Preguntas de práctica

Pregunta 1

Your IoT analytics company runs a multi-tenant data pipeline on a Google Kubernetes Engine (GKE) Autopilot cluster in us-central1 for 120 production customers, and you promote releases with Cloud Deploy; during a 2-week refactor of a telemetry aggregator service (container image <250 MB), developers will edit code every 5–10 minutes on laptops with 8 GB RAM and limited CPU and must validate changes locally before pushing to the remote repository. Requirements: • Automatically rebuild and redeploy on local code changes (hot-reload loop ≤ 10 seconds). • Local Kubernetes deployment should closely emulate the production GKE manifests and deployment flow. • Use minimal local resources and avoid requiring a remote container registry for inner-loop builds. Which tools should you choose to build and run the container locally on a developer laptop while meeting these constraints?

Análisis de la pregunta

Core concept: This question tests inner-loop developer workflows for Kubernetes apps: fast local build+deploy on file changes, Kubernetes-manifest fidelity, and avoiding remote dependencies. In Google Cloud–aligned workflows, Skaffold is the canonical tool for continuous local development with Kubernetes, and a lightweight local cluster (Minikube) provides a close approximation of GKE manifests. Why the answer is correct: Minikube runs a single-node Kubernetes cluster locally with relatively low overhead and supports using the local Docker daemon (or containerd) so images can be built and used without pushing to a remote registry. Skaffold provides an automated “edit-build-deploy” loop: it watches source files, rebuilds the container, and redeploys to the local cluster. With file sync (manual sync rules) and/or fast incremental builds, Skaffold can achieve sub-10-second iteration for many code changes, meeting the hot-reload/inner-loop requirement. Skaffold also deploys using the same Kubernetes manifests (or Kustomize/Helm) you use in production, closely emulating the GKE deployment shape. Key features / best practices: - Skaffold “dev” mode: file watching + continuous build + deploy. - Local builds without registry: use Minikube’s Docker environment (e.g., building directly into the cluster’s daemon) or configure Skaffold local builder with “push: false”. - Manifest fidelity: reuse production YAML/Kustomize overlays; keep environment-specific differences in overlays rather than separate tooling. - Resource constraints: Minikube can be tuned (CPU/memory limits) and is typically lighter than running a full multi-node local cluster. Common misconceptions: - Docker Compose is fast, but it does not emulate Kubernetes objects (Deployments, Services, ConfigMaps, RBAC) or the same deployment flow. - kaniko and Tekton are primarily CI/CD build primitives; they are not optimized for laptop inner-loop hot reload and usually assume a registry and cluster-based execution. - Terraform/kubeadm are for provisioning clusters/infrastructure, not rapid local iteration. Exam tips: For Professional Cloud Developer, map requirements to the developer lifecycle: inner loop (Skaffold, local K8s like Minikube/kind) vs outer loop (Cloud Build/Cloud Deploy). When you see “hot reload”, “watch files”, “Kubernetes manifests”, and “no remote registry”, Skaffold + a local Kubernetes cluster is the standard answer. Also note Autopilot is production; local emulation focuses on Kubernetes API compatibility, not Autopilot-specific scheduling behavior.

Pregunta 2

Your mobile health platform currently stores per-user workout telemetry and personalized settings in a single PostgreSQL instance; records vary widely by user and evolve frequently as new device firmware adds fields (e.g., heart-rate variability, sleep stages), resulting in weekly schema migrations, downtime risks, and high operational overhead; you expect up to 8 million users, peak 45,000 writes/second concentrated by userId, simple key-based reads per user, and only per-user transactional consistency is required, not multi-user joins or complex cross-entity transactions. To simplify development and scaling while accommodating highly user-specific, evolving state without rigid schemas, which Google Cloud storage option should you choose?

Análisis de la pregunta

Core concept: This question tests choosing a storage system for massive scale, high write throughput, and rapidly evolving per-entity data without frequent schema migrations. In Google Cloud, the primary fit is a schemaless (or schema-flexible) document/NoSQL database with automatic scaling and per-entity transactional semantics. Why the answer is correct: Cloud Datastore/Firestore (Firestore in Native mode) is designed for key-based access patterns and document-style data that can evolve over time (new fields can be added without migrations). Your workload is strongly partitionable by userId, needs simple reads/writes per user, and only requires transactional consistency within a user’s data. Firestore supports atomic operations and transactions within a set of documents, and it naturally models “per-user” documents/subcollections. It also scales horizontally to very high request rates without managing instances, reducing operational overhead and downtime risk. Key features / best practices: - Flexible schema: documents can contain varying fields per user and evolve as firmware adds telemetry attributes. - High scalability: automatic sharding/partitioning and managed operations align with 8M users and bursty writes. - Data modeling: use a top-level users collection keyed by userId; store settings in a user document and telemetry in subcollections (e.g., users/{userId}/telemetry/{eventId}). - Consistency/transactions: use transactions/batched writes for per-user invariants; avoid cross-user transactional requirements. - Architecture Framework alignment: operational excellence (managed service), reliability (multi-zone replication), and performance efficiency (low-latency key lookups). Common misconceptions: Spanner is often chosen for “scale,” but it’s relational and schema-based; frequent schema changes and document-like variability increase friction. Cloud SQL is familiar but won’t meet the scaling/ops goals at 45k writes/sec without significant sharding and operational complexity. Cloud Storage is durable and cheap but not a low-latency database for key-based reads/writes with transactional semantics. Exam tips: When you see: (1) rapidly changing fields, (2) per-entity access by key, (3) massive scale with minimal ops, and (4) only entity-level transactions, think Firestore/Datastore. Choose Spanner when you need relational modeling, SQL, and strong consistency across rows/tables at global scale; choose Cloud SQL for traditional relational workloads with moderate scale; choose Cloud Storage for blobs/objects, not operational database access patterns.

Pregunta 3

(Selecciona 2)

You are rolling out an internal reporting service on a fleet of e2-standard-4 Compute Engine VMs in us-central1-a using Terraform; one VM restored from a snapshot has been stuck in 'Starting' for 12 minutes and the serial console shows repeated boot attempts—what two investigations should you prioritize to resolve the launch failure? (Choose two.)

Pregunta 4

You are building a Rust-based microservice for a logistics analytics platform on Google Cloud that must be packaged as a container image; the service links against two in-house native .so libraries and requires OpenSSL 1.1 during build, exposes HTTP on port 8080, must autoscale from 0 instances to handle bursts up to 400 requests per second, and needs cold starts under 2 seconds; your team does not want to provision, patch, or manage any servers or clusters. How should you deploy the microservice?

Análisis de la pregunta

Core Concept: This question tests selecting a fully managed, container-based compute platform that supports HTTP microservices, scales to zero, and avoids server/cluster management. The key services are Cloud Build (to build container images with custom build dependencies like OpenSSL 1.1 and native .so libraries) and Cloud Run (to run containers serverlessly with autoscaling). Why the Answer is Correct: Cloud Run is designed for stateless HTTP containers, exposes a single HTTP port (8080 by default), and can autoscale from 0 instances to many instances based on incoming requests. It meets the requirement of “no servers or clusters to provision/patch/manage” because Google manages the underlying infrastructure. Building with Cloud Build allows you to define a Dockerfile that installs OpenSSL 1.1 during the build stage and copies in/links your in-house .so libraries, producing a deployable container image. For bursts up to ~400 RPS, Cloud Run can scale horizontally; you tune concurrency and max instances to meet throughput and latency goals. Key Features / Configurations: - Cloud Run: scale-to-zero, request-based autoscaling, configurable concurrency (requests per instance), min instances (set to 0 for scale-to-zero), max instances, CPU/memory sizing. - Cold starts: choose an appropriate CPU/memory, keep the container lean (multi-stage builds), and optimize Rust startup. If strict sub-2s is hard under all conditions, consider Cloud Run “startup CPU boost” and/or a small min instances value (though that conflicts with “from 0”). - Cloud Build: reproducible builds, private dependencies, Artifact Registry integration, and CI triggers. - Architecture Framework alignment: operational excellence (managed platform), reliability (autoscaling), performance (right-sizing, concurrency), and security (Artifact Registry, IAM). Common Misconceptions: Cloud Functions is serverless but not ideal when you must package and run a custom container with native shared libraries and specific build-time dependencies; while newer generations support containers, the question’s emphasis on a containerized microservice and native linking aligns more directly with Cloud Run. GKE/Compute Engine can run containers but require cluster/VM management, patching, and capacity planning—explicitly disallowed. Exam Tips: When you see “container image,” “HTTP on 8080,” “scale to zero,” and “no server/cluster management,” default to Cloud Run. Pair it with Cloud Build (and Artifact Registry) when custom build steps or native dependencies are required. Always mention concurrency/max instances for RPS scaling and note cold-start tradeoffs with scale-to-zero.

Pregunta 5

You inherit a public-facing marketing microsite hosted on a managed instance group of 3 Compute Engine VMs behind an external HTTPS load balancer (https://promo.example.com), and before a campaign launch you must automatically crawl up to 500 pages to verify whether any bundled client-side libraries have known vulnerabilities and whether the site is susceptible to reflected or stored XSS; which Google Cloud service should you use to run this security scan and generate a findings report?

¿Quieres practicar todas las preguntas en cualquier lugar?

Descarga Cloud Pass gratis — incluye exámenes de práctica, seguimiento de progreso y más.

Pregunta 6

You operate a Python microservice on Cloud Run in us-central1 that writes time-series telemetry to Firestore (Native mode) and must sustain 8,000 document writes per minute with p95 write latency under 40 ms while using Application Default Credentials, retries with backoff, deadlines, and connection pooling per Google best practices. To optimize performance and minimize boilerplate, how should the service write to Firestore?

Análisis de la pregunta

Core Concept: This question tests how to integrate a Cloud Run Python service with Firestore (Native mode) using Google-recommended client patterns: Application Default Credentials (ADC), efficient transport (gRPC), retries with exponential backoff, deadlines/timeouts, and connection pooling/channel reuse to meet throughput and latency SLOs. Why the Answer is Correct: The Cloud Client Libraries (google-cloud-firestore) are the intended, high-level SDKs for Firestore. They natively support ADC on Cloud Run, use the optimized underlying transport (gRPC for Firestore), and provide built-in retry and timeout configuration aligned with Google API best practices. They also manage channel pooling/reuse via the underlying gRPC stack, which is critical for keeping p95 latency low under sustained write load. Using the Cloud Client Libraries minimizes boilerplate while still allowing performance tuning (batching, async/concurrency, and per-call deadlines). Key Features / Best Practices: - ADC: On Cloud Run, the library automatically uses the service account identity without manual key handling. - Retries and deadlines: Client libraries expose per-method retry/timeout settings; you can set reasonable deadlines (e.g., tens to hundreds of ms depending on SLO) and rely on idempotency-aware retries. - Connection management: gRPC channels are reused; avoid creating a new client per request. Instantiate the Firestore client once per container instance. - Throughput: 8,000 writes/min (~133 writes/sec) is achievable with concurrent requests and/or batched writes (WriteBatch/BatchWrite) while respecting Firestore limits and document hot-spotting considerations. Common Misconceptions: Google API Client Libraries (generic discovery-based REST clients) may seem “official,” but they are lower-level, often REST-oriented, and typically require more manual work to match gRPC performance characteristics and to correctly implement retries/timeouts/channel reuse. Custom gRPC or third-party HTTP clients can be tuned, but they increase risk and boilerplate and can easily violate best practices (incorrect retry semantics, poor pooling, missing auth flows). Exam Tips: For Google-managed services (Firestore, Pub/Sub, Storage), prefer Cloud Client Libraries unless you have a specific unsupported feature need. In Cloud Run, create clients globally (outside request handlers) to reuse connections. Know that meeting latency SLOs often depends as much on transport/channel reuse and correct timeouts as on raw service capacity. Also remember Firestore best practices for high-write workloads: avoid hot documents/collections and consider batching where appropriate.

Pregunta 7

Your microservices application named fintrack-ui runs on three GKE clusters—fintrack-ui-dev, fintrack-ui-uat, and fintrack-ui-prod—in us-central1, and your security team requires that only container images signed by a designated release attestor (using a Cloud KMS key in projects/123456/locations/us/keyRings/prod/cryptoKeys/release) are allowed to be deployed to the fintrack-ui-prod cluster while dev and uat remain permissive; following Google-recommended practices, how should you implement this so that enforcement applies only to the production cluster?

Pregunta 8

You are monitoring a media transcoding microservice written in Node.js that runs on Cloud Run (fully managed). Each revision is configured with 2 vCPUs and 1.5 GiB memory, and Cloud Monitoring shows sustained spikes of ~90% CPU and ~1.3 GiB memory for 15-minute intervals during peak traffic (~800 RPS). You must identify which function is consuming the most CPU cycles and heap memory with minimal overhead (<1% CPU) and without adding significant latency in production. What should you do?

Pregunta 9

You are rolling out a reporting microservice on a Compute Engine VM (10.10.2.4) in the analytics-vpc (CIDR 10.10.0.0/16, region us-central1) that must connect to a Cloud SQL for PostgreSQL instance via the Cloud SQL Auth Proxy. The Cloud SQL instance resides in a separate db-vpc (CIDR 10.20.0.0/16) and has both public and private IPs; its private address is 10.20.3.5. For compliance, all database traffic must use the private IP. In testing, connections to the instance’s public IP succeed, but connections to 10.20.3.5 time out even though firewall rules in both VPCs allow TCP:5432 from their respective CIDR ranges and the proxy is started with --private-ip. How should you fix this issue?

Pregunta 10

Your company runs a fleet-telemetry API on Cloud Run in the us-central1 region under the production project fleet-prod. For every release candidate, you must spin up an ephemeral QA environment that is fully isolated from production (separate Google Cloud project for networking/IAM/billing), is created and torn down automatically by your CI pipeline on each pull request, mirrors production settings (region: us-central1, CPU: 1, min instances: 0), and completes provisioning in under 10 minutes without sending any traffic to production. You want the approach that provides full automation with the least ongoing effort while enabling automated end-to-end tests. What should you do?

Análisis de la pregunta

Core concept: This question tests automated environment provisioning for CI/CD using Infrastructure as Code (IaC) and Cloud Run deployment patterns. The key requirements are full isolation (separate project for IAM/networking/billing), fast ephemeral creation/teardown per PR, mirroring production Cloud Run settings, and ensuring no traffic reaches production. Why the answer is correct: Option A uses Cloud Build to run Terraform that (1) creates a brand-new Google Cloud project and (2) deploys the Cloud Run service into that project, then runs end-to-end tests and destroys everything. This directly satisfies “fully isolated from production” because project boundaries isolate IAM policies, VPC/networking, quotas, and billing. Terraform provides repeatable, declarative provisioning that is easy to automate and maintain over time, which minimizes ongoing effort compared to imperative scripting. With proper module design, provisioning a project plus a small set of resources (APIs enablement, service accounts, Cloud Run service) can fit within the 10-minute goal. Key features / best practices: Terraform supports Google Cloud project creation, API enablement, IAM bindings, and Cloud Run resources, enabling a single pipeline to create and tear down environments consistently. You can parameterize region (us-central1), CPU (1), and min instances (0) to mirror production. Using separate projects aligns with the Google Cloud Architecture Framework’s security and governance principles (strong isolation, least privilege, clear resource boundaries). Cloud Build triggers per PR provide full automation. Common misconceptions: Traffic splitting (options B/D) can look attractive for “quick QA,” but it violates the requirement of full isolation and risks accidental production interaction (shared IAM, shared networking, shared quotas, and potential data access). Imperative gcloud scripting (option C) can work, but it typically increases long-term maintenance burden and drift risk compared to IaC, especially as environments evolve. Exam tips: When you see “fully isolated” and “separate project,” prefer project-per-environment plus IaC (Terraform) over in-project revisions/traffic splitting. Also, “least ongoing effort” usually points to declarative IaC rather than custom command scripts. Finally, ensure the approach prevents any production traffic by deploying to a separate endpoint in a separate project and running tests against that endpoint only.

Practice Test #3

Respuestas y explicaciones verificadas por triple IA

Preguntas de práctica

Historias de éxito(6)

Otros exámenes de práctica

Practice Test #1

Practice Test #2

Practice Test #4

Comienza a practicar ahora