Deck 14: Professional Cloud DevOps Engineer

A) Call individual stakeholders to explain what happened.
B) Develop a post-mortem to be distributed to stakeholders.
C) Send the Incident State Document to all the stakeholders.
D) Require the engineer responsible to write an apology email to all stakeholders.

A) Create an automated testing script in production to detect failures as soon as they occur.
B) Create a development environment with smaller server capacity and give access only to developers and testers.
C) Secure the production environment to ensure that developers can't change it and set up one controlled update per year.
D) Create a development environment for writing code and a test environment for configurations, experiments, and load testing.

A) Reference the image digest in the source control tag.
B) Supply the source control tag as a parameter within the image name.
C) Use Cloud Build to include the release version tag in the application image.
D) Use GCR digest versioning to match the image to the tag in source control.

A) Use Cloud Build to trigger a Spinnaker pipeline.
B) Use Cloud Pub/Sub to bigger a Spinnaker pipeline.
C) Use a custom builder in Cloud Build to trigger Jenkins pipeline.
D) Use Cloud Pub/Sub to trigger a custom deployment service running in Google Kubernetes Engine (GKE).

A) Check the serial port logs of the Compute Engine instance.
B) Use Stackdriver Profiler to visualize the resources utilization throughout the application.
C) Determine whether there is an increased number of connections to the Cloud SQL instance.
D) Use Cloud Security Scanner to see whether your Cloud SQL is under a Distributed Denial of Service (DDoS) attack.

A) Before merging new code, require 2 different peers to review the code changes.
B) Adopt the blue/green deployment strategy when releasing new code via a CD server.
C) Integrate a code linting tool to validate coding standards before any code is accepted into the repository.
D) Require developers to run automated integration tests on their local development environments before release.
E) Configure a CI server. Add a suite of unit tests to your code and have your CI server run them on commit and verify any changes.

A) Adjust the SLO targets to be achievable by the service so you can bring it into production.
B) Notify the development team that they will have to provide production support for the service.
C) Identify recommended reliability improvements to the service to be completed before handover.
D) Bring the service into production with no SLOs and build them when you have collected operational data.

A) flex/connections/current
B) tcp_ssl_proxy/new_connections
C) tcp_ssl_proxy/open_connections
D) flex/instance/connections/current

A) Use Stackdriver Kubernetes Engine Monitoring.
B) Use Prometheus to collect and aggregate logs per container, and then analyze the results in Grafana.
C) Use the Stackdriver Monitoring API to create custom metrics, and then organize your containers using groups.
D) Use Stackdriver Logging to export application logs to BigQuery, aggregate logs per container, and then analyze CPU and memory consumption.

A) Prompt developers for secrets at build time. Instruct developers to not store secrets at rest.
B) Store secrets in a separate configuration file on Git. Provide select developers with access to the configuration file.
C) Store secrets in Cloud Storage encrypted with a key from Cloud KMS. Provide the CI/CD pipeline with access to Cloud KMS via IAM.
D) Encrypt the secrets and store them in the source code repository. Store a decryption key in a separate repository and grant your pipeline access to it.

A) Purchase Committed Use Discounts.
B) Migrate the instances to a Managed Instance Group.
C) Convert the instances to preemptible virtual machines.
D) Create an Unmanaged Instance Group for the instances used to run the workload.

A) Verify the maximum node pool size, enable a horizontal pod autoscaler, and then perform a load test to verify your expected resource needs.
B) Because you are deployed on GKE and are using a cluster autoscaler, your GKE cluster will scale automatically regardless of growth rate.
C) Because you are at only 30% utilization, you have significant headroom and you won't need to add any additional capacity for this rate of growth.
D) Proactively add 60% more node capacity to account for six months of 10% growth rate, and then perform a load test to make sure you have enough.

A) Compare the canary with a new deployment of the current production version.
B) Compare the canary with a new deployment of the previous production version.
C) Compare the canary with the existing deployment of the current production version.
D) Compare the canary with the average performance of a sliding window of previous production versions.

A) Focus on responding to internal stakeholders at least every 30 minutes. Commit to "next update" times.
B) Provide periodic updates to all stakeholders in a timely manner. Commit to a "next update" time in all communications.
C) Delegate the responding to internal stakeholder emails to another member of the Incident Response Team. Focus on providing responses directly to customers.
D) Provide all internal stakeholder emails to the Incident Commander, and allow them to manage internal communications. Focus on providing responses directly to customers.

A) Use the default Stackdriver Kubernetes Engine Monitoring agent configuration.
B) Deploy a Fluentd daemonset to GKE. Then create a customized input and output configuration to tail the log file in the application's pods and write to Stackdriver Logging.
C) Install Kubernetes on Google Compute Engine (GCE) and redeploy your applications. Then customize the built-in Stackdriver Logging configuration to tail the log file in the application's pods and write to Stackdriver Logging.
D) Write a script to tail the log file within the pod and write entries to standard output. Run the script as a sidecar container with the application's pod. Configure a shared volume between the containers to allow the script to have read access to /var/log in the application container.

A) Share the workspace Project ID with the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.
B) Share the workspace Project ID with the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.
C) Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Monitoring Viewer IAM role in the workspace project.
D) Click "Share chart by URL" and provide the URL to the SRE team. Assign the SRE team the Dashboard Viewer IAM role in the workspace project.

A) Enable Cloud Security Scanner on the clusters.
B) Enable Vulnerability Analysis on the Container Registry.
C) Set up the Kubernetes Engine clusters as private clusters.
D) Set up the Kubernetes Engine clusters with Binary Authorization.

A) Add logic to each Cloud Build step to HTTP POST the build information to a webhook.
B) Add a new step at the end of the pipeline in Cloud Build to HTTP POST the build information to a webhook.
C) Use Stackdriver Logging to create a logs-based metric from the Cloud Build logs. Create an Alert with a Webhook notification type.
D) Create a Cloud Pub/Sub push subscription to the Cloud Build cloud-builds PubSub topic to HTTP POST the build information to a webhook. Create a Cloud Pub/Sub push subscription to the Cloud Build cloud-builds PubSub topic to HTTP POST the build information to a webhook.

A) Look for the agent's test log entry in the Logs Viewer.
B) Install the most recent version of the Stackdriver agent.
C) Verify the VM service account access scope includes the monitoring.write scope. Verify the VM service account access scope includes the monitoring.write scope.
D) SSH to the VM and execute the following commands on your VM: ps ax | grep fluentd . SSH to the VM and execute the following commands on your VM: ps ax | grep fluentd .

A) Configure the horizontal pod autoscaler to use the average response time from the Liveness and Readiness probes.
B) Configure the vertical pod autoscaler in GKE and enable the cluster autoscaler to scale the cluster as pods expand.
C) Install the Stackdriver custom metrics adapter and configure a horizontal pod autoscaler to use the number of requests provided by the GCLB.
D) Expose the NGINX stats endpoint and configure the horizontal pod autoscaler to use the request metrics exposed by the NGINX deployment.

A) Use the n1-highcpu-96 machine type in the configuration of the MIG.
B) Monitor results of Stackdriver Trace to determine the required amount of resources.
C) Validate that the resource requirements are within the available quota limits of each region.
D) Deploy the service in one region and use a global load balancer to route traffic to this region.

A) A scalable in-memory caching system.
B) The organization's public-facing website.
C) A distributed, eventually consistent NoSQL database cluster with sufficient quorum.
D) A GPU-accelerated video rendering platform that retrieves and stores videos in a storage bucket.

A) Download and configure a third-party integration between Stackdriver Monitoring and an SMS gateway. Ensure that your team members add their SMS/phone numbers to the external tool.
B) Select the Webhook notifications option for each alerting policy, and configure it to use a third-party integration tool. Ensure that your team members add their SMS/phone numbers to the external tool.
C) Ensure that your team members set their SMS/phone numbers in their Stackdriver Profile. Select the SMS notification option for each alerting policy and then select the appropriate SMS/phone numbers from the list.
D) Configure a Slack notification for each alerting policy. Set up a Slack-to-SMS integration to send SMS messages when Slack messages are received. Ensure that your team members add their SMS/phone numbers to the external integration.

A) Link Stackdriver Logging as a source in Google Data Studio. Filter the logs on the cache misses.
B) Configure Stackdriver Profiler to identify and visualize when the cache misses occur based on the logs.
C) Create a logs-based metric in Stackdriver Logging and a dashboard for that metric in Stackdriver Monitoring.
D) Configure BigQuery as a sink for Stackdriver Logging. Create a scheduled query to filter the cache miss logs and write them to a separate table.

A) Configure the build system with protected branches that require pull request approval.
B) Use an Admission Controller to verify that incoming requests originate from approved sources.
C) Leverage Kubernetes Role-Based Access Control (RBAC) to restrict access to only approved users.
D) Enable binary authorization inside the Kubernetes cluster and configure the build pipeline as an attestor.

A) Create a custom builder for Cloud Build that will only push images to gcr.io/altostrat-images.
B) Use a Binary Authorization policy that includes the whitelist name pattern gcr.io/altostrat-images/.
C) Add logic to the deployment pipeline to check that all manifests contain only images from gcr.io/altostrat-images.
D) Add a tag to each image in gcr.io/altostrat-images and check that this tag is present when the image is deployed.

A) Assign the Container Developer role to the Cloud Build service account.
B) Specify the Container Developer role for Cloud Build in the cloudbuild.yaml file.
C) Create a new service account with the Container Developer role and use it to run Cloud Build.
D) Create a separate step in Cloud Build to retrieve service account credentials and pass these to kubectl.