Google Professional Cloud DevOps Engineer (PCDOE) 덤프 및 해설

Your media-streaming company operates on Google Cloud with 6 departments each mapped to a folder under the organization; there are 120 existing projects and about 10 new projects are created every month, and the security team requires that every log entry (all log types and resource types, across all regions) be exported in near real time to a third-party SIEM that ingests from a Cloud Pub/Sub topic named siem-ingest, so you must implement a solution that automatically covers all current and future projects with minimal ongoing maintenance and does not move logs into Cloud Logging buckets; what should you do?

You manage the release pipeline for a payments API running on a regional GKE cluster in us-central1. The API is exposed via a Kubernetes Service (ClusterIP) behind an HTTP Ingress managed by Cloud Load Balancing. You implement blue/green by running two Deployments: pay-blue-v1 and pay-green-v2, each with 10 replicas and labels color=blue/green. During the cutover, you updated the Service selector to color=green to send 100% of ~1,500 RPS to pay-green-v2. Within 2 minutes, the HTTP 5xx error rate spikes to 7%, breaching the 1% SLO target. You must roll back immediately with less than 30 seconds of impact, without rebuilding images or modifying the Ingress configuration. What should you do?

Your company runs a payments API behind an NGINX Ingress Controller on a GKE Standard cluster with three n2-standard-4 nodes; the Ops Agent DaemonSet is deployed on all nodes and forwards access logs to Cloud Logging. In the past hour you observed suspicious traffic from the IP address 198.51.100.77, and you need to visualize the per-minute count of requests from this IP in Cloud Monitoring without changing application code or deploying additional collectors. What should you do to achieve this with minimal operational overhead?

Your team runs a CI pipeline that executes ~200 integration test jobs per day, and each job must call internal gRPC APIs that are reachable only on 10.20.0.0/16 in a Shared VPC with no external IPs or NAT; the security policy requires that test traffic must never traverse the public internet, you are not allowed to maintain bastion hosts or custom proxies, tests must finish within 10 minutes per run, and you want the least operational overhead for setup and ongoing management—what should you do?

A biotech company aggregates container and application logs from 15 Google Cloud projects into a single Cloud Logging bucket in a dedicated observability project using aggregated sinks with a 30-day retention policy. Compliance requires that each of the 8 product squads can only view logs originating from their own project(s), while the SRE team must be able to view all logs across all projects. You must implement least-privilege access, avoid duplicating data, and minimize ongoing costs and operational overhead. What should you do?