Exactprep Professional-Cloud-Developer Questions

Page: 7 / 9

Question 28

Your application is composed of a set of loosely coupled services orchestrated by code executed on Compute Engine. You want your application to easily bring up new Compute Engine instances that find and use a specific version of a service. How should this be configured?

Options:

Define your service endpoint information as metadata that is retrieved at runtime and used to connect to the desired service.

Define your service endpoint information as label data that is retrieved at runtime and used to connect to the desired service.

Define your service endpoint information to be retrieved from an environment variable at runtime and used to connect to the desired service.

Define your service to use a fixed hostname and port to connect to the desired service. Replace the service at the endpoint with your new version.

Question 29

Your team is creating a serverless web application on Cloud Run. The application needs to access images stored in a private Cloud Storage bucket. You want to give the application Identity and Access Management (IAM) permission to access the images in the bucket, while also securing the services using Google-recommended best practices What should you do?

Options:

Enforce signed URLs for the desired bucket. Grant the Storage Object Viewer IAM role on the bucket to the Compute Engine default service account.

Enforce public access prevention for the desired bucket. Grant the Storage Object Viewer IAM role on the bucket to the Compute Engine

default service account.

Enforce signed URLs for the desired bucket Create and update the Cloud Run service to use a user -managed service account. Grant the Storage Object Viewer IAM role on the bucket to the service account

Enforce public access prevention for the desired bucket.

Create and update the Cloud Run service to use a user-managed service account. Grant the Storage Object Viewer IAM role on the bucket to the service account.

Question 30

Your team is responsible for maintaining an application that aggregates news articles from many different sources. Your monitoring dashboard contains publicly accessible real-time reports and runs on a Compute Engine instance as a web application. External stakeholders and analysts need to access these reports via a secure channel without authentication. How should you configure this secure channel?

Options:

Add a public IP address to the instance. Use the service account key of the instance to encrypt the traffic.

Use Cloud Scheduler to trigger Cloud Build every hour to create an export from the reports. Store the reports in a public Cloud Storage bucket.

Add an HTTP(S) load balancer in front of the monitoring dashboard. Configure Identity-Aware Proxy to secure the communication channel.

Add an HTTP(S) load balancer in front of the monitoring dashboard. Set up a Google-managed SSL certificate on the load balancer for traffic encryption.

Question 31

You are developing a marquee stateless web application that will run on Google Cloud. The rate of the incoming user traffic is expected to be unpredictable, with no traffic on some days and large spikes on other days. You need the application to automatically scale up and down, and you need to minimize the cost associated with running the application. What should you do?