Free Professional-Cloud-Developer Exam Dumps

Question 36

- (Exam Topic 2)
Your API backend is running on multiple cloud providers. You want to generate reports for the network latency of your API.
Which two steps should you take? (Choose two.)

A. Use Zipkin collector to gather data.
B. Use Fluentd agent to gather data.
C. Use Stackdriver Trace to generate reports.
D. Use Stackdriver Debugger to generate report.
E. Use Stackdriver Profiler to generate report.

Correct Answer:AC
https://cloud.google.com/trace/docs/zipkin
"receive traces from Zipkin clients and forward those traces to Cloud Trace for analysis." https://cloud.google.com/trace/docs/quickstart#analysis_reports_window

Question 37

- (Exam Topic 2)
Your team develops services that run on Google Cloud. You need to build a data processing service and will use Cloud Functions. The data to be processed by the function is sensitive. You need to ensure that invocations can only happen from authorized services and follow Google-recommended best practices for securing functions. What should you do?

A. Enable Identity-Aware Proxy in your projec
B. Secure function access using its permissions.
C. Create a service account with the Cloud Functions Viewer rol
D. Use that service account to invoke the function.
E. Create a service account with the Cloud Functions Invoker rol
F. Use that service account to invoke the function.
G. Create an OAuth 2.0 client ID for your calling service in the same project as the function you want to secur
H. Use those credentials to invoke the function.

Correct Answer:C
Reference:
https://medium.com/google-cloud/how-to-securely-invoke-a-cloud-function-from-google-kubernetes-engine-run

Question 38

- (Exam Topic 2)
You have an application written in Python running in production on Cloud Run. Your application needs to read/write data stored in a Cloud Storage bucket in the same project. You want to grant access to your
application following the principle of least privilege. What should you do?

A. Create a user-managed service account with a custom Identity and Access Management (IAM) role.
B. Create a user-managed service account with the Storage Admin Identity and Access Management (IAM) role.
C. Create a user-managed service account with the Project Editor Identity and Access Management (IAM) role.
D. Use the default service account linked to the Cloud Run revision in production.

Correct Answer:A
https://cloud.google.com/iam/docs/understanding-roles#storage.admin

Question 39

- (Exam Topic 2)
You are developing an application that consists of several microservices running in a Google Kubernetes Engine cluster. One microservice needs to connect to a third-party database running on-premises. You need to store credentials to the database and ensure that these credentials can be rotated while following security best practices. What should you do?

A. Store the credentials in a sidecar container proxy, and use it to connect to the third-party database.
B. Configure a service mesh to allow or restrict traffic from the Pods in your microservice to the database.
C. Store the credentials in an encrypted volume mount, and associate a Persistent Volume Claim with the client Pod.
D. Store the credentials as a Kubernetes Secret, and use the Cloud Key Management Service plugin to handle encryption and decryption.

Correct Answer:D
https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets
By default, Google Kubernetes Engine (GKE) encrypts customer content stored at rest, including Secrets. GKE handles and manages this default encryption for you without any additional action on your part.
Application-layer secrets encryption provides an additional layer of security for sensitive data, such as Secrets, stored in etcd. Using this functionality, you can use a key managed with Cloud KMS to encrypt data at the application layer. This encryption protects against attackers who gain access to an offline copy of etcd.

Question 40

- (Exam Topic 2)
You are parsing a log file that contains three columns: a timestamp, an account number (a string), and a transaction amount (a number). You want to calculate the sum of all transaction amounts for each unique account number efficiently.
Which data structure should you use?

A. A linked list
B. A hash table
C. A two-dimensional array
D. A comma-delimited string

Correct Answer:B