(Nov-2025) Professional-Cloud-DevOps-Engineer Exam Dumps Contains FREE Real Quesions from the Actual Exam
Free Test Engine Verified By Cloud DevOps Engineer Certified Experts
How much Google Professional Cloud DevOps Engineer Exam cost
Google Professional Cloud DevOps Engineer exam cost is USD 200, for more information related to the Google Professional Cloud DevOps Engineer exam, please visit Google Website. Additional costs of Professional Cloud DevOps Engineer exam dumps pdf and Professional Cloud DevOps Engineer practice test are not included in this price.
Google Professional-Cloud-DevOps-Engineer certification is highly respected in the industry and is recognized by many leading organizations. It demonstrates a candidate's expertise in cloud-based DevOps engineering and is a valuable asset for professionals looking to advance their career in this field. Google Cloud Certified - Professional Cloud DevOps Engineer Exam certification is also a requirement for many high-level DevOps engineering positions, making it a worthwhile investment for anyone looking to excel in this field.
NEW QUESTION # 52
Some of your production services are running in Google Kubernetes Engine (GKE) in the eu-west-1 region.
Your build system runs in the us-west-1 region. You want to push the container images from your build system to a scalable registry to maximize the bandwidth for transferring the images to the cluster. What should you do?
- A. Push the images to Google Container Registry (GCR) using the eu.gcr.io hostname.
- B. Push the images to Google Container Registry (GCR) using the gcr.io hostname.
- C. Push the images to Google Container Registry (GCR) using the us.gcr.io hostname.
- D. Push the images to a private image registry running on a Compute Engine instance in the eu-west-1 region.
Answer: A
Explanation:
Hostname Storage location gcr.io Stores images in data centers in the United States asia.gcr.io Stores images in data centers in Asia eu.gcr.io Stores images in data centers within member states of the European Union us.
gcr.io Stores images in data centers in the United States
NEW QUESTION # 53
You have an application that runs in Google Kubernetes Engine (GKE). The application consists of several microservices that are deployed to GKE by using Deployments and Services One of the microservices is experiencing an issue where a Pod returns 403 errors after the Pod has been running for more than five hours Your development team is working on a solution but the issue will not be resolved for a month You need to ensure continued operations until the microservice is fixed You want to follow Google-recommended practices and use the fewest number of steps What should you do?
- A. Configure an alert to notify you whenever a Pod returns 403 errors
- B. Create a cron job to terminate any Pods that have been running for more than five hours
- C. Add a HTTP liveness probe to the microservice s deployment
- D. Monitor the Pods and terminate any Pods that have been running for more than five hours
Answer: C
Explanation:
Explanation
The best option for ensuring continued operations until the microservice is fixed is to add a HTTP liveness probe to the microservice's deployment. A HTTP liveness probe is a type of probe that checks if a Pod is alive by sending an HTTP request and expecting a success response code. If the probe fails, Kubernetes will restart the Pod. You can add a HTTP liveness probe to your microservice's deployment by using a livenessProbe field in your Pod spec. This way, you can ensure that any Pod that returns 403 errors after running for more than five hours will be restarted automatically and resume normal operations.
NEW QUESTION # 54
You need to define Service Level Objectives (SLOs) for a high-traffic multi-region web application. Customers expect the application to always be available and have fast response times. Customers are currently happy with the application performance and availability. Based on current measurement, you observe that the 90th percentile of latency is 120ms and the 95th percentile of latency is 275ms over a 28-day window. What latency SLO would you recommend to the team to publish?
- A. 90th percentile - 100ms
95th percentile - 250ms - B. 90th percentile - 150ms
95th percentile - 300ms - C. 90th percentile - 250ms
95th percentile - 400ms - D. 90th percentile - 120ms
95th percentile - 275ms
Answer: B
Explanation:
https://sre.google/sre-book/service-level-objectives/
NEW QUESTION # 55
You are managing an application that runs in Compute Engine The application uses a custom HTTP server to expose an API that is accessed by other applications through an internal TCP/UDP load balancer A firewall rule allows access to the API port from 0.0.0-0/0. You need to configure Cloud Logging to log each IP address that accesses the API by using the fewest number of steps What should you do Bret?
- A. Enable logging on the firewall rule
- B. Enable Packet Mirroring on the VPC
- C. Enable VPC Flow Logs on the subnet
- D. Install the Ops Agent on the Compute Engine instances.
Answer: A
Explanation:
Explanation
The best option for configuring Cloud Logging to log each IP address that accesses the API by using the fewest number of steps is to enable logging on the firewall rule. A firewall rule is a rule that controls the traffic to and from your Compute Engine instances. You can enable logging on a firewall rule to capture information about the traffic that matches the rule, such as source and destination IP addresses, protocols, ports, and actions. You can use Cloud Logging to view and export the firewall logs to other destinations, such as BigQuery, for further analysis.
NEW QUESTION # 56
You are deploying an application to Cloud Run. The application requires a password to start. Your organization requires that all passwords are rotated every 24 hours, and your application must have the latest password. You need to deploy the application with no downtime. What should you do?
- A. Use Cloud Build to add your password into the application container at build time. Ensure that Artifact Registry is secured from public access.
- B. Store the password directly in the code. Use Cloud Build to rebuild and deploy the application each time the password changes.
- C. Store the password in Secret Manager and send the secret to the application by using environment variables.
- D. Store the password in Secret Manager and mount the secret as a volume within the application.
Answer: D
Explanation:
Explanation
The correct answer is B. Store the password in Secret Manager and mount the secret as a volume within the application.
Secret Manager is a service that allows you to securely store and manage sensitive data such as passwords, API keys, certificates, and tokens. You can use Secret Manager to rotate your secrets automatically or manually, and access them from your Cloud Run applications1.
There are two ways to use secrets from Secret Manager in Cloud Run:
As environment variables: You can set environment variables that point to secrets in Secret Manager.
Cloud Run will resolve the secrets at runtime and inject them into the environment of your application.
However, this method has some limitations, such as:
The environment variables are cached for up to 10 minutes, so you may not get the latest version of the secret immediately.
The environment variables are visible in plain text in the Cloud Console and the Cloud SDK, which may expose sensitive information.
The environment variables are limited to 4 KB of data, which may not be enough for some secrets.2 As file system volumes: You can mount secrets from Secret Manager as files in a volume within your application. Cloud Run will create a tmpfs volume and write the secrets as files in it. This method has some advantages, such as:
The files are updated every 30 seconds, so you can get the latest version of the secret faster.
The files are not visible in the Cloud Console or the Cloud SDK, which provides better security.
The files can store up to 64 KB of data, which allows for larger secrets.3 Therefore, for your use case, it is better to use the second method and mount the secret as a file system volume within your application. This way, you can ensure that your application has the latest password, and you can deploy it with no downtime.
To mount a secret as a file system volume in Cloud Run, you can use the following command:
gcloud beta run deploy SERVICE --image IMAGE_URL --update-secrets=/path/to/file=secretName:version where:
SERVICE is the name of your Cloud Run service.
IMAGE_URL is the URL of your container image.
/path/to/file is the path where you want to mount the secret file in your application.
secretName is the name of your secret in Secret Manager.
version is the version of your secret. You can use latest to get the most recent version.3 You can also use the Cloud Console to mount secrets as file system volumes. For more details, see Mounting secrets from Secret Manager.
References:
1: Overview | Secret Manager Documentation | Google Cloud
2: Using secrets as environment variables | Cloud Run Documentation | Google Cloud
3: Mounting secrets from Secret Manager | Cloud Run Documentation | Google Cloud
NEW QUESTION # 57
Your team is designing a new application for deployment both inside and outside Google Cloud Platform (GCP). You need to collect detailed metrics such as system resource utilization. You want to use centralized GCP services while minimizing the amount of work required to set up this collection system. What should you do?
- A. Import the Stackdriver Debugger package, and configure the application to emit debug messages with timing information.
- B. Install an Application Performance Monitoring (APM) tool in both locations, and configure an export to a central data storage location for analysis.
- C. Import the Stackdriver Profiler package, and configure it to relay function timing data to Stackdriver for further analysis.
- D. Instrument the code using a timing library, and publish the metrics via a health check endpoint that is scraped by Stackdriver.
Answer: A
Explanation:
Explanation/Reference:
NEW QUESTION # 58
You are building the Cl/CD pipeline for an application deployed to Google Kubernetes Engine (GKE) The application is deployed by using a Kubernetes Deployment, Service, and Ingress The application team asked you to deploy the application by using the blue'green deployment methodology You need to implement the rollback actions What should you do?
- A. Update the Kubernetes Service to point to the previous Kubernetes Deployment
- B. Run the kubectl rollout undo command
- C. Scale the new Kubernetes Deployment to zero
- D. Delete the new container image, and delete the running Pods
Answer: A
Explanation:
The best option for implementing the rollback actions is to update the Kubernetes Service to point to the previous Kubernetes Deployment. A Kubernetes Service is a resource that defines how to access a set of Pods. A Kubernetes Deployment is a resource that manages the creation and update of Pods. By using the blue
/green deployment methodology, you can create two Deployments, one for the current version (blue) and one for the new version (green), and use a Service to switch traffic between them. If you need to rollback, you can update the Service to point to the previous Deployment (blue) and stop sending traffic to the new Deployment (green).
NEW QUESTION # 59
Your company runs services on Google Cloud. Each team runs their applications in a dedicated project. New teams and projects are created regularly. Your security team requires that all logs are processed by a security information and event management (SIEM) system. The SIEM ingests logs by using Pub/Sub. You must ensure that all existing and future logs are scanned by the SIEM. What should you do?
- A. Create an organization-level aggregated sink with a SIEM log bucket as the destination. Set an inclusion filter to include all logs.
- B. Create an organization-level aggregated sink with a SIEM Pub/Sub topic as the destination. Set an inclusion filter to include all logs.
- C. Create a folder-level aggregated sink with a SIEM Pub/Sub topic as the destination. Set an inclusion filter to include all logs. Repeat for each folder.
- D. Create a project-level logging sink with a SIEM Pub/Sub topic as the destination. Set an inclusion filter to include all logs. Repeat for each project.
Answer: B
Explanation:
Comprehensive and Detailed Explanation:
To ensure all logs (existing and future) are automatically processed by the SIEM system, the best approach is:
Use an organization-level aggregated sink # Captures logs from all existing and future projects automatically.
Send logs to a Pub/Sub topic # Since the SIEM ingests logs via Pub/Sub, this ensures logs are streamed in real- time.
Set an inclusion filter # To capture all logs needed by the security team.
#Why not other options?
B (Project-level logging sink)## Requires manual setup per project, which doesn't scale for new projects.
C (Log bucket instead of Pub/Sub)## SIEM is expecting real-time log ingestion via Pub/Sub, not a storage- based approach.
D (Folder-level logging sink)## Only applies to specific folders, not the entire organization.
#Official Reference:
Aggregated Sinks for Cloud Logging
Exporting Logs to SIEM via Pub/Sub
NEW QUESTION # 60
You support a multi-region web service running on Google Kubernetes Engine (GKE) behind a Global HTTP'S Cloud Load Balancer (CLB). For legacy reasons, user requests first go through a third-party Content Delivery Network (CDN). which then routes traffic to the CLB. You have already implemented an availability Service Level Indicator (SLI) at the CLB level. However, you want to increase coverage in case of a potential load balancer misconfiguration. CDN failure, or other global networking catastrophe. Where should you measure this new SLI?
Choose 2 answers
- A. Instrumentation coded directly in the client
- B. A synthetic client that periodically sends simulated user requests
- C. Your application servers' logs
- D. Metrics exported from the application servers
- E. GKE health checks for your application servers
Answer: D,E
NEW QUESTION # 61
You manage your company's primary revenue-generating application. You have an error budget policy in place that freezes production deployments when the application is close to breaching its SLO. A number of issues have recently occurred, and the application has exhausted its error budget. You need to deploy a new release to the application that includes a feature urgently required by your largest customer. You have been told that the release has passed all unit tests. What should you do?
- A. Deploy the feature to a subset of users, and gradually roll out to all users if there are no errors reported.
- B. Start the deployment of the feature immediately.
- C. Delay the deployment of the feature until the error budget is replenished.
- D. Re-run the unit tests, and start the deployment of the feature if the tests pass.
Answer: A
NEW QUESTION # 62
You are deploying an application that needs to access sensitive information. You need to ensure that this information is encrypted and the risk of exposure is minimal if a breach occurs. What should you do?
- A. Leverage a continuous build pipeline that produces multiple versions of the secret for each instance of the application.
- B. Integrate the application with a Single sign-on (SSO) system and do not expose secrets to the application
- C. Inject the secret at the time of instance creation via an encrypted configuration management system.
- D. Store the encryption keys in Cloud Key Management Service (KMS) and rotate the keys frequently
Answer: D
Explanation:
https://cloud.google.com/security-key-management
NEW QUESTION # 63
You support a user-facing web application When analyzing the application's error budget over the previous six months you notice that the application never consumed more than 5% of its error budget You hold a SLO review with business stakeholders and confirm that the SLO is set appropriately You want your application's reliability to more closely reflect its SLO What steps can you take to further that goal while balancing velocity, reliability, and business needs?
Choose 2 answers
- A. Add more serving capacity to all of your application's zones
- B. Implement and measure all other available SLIs for the application
- C. Announce planned downtime to consume more error budget and ensure that users are not depending on a tighter SLO
- D. Tighten the SLO to match the application's observed reliability
- E. Have more frequent or potentially risky application releases
Answer: D,E
Explanation:
Explanation
The best options for furthering your application's reliability goal while balancing velocity, reliability, and business needs are to have more frequent or potentially risky application releases and to tighten the SLO to match the application's observed reliability. Having more frequent or potentially risky application releases can help you increase the change velocity and deliver new features faster. However, this also increases the likelihood of consuming more error budget and reducing the reliability of your service. Therefore, you should monitor your error budget consumption and adjust your release policies accordingly. For example, you can freeze or slow down releases when the error budget is low, or accelerate releases when the error budget is high. Tightening the SLO to match the application's observed reliability can help you align your service quality with your users' expectations and business needs. However, this also means that you have less room for error and need to maintain a higher level of reliability. Therefore, you should ensure that your SLO is realistic and achievable, and that you have sufficient engineering resources and processes to meet it.
NEW QUESTION # 64
You are running a web application deployed to a Compute Engine managed instance group Ops Agent is installed on all instances You recently noticed suspicious activity from a specific IP address You need to configure Cloud Monitoring to view the number of requests from that specific IP address with minimal operational overhead. What should you do?
- A. Update the application to export the IP address request metrics to the Cloud Monitoring API
- B. Configure the Ops Agent with a logging receiver Create a logs-based metric
- C. Create a script to scrape the web server log Export the IP address request metrics to the Cloud Monitoring API
- D. Configure the Ops Agent with a metrics receiver
Answer: B
Explanation:
Explanation
The best option for configuring Cloud Monitoring to view the number of requests from a specific IP address with minimal operational overhead is to configure the Ops Agent with a logging receiver and create a logs-based metric. The Ops Agent is an agent that collects system metrics and logs from your VM instances and sends them to Cloud Monitoring and Cloud Logging. A logging receiver is a configuration that specifies which logs are collected by the Ops Agent and how they are processed. You can use a logging receiver to collect web server logs from your VM instances and send them to Cloud Logging. A logs-based metric is a metric that is extracted from log entries in Cloud Logging. You can use a logs-based metric to count the number of requests from a specific IP address by using a filter expression. You can then use Cloud Monitoring to view and analyze the logs-based metric.
NEW QUESTION # 65
You are currently planning how to display Cloud Monitoring metrics for your organization's Google Cloud projects. Your organization has three folders and six projects:
You want to configure Cloud Monitoring dashboards lo only display metrics from the projects within one folder You need to ensure that the dashboards do not display metrics from projects in the other folders You want to follow Google-recommended practices What should you do?
- A. Create new scoping projects for each folder
- B. Use the current app-one-prod project as the scoping project
- C. Create a single new scoping project
- D. Use the current app-one-dev, app-one-staging and app-one-prod projects as the scoping project for each folder
Answer: A
Explanation:
Explanation
The best option for configuring Cloud Monitoring dashboards to only display metrics from the projects within one folder is to create new scoping projects for each folder. A scoping project is a project that defines which resources are monitored by Cloud Monitoring. You can create new scoping projects for each folder by using the gcloud monitoring register-project command. This way, you can associate each scoping project with a folder and only monitor the resources within that folder. You can then configure Cloud Monitoring dashboards to use the scoping projects as data sources and only display metrics from the projects within one folder.
NEW QUESTION # 66
You have deployed a fleet Of Compute Engine instances in Google Cloud. You need to ensure that monitoring metrics and logs for the instances are visible in Cloud Logging and Cloud Monitoring by your company's operations and cyber security teams. You need to grant the required roles for the Compute Engine service account by using Identity and Access Management (IAM) while following the principle of least privilege. What should you do?
- A. Grant the logging. logWriter and monitoring. metricWriter roles to the Compute Engine service accounts.
- B. Grant the logging.editor and monitoring.metricwriter roles to the Compute Engine service accounts.
- C. Grant the logging. logwriter and monitoring. editor roles to the Compute Engine service accounts.
- D. Grant the Logging. admin and monitoring . editor roles to the Compute Engine service accounts.
Answer: A
Explanation:
Explanation
The correct answer is D. Grant the logging.logWriter and monitoring.metricWriter roles to the Compute Engine service accounts.
According to the Google Cloud documentation, the Compute Engine service account is a Google-managed service account that is automatically created when you enable the Compute Engine API1. This service account is used by default to run your Compute Engine instances and access other Google Cloud services on your behalf1. To ensure that monitoring metrics and logs for the instances are visible in Cloud Logging and Cloud Monitoring, you need to grant the following IAM roles to the Compute Engine service account23:
The logging.logWriter role allows the service account to write log entries to Cloud Logging4.
The monitoring.metricWriter role allows the service account to write custom metrics to Cloud Monitoring5.
These roles grant the minimum permissions that are needed for logging and monitoring, following the principle of least privilege. The other roles are either unnecessary or too broad for this purpose. For example, the logging.editor role grants permissions to create and update logs, log sinks, and log exclusions, which are not required for writing log entries6. The logging.admin role grants permissions to delete logs, log sinks, and log exclusions, which are not required for writing log entries and may pose a security risk if misused. The monitoring.editor role grants permissions to create and update alerting policies, uptime checks, notification channels, dashboards, and groups, which are not required for writing custom metrics.
NEW QUESTION # 67
You are configuring the frontend tier of an application deployed in Google Cloud The frontend tier is hosted in ngmx and deployed using a managed instance group with an Envoy-based external HTTP(S) load balancer in front The application is deployed entirely within the europe-west2 region: and only serves users based in the United Kingdom. You need to choose the most cost-effective network tier and load balancing configuration What should you use?
- A. Premium Tier with a global load balancer
- B. Standard Tier with a global load balancer
- C. Standard Tier with a regional load balancer
- D. Premium Tier with a regional load balancer
Answer: D
Explanation:
Explanation
The most cost-effective network tier and load balancing configuration for your frontend tier is to use Premium Tier with a regional load balancer. Premium Tier is a network tier that provides high-performance and low-latency network connectivity across Google's global network. A regional load balancer is a load balancer that distributes traffic within a single region. Since your application is deployed entirely within the europe-west2 region and only serves users based in the United Kingdom, you can use Premium Tier with a regional load balancer to optimize the network performance and cost.
NEW QUESTION # 68
You support an application deployed on Compute Engine. The application connects to a Cloud SQL instance to store and retrieve dat a. After an update to the application, users report errors showing database timeout messages. The number of concurrent active users remained stable. You need to find the most probable cause of the database timeout. What should you do?
- A. Use Stackdriver Profiler to visualize the resources utilization throughout the application.
- B. Check the serial port logs of the Compute Engine instance.
- C. Use Cloud Security Scanner to see whether your Cloud SQL is under a Distributed Denial of Service (DDoS) attack.
- D. Determine whether there is an increased number of connections to the Cloud SQL instance.
Answer: D
Explanation:
The most probable cause of the database timeout is an increased number of connections to the Cloud SQL instance. This could happen if the application does not close connections properly or if it creates too many connections at once. You can check the number of connections to the Cloud SQL instance using Cloud Monitoring or Cloud SQL Admin API .
NEW QUESTION # 69
Your application images are built using Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What should you do when you push the image?
- A. Reference the image digest in the source control tag.
- B. Use GCR digest versioning to match the image to the tag in source control.
- C. Supply the source control tag as a parameter within the image name.
- D. Use Cloud Build to include the release version tag in the application image.
Answer: C
Explanation:
Explanation
https://cloud.google.com/container-registry/docs/pushing-and-pulling
NEW QUESTION # 70
Your company is developing applications that are deployed on Google Kubernetes Engine (GKE). Each team manages a different application. You need to create the development and production environments for each team, while minimizing costs. Different teams should not be able to access other teams' environments. What should you do?
- A. Create one GCP Project per team. In each project, create a cluster for Development and one for Production. Grant the teams IAM access to their respective clusters.
- B. Create a Development and a Production GKE cluster in separate projects. In each cluster, create a Kubernetes namespace per team, and then configure Kubernetes Role-based access control (RBAC) so that each team can only access its own namespace.
- C. Create one GCP Project per team. In each project, create a cluster with a Kubernetes namespace for Development and one for Production. Grant the teams IAM access to their respective clusters.
- D. Create a Development and a Production GKE cluster in separate projects. In each cluster, create a Kubernetes namespace per team, and then configure Identity Aware Proxy so that each team can only access its own namespace.
Answer: B
Explanation:
Explanation
https://cloud.google.com/architecture/prep-kubernetes-engine-for-prod#roles_and_groups
NEW QUESTION # 71
You need to enforce several constraint templates across your Google Kubernetes Engine (GKE) clusters. The constraints include policy parameters, such as restricting the Kubernetes API. You must ensure that the policy parameters are stored in a GitHub repository and automatically applied when changes occur. What should you do?
- A. Configure Anthos Config Management with the GitHub repository. When there is a change in the repository, use Anthos Config Management to apply the change.
- B. When there is a change in GitHub, use a web hook to send a request to Anthos Service Mesh, and apply the change.
- C. Configure Config Connector with the GitHub repository. When there is a change in the repository, use Config Connector to apply the change.
- D. Set up a GitHub action to trigger Cloud Build when there is a parameter change. In Cloud Build, run a gcloud CLI command to apply the change.
Answer: A
Explanation:
The correct answer is C. Configure Anthos Config Management with the GitHub repository. When there is a change in the repository, use Anthos Config Management to apply the change.
According to the web search results, Anthos Config Management is a service that lets you manage the configuration of your Google Kubernetes Engine (GKE) clusters from a single source of truth, such as a GitHub repository1. Anthos Config Management can enforce several constraint templates across your GKE clusters by using Policy Controller, which is a feature that integrates the Open Policy Agent (OPA) Constraint Framework into Anthos Config Management2. Policy Controller can apply constraints that include policy parameters, such as restricting the Kubernetes API3. To use Anthos Config Management and Policy Controller, you need to configure them with your GitHub repository and enable the sync mode4. When there is a change in the repository, Anthos Config Management will automatically sync and apply the change to your GKE clusters5.
The other options are incorrect because they do not use Anthos Config Management and Policy Controller.
Option A is incorrect because it uses a GitHub action to trigger Cloud Build, which is a service that executes your builds on Google Cloud Platform infrastructure6. Cloud Build can run a gcloud CLI command to apply the change, but it does not use Anthos Config Management or Policy Controller. Option B is incorrect because it uses a web hook to send a request to Anthos Service Mesh, which is a service that provides a uniform way to connect, secure, monitor, and manage microservices on GKE clusters7. Anthos Service Mesh can apply the change, but it does not use Anthos Config Management or Policy Controller. Option D is incorrect because it uses Config Connector, which is a service that lets you manage Google Cloud resources through Kubernetes configuration. Config Connector can apply the change, but it does not use Anthos Config Management or Policy Controller.
NEW QUESTION # 72
You support a user-facing web application. When analyzing the application's error budget over the previous six months, you notice that the application has never consumed more than 5% of its error budget in any given time window. You hold a Service Level Objective (SLO) review with business stakeholders and confirm that the SLO is set appropriately. You want your application's SLO to more closely reflect its observed reliability.
What steps can you take to further that goal while balancing velocity, reliability, and business needs? (Choose two.)
- A. Tighten the SLO match the application's observed reliability.
- B. Announce planned downtime to consume more error budget, and ensure that users are not depending on a tighter SLO.
- C. Implement and measure additional Service Level Indicators (SLIs) fro the application.
- D. Add more serving capacity to all of your application's zones.
- E. Have more frequent or potentially risky application releases.
Answer: B,C
Explanation:
https://sre.google/sre-book/service-level-objectives/
You want the application's SLO to more closely reflect it's observed reliability. The key here is error budget never goes over 5%. This means they can have additional downtime and still stay within their budget.
NEW QUESTION # 73
You are building and running client applications in Cloud Run and Cloud Functions Your client requires that all logs must be available for one year so that the client can import the logs into their logging service You must minimize required code changes What should you do?
- A. Update all images in Cloud Run and all functions in Cloud Functions to send logs to both Cloud Logging and the client's logging service Ensure that all the ports required to send logs are open in the VPC firewall
- B. Create a storage bucket and appropriate VPC firewall rules Update all images in Cloud Run and all functions in Cloud Functions to send logs to a file within the storage bucket
- C. Create a logs bucket and logging sink. Set the retention on the logs bucket to 365 days Configure the logging sink to send logs to the bucket Give your client access to the bucket to retrieve the logs
- D. Create a Pub/Sub topic subscription and logging sink Configure the logging sink to send all logs into the topic Give your client access to the topic to retrieve the logs
Answer: C
Explanation:
The best option for storing all logs for one year and minimizing required code changes is to create a logs bucket and logging sink, set the retention on the logs bucket to 365 days, configure the logging sink to send logs to the bucket, and give your client access to the bucket to retrieve the logs. A logs bucket is a Cloud Storage bucket that is used to store logs from Cloud Logging. A logging sink is a resource that defines where log entries are sent, such as a logs bucket, BigQuery dataset, or Pub/Sub topic. You can create a logs bucket and logging sink in Cloud Logging and set the retention on the logs bucket to 365 days. This way, you can ensure that all logs are stored for one year and protected from deletion. You can also configure the logging sink to send logs from Cloud Run and Cloud Functions to the logs bucket without any code changes. You can then give your client access to the logs bucket by using IAM policies or signed URLs.
NEW QUESTION # 74
......
Use Real Google Achieve the Professional-Cloud-DevOps-Engineer Dumps - 100% Exam Passing Guarantee: https://torrentpdf.validvce.com/Professional-Cloud-DevOps-Engineer-exam-collection.html
