- (Exam Topic 2)
You are a developer at a large organization. You have an application written in Go running in a production Google Kubernetes Engine (GKE) cluster. You need to add a new feature that requires access to BigQuery. You want to grant BigQuery access to your GKE cluster following Google-recommended best practices. What should you do?
Correct Answer:
D
https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#what_is
Applications running on GKE might need access to Google Cloud APIs such as Compute Engine API, BigQuery Storage API, or Machine Learning APIs.
Workload Identity allows a Kubernetes service account in your GKE cluster to act as an IAM service account. Pods that use the configured Kubernetes service account automatically authenticate as the IAM service account when accessing Google Cloud APIs. Using Workload Identity allows you to assign distinct,
fine-grained identities and authorization for each application in your cluster.
- (Exam Topic 2)
The development teams in your company want to manage resources from their local environments. You have been asked to enable developer access to each team’s Google Cloud projects. You want to maximize efficiency while following Google-recommended best practices. What should you do?
Correct Answer:
C
- (Exam Topic 2)
You need to copy directory local-scripts and all of its contents from your local workstation to a Compute Engine virtual machine instance.
Which command should you use?
Correct Answer:
C
Reference: https://cloud.google.com/sdk/gcloud/reference/compute/copy-files
- (Exam Topic 2)
Your company has deployed a new API to App Engine Standard environment. During testing, the API is not behaving as expected. You want to monitor the application over time to diagnose the problem within the application code without redeploying the application.
Which tool should you use?
Correct Answer:
B
Reference: https://rominirani.com/gcp-stackdriver-tutorial-debug-snapshots-traces-logging-and-logpoints- 1ba49e4780e6
- (Exam Topic 2)
Your application is composed of a set of loosely coupled services orchestrated by code executed on Compute Engine. You want your application to easily bring up new Compute Engine instances that find and use a specific version of a service. How should this be configured?
Correct Answer:
A
https://cloud.google.com/service-infrastructure/docs/service-metadata/reference/rest#service-endpoint