Sample Questions and Answers
Which method is recommended to deploy a canary release in GKE?
A) Manually update all pods at once
B) Use multiple Deployments with different labels and traffic split via Service or Ingress
C) Delete all pods before new release
D) Use StatefulSets only
Answer: B) Use multiple Deployments with different labels and traffic split via Service or Ingress
Explanation: This allows directing a subset of traffic to the canary deployment.
What is a key benefit of integrating Cloud Build with Cloud Source Repositories?
A) Automatic VM provisioning
B) Continuous Integration triggered by code commits
C) Increased disk capacity
D) Firewall rule automation
Answer: B) Continuous Integration triggered by code commits
Explanation: Cloud Build can automatically start builds when code is pushed to repositories.
How can you securely manage API keys in GCP?
A) Store them in source code
B) Use Secret Manager with fine-grained access control
C) Email them to developers
D) Hard-code in environment variables
Answer: B) Use Secret Manager with fine-grained access control
Explanation: Secret Manager securely stores API keys and controls access with IAM.
What is the primary purpose of Cloud Logging?
A) Data storage
B) Aggregation and analysis of log data
C) Running batch jobs
D) Network routing
Answer: B) Aggregation and analysis of log data
Explanation: Cloud Logging collects, stores, and enables querying of logs from GCP resources.
Which tool can help enforce policy as code in GCP?
A) Cloud Armor
B) Forseti Security
C) Cloud Functions
D) Cloud Build
Answer: B) Forseti Security
Explanation: Forseti helps enforce security policies by auditing and monitoring GCP resources.
What is the effect of enabling autoscaling in a managed instance group?
A) Reduces disk I/O
B) Automatically adjusts the number of VM instances based on load
C) Locks instance size
D) Stops VMs on weekends
Answer: B) Automatically adjusts the number of VM instances based on load
Explanation: Autoscaling ensures efficient resource usage based on demand.
What is the purpose of a Service Level Objective (SLO)?
A) To define security policies
B) To specify a target level of service reliability or availability
C) To configure load balancers
D) To schedule deployments
Answer: B) To specify a target level of service reliability or availability
Explanation: SLOs define measurable goals for service performance.
What is the main advantage of using Cloud Run for deploying microservices?
A) Fixed scaling only
B) Serverless deployment with automatic scaling
C) Manual VM management required
D) No HTTPS support
Answer: B) Serverless deployment with automatic scaling
Explanation: Cloud Run abstracts infrastructure management and scales automatically.
How can you minimize the risk of human error in production deployments?
A) Manual approval process only
B) Automate deployments using CI/CD pipelines with automated tests
C) Disable logging
D) Ignore rollback procedures
Answer: B) Automate deployments using CI/CD pipelines with automated tests
Explanation: Automation reduces errors and ensures consistent deployment processes.
Which tool allows you to analyze traces of requests across microservices?
A) Cloud Trace
B) Cloud Storage
C) Cloud IAM
D) Cloud DNS
Answer: A) Cloud Trace
Explanation: Cloud Trace helps identify latency issues and performance bottlenecks.
What is the best approach to handle secrets in Kubernetes?
A) Store them in ConfigMaps
B) Store them in plaintext files
C) Use Kubernetes Secrets, preferably integrated with Secret Manager
D) Hard-code them in container images
Answer: C) Use Kubernetes Secrets, preferably integrated with Secret Manager
Explanation: Kubernetes Secrets securely store sensitive data and can integrate with GCP Secret Manager.
Which deployment strategy reduces downtime by running old and new versions simultaneously?
A) Recreate deployment
B) Rolling update
C) Blue/Green deployment
D) Manual deployment
Answer: C) Blue/Green deployment
Explanation: Blue/Green maintains two environments to switch traffic with minimal downtime.
What is the advantage of using Cloud Build’s build triggers?
A) Increases VM costs
B) Enables automatic build execution on code changes
C) Requires manual builds only
D) Limits artifact storage
Answer: B) Enables automatic build execution on code changes
Explanation: Build triggers start builds automatically when source code changes are detected.
What is the best way to implement continuous deployment for a GKE application?
A) Manually update pods via kubectl
B) Use Cloud Build with a trigger linked to the source repository to deploy to GKE automatically
C) Restart nodes manually
D) Deploy only after manual approval
Answer: B) Use Cloud Build with a trigger linked to the source repository to deploy to GKE automatically
Explanation: Automating deployments via Cloud Build triggers ensures faster, consistent continuous deployment.
Which GCP service provides distributed tracing to help troubleshoot latency issues?
A) Cloud Logging
B) Cloud Trace
C) Cloud Monitoring
D) Cloud Functions
Answer: B) Cloud Trace
Explanation: Cloud Trace collects latency data and visualizes request paths for troubleshooting.
How can you securely rotate credentials stored in GCP?
A) Store new credentials in plaintext in code
B) Use Secret Manager with automated rotation policies
C) Email credentials to the team regularly
D) Hard-code credentials in environment variables
Answer: B) Use Secret Manager with automated rotation policies
Explanation: Secret Manager supports versioning and rotation to keep credentials secure and up to date.
Which Kubernetes resource defines the desired state and manages pods in GKE?
A) Service
B) Pod
C) Deployment
D) ConfigMap
Answer: C) Deployment
Explanation: Deployments declaratively manage pod lifecycle and ensure desired state.
What is the advantage of enabling binary authorization for GKE?
A) Faster builds
B) Ensures only trusted container images are deployed
C) Enables public access to cluster
D) Automatically scales cluster nodes
Answer: B) Ensures only trusted container images are deployed
Explanation: Binary Authorization enforces image signing policies to prevent unauthorized images.
How can you monitor error rates of a microservice in GCP?
A) Use Cloud Logging filters to count error logs
B) Use metric-based alerts on error count or error rate in Cloud Monitoring
C) Use Cloud Storage logs
D) Use Cloud DNS monitoring
Answer: B) Use metric-based alerts on error count or error rate in Cloud Monitoring
Explanation: Cloud Monitoring allows creating alerts based on error metrics.
Which technique helps prevent configuration drift in infrastructure?
A) Manual configuration on servers
B) Use Infrastructure as Code tools like Terraform or Deployment Manager
C) Manual patching of servers
D) Disable backups
Answer: B) Use Infrastructure as Code tools like Terraform or Deployment Manager
Explanation: IaC tools ensure infrastructure is versioned, repeatable, and consistent.
What is the purpose of uptime checks in Cloud Monitoring?
A) To verify the availability of a service or endpoint
B) To measure CPU usage
C) To encrypt data at rest
D) To control user permissions
Answer: A) To verify the availability of a service or endpoint
Explanation: Uptime checks periodically test service endpoints to ensure they are reachable.
Which GCP product helps enforce network security at the edge?
A) Cloud Armor
B) Cloud Build
C) Cloud Functions
D) Cloud Storage
Answer: A) Cloud Armor
Explanation: Cloud Armor protects applications from DDoS and other web attacks at the network edge.
How can you safely test new software versions in production with minimal user impact?
A) Deploy new versions to 100% of traffic immediately
B) Use canary deployments to route a small percentage of traffic to the new version
C) Deploy only during business hours
D) Manually switch traffic with no automation
Answer: B) Use canary deployments to route a small percentage of traffic to the new version
Explanation: Canary deployments reduce risk by exposing new versions to a limited user base first.
What does Cloud Monitoring’s alert policy condition “absence of data” mean?
A) Data is missing from logs
B) No metrics have been reported for a specified period
C) User access is denied
D) Cloud Storage is full
Answer: B) No metrics have been reported for a specified period
Explanation: Absence of data alerts detect when metrics stop being reported, indicating potential issues.
Which tool would you use to create repeatable, automated deployments of GCP infrastructure?
A) Cloud Console UI
B) Terraform
C) Manual CLI commands
D) Google Docs
Answer: B) Terraform
Explanation: Terraform allows declarative configuration of infrastructure for repeatability and version control.
What is a benefit of using Cloud CDN with your backend services?
A) Increase backend processing time
B) Cache content at the edge to reduce latency and load on backend services
C) Reduce security
D) Disable encryption
Answer: B) Cache content at the edge to reduce latency and load on backend services
Explanation: Cloud CDN speeds up content delivery by caching at Google’s global edge locations.
Which service allows you to create event-driven serverless applications in GCP?
A) Cloud Functions
B) Compute Engine
C) Kubernetes Engine
D) Cloud SQL
Answer: A) Cloud Functions
Explanation: Cloud Functions execute code in response to events without managing infrastructure.
How can you debug issues with containerized applications running in GKE?
A) SSH into the nodes only
B) Use kubectl logs and Cloud Logging to analyze container logs
C) Delete all pods
D) Disable monitoring
Answer: B) Use kubectl logs and Cloud Logging to analyze container logs
Explanation: Logs provide insights into application behavior and errors.
Which GCP feature helps automate VM instance patching?
A) Cloud Build
B) OS Patch Management
C) Cloud Run
D) Cloud Scheduler
Answer: B) OS Patch Management
Explanation: OS Patch Management automates the process of patching VMs for security and stability.
What is the primary use case for Cloud Tasks in GCP?
A) Run batch jobs manually
B) Manage asynchronous task queues to decouple and scale workloads
C) Store files
D) Manage IAM policies
Answer: B) Manage asynchronous task queues to decouple and scale workloads
Explanation: Cloud Tasks allow applications to execute work asynchronously and handle retries.
How do you control access to GCP resources?
A) Firewall rules only
B) Using IAM roles and policies
C) Usernames and passwords only
D) Hardcoded permissions
Answer: B) Using IAM roles and policies
Explanation: IAM provides fine-grained access control to GCP resources.
Which tool allows you to trace requests across services to identify latency issues?
A) Cloud Storage
B) Cloud Trace
C) Cloud Monitoring
D) Cloud DNS
Answer: B) Cloud Trace
Explanation: Cloud Trace collects latency data across distributed systems to pinpoint bottlenecks.
How do you limit GKE cluster access to authorized users?
A) Use a public endpoint only
B) Enable RBAC and use IAM integration for authentication and authorization
C) Disable all user access
D) Use only node IPs for access
Answer: B) Enable RBAC and use IAM integration for authentication and authorization
Explanation: RBAC controls permissions within the cluster, integrated with IAM for identity management.
What is the benefit of defining SLOs for your services?
A) They set targets to ensure service reliability and help prioritize engineering efforts
B) They control billing
C) They configure networking
D) They store secrets
Answer: A) They set targets to ensure service reliability and help prioritize engineering efforts
Explanation: SLOs define measurable service performance goals aligned with user expectations.
What tool can you use to manage GCP project budgets and alerts?
A) Cloud Billing Budgets and Alerts
B) Cloud IAM
C) Cloud Build
D) Cloud Storage
Answer: A) Cloud Billing Budgets and Alerts
Explanation: This tool helps monitor and control project costs by sending alerts when budgets exceed thresholds.
Which method best helps avoid downtime during software upgrades?
A) Blue/Green deployments or rolling updates
B) Manual server restarts
C) Disabling monitoring temporarily
D) Shutting down services
Answer: A) Blue/Green deployments or rolling updates
Explanation: These deployment strategies allow seamless upgrades with minimal downtime.
What is the role of the Config Connector in GCP?
A) Connects to third-party APIs
B) Enables Kubernetes-native management of GCP resources
C) Stores secrets
D) Manages billing
Answer: B) Enables Kubernetes-native management of GCP resources
Explanation: Config Connector lets you manage GCP resources using Kubernetes manifests.
What is the best practice for managing secrets in CI/CD pipelines?
A) Store secrets in plaintext files checked into source control
B) Use Secret Manager and inject secrets securely at runtime
C) Hard-code secrets in scripts
D) Email secrets to developers
Answer: B) Use Secret Manager and inject secrets securely at runtime
Explanation: This minimizes exposure and ensures secrets are managed securely.
Which feature helps protect GKE workloads from network threats?
A) Network Policies
B) Cloud Build
C) Cloud Scheduler
D) Cloud Storage
Answer: A) Network Policies
Explanation: Kubernetes Network Policies restrict traffic between pods for security.
How does Cloud Spanner support DevOps practices?
A) By providing globally distributed, strongly consistent database service with high availability
B) By running batch jobs
C) By managing IAM policies
D) By providing storage only
Answer: A) By providing globally distributed, strongly consistent database service with high availability
Explanation: Spanner supports scalable, resilient database workloads with minimal operational overhead.
What is the role of Stackdriver Debugger in the DevOps process?
A) Deploy applications
B) Collect and inspect live application state without stopping or slowing down the app
C) Manage user access
D) Monitor uptime
Answer: B) Collect and inspect live application state without stopping or slowing down the app
Explanation: Stackdriver Debugger helps diagnose issues in production with minimal impact.
How can you protect Cloud Build pipelines from unauthorized access?
A) Disable IAM
B) Use IAM roles with least privilege for build service accounts
C) Allow open access to build triggers
D) Use hardcoded passwords
Answer: B) Use IAM roles with least privilege for build service accounts
Explanation: Proper IAM roles ensure only authorized actions in build pipelines.
Which GCP service helps manage and automate compliance policies?
A) Cloud Security Command Center
B) Cloud Functions
C) Cloud Build
D) Cloud DNS
Answer: A) Cloud Security Command Center
Explanation: This service provides visibility into security and compliance risks and helps automate policy enforcement.
Reviews
There are no reviews yet.