Last updated May 10, 2026

Your company is building a new architecture to support its data-centric business focus. You are responsible for setting up the network. Your company's mobile and web-facing applications will be deployed on-premises, and all data analysis will be conducted in GCP. The plan is to process and load 7 years of archived .csv files totaling 900 TB of data ...

Let's break down the options based on the company's needs: Key Needs and Constraints: 1. Volume of Data: The company needs to process and load 900 TB of archived data and 10 TB of daily data. This is substantial. 2. Current Network: The company has an existing 100-MB internet connection, which is relatively slow for such large-scale data transfer. 3. GCP Integration: The data will be transferred to Google Cloud Platform (GCP), so the solution must enable efficient cloud integration. 4. Time and Efficiency: The solution must be cost-effective and time-efficient, considering the large amount of data. Analyzing Each Option: Option A: Compress and upload both archived files and daily files using the `gsutil -m` option. - Pros: - Simple and uses existing internet connection. - `gsutil -m` allows multi-threaded uploads, making the transfer faster. - Cons: - The current 100-MB internet connection is inadequate to handle the 900 TB of archived data efficiently. - Even with compression, the upload speed will still be a bottleneck. - Uploading 10 TB daily with a 100-MB connection will take a long time and cause delays. This option is not ideal because the 100-MB internet connection is not sufficient for such large-scale data transfer, both for the archived files and ongoing daily uploads. Option B: Lease a Transfer Appliance, upload archived files to it, and send it to Google to transfer archived data to Cloud Storage. Establish a connection with Google using a Dedicated Interconnect or Direct Peering connection and use it to upload files daily. - Pros: - The Transfer Appliance allows a massive offline transfer of the archived 900 TB, which is efficient. - Dedicated Interconnect or Direct Peering will provide a fast and stable connection to GCP, ensuring rapid daily uploads of 10 TB without the constraints of the 100-MB internet connection. - Cons: - Initial setup for the dedicated connection might take time and incur costs. - High cost for establishing the interconnect. - A separate infrastructure is required, which adds complexity. This option is solid for handling large volumes of data efficiently, especially with the use of the Transfer Appliance and high-speed dedicated connections ...

Author: Aarav · Last updated May 10, 2026

You are developing a globally scaled frontend for a legacy streaming backend data API. This API expects events in strict chronological order with no repeat data for proper processing. Which products s...

Let's break down the options to ensure guaranteed-once FIFO delivery for the legacy streaming backend API, which requires data events to be received in strict chronological order and with no repeats. Key Requirements: 1. FIFO (First-in, First-out) delivery is essential, meaning the order of events must be preserved. 2. Guaranteed-once delivery means no event should be duplicated or lost. 3. Streamed data needs to be processed in real-time or near real-time, ensuring data is passed from frontend to backend as events occur. Analyzing Each Option: Option A: Cloud Pub/Sub alone - Pros: - Cloud Pub/Sub is a powerful messaging service that supports asynchronous communication, suitable for handling large-scale event streaming. - It can scale to handle millions of messages per second, which is ideal for large-scale streaming data. - It ensures at least-once delivery (messages are guaranteed to be delivered but could be delivered more than once in case of failure recovery), but doesn't inherently guarantee FIFO. - Cons: - No FIFO guarantees: Pub/Sub operates on best-effort message delivery, and while it can provide message delivery guarantees, it does not guarantee strict order. Events may be processed out of order in certain scenarios, especially in high-throughput use cases or when there are multiple subscriptions. - There’s no built-in way to enforce strict FIFO delivery in Cloud Pub/Sub. This option is not ideal because FIFO and strict chronological order are essential for the backend API. Option B: Cloud Pub/Sub to Cloud Dataflow - Pros: - Cloud Dataflow is a managed service for stream and batch data processing. It allows for complex event processing and transformations in real-time. - Cloud Dataflow can handle FIFO processing if configured correctly using an appropriate key for partitioning and ordering. - Dataflow allows for managing exactly-once processing, so events can be processed in order without duplication or loss. - When used with Pub/Sub, you can ensure that each event is processed exactly once while maintaining the correct order of events. - Cons: - Slight...

Author: Layla · Last updated May 10, 2026

Your company is planning to perform a lift and shift migration of their Linux RHEL 6.5+ virtual machines. The virtual machines are running in an on-premises VMware environment. You want to migrat...

Let’s evaluate each option in terms of a lift and shift migration for Linux RHEL 6.5+ virtual machines running in an on-premises VMware environment to Google Compute Engine, following Google-recommended practices. A) 1. Define a migration plan based on the list of the applications and their dependencies. 2. Migrate all virtual machines into Compute Engine individually with Migrate for Compute Engine. - Incorrect. While defining a migration plan is important, migrating virtual machines individually with Migrate for Compute Engine (formerly Velostrata) can be less efficient. This option doesn’t address the overall strategy for a well-managed migration process, including dependencies, scheduling, and batch migration. Additionally, migrating individually might not scale well or adhere to best practices. - Rejected: This is not the most optimal method for large-scale migrations and misses the structured planning that Google recommends. B) 1. Perform an assessment of virtual machines running in the current VMware environment. 2. Create images of all disks. Import disks on Compute Engine. 3. Create standard virtual machines where the boot disks are the ones you have imported. - Incorrect. This approach involves creating images manually and importing disks directly, but it lacks the comprehensive migration management tools and practices recommended for a lift and shift migration. It also involves more manual effort and could create issues with compatibility, dependency management, and consistency. - Rejected: This option is not efficient for a large-scale lift-and-shift migration and misses the benefits of automated migration tools like Migrate for Compute Engine. C) 1. Perform an assessment of virtual machines ...

Author: Kai99 · Last updated May 10, 2026

You need to deploy an application to Google Cloud. The application receives traffic via TCP and reads and writes data to the filesystem. The application does not support horizontal scaling. The application process requires full control over the data on the file system because concurrent access causes corruption. The business is willing to accept a downtime when an incident occurs, but t...

Let’s break down the architecture design for the given requirements: Key Requirements: 1. TCP Traffic: The application receives traffic via TCP, meaning the load balancing and networking solution must support TCP traffic specifically. 2. Filesystem Control: The application needs full control over the filesystem, and concurrent access can cause corruption, implying that shared storage solutions are not suitable. 3. No Horizontal Scaling: The application does not support horizontal scaling, meaning you cannot deploy multiple instances to share the load in parallel. 4. 24/7 Availability: The application must be available 24/7, so it needs to be resilient, but the business accepts downtime during incidents. 5. Persistence of Data: The application writes and reads to the filesystem, which means data persistence needs to be addressed. Analyzing the Options: Option A: Use a managed instance group with instances in multiple zones, use Cloud Filestore, and use an HTTP load balancer in front of the instances. - Cloud Filestore: Provides managed NFS storage that is ideal for sharing file storage between instances, but it doesn’t fit the need for the application that requires full control over the filesystem. Multiple instances accessing the same Cloud Filestore could cause corruption due to concurrent access. - Managed Instance Group with Instances in Multiple Zones: A managed instance group helps with horizontal scaling, but this conflicts with the requirement that the application does not support horizontal scaling. Horizontal scaling would involve multiple instances sharing the load, which isn't appropriate here. - HTTP Load Balancer: An HTTP load balancer is designed for HTTP/HTTPS traffic, not for TCP traffic. Since the application needs to handle TCP traffic, this is not suitable. This option is not appropriate because it combines horizontal scaling and shared storage (Cloud Filestore) that could lead to data corruption and does not support TCP traffic. Option B: Use a managed instance group with instances in multiple zones, use Cloud Filestore, and use a network load balancer in front of the instances. - Cloud Filestore: Again, Cloud Filestore is a shared file system, and since the application needs full control over the filesystem and concurrent access causes corruption, this isn’t a suitable choice. - Managed Instance Group with Instances in Multiple Zones: The use of a managed instance group implies horizontal scaling, which the application does not support. - Network Load Balancer: This ...

Author: Ethan · Last updated May 10, 2026

Your company has an application running on multiple Compute Engine instances. You need to ensure that the application can communicate with an on-premises service that requires hi...

To ensure that your application on Compute Engine instances can communicate with an on-premises service with high throughput and low latency using internal IPs, we need to evaluate the options carefully. Key Factors: 1. High Throughput: The communication must support large volumes of data with a high rate of transmission, so the network solution should be capable of handling this. 2. Low Latency: Minimizing network latency is crucial for performance, especially when connecting on-premises services with cloud services. 3. Internal IP Communication: The communication between your Compute Engine instances and the on-premises service needs to be over internal IP addresses to ensure secure, low-latency, and cost-effective communication within the Google Cloud network. Analyzing Each Option: Option A: Use OpenVPN to configure a VPN tunnel between the on-premises environment and Google Cloud. - Pros: - OpenVPN is an open-source solution that provides encrypted communication between environments. - Cons: - OpenVPN is not optimized for high throughput and low latency. It’s generally suitable for smaller-scale or less demanding use cases. - OpenVPN introduces additional overhead due to encryption/decryption and might not meet high throughput requirements. - VPN tunnels (whether using OpenVPN or any other tool) typically don’t support internal IP communication directly between cloud and on-premises systems at a large scale or with low latency. This option is not ideal due to performance concerns and its inability to easily support high-throughput, low-latency, and internal IP communication. Option B: Configure a direct peering connection between the on-premises environment and Google Cloud. - Pros: - Direct peering allows for private, high-speed communication between your on-premises network and Google Cloud without routing through the public internet, which reduces latency. - This option can support high throughput and provide more reliable connectivity than VPN. - Cons: - Direct peering typically requires manual configuration and is limited in certain scenarios (e.g., in specific geographic regions, or may not support large-scale enterprise environments). - It may still have limitations around internal IP communication if specific network routing isn’t correctly set up. This option can work in some cases but is typically less flexib...

Author: Ming · Last updated May 10, 2026

You are managing an application deployed on Cloud Run for Anthos, and you need to define a strategy for deploying new versions of the application. You want to evaluate the new code with a subset of ...

To deploy new versions of an application on Cloud Run and test it with a subset of production traffic, we need a strategy that allows us to gradually roll out the new version, monitor its performance, and decide whether to proceed with the full deployment. Option A: Deploy a new revision to Cloud Run with the new version. Configure traffic percentage between revisions. - Explanation: Cloud Run allows you to deploy multiple revisions of the same service. You can control the traffic percentage between revisions, enabling a gradual rollout of the new version. This approach allows you to send a small percentage of production traffic to the new version and observe its behavior before committing fully. - Why selected: This method aligns with the goal of evaluating the new version with a subset of traffic. It is the most straightforward and native way to gradually deploy and monitor the new version in Cloud Run. - Use case: This option works best when you want a simple and quick solution for deploying new versions of your application with control over traffic distribution. Option B: Deploy a new service to Cloud Run with the new version. Add a Cloud Load Balancing instance in front of both services. - Explanation: This option involves creating a new service and deploying the new version there. You then use Cloud Load Balancing to direct traffic between the two services. - Why rejected: While this is a viable solution, it introduces more complexity than necessary. You would need to manage two separate services and configure load balancing, which is not as efficient as using revisions within a single service for version control. - Use case: This option could be useful if you need to test a completely separate version or different configuration of your application that requires distinct services, but it adds unnecessary overhead when simply testing new revisions. Option C: In the Google Cloud Conso...

Author: Maya · Last updated May 10, 2026

You are monitoring Google Kubernetes Engine (GKE) clusters in a Cloud Monitoring workspace. As a Site Reliability Engineer (SRE), ...

In order to triage incidents quickly in a Google Kubernetes Engine (GKE) cluster, you need to have a clear, accessible, and automated way of monitoring the cluster’s performance, health, and potential issues. Here's an evaluation of the options: Option A: Navigate the predefined dashboards in the Cloud Monitoring workspace, and then add metrics and create alert policies. - Explanation: Google Cloud offers predefined dashboards for GKE clusters in Cloud Monitoring, which provide instant access to useful metrics and insights into the state of your Kubernetes resources. By adding specific metrics and configuring alert policies, you can quickly receive notifications on incidents such as resource depletion, application failures, or infrastructure issues. - Why selected: This option is the most straightforward approach for triaging incidents. It uses Google Cloud's existing infrastructure and monitoring capabilities, making it faster to deploy and manage. Alert policies allow for real-time notifications, enabling prompt action without needing to manually gather or analyze data. - Use case: Ideal for SREs who need quick visibility into the health of their clusters and want to automate incident detection and response using predefined dashboards. Option B: Navigate the predefined dashboards in the Cloud Monitoring workspace, create custom metrics, and install alerting software on a Compute Engine instance. - Explanation: This option builds on the use of predefined dashboards but adds custom metrics and introduces additional complexity by installing alerting software on a Compute Engine instance. - Why rejected: While custom metrics can be useful, installing alerting software on a Compute Engine instance is redundant and introduces unnecessary complexity. Cloud Monitoring provides built-in support for alerting, so external software is not needed. This solution may also involve extra overhead and mainten...

Author: Jack · Last updated May 10, 2026

You are implementing a single Cloud SQL MySQL second-generation database that contains business-critical transaction data. You want to ensure that the minimum amount of data is lost in cas...

In this scenario, the goal is to ensure that the minimum amount of data is lost in case of catastrophic failure for a business-critical MySQL database. To achieve this, we need to focus on high availability and data durability. Let's break down the options: Option A: Sharding - Explanation: Sharding involves distributing data across multiple databases to balance the load or scale horizontally. While it can help with performance at scale, it doesn't directly address data loss prevention during catastrophic failures. - Why rejected: Sharding is more suited for scaling horizontally and managing large datasets across multiple instances. It doesn't offer mechanisms for minimizing data loss in the event of failure. - Use case: Sharding could be useful for scaling large databases, but not for minimizing data loss during failures. Option B: Read replicas - Explanation: Read replicas are copies of the primary database instance used for read-heavy workloads and to distribute query traffic. While they help with offloading read operations, they don't provide a method to minimize data loss during catastrophic failures. - Why rejected: Read replicas only offer redundancy for read operations, not for full high availability or minimizing data loss. If the primary instance fails catastrophically, the data replication lag might cause some data loss on the replicas. - Use case: Read replicas are useful for read scalability, but not optimal for minimizing data loss in case of failures. Option C: Binary logging - Explanation: Binary logging enables the recording of all changes to the database in the binary log, which can be used for point-in-time recovery (PITR). This allows you to replay events in the event of a failure, minimizing data l...

Author: Nathan · Last updated May 10, 2026

You are working at a sports association whose members range in age from 8 to 30. The association collects a large amount of health data, such as sustained injuries. You are storing this data in BigQuery. Current legislation requires you to delete such information u...

When designing a solution to accommodate deletion requests of personal health data in compliance with legislation, the key focus is on ensuring that the data is effectively deleted from BigQuery while minimizing any potential risk of retaining personal information. Here's an evaluation of each option: Option A: Use a unique identifier for each individual. Upon a deletion request, delete all rows from BigQuery with this identifier. - Explanation: This solution involves using a unique identifier to identify the rows associated with a specific individual. Upon receiving a deletion request, all rows containing the unique identifier are deleted. - Why selected: This is a straightforward and effective solution for ensuring data deletion. Deleting all rows associated with an individual ensures full compliance with the deletion request and guarantees no personal data remains in BigQuery. - Use case: This is a simple, direct approach, ideal when you need to delete all data for a specific individual in a compliant manner. Option B: When ingesting new data in BigQuery, run the data through the Data Loss Prevention (DLP) API to identify any personal information. As part of the DLP scan, save the result to Data Catalog. Upon a deletion request, query Data Catalog to find the column with personal information. - Explanation: The DLP API can help identify and classify sensitive data. By scanning and storing the results in Data Catalog, it would theoretically allow for easier identification of columns containing personal information. Upon deletion requests, you would query Data Catalog to find and delete data. - Why rejected: While DLP can identify sensitive data, this approach is more complex and less efficient than directly deleting rows based on a unique identifier. It adds unnecessary complexity for handling deletion requests and requires maintaining additional infrastructure (Data Catalog). It also introduces the risk of incomplete data deletion if the DLP ...

Author: Nia · Last updated May 10, 2026

Your company has announced that they will be outsourcing operations functions. You want to allow developers to easily stage new versions of a cloud-based application in the production environment and allow the outsourced operations team to autonomously promote staged versions to pr...

In this scenario, you're looking to allow developers to stage new versions of an application and enable the outsourced operations team to autonomously promote those versions to production, while minimizing operational overhead. Let's break down the options: Option A: App Engine - Explanation: Google App Engine is a fully managed Platform as a Service (PaaS) that abstracts infrastructure management, allowing developers to deploy applications quickly. App Engine automates much of the operational overhead, such as scaling, load balancing, and version management. - Why selected: App Engine is well-suited for your requirement because it automates many operational tasks, including versioning. Developers can easily stage new versions, and the operations team can autonomously promote these versions through the built-in version control and traffic splitting features. This reduces operational overhead and allows both development and operations teams to focus on their core tasks. App Engine also supports simple rollback and version management. - Use case: Ideal for cloud-native applications where the focus is on minimizing operations overhead and allowing a clear separation of duties between developers and operations. Option B: GKE On-Prem - Explanation: GKE On-Prem is a managed Kubernetes solution for running Kubernetes clusters on your on-premises infrastructure. It allows you to leverage Kubernetes for container orchestration but requires managing the underlying infrastructure. - Why rejected: GKE On-Prem requires more manual management of the infrastructure, including the Kubernetes cluster, networking, and scaling. While it can work in specific use cases where on-prem infrastructure is necessary, it doesn't minimize operational overhead as effectively as App Engine or GKE (in the cloud). It also requires more coordination between teams for managing...

Author: Emma · Last updated May 10, 2026

Your company is running its application workloads on Compute Engine. The applications have been deployed in production, acceptance, and development environments. The production environment is business-critical and is used 24/7, while the acceptance and development environments are only critical during ...

To optimize the cost of your application workloads while maintaining efficiency, we need to examine the options provided based on your specific requirements: Option A: Shell Script with gcloud Command - What it involves: This option suggests creating a shell script that uses `gcloud` commands to change the machine type of the development and acceptance instances to a smaller one during non-office hours. The script would be scheduled on a production instance. - Why it could be rejected: This approach would require manual configuration and management. Although it could work technically, this is a cumbersome solution that introduces complexity and the risk of human error in the script or scheduling. Moreover, it doesn’t stop the instances during idle times, just reduces resources, which may not provide the best cost savings. Option B: Cloud Scheduler + Cloud Function (Stop/Start VMs) - What it involves: You can use Cloud Scheduler to trigger a Cloud Function to automatically stop the development and acceptance environments after office hours and start them again just before office hours. - Why it could be rejected: This is a more elegant and automated solution compared to the previous one. It ensures that your environments are only running when needed and eliminates idle running times. However, it may cause a slight startup delay for the environments in the morning, which could be problematic if your teams need immediate access. Still, it's generally an efficient option for reducing costs during idle times. Option C: Managed Instance Group with Autoscaling - What it involves: Using Managed Instance Groups (MIGs) for the development and acceptance environments with autoscaling enabled. - Why it could be rejected: MIGs with autoscalin...

Author: Sara · Last updated May 10, 2026

You are moving an application that uses MySQL from on-premises to Google Cloud. The application will run on Compute Engine and will use Cloud SQL. You want to cut over to the Compute Engine deployment of the application with minimal downtime and no data loss to your customers. You want...

To ensure a seamless and efficient migration with minimal downtime and no data loss, let’s evaluate each option: Option A: Manual Dual Database Configuration - What it involves: - Set up Cloud VPN to connect Compute Engine to the on-premises MySQL. - Migrate data using mysqldump and Cloud SQL. - Modify the application to write to both databases (on-premises and Cloud SQL) during the transition phase. - Start the Compute Engine app and then stop the on-premises app. - Why it could be rejected: This option introduces complexity by modifying the application code to interact with both databases. This could lead to potential inconsistencies, additional maintenance, and more complexity in the transition process. While this might work, it doesn’t ensure a clean cutover with minimal downtime and risks data synchronization issues between the two databases. Option B: Simplified Dump and Import - What it involves: - Use Cloud SQL proxy and mysqldump to export data. - Stop the on-premises application and start the Compute Engine app connected to the new Cloud SQL instance. - Why it could be rejected: While this is simpler than Option A, it still carries the potential for downtime. The mysqldump export is a snapshot of the data, and there is a risk that any data changes that occur after the export will not be captured. It also lacks a strategy for handling continuous updates during the migration, making it a less ideal solution for ensuring minimal downtime and no data loss. Option C: Replication for Zero Downtime Migration - What it involves: - Set up Cloud VPN and configure replication between the on-premises MySQL server and Cloud SQL. - Configure the application to work with both databases during the migration. - Once replication is complete, promote Cloud SQL to a standalone instance and switch the application over. - Why it’s a strong choice: - Replication ensures that data changes in the on-premises MySQL serve...

Author: Noah · Last updated May 10, 2026

Your organization has decided to restrict the use of external IP addresses on instances to only approved instances. You want to enforce this requirement ac...

Option A: Remove Default Route and Move Approved Instances - What it involves: This approach would involve removing the default route on all VPCs and moving approved instances into a subnet that has a default route to an internet gateway. - Why it could be rejected: This solution is not efficient for enforcing a restriction on external IP addresses across all VPCs. It would require significant reconfiguration of your VPCs and subnets, potentially introducing network disruptions. Additionally, moving approved instances into a specific subnet with a default route to the internet gateway creates unnecessary complexity and doesn’t provide a scalable, centralized policy to enforce the restriction. Option B: Create a New VPC and Set Route to Internet Gateway - What it involves: This option suggests creating a new VPC and subnet for approved instances, setting a default route to the internet gateway in that subnet. - Why it could be rejected: This approach focuses on network architecture changes rather than applying a centralized policy for controlling external IP usage. It would require isolating approved instances into a new VPC, which could be complex and might not scale well. It does not fully address the need to restrict external IP addresses across all VPCs and would result in fragmented management. Option C: Implement Cloud NAT - What it involves: Cloud NAT (Network Address Translation) would be used to allow instances in private subnets to access the internet without external IP addresses. - Why it could be rejected: While Cloud NAT is a good solution for providing internet access to private instances, it does not fully enforce the restriction on the...

Author: Liam123 · Last updated May 10, 2026

Your company uses the Firewall Insights feature in the Google Network Intelligence Center. You have several firewall rules applied to Compute Engine instances. You need to evaluate the efficiency of the applied firewall ruleset. When you bring up the Firewall Insights page in t...

Option A: Enable VPC Flow Logging - What it involves: VPC flow logging provides information about the IP traffic flowing to and from network interfaces in your VPC. - Why it could be rejected: While VPC flow logs can provide insight into the traffic patterns and networking activities, they are not directly related to monitoring or troubleshooting firewall rules. Firewall Insights focuses on firewall rule evaluation and logs specific to firewall events, not general VPC flow traffic. Therefore, enabling VPC flow logging would not directly address the lack of logs in the Firewall Insights page. Option B: Enable Firewall Rules Logging - What it involves: Firewall rules logging allows you to log when specific firewall rules are applied, providing visibility into which rules are being hit or not hit. - Why it's the best option: Firewall rules logging is specifically designed to log events related to firewall rules. If you're not seeing log rows in the Firewall Insights page, it's likely that firewall rule logging has not been enabled. Without logging, no data is captured, and therefore no information can be displayed on the Firewall Insights page. Enabling logging for your firewall rules will immediately start capturing relevant data for Firewall Insights to display. Option C: Verify IAM Role (compute.networkAdmin) - What it involves: Verifying that your user account has the correct IAM role (such as `compute.networkAdmin`) for managing and accessing firewall rules. - Why it could be rejected: While having the right permissions is i...

Author: Ravi Patel · Last updated May 10, 2026

Your company has sensitive data in Cloud Storage buckets. Data analysts have Identity Access Management (IAM) permissions to read the buckets. You want to prevent data analysts from retrie...

Option A: Create a VPC Service Controls Perimeter - What it involves: This option suggests creating a VPC Service Controls perimeter for the projects containing the Cloud Storage buckets, with an access level defined by the CIDR of the office network. - Why it's the best option: VPC Service Controls provide strong security by allowing you to define a perimeter around Google Cloud resources and restrict access to those resources based on the network (in this case, the office network’s CIDR block). This ensures that data analysts can access the Cloud Storage buckets only from within the office network and not from external networks. It's a robust, scalable, and centralized solution for preventing unauthorized access outside of the specified network. - Why other options are rejected: - B: A firewall rule in the VPC would restrict access for instances but would not directly control access to Cloud Storage, which is a managed service. Firewall rules can only restrict traffic within the VPC, not directly control access to Cloud Storage. - C: Using Cloud Functions to dynamically remove and add IAM permissions introduces complexity and potential gaps in security. It would be error-prone, a...

Author: Kai · Last updated May 10, 2026

You have developed a non-critical update to your application that is running in a managed instance group, and have created a new instance template with the update that you want to release. To prevent any possible impact to the application, you don't want to update any running instance...

When dealing with a managed instance group in Google Cloud, there are various strategies to update the group, each with its specific behavior. Let's break down each of the given options and evaluate their suitability based on your requirement: A) Start a new rolling restart operation A rolling restart would restart existing instances without changing their configurations, which means the current instances will not pick up any changes related to the new instance template you have created. Since your goal is to release the new update to new instances only (without impacting the currently running ones), this option is not ideal. - Reasoning: This operation is designed for situations when you need to restart existing instances to apply updates or changes to the configuration, but it won’t install any new updates to new instances. - When to use: A rolling restart is useful if the changes are meant to be applied to already running instances without affecting the instance template. B) Start a new rolling replace operation A rolling replace operation essentially replaces the current instances in the managed instance group with new ones based on the updated instance template. This would cause downtime as each instance gets replaced one by one. - Reasoning: Although this option will ensure that new instances contain the updated template, it will replace all running instances, which is not what you're looking for, as you want to avoid impacting the current running instances. - When to use: A rolling replace is typically used when you want to ensure all instances are updated to the new configuration, but it comes at the cost of replacing the running instances, which you want to avoid. C) Start a new ...

Author: Kai · Last updated May 10, 2026

Your company is designing its application landscape on Compute Engine. Whenever a zonal outage occurs, the application should be restored in another zone as quickly as possible with the latest applicat...

To ensure your application can be restored as quickly as possible in another zone in the event of a zonal outage, you need a design that allows for rapid recovery with minimal downtime. Let's analyze each of the options provided: A) Create a snapshot schedule for the disk containing the application data. Whenever a zonal outage occurs, use the latest snapshot to restore the disk in the same zone. - Reasoning: This option does not meet the requirement because if a zonal outage occurs, the same zone would be unavailable, making it impossible to restore the disk in that zone. The design should allow for restoration in a different zone, not the same one. - When to use: This would only work if you're focusing on recovery within the same zone, which isn’t suitable for your scenario where the requirement is to recover in another zone. B) Configure the Compute Engine instances with an instance template for the application, and use a regional persistent disk for the application data. Whenever a zonal outage occurs, use the instance template to spin up the application in another zone in the same region. Use the regional persistent disk for the application data. - Reasoning: This is a strong option because it uses a regional persistent disk, which is replicated across zones within the same region, ensuring that the application data is available in another zone in case of a zonal outage. The instance template allows for quickly spinning up the application in another zone, ensuring minimal downtime. - When to use: This is ideal for scenarios where you want to ensure the application can continue functioning in another zone within the same region. The regional persistent disk ensures the data is accessible across zones. C) Create a snapshot schedule for the disk containing the application data. Whenever a zonal outage occurs, use the latest snapshot to restore the disk in another zone within the same region. ...

Author: Leah Davis · Last updated May 10, 2026

Your company has just acquired another company, and you have been asked to integrate their existing Google Cloud environment into your company's data center. Upon investigation, you discover that some of the RFC 1918 IP ranges being used in the new company's Virtual Private Cloud (VPC) overlap with your data center...

When integrating two Google Cloud environments where the IP ranges overlap, the primary challenge is to establish a secure and functional connection while avoiding routing conflicts. Let's examine each option in detail: A) Create a Cloud VPN connection from the new VPC to the data center, create a Cloud Router, and apply new IP addresses so there is no overlapping IP space. - Reasoning: This option suggests reconfiguring the IP addresses in the new VPC to eliminate any overlap. While this would resolve the IP conflict, it can be a very disruptive approach as it would involve changing IP addresses across potentially many systems and resources in the new VPC. This change could impact services and configurations, leading to potential downtime and significant effort to update all associated configurations. - When to use: This option could be considered when there is flexibility to redesign the network topology, but in this case, you are looking to avoid disruption in service and minimize configuration changes. B) Create a Cloud VPN connection from the new VPC to the data center, and create a Cloud NAT instance to perform NAT on the overlapping IP space. - Reasoning: Using Cloud NAT to perform Network Address Translation (NAT) could resolve the overlapping IP issue by translating the source IP addresses before they leave the VPC. However, while NAT can resolve conflicts at the connection level, it introduces a complexity in managing address translations, and this might not be the cleanest solution for ensuring seamless connectivity. NAT is typically used for outbound internet connectivity, not necessarily for handling overlapping private IP ranges. - When to use: Cloud NAT is typically used for scenarios where you want to enable private resources to access the internet without exposing their private IPs. In this case, using NAT for VPC-to-VPC connectivity is not the most optimal solution for handling overlapping private IP ranges. C) Create a Cloud VPN connection from the new VPC to the data center, create a Cloud Router, and apply a custom route advertisement to bl...

Author: IronLion88 · Last updated May 10, 2026

You need to migrate Hadoop jobs for your company's Data Science team without modifying the underlying infrastructure. You want to minimize co...

When migrating Hadoop jobs for the Data Science team while aiming to minimize costs and infrastructure management efforts, it's important to choose a solution that simplifies the setup and management, leverages managed services, and optimizes for cost efficiency. Let's evaluate each of the options: A) Create a Dataproc cluster using standard worker instances. - Reasoning: Dataproc is a managed service designed specifically for running Apache Hadoop and Apache Spark workloads. Using standard worker instances in Dataproc provides a reliable, managed environment, but it doesn't take full advantage of cost-saving options like preemptible instances. While this solution simplifies infrastructure management compared to manually deploying a Hadoop cluster, it may not be the most cost-effective for non-critical workloads. - When to use: This option is good if you need a fully managed service and are willing to pay for more stable, long-term resources without worrying about costs related to preemptible instances. However, if cost minimization is a priority and flexibility with potential interruptions is acceptable, preemptible instances might be more ideal. B) Create a Dataproc cluster using preemptible worker instances. - Reasoning: Preemptible instances are short-lived, lower-cost compute resources in Google Cloud. Using preemptible worker instances with Dataproc is a highly cost-effective option, as it minimizes the cost of running Hadoop jobs. Dataproc is a fully managed service, meaning you don’t need to worry about managing the underlying infrastructure. However, preemptible instances can be terminated by Google Cloud at any time, so this approach is best suited for workloads that are fault-tolerant and can handle interruptions. - When to use: This is the best option when you want to minimize costs and can tolerate the potential interruptions of preemptible instances. Since Hadoop jobs are often batch jobs that can be retried, preemptible instances are a great fit, especially in the cas...

Author: Deepak · Last updated May 10, 2026

Your company has a project in Google Cloud with three Virtual Private Clouds (VPCs). There is a Compute Engine instance on each VPC. Network subnets do not overlap and must remain separated. The network configuration is shown below. Instance #1 is an exception an...

To allow Instance 1 to communicate directly with Instance 2 and Instance 3 via internal IPs, the challenge is to establish the necessary network routes while maintaining non-overlapping subnets and ensuring the security of the network. Let's review each option: A) Create a cloud router to advertise subnet 2 and subnet 3 to subnet 1. - Reasoning: A Cloud Router is used to facilitate dynamic routing between VPCs, particularly in hybrid or multi-cloud environments. However, this approach alone will not establish direct communication between Instance 1, Instance 2, and Instance 3 in your scenario. While Cloud Router handles dynamic routes for VPC peering or VPN, it doesn't automatically connect multiple VPCs with non-overlapping subnets directly. - When to use: This option could be applicable if you are planning to connect VPCs via VPN and need dynamic route advertisements. However, it doesn't directly address the communication between instances. B) Add two additional NICs to Instance 1 with the following configuration: - NIC1: VPC 2, Subnet 2 - NIC2: VPC 3, Subnet 3 - Update firewall rules to enable traffic between instances. - Reasoning: This approach involves adding multiple network interfaces (NICs) to Instance 1, connecting it to VPC 2 and VPC 3. By using two NICs, Instance 1 will be able to communicate with both Instance 2 and Instance 3 directly via internal IPs. This is a valid solution because it allows Instance 1 to access both other VPCs without needing routing across the entire network. You can configure firewall rules to allow the required traffic between the instances. - When to use: This is a good solution for direct communication between Instance 1 and both Instance 2 and Instance 3 without modifying the network topology. However, it requires specific configuration and management of multiple NICs on Instance 1, which could be more complex to maintain. C) Create two VPN tunnels via CloudVPN: - 1. Between VPC 1 and VPC 2 - 2. Between VPC 2 and VPC 3 - Update firew...

Author: RadiantJaguar56 · Last updated May 10, 2026

You need to deploy an application on Google Cloud that must run on a Debian Linux environment. The application requires extensive configuration in order to operate correctly. You want to ensure that you can install Debian distri...

Option A: Create a Compute Engine instance template using the most recent Debian image. Create an instance from this template, and install and configure the application as part of the startup script. Repeat this process whenever a new Google-managed Debian image becomes available. - Explanation: This option involves manually updating the instance every time a new image is released. While the instance is created from an up-to-date Debian image, it does not automate the ongoing installation of updates once the instance is running. The process would need to be repeated whenever a new image becomes available, which is cumbersome and not ideal for minimizing manual intervention. - Rejected: It does not fully address the goal of minimizing manual intervention for updates after the initial setup. Option B: Create a Debian-based Compute Engine instance, install and configure the application, and use OS patch management to install available updates. - Explanation: This option makes use of OS patch management, which automatically installs OS-level updates as they become available. This is ideal for keeping the instance updated with the latest security patches and updates with minimal manual intervention. - Selected: This option provides the most seamless update process and ensures minimal manual intervention for ongoing OS updates. It is also scalable, allowing for efficient management across multiple instances. ...

Author: Mia · Last updated May 10, 2026

You have an application that runs in Google Kubernetes Engine (GKE). Over the last 2 weeks, customers have reported that a specific part of the application returns errors very frequently. You currently have no logging or monitoring solution enabled on your GKE cluster. You want to diagnose the proble...

Option A: 1. Update your GKE cluster to use Cloud Operations for GKE. 2. Use the GKE Monitoring dashboard to investigate logs from affected Pods. - Explanation: This option involves enabling Cloud Operations (formerly Stackdriver) to gain visibility into the logs and metrics of the GKE cluster. This allows you to monitor and investigate the issue without changing the existing architecture or adding extra complexity. You can view logs of the affected Pods and diagnose the problem. - Selected: This option is effective because it provides a minimal and non-disruptive solution to gain insights into the problem without requiring you to make major changes to the infrastructure, such as setting up new clusters or migrating workloads. Option B: 1. Create a new GKE cluster with Cloud Operations for GKE enabled. 2. Migrate the affected Pods to the new cluster, and redirect traffic for those Pods to the new cluster. 3. Use the GKE Monitoring dashboard to investigate logs from affected Pods. - Explanation: While this option provides monitoring via Cloud Operations, it involves creating a new GKE cluster and migrating Pods. This adds unnecessary complexity and disruption to the application. Migration to a new cluster would require downtime and potential service disruptions, which you want to avoid. - Rejected: This option introduces more disruption and is overly complicated when compared to simply enabling Cloud Operations on the existing cluster. Option C: 1. Update your GKE cluster to use Cloud Operations f...

Author: Maya · Last updated May 10, 2026

You need to deploy a stateful workload on Google Cloud. The workload can scale horizontally, but each instance needs to read and write to the same POSIX filesystem. At high load, the s...

Option A: Use a persistent disk for each instance. - Explanation: Persistent disks are suitable for providing storage to individual instances. However, they are not ideal for sharing a single POSIX filesystem across multiple instances, as each instance would have its own disk. This would complicate the setup and require a way to synchronize the data between instances, which would be inefficient and error-prone. - Rejected: This option is not suitable because it doesn’t meet the requirement of a shared POSIX filesystem across multiple instances. Option B: Use a regional persistent disk for each instance. - Explanation: Regional persistent disks provide higher availability and redundancy by replicating data across two zones within a region. However, they still behave like individual disks for each instance, which means they cannot be shared easily across instances to form a single POSIX filesystem. This would not solve the issue of needing a shared filesystem. - Rejected: While it offers redundancy, it still doesn’t address the requirement for a single shared filesystem across instances. Option C: Create a Cloud Filestore instance and mount it in each instance. - Explanation: Cloud Filestore provides a managed NFS service, which...

Author: Olivia · Last updated May 10, 2026

Your company has an application deployed on Anthos clusters (formerly Anthos GKE) that is running multiple microservices. The cluster has both Anthos Service Mesh and Anthos Config Management configured. End users inform you that the application is ...

Option A: Use the Service Mesh visualization in the Cloud Console to inspect the telemetry between the microservices. - Explanation: Anthos Service Mesh provides telemetry data that helps you monitor and analyze traffic between microservices. By using the Service Mesh visualization in the Cloud Console, you can track request latency, error rates, and other metrics that can pinpoint the microservice causing the delay. This is an ideal tool to diagnose performance issues in a microservices-based architecture. - Selected: This option is the best choice because it directly leverages the Service Mesh's built-in telemetry features, making it easy to visualize and diagnose issues in real-time with minimal disruption. The Service Mesh visualization specifically provides the necessary insights into inter-service communication and performance bottlenecks. Option B: Use Anthos Config Management to create a ClusterSelector selecting the relevant cluster. On the Google Cloud Console page for Google Kubernetes Engine, view the Workloads and filter on the cluster. Inspect the configurations of the filtered workloads. - Explanation: Anthos Config Management is useful for managing Kubernetes configurations and ensuring compliance across clusters, but it is not designed for real-time performance diagnostics or identifying slow microservices. While this method could help inspect the configuration of workloads, it would not directly reveal performance issues such as latency or delays in service communication. - Rejected: This option is not suitable for identifying the root cause of the performance issue, as it focuses more on configuration managemen...

Author: Vikram · Last updated May 10, 2026

You are working at a financial institution that stores mortgage loan approval documents on Cloud Storage. Any change to these approval documents must be uploaded as a separate approval file, so you want to ensure th...

Option A: Create a retention policy on the bucket for the duration of 5 years. Create a lock on the retention policy. - Explanation: A retention policy ensures that no objects in the bucket can be deleted or overwritten for the duration specified (in this case, 5 years). By locking the retention policy, you ensure that the policy cannot be modified or removed until the retention period has passed. This provides a solid solution for ensuring that documents cannot be deleted or altered, aligning perfectly with the requirement to prevent changes to mortgage loan approval documents for 5 years. - Selected: This is the best option because it directly addresses the need to protect the documents from deletion or overwriting for the specified retention period. The lock on the retention policy ensures the policy cannot be bypassed. Option B: Create the bucket with uniform bucket-level access, and grant a service account the role of Object Writer. Use the service account to upload new files. - Explanation: While this option provides access control to manage who can write to the bucket, it does not address the need for preventing deletion or overwriting of the documents. The service account can still upload new files or overwrite existing ones. This option does not provide the necessary protection against changes to the files for 5 years. - Rejected: This option only focuses on access control, n...

Author: Amira99 · Last updated May 10, 2026

Your team will start developing a new application using microservices architecture on Kubernetes Engine. As part of the development lifecycle, any code change that has been pushed to the remote develop branch on your GitHub repository should be built and tested automatically. When the build and test are successful, the relevant microservice will be deployed auto...

Let's break down each option in the context of achieving automated testing, building, and deployment of a microservice when code is pushed to the development branch. A) Pre-commit hook on developer's workstation - Explanation: This approach relies on developers to install a pre-commit hook locally on their workstations. This hook would test the code and build the container locally before committing and deploying it to the development environment. - Issues: - Inconsistency: Developers may not set up the pre-commit hook correctly, leading to inconsistent behavior across teams. - Manual steps: Developers are responsible for triggering the build and deployment process, which can introduce human error and inconsistency. - Lack of centralization: It doesn't automate the testing, build, or deployment process in a consistent, centralized manner. Every developer is responsible for their own setup. - When can this be useful: This could be useful in very small teams or for personal projects, but it is not ideal for automated continuous integration/deployment (CI/CD) pipelines in production-grade applications. B) Post-commit hook on the remote Git repository - Explanation: This option triggers a post-commit hook to test the code and build the container every time code is pushed to the `development` branch. - Issues: - Limited testing: A post-commit hook only focuses on the commit itself, not on broader integration or other tests. It doesn't necessarily ensure complete build pipelines or end-to-end tests. - Manual deployments: Like option A, it still leaves the responsibility of deployment to the developers. This reduces automation and consistency. - Limited control: Post-commit hooks are less flexible, and relying on them to trigger processes can be tricky when scaling. - When can this be useful: This could work for simple testing scenarios but lacks the centralized and automated deployment that modern microservices require. C) Cloud Build Trigger with CI/CD pipeline - Explanation: This approach automates the entire process: 1. Cloud Build triggers when a new commit is pushed to the `development` branch. 2. It tests the code, builds the container image, and stores it in Container Registry. 3. A deployment pipeline watches fo...

Author: Amira · Last updated May 10, 2026

Your operations team has asked you to help diagnose a performance issue in a production application that runs on Compute Engine. The application is dropping requests that reach it when under heavy load. The process list for affected instances shows a single application process that is consuming all available CPU, and autoscaling has reached the upper limit of instances. There is no abnormal lo...

Let's break down each of the available options in the context of diagnosing and resolving a performance issue where the application on Compute Engine is dropping requests under heavy load. A) Change the autoscaling metric to `agent.googleapis.com/memory/percent_used` - Explanation: This option suggests changing the autoscaling metric to track memory usage instead of the current metric (likely CPU usage). - Issues: - Not relevant to the current issue: The problem described is that the application is consuming all available CPU, and autoscaling is already maxed out. Switching to memory usage won’t address the root cause of CPU saturation. - Doesn’t address the immediate need: The request is to alleviate the traffic drop issue quickly, and changing the autoscaling metric wouldn’t have a near-term impact. - When can this be useful: This could be useful in other cases where the application faces memory bottlenecks rather than CPU bottlenecks, but it doesn’t address the current issue of CPU overload. B) Restart the affected instances on a staggered schedule - Explanation: This involves restarting the affected instances one by one, which may help clear up any application-specific issues or stuck processes causing high CPU usage. - Issues: - Delays in recovery: Although restarting instances may temporarily free up resources, it doesn’t directly address the root cause (which is CPU saturation due to the application process). This could result in intermittent downtime or further traffic drop while the instances restart. - Limited impact: If the application continues to consume all CPU upon restart, the issue will recur, meaning this solution may only offer a short-term fix. - When can this be useful: This could be useful in scenarios where the application has become unstable or needs to be "reset," but it doesn’t provide a sustainable solution. C) SSH to each instance and restart the application process - Explanation: This option suggests SSH’ing into each affected instance and restarting the application process directly. - Issues: - Manual intervention: This approach involves manual steps on eac...

Author: Ryan · Last updated May 10, 2026

You are implementing the infrastructure for a web service on Google Cloud. The web service needs to receive and store the data from 500,000 requests per second. The data will be queried later in real time, based on exact matches of a known set of attributes. There will be periods where the web service will not ...

Let's evaluate each option based on the requirements: handling 500,000 requests per second, storing data, querying in real time, and keeping costs low. A) Cloud Run and BigQuery - Cloud Run: Cloud Run is a serverless platform that scales automatically based on incoming requests. It is well-suited for handling unpredictable traffic, including spikes and low-traffic periods, while only charging for actual usage. - Pros: It scales automatically and charges based on the number of requests processed, so it’s ideal for intermittent traffic. - Cons: BigQuery, while excellent for large-scale analytics, is not optimized for real-time querying with low latency. It is typically used for batch processing and data analytics, but not ideal for fast, low-latency access to frequently queried data. - When this can be useful: This setup would be ideal for analytical workloads, but the requirement of "real-time queries based on exact matches" would not be effectively supported by BigQuery due to higher latency for real-time lookups. - Rejected: BigQuery doesn’t meet the real-time querying requirement effectively. B) Cloud Run and Cloud Bigtable - Cloud Run: Similar to option A, Cloud Run can handle the 500,000 requests per second and scale based on demand. - Cloud Bigtable: Bigtable is a NoSQL database optimized for high throughput and low-latency access, making it well-suited for real-time lookups on large datasets. It can handle large-scale, high-performance workloads and is ideal for exact match queries. - Pros: Cloud Bigtable can efficiently handle high throughput and low-latency real-time queries, and Cloud Run can handle the variable request load, allowing for a cost-effective and scalable solution. - Cons: The integration between Cloud Run and Cloud Bigtable is straightforward, but it may not be as fully managed as fully serverless options. - When this can be useful: This option is ideal for the given requirements because it combines a serverless platform (Cloud Run) to handle unpredictable load with a database optimized for real-time querying (Cloud Bigtable). - Selected: This is a great fit for the workload, combining scalabilit...

Author: Elijah · Last updated May 10, 2026

You are developing an application using different microservices that should remain internal to the cluster. You want to be able to configure each microservice with a specific number of replicas. You also want to be able to address a specific microservice from any other microservice in a uniform way, regardless of ...

Let's analyze each option based on your requirements: configuring microservices with specific replicas, ensuring internal communication, and addressing microservices in a uniform way, regardless of scaling. A) Deploy each microservice as a Deployment. Expose the Deployment in the cluster using a Service, and use the Service DNS name to address it from other microservices within the cluster. - Explanation: - Deployments in Kubernetes allow you to scale the number of replicas of a microservice easily. It automatically handles the creation and management of pods. - Services in Kubernetes provide a stable network endpoint (DNS name) to access a set of pods (in this case, the microservice pods). Kubernetes internally load balances traffic to the pods behind the Service, which allows you to address the microservice uniformly, even as it scales up or down. - Pros: - Simple, effective, and scalable. - The Service provides a stable DNS name that remains constant, regardless of the number of pods or replicas. - The microservice can be accessed using the Service DNS name, and Kubernetes handles the scaling and load balancing automatically. - When this can be useful: This is an ideal solution because it meets the scalability, uniformity, and internal communication requirements. - Selected: This is the most suitable option for internal microservice communication with scaling and uniform addressing. B) Deploy each microservice as a Deployment. Expose the Deployment in the cluster using an Ingress, and use the Ingress IP address to address the Deployment from other microservices within the cluster. - Explanation: - Ingress is typically used for exposing services externally to the internet or to manage HTTP/S traffic routing. - In Kubernetes, Ingress is not ideal for internal communication between microservices inside the cluster, especially when there is no need for external access. - Cons: - Ingress is overkill for internal communication because it's designed for routing external HTTP/S traffic. - Using an Ingress for internal communication introduces unnecessary complexity and does not meet the goal of having a simple internal service-to-service address. - When this can be useful: Ingress is use...

Author: Vikram · Last updated May 10, 2026

Your company has a networking team and a development team. The development team runs applications on Compute Engine instances that contain sensitive data. The development team requires administrative permissions for Compute Engine. Your company requires all network resources to be managed by the networking te...

Let's analyze each option to determine the most appropriate solution for this scenario, where the development team needs administrative permissions for Compute Engine instances containing sensitive data, while the networking team must manage network resources but not access sensitive data. A) 1. Create a project with a standalone VPC and assign the Network Admin role to the networking team. 2. Create a second project with a standalone VPC and assign the Compute Admin role to the development team. 3. Use Cloud VPN to join the two VPCs. - Incorrect. Using Cloud VPN to connect two standalone VPCs is a feasible networking solution but doesn’t address the issue of isolating permissions for the sensitive data on Compute Engine instances. The development team would still be able to access sensitive data if they have Compute Admin permissions in the same project. Additionally, using standalone VPCs would make management more complex. - Rejected: While this setup could work from a networking standpoint, it doesn't fully resolve the isolation of sensitive data for the development team. B) 1. Create a project with a standalone Virtual Private Cloud (VPC), assign the Network Admin role to the networking team, and assign the Compute Admin role to the development team. - Incorrect. In this setup, both teams would have access to the same project and its resources. This doesn’t provide sufficient isolation of the sensitive data for the development team while allowing the networking team to manage network resources. The Compute Admin role would still grant the development team permissions to access all resources, including sensitive data, which is not what is required. - Rejected: This approach lacks the necessary separation of concerns between the teams, especially in terms of access to sensitive data. C) 1. Create a project with a Shared VPC and assign the Network Admin role to the networking team. 2. Create a second proje...

Author: Charlotte · Last updated May 10, 2026

Your company wants you to build a highly reliable web application with a few public APIs as the backend. You don't expect a lot of user traffic, but traffic could spike occasionally. You want to leverage Clo...

Let's evaluate each option based on the key requirements: reliability, cost-effectiveness, traffic spikes, cloud load balancing, scalability, and the need for public APIs. A) Store static content such as HTML and images in Cloud CDN. Host the APIs on App Engine and store the user data in Cloud SQL. - Static content in Cloud CDN: Cloud CDN provides fast content delivery, which is great for static content like HTML and images. This is cost-effective and provides high performance, especially during traffic spikes. - APIs on App Engine: App Engine automatically scales the backend services, which is excellent for handling occasional traffic spikes. App Engine is a fully managed platform, so you don't need to worry about infrastructure management, and it scales well with load. - User data in Cloud SQL: Cloud SQL provides a fully managed relational database. It’s reliable and supports the needs of most applications, but it may not be the most cost-effective for larger scale databases due to pricing, especially when dealing with occasional traffic spikes. However, Cloud SQL can handle the traffic surge with proper configuration. - Rejection Reason: While this option is highly reliable and cost-effective for moderate to low traffic, Cloud SQL can be a bit more expensive when dealing with larger volumes of data or scaling during traffic spikes. B) Store static content such as HTML and images in a Cloud Storage bucket. Host the APIs on a zonal Google Kubernetes Engine (GKE) cluster with worker nodes in multiple zones, and save the user data in Cloud Spanner. - Static content in Cloud Storage: Cloud Storage is reliable and cost-effective for storing static files such as HTML and images, making it a good choice for static content. - APIs on GKE: While GKE provides scalability and flexibility, managing a Kubernetes cluster can be complex. It requires more operational overhead, and GKE might be overkill for a low-to-moderate traffic application. It also requires careful management of load balancing, scaling, and monitoring, which could increase operational costs. - User data in Cloud Spanner: Cloud Spanner is a highly scalable and fully managed relational database. However, it is more suited for large, complex, and high-traffic applications that require global distribution and horizontal scaling. For a small-to-medium-scale application, Cloud Spanner might be unnecessarily costly. - Rejection Reason: This solution introduces more complexity and potential cost due to the use of GKE and Cloud Spanner, both of which are over-engineered for a small-to-modera...

Author: Ava · Last updated May 10, 2026

Your company sends all Google Cloud logs to Cloud Logging. Your security team wants to monitor the logs. You want to ensure that the security team can react quickly if an anomaly such as an unwanted firewall change or s...

Let’s evaluate each option based on the key requirements: quick reaction time, efficiency, Google Cloud recommended practices, and the need to monitor logs for anomalies. A) Schedule a cron job with Cloud Scheduler. The scheduled job queries the logs every minute for the relevant events. - Cron job with Cloud Scheduler: While this is technically feasible, querying logs every minute is not efficient. Logs are already being sent to Cloud Logging, and querying them manually via cron jobs is not ideal for real-time anomaly detection. It would create delays and also introduce unnecessary complexity in managing the job. - Rejection Reason: This approach involves manually querying logs at set intervals, which isn't optimal for real-time monitoring and rapid response. It also lacks integration with automation tools for fast detection and reaction to anomalies. B) Export logs to BigQuery, and trigger a query in BigQuery to process the log data for the relevant events. - Export logs to BigQuery: BigQuery is excellent for querying and analyzing large datasets, and logs can be exported there for processing. However, using BigQuery for real-time anomaly detection could be slower and less efficient than other methods designed for event-driven architectures. It requires manual intervention or custom code to continuously query logs for changes. - Rejection Reason: While BigQuery is great for batch analysis and ad-hoc querying, it’s not ideal for real-time detection of anomalies. This method would likely introduce latency in detecting security events and might not provide the responsiveness needed for security operations. C) Export logs to a Pub/Sub topic, and trigger Cloud Function with the relevant log events. - Export logs to Pub/Sub: Pub/Sub is a fully managed messaging service designed for real-time event processing. By exporting logs to a Pub/Sub topic, yo...

Author: Krishna · Last updated May 10, 2026

You have deployed several instances on Compute Engine. As a security requirement, instances cannot have a public IP address. There is no VPN connection between Google Cloud and your office, and you need to connect via...

Let’s evaluate each option based on the key requirements: security, SSH access, no public IPs, and no VPN. A) Configure Cloud NAT on the subnet where the instance is hosted. Create an SSH connection to the Cloud NAT IP address to reach the instance. - Cloud NAT: Cloud NAT provides outbound internet access for instances without public IPs. However, it does not allow direct inbound SSH access to instances. NAT only enables outbound communication (like package updates), not the kind of SSH access you're asking for. - Rejection Reason: Cloud NAT does not facilitate inbound SSH connections to instances, meaning it doesn’t meet the need for secure access to your Compute Engine instances. B) Add all instances to an unmanaged instance group. Configure TCP Proxy Load Balancing with the instance group as a backend. Connect to the instance using the TCP Proxy IP. - TCP Proxy Load Balancing: TCP Proxy Load Balancing is designed for load balancing traffic to instances, typically for web or application servers, not for SSH access. It’s not suitable for directly accessing individual instances via SSH. Additionally, exposing SSH access through load balancing adds unnecessary complexity and may lead to potential security concerns. - Rejection Reason: TCP Proxy Load Balancing is not appropriate for managing SSH connections securely. It's designed for distributing traffic, not for SSH access to individual instances. C) Configure Identity-Aware Proxy (IAP) for the instance and ensure that you have the role of IAP-secured Tunnel User. Use the gcloud command line tool to ssh into the instance. - IAP (Identity-Aware Proxy): IAP is a Google-recommended way...

Author: Sophia Clark · Last updated May 10, 2026

Your company is using Google Cloud. You have two folders under the Organization: Finance and Shopping. The members of the development team are in a Google Group. The development team group has been assigned the Project Owner role on the Organization. You wan...

Let’s evaluate each option based on the requirement: preventing the development team from creating resources in projects in the Fice folder while maintaining appropriate permissions in the Shopping folder. A) Assign the development team group the Project Viewer role on the Fice folder, and assign the development team group the Project Owner role on the Shopping folder. - Project Viewer role on Fice folder: Assigning the "Project Viewer" role on the Fice folder restricts the development team's ability to create or modify resources in the projects within the Fice folder. They can only view the resources but cannot create or alter anything. - Project Owner role on Shopping folder: The Project Owner role gives full administrative rights over projects in the Shopping folder, allowing the team to create resources there. - Selected for: This solution effectively meets the requirement by limiting the development team's capabilities in the Fice folder (view-only access) while granting them full control over the Shopping folder. - Advantage: It's a balanced approach where the development team retains necessary privileges in one folder and is restricted in the other folder. B) Assign the development team group only the Project Viewer role on the Fice folder. - Project Viewer role on Fice folder: This restricts the development team's ability to create or modify resources in the Fice folder, but it doesn't provide any permissions in the Shopping folder. - Rejection Reason: While this prevents resource creation in the Fice folder, it doesn't address the requirement for giving the team permissions in the Shopping folder. The team would have no access to the Shopping folder or any project creation privileges in ge...

Author: Sophia Clark · Last updated May 10, 2026

You are developing your microservices application on Google Kubernetes Engine. During testing, you want to validate the behavior of your application in case...

Let’s evaluate each option based on the goal of validating the behavior of the application when a specific microservice crashes: A) Add a taint to one of the nodes of the Kubernetes cluster. For the specific microservice, configure a pod anti-affinity label that has the name of the tainted node as a value. - Taint and Anti-Affinity: Taints and anti-affinity are useful for controlling which pods can be scheduled on specific nodes. In this case, adding a taint to a node and configuring an anti-affinity rule ensures that the microservice does not run on that node. However, this solution doesn't simulate a "crash" scenario—it only ensures that the pod doesn't run on the affected node. - Rejection Reason: This approach doesn't allow for simulating a microservice failure or crash. It simply avoids scheduling the microservice on a node, which is not the intended behavior of testing a crash scenario. B) Use Istio's fault injection on the particular microservice whose faulty behavior you want to simulate. - Istio Fault Injection: Istio's fault injection is a powerful feature for simulating various types of failures, including HTTP errors, delays, and even service crashes. It allows you to inject failures in a controlled manner, making it ideal for testing how the application behaves when a specific microservice fails or experiences an error. - Selected for: This option is ideal for testing crash scenarios because Istio can simulate specific faults (such as timeouts, delays, or service unavailability) in a microservice. This provides the flexibility to simulate different types of failures and observe the application's response. - Advantage: It allows for controlled and repeatable...

Author: Akash · Last updated May 10, 2026

Your company is developing a new application that will allow globally distributed users to upload pictures and share them with other selected users. The application will support millions of concurrent users. You want to allow developers to focus on just building code withou...

In order to deploy an application with millions of concurrent users while allowing developers to focus on the code rather than infrastructure management, we should evaluate the following Google Cloud services: A) App Engine: - Advantages: - Managed Service: App Engine is a fully managed platform-as-a-service (PaaS) offering, which means it abstracts the underlying infrastructure entirely, so developers only focus on building the application code. - Auto-scaling: App Engine automatically scales based on demand, making it well-suited for handling millions of concurrent users. - Global Distribution: App Engine offers built-in support for global traffic distribution, meaning it can easily serve a global user base. - Integrated Services: App Engine integrates seamlessly with other Google Cloud services like Cloud Storage for file handling, BigQuery, and Firestore. - Cost Efficiency: You pay only for the resources you use, which helps control costs for applications with variable usage. - Use case: Ideal for applications like this, where developers need to focus on writing code without worrying about infrastructure management, scaling, or distributing resources globally. B) Cloud Endpoints: - Advantages: Cloud Endpoints is a fully managed API gateway that helps you create, deploy, and monitor APIs. It provides API management features such as authentication, rate limiting, and traffic monitoring. - Limitations: Cloud Endpoints is mainly used for API management rather than hosting and running full applications. It would be useful in this scenario only if you were specifically building an API layer, not an entire application with front-end and back-end components. - Use case: Useful for building and managing APIs, but not a full deployment solution for a scalable application with complex user interactions. ...

Author: John · Last updated May 10, 2026

Your company provides a recommendation engine for retail customers. You are providing retail customers with an API where they can submit a user ID and the API returns a list of recommendations for that user. You are responsible for the API lifecycle and want to ensure stability for your custo...

To ensure stability and prevent disruptions for your customers in the case of backward-incompatible changes to your API, it's crucial to follow a strategy that allows customers to transition smoothly to newer versions without breaking existing integrations. Let's evaluate each option: A) Create a distribution list of all customers to inform them of an upcoming backward-incompatible change at least one month before replacing the old API with the new API. - Advantages: Informing customers in advance helps them plan for changes, but this method requires ongoing communication and monitoring. It also assumes that all customers are regularly checking their emails and would act on the information. - Limitations: This is a reactive approach; it doesn’t provide a clear technical solution to managing versioning. If you have many customers or automated systems using the API, it may be challenging to ensure that everyone is informed and prepared. - Use case: While this is useful for customer communication, it doesn’t address the underlying technical needs of version control for the API itself, so it is not sufficient alone. B) Create an automated process to generate API documentation, and update the public API documentation as part of the CI/CD process when deploying an update to the API. - Advantages: Automating documentation ensures that it’s always up to date, which is critical for helping customers understand API changes. - Limitations: While automation improves documentation accuracy and ease of access, it doesn’t specifically address the problem of managing backward-incompatible changes. This option doesn’t provide a versioning strategy or help customers manage transitions between versions. - Use case: This is beneficial for improving the development workflow and ensuring clear documentation but doesn't directly solve the problem of managing backward compatibility in the API itself. C) Use a versioning strategy for the APIs that increases the version number on every backward-incompatible change. - Advantages: Using versioning is the most standard and recommended approach for managing API changes, especially when making backward-incom...

Author: Olivia · Last updated May 10, 2026

Your company has developed a monolithic, 3-tier application to allow external users to upload and share files. The solution cannot be easily enhanced and lacks reliability. The development team would like to re-architect the application to adopt microservices and a fully managed service approach, ...

To convince leadership that re-architecting the application to adopt microservices and a fully managed service approach is worthwhile, it’s important to emphasize the key advantages of such a transition, such as scalability, flexibility, and improved management of the application’s infrastructure. Let's review each option: A) The new approach will be significantly less costly, make it easier to manage the underlying infrastructure, and automatically manage the CI/CD pipelines. - Advantages: This option highlights the potential for cost reduction, infrastructure management simplicity, and automated CI/CD pipelines. - Limitations: While cost reduction and easier infrastructure management are certainly benefits, this statement is too broad and doesn’t directly address the core benefits of microservices, such as flexibility, scalability, and ease of introducing new features or scaling specific components of the application. Also, "significantly less costly" could vary depending on how the new system is designed and implemented. - Use case: This is a valid statement but lacks specificity about the deeper benefits of adopting microservices, such as better agility, scalability, and feature isolation, which are key in convincing leadership for a re-architecture effort. B) The monolithic solution can be converted to a container with Docker. The generated container can then be deployed into a Kubernetes cluster. - Advantages: Converting a monolithic solution into a containerized application can help improve portability and simplify deployment by encapsulating the application into a self-contained environment. - Limitations: While containerizing the existing monolithic application is a step toward modernization, it doesn't address the full scope of what adopting microservices would offer, such as modularity, independent scaling of components, and fault isolation. It also doesn’t offer the flexibility that comes with microservices, where different services can evolve and scale independently. - Use case: This can be useful as a first step, but it doesn't go far enough in promoting the long-term advantages of microservices, such as independent service scaling or enhanced reliability and resilience. C) The new approach will make it easier to decouple infrastructure from application, develop and release new features, manage the underlying infrastructure, manage CI/CD pipelines and perform A/B testing, and scale the solution if necessary. - Advantages: This option highlights several compelling reasons to move to microservices: - Decoupling infrastructure: By mo...

Author: Aria · Last updated May 10, 2026

Your team is developing a web application that will be deployed on Google Kubernetes Engine (GKE). Your CTO expects a successful launch and you need to ensure your application can handle the expected load of tens of thousands of users. You want to test the cu...

To ensure that your web application on Google Kubernetes Engine (GKE) can handle tens of thousands of users with acceptable latency, it’s crucial to properly test the system under load, validate scalability, and ensure that the infrastructure can handle peak demand. Let's review each option: A) Use a load testing tool to simulate the expected number of concurrent users and total requests to your application, and inspect the results. - Advantages: This is the most direct approach to validate how your application performs under expected load. A load testing tool can simulate traffic, including concurrent users and various types of requests, and you can measure the latency, throughput, error rates, and overall system behavior under stress. - Limitations: This method focuses solely on testing the application’s current state and might not consider potential future optimizations like autoscaling or geographic distribution. - Use case: This is the best option for identifying performance bottlenecks, ensuring your application stays within latency thresholds, and gauging how it behaves under the expected user load. This type of testing is essential before launching the application to ensure it meets performance expectations. B) Enable autoscaling on the GKE cluster and enable horizontal pod autoscaling on your application deployments. Send curl requests to your application, and validate if the auto-scaling works. - Advantages: Autoscaling ensures that the application can scale up and down based on the incoming load, which helps prevent performance degradation under high load. - Limitations: While autoscaling is important for handling varying loads, simply sending curl requests will not simulate the load at scale (tens of thousands of users). It’s more of a validation of autoscaling mechanics rather than a true performance test. The scaling might work, but the overall system performance under stress (latency, throughput) won’t be fully understood without load testing. - Use case: Autoscaling is crucial for high availability and performance during production, but this option lacks the thorough load testing required to ensure latency stays below the expected threshold under heavy user load. C) Replicate the application over multiple GKE clusters in every Google Cloud region. Configure a global HTTP(S) load balancer to expose the d...

Author: Daniel · Last updated May 10, 2026

Your company has a Kubernetes application that pulls messages from Pub/Sub and stores them in Filestore. Because the application is simple, it was deployed as a single pod. The infrastructure team has analyzed Pub/Sub metrics and discovered that the application cannot process the messages in real time. Most ...

Let's evaluate each option based on the requirement to scale the Kubernetes application that processes messages from Pub/Sub and stores them in Filestore, particularly focusing on I/O-intensive tasks that need scaling to handle increased load efficiently. A) Use kubectl autoscale deployment APP_NAME --max 6 --min 2 --cpu-percent 50 to configure Kubernetes autoscaling deployment. - Incorrect. The CPU usage is not the best metric for autoscaling in this case since the application is I/O-intensive, not CPU-bound. The autoscaling approach based on CPU percent may not effectively address the issue of processing delays related to I/O performance or backlog in message processing. - Rejected: While this command can autoscale based on CPU, it doesn't directly address the I/O-intensive nature of the application and message processing latency. B) Configure a Kubernetes autoscaling deployment based on the subscription/push_request_latencies metric. - Correct. The subscription/push_request_latencies metric is a key metric that reflects the latency of messages being processed. By scaling based on this metric, you can ensure that the Kubernetes application scales up when processing latency increases, indicating that the system is not keeping up with the load. This will effectively reduce the wait time for processing messages. - Selected: This is the most appropriate option as it directly addresses the issue of scaling based on the application’s ability to process messages in real time, focusing on the relevant latency metric. C) Use the --enable-autoscaling flag when you create the...

Author: Akash · Last updated May 10, 2026

Your company is developing a web-based application. You need to make sure that production deployments are linked to source co...

To ensure that production deployments are linked to source code commits and are fully auditable, it's essential to implement a method that allows you to trace every deployment back to the exact version of the code. Let's evaluate each option in terms of its effectiveness: A) Make sure a developer is tagging the code commit with the date and time of commit. - Reasoning: Tagging a commit with the date and time is not ideal because it is prone to errors, and it doesn't provide a clear and consistent link to the actual changes in the code. The date and time can be ambiguous and doesn't help in identifying the exact changes made in the commit. - Rejected: While it offers some level of traceability, it doesn't provide a direct connection between deployments and specific code changes. It's not a robust solution. B) Make sure a developer is adding a comment to the commit that links to the deployment. - Reasoning: Adding a comment in the commit that links to the deployment can work, but it still relies on manual intervention and consistency. Developers may forget or fail to link the commit to the deployment in the comment, leading to gaps in the audit trail. - Rejected: Although this option offers some level of traceability, it lacks automation and can be error-prone. It also doesn't ensure a direct and easily traceable link between the code and the deployment process. C) Make the container tag match the source code commit hash. - Reasoning: This is a best practice ...

Author: Zara · Last updated May 10, 2026

An application development team has come to you for advice. They are planning to write and deploy an HTTP(S) API using Go 1.12. The API will have a very unpredictable workload and must remain reliable during peaks in traffic. Th...

When considering how to deploy an HTTP(S) API with an unpredictable workload while minimizing operational overhead, the decision depends on factors like scalability, management complexity, and workload flexibility. Let's evaluate each of the options: A) Develop the application with containers, and deploy to Google Kubernetes Engine (GKE). - Reasoning: Kubernetes Engine (GKE) provides great flexibility, scalability, and the ability to manage workloads efficiently. However, Kubernetes introduces a significant level of operational overhead, especially when it comes to managing clusters, scaling, and resource allocation. While GKE is highly reliable and scalable, it requires more expertise in container orchestration, cluster management, and monitoring, which may increase the complexity for the development team. - Rejected: While GKE is suitable for large-scale, containerized workloads, the operational complexity may not align with the team's goal of minimizing overhead, especially given the unpredictable workload. B) Develop the application for App Engine standard environment. - Reasoning: App Engine's standard environment is a fully managed platform that abstracts away the underlying infrastructure. However, the standard environment may not fully support Go 1.12, as it has specific language runtime limitations and only supports certain versions of Go (e.g., Go 1.11). This could present compatibility issues or prevent the use of certain features of Go 1.12. - Rejected: The limitation of supported Go versions makes the standard environment a less suitable choice, particularly if the team wants to use features of Go 1.12. C) Use a Managed Instance Group when deploying to Compute Engine. - Reasoning: Managed Instance Groups (MIGs) can provide scalability by automatically adjusting the number of virtual machine inst...

Author: Henry · Last updated May 10, 2026

What Our Friends Say

What Our Friends Say

Google Practice Questions, Discussions & Exam Topics by our Authors

A development team at your company has created a dockerized HTTPS web application. You need to deploy the application on Google Kubernetes Engine (GKE) and make sure t...

You need to design a solution for global load balancing based on the URL path being requested. You need to ensure operations reliability and end-to-end in- tr...

You have an application that makes HTTP requests to Cloud Storage. Occasionally the requests fail with HTTP status codes of 5xx...

You need to develop procedures to test a disaster plan for a mission-critical application. You want to use Google-recommended practice...

Your company creates rendering software which users can download from the company website. Your company has customers all over the world. You want to minimize latency for all your customers....

Your company acquired a healthcare startup and must retain its customers' medical information for up to 4 more years, depending on when it was created. Your corporate policy is to securely retain this ...

You are deploying a PHP App Engine Standard service with Cloud SQL as the backend. You want to minimize the number...

You need to ensure reliability for your application and operations by supporting reliable task scheduling for compute on GCP....

You are developing a globally scaled frontend for a legacy streaming backend data API. This API expects events in strict chronological order with no repeat data for proper processing. Which products s...

Your company is planning to perform a lift and shift migration of their Linux RHEL 6.5+ virtual machines. The virtual machines are running in an on-premises VMware environment. You want to migrat...

Your company has an application running on multiple Compute Engine instances. You need to ensure that the application can communicate with an on-premises service that requires hi...

You are managing an application deployed on Cloud Run for Anthos, and you need to define a strategy for deploying new versions of the application. You want to evaluate the new code with a subset of ...

You are monitoring Google Kubernetes Engine (GKE) clusters in a Cloud Monitoring workspace. As a Site Reliability Engineer (SRE), ...

You are implementing a single Cloud SQL MySQL second-generation database that contains business-critical transaction data. You want to ensure that the minimum amount of data is lost in cas...

You are working at a sports association whose members range in age from 8 to 30. The association collects a large amount of health data, such as sustained injuries. You are storing this data in BigQuery. Current legislation requires you to delete such information u...

Your company has announced that they will be outsourcing operations functions. You want to allow developers to easily stage new versions of a cloud-based application in the production environment and allow the outsourced operations team to autonomously promote staged versions to pr...

You are moving an application that uses MySQL from on-premises to Google Cloud. The application will run on Compute Engine and will use Cloud SQL. You want to cut over to the Compute Engine deployment of the application with minimal downtime and no data loss to your customers. You want...

Your organization has decided to restrict the use of external IP addresses on instances to only approved instances. You want to enforce this requirement ac...

Your company uses the Firewall Insights feature in the Google Network Intelligence Center. You have several firewall rules applied to Compute Engine instances. You need to evaluate the efficiency of the applied firewall ruleset. When you bring up the Firewall Insights page in t...

Your company has sensitive data in Cloud Storage buckets. Data analysts have Identity Access Management (IAM) permissions to read the buckets. You want to prevent data analysts from retrie...

You have developed a non-critical update to your application that is running in a managed instance group, and have created a new instance template with the update that you want to release. To prevent any possible impact to the application, you don't want to update any running instance...

Your company is designing its application landscape on Compute Engine. Whenever a zonal outage occurs, the application should be restored in another zone as quickly as possible with the latest applicat...

You need to migrate Hadoop jobs for your company's Data Science team without modifying the underlying infrastructure. You want to minimize co...

Your company has a project in Google Cloud with three Virtual Private Clouds (VPCs). There is a Compute Engine instance on each VPC. Network subnets do not overlap and must remain separated. The network configuration is shown below. Instance #1 is an exception an...

You need to deploy an application on Google Cloud that must run on a Debian Linux environment. The application requires extensive configuration in order to operate correctly. You want to ensure that you can install Debian distri...

You need to deploy a stateful workload on Google Cloud. The workload can scale horizontally, but each instance needs to read and write to the same POSIX filesystem. At high load, the s...

Your company has an application deployed on Anthos clusters (formerly Anthos GKE) that is running multiple microservices. The cluster has both Anthos Service Mesh and Anthos Config Management configured. End users inform you that the application is ...

You are working at a financial institution that stores mortgage loan approval documents on Cloud Storage. Any change to these approval documents must be uploaded as a separate approval file, so you want to ensure th...

Your company wants you to build a highly reliable web application with a few public APIs as the backend. You don't expect a lot of user traffic, but traffic could spike occasionally. You want to leverage Clo...

Your company sends all Google Cloud logs to Cloud Logging. Your security team wants to monitor the logs. You want to ensure that the security team can react quickly if an anomaly such as an unwanted firewall change or s...

You have deployed several instances on Compute Engine. As a security requirement, instances cannot have a public IP address. There is no VPN connection between Google Cloud and your office, and you need to connect via...

Your company is using Google Cloud. You have two folders under the Organization: Finance and Shopping. The members of the development team are in a Google Group. The development team group has been assigned the Project Owner role on the Organization. You wan...

You are developing your microservices application on Google Kubernetes Engine. During testing, you want to validate the behavior of your application in case...

Your company is developing a new application that will allow globally distributed users to upload pictures and share them with other selected users. The application will support millions of concurrent users. You want to allow developers to focus on just building code withou...

Your company provides a recommendation engine for retail customers. You are providing retail customers with an API where they can submit a user ID and the API returns a list of recommendations for that user. You are responsible for the API lifecycle and want to ensure stability for your custo...

Your team is developing a web application that will be deployed on Google Kubernetes Engine (GKE). Your CTO expects a successful launch and you need to ensure your application can handle the expected load of tens of thousands of users. You want to test the cu...

Your company is developing a web-based application. You need to make sure that production deployments are linked to source co...

An application development team has come to you for advice. They are planning to write and deploy an HTTP(S) API using Go 1.12. The API will have a very unpredictable workload and must remain reliable during peaks in traffic. Th...