Spring Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

You are building an application that runs on Cloud Run The application needs to access a third-party API by using an API key You need to determine a secure way to store and use the API key in your application by following Google-recommended practices What should you do?

A.

Save the API key in Secret Manager as a secret Reference the secret as an environment variable in the Cloud Run application

B.

Save the API key in Secret Manager as a secret key Mount the secret key under the /sys/api_key directory and decrypt the key in the Cloud Run application

C.

Save the API key in Cloud Key Management Service (Cloud KMS) as a key Reference the key as an environment variable in the Cloud Run application

D.

Encrypt the API key by using Cloud Key Management Service (Cloud KMS) and pass the key to Cloud Run as an environment variable Decrypt and use the key in Cloud Run

You need to define Service Level Objectives (SLOs) for a high-traffic multi-region web application. Customers expect the application to always be available and have fast response times. Customers are currently happy with the application performance and availability. Based on current measurement, you observe that the 90th percentile of latency is 120ms and the 95th percentile of latency is 275ms over a 28-day window. What latency SLO would you recommend to the team to publish?

A.

90th percentile – 100ms95th percentile – 250ms

B.

90th percentile – 120ms95th percentile – 275ms

C.

90th percentile – 150ms95th percentile – 300ms

D.

90th percentile – 250ms95th percentile – 400ms

You recently deployed your application in Google Kubernetes Engine (GKE) and now need to release a new version of the application You need the ability to instantly roll back to the previous version of the application in case there are issues with the new version Which deployment model should you use?

A.

Perform a rolling deployment and test your new application after the deployment is complete

B.

Perform A. B testing, and test your application periodically after the deployment is complete

C.

Perform a canary deployment, and test your new application periodically after the new version is deployed

D.

Perform a blue/green deployment and test your new application after the deployment is complete

Your company's security team needs to have read-only access to Data Access audit logs in the _Required bucket You want to provide your security team with the necessary permissions following the principle of least privilege and Google-recommended practices. What should you do?

A.

Assign the roles/logging, viewer role to each member of the security team

B.

Assign the roles/logging. viewer role to a group with all the security team members

C.

Assign the roles/logging.privateLogViewer role to each member of the security team

D.

Assign the roles/logging.privateLogviewer role to a group with all the security team members

You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?

A.

Grant the team members the IAM role of logging.configWriter on Cloud IAM.

B.

Configure Access Context Manager to allow only these members to export logs.

C.

Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.

D.

Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.

You are running an experiment to see whether your users like a new feature of a web application. Shortly after deploying the feature as a canary release, you receive a spike in the number of 500 errors sent to users, and your monitoring reports show increased latency. You want to quickly minimize the negative impact on users. What should you do first?

A.

Roll back the experimental canary release.

B.

Start monitoring latency, traffic, errors, and saturation.

C.

Record data for the postmortem document of the incident.

D.

Trace the origin of 500 errors and the root cause of increased latency.

Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to the production environment. A recent security audit alerted your team that the code pushed to production could contain vulnerabilities and that the existing tooling around virtual machine (VM) vulnerabilities no longer applies to the containerized environment. You need to ensure the security and patch level of all code running through the pipeline. What should you do?

A.

Set up Container Analysis to scan and report Common Vulnerabilities and Exposures.

B.

Configure the containers in the build pipeline to always update themselves before release.

C.

Reconfigure the existing operating system vulnerability software to exist inside the container.

D.

Implement static code analysis tooling against the Docker files used to create the containers.

Your application artifacts are being built and deployed via a CI/CD pipeline. You want the CI/CD pipeline to securely access application secrets. You also want to more easily rotate secrets in case of a security breach. What should you do?

A.

Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.

B.

Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.

C.

Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.

D.

Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it

You use Cloud Build to build and deploy your application. You want to securely incorporate database credentials and other application secrets into the build pipeline. You also want to minimize the development effort. What should you do?

A.

Create a Cloud Storage bucket and use the built-in encryption at rest. Store the secrets in the bucket and grant Cloud Build access to the bucket.

B.

Encrypt the secrets and store them in the application repository. Store a decryption key in a separate repository and grant Cloud Build access to the repository.

C.

Use client-side encryption to encrypt the secrets and store them in a Cloud Storage bucket. Store a decryption key in the bucket and grant Cloud Build access to the bucket.

D.

Use Cloud Key Management Service (Cloud KMS) to encrypt the secrets and include them in your Cloud Build deployment configuration. Grant Cloud Build access to the KeyRing.

You recently created a Cloud Build pipeline for deploying Terraform code stored in a GitHub repository. You make Terraform code changes in short-lived branches and sometimes use tags during development. You tag releases with a semantic version when they are ready for deployment. You require your pipeline to apply the Terraform code whenever there is a new release, and you need to minimize operational overhead. What should you do?

A.

Create a build trigger with the * branch pattern.

B.

Create a build trigger with the \d+\.\d+\.\d* tag pattern.

C.

Create a build trigger with the .* tag pattern.

D.

Create a build trigger with the \d*\.\d+\.\d* branch pattern.