You support an application deployed on Compute Engine. The application connects to a Cloud SQL instance to store and retrieve data. After an update to the application, users report errors showing database timeout messages. The number of concurrent active users remained stable. You need to find the most probable cause of the database timeout. What should you do?

A. Check the serial port logs of the Compute Engine instance.

B. Use Stackdriver Profiler to visualize the resources utilization throughout the application.

C. Determine whether there is an increased number of connections to the Cloud SQL instance.

D. Use Cloud Security Scanner to see whether your Cloud SQL is under a Distributed Denial of Service (DDoS) attack.

You are using Stackdriver to monitor applications hosted on Google Cloud Platform (GCP). You recently deployed a new application, but its logs are not appearing on the Stackdriver dashboard.

You need to troubleshoot the issue. What should you do?

A. Confirm that the Stackdriver agent has been installed in the hosting virtual machine.

B. Confirm that your account has the proper permissions to use the Stackdriver dashboard.

C. Confirm that port 25 has been opened in the firewall to allow messages through to Stackdriver.

D. Confirm that the application is using the required client library and the service account key has proper permissions.

You are creating and assigning action items in a postmodern for an outage. The outage is over, but you need to address the root causes. You want to ensure that your team handles the action items quickly and efficiently. How should you assign owners and collaborators to action items?

A. Assign one owner for each action item and any necessary collaborators.

B. Assign multiple owners for each item to guarantee that the team addresses items quickly.

C. Assign collaborators but no individual owners to the items to keep the postmortem blameless.

D. Assign the team lead as the owner for all action items because they are in charge of the SRE team.

Your organization wants to collect system logs that will be used to generate dashboards in Cloud Operations for their Google Cloud project. You need to configure all current and future Compute Engine instances to collect the system logs, and you must ensure that the Ops Agent remains up to date. What should you do?

A. Use the gcloud CLI to install the Ops Agent on each VM listed in the Cloud Asset Inventory,

B. Select all VMs with an Agent status of Not detected on the Cloud Operations VMs dashboard. Then select Install agents.

C. Use the gcloud CLI to create an Agent Policy.

D. Install the Ops Agent on the Compute Engine image by using a startup script

You are creating a CI/CD pipeline to perform Terraform deployments of Google Cloud resources. Your CI/CD tooling is running in Google Kubernetes Engine (GKE) and uses an ephemeral Pod for each pipeline run. You must ensure that the pipelines that run in the Pods have the appropriate Identity and Access Management (IAM) permissions to perform the Terraform deployments. You want to follow Google-recommended practices for identity management. What should you do? (Choose two.)

A. Create a new Kubernetes service account, and assign the service account to the Pods. Use Workload Identity to authenticate as the Google service account.

B. Create a new JSON service account key for the Google service account, store the key as a Kubernetes secret, inject the key into the Pods, and set the GOOGLE_APPLICATION_CREDENTIALS environment variable.

C. Create a new Google service account, and assign the appropriate IAM permissions.

D. Create a new JSON service account key for the Google service account, store the key in the secret management store for the CI/CD tool, and configure Terraform to use this key for authentication.

E. Assign the appropriate IAM permissions to the Google service account associated with the Compute Engine VM instances that run the Pods.

You are using Terraform to manage infrastructure as code within a CI/CD pipeline. You notice that multiple copies of the entire infrastructure stack exist in your Google Cloud project, and a new copy is created each time a change to the existing infrastructure is made. You need to optimize your cloud spend by ensuring that only a single instance of your infrastructure stack exists at a time. You want to follow Google-recommended practices. What should you do?

A. Create a new pipeline to delete old infrastructure stacks when they are no longer needed.

B. Confirm that the pipeline is storing and retrieving the terraform.tfstate file from Cloud Storage with the Terraform gcs backend.

C. Verify that the pipeline is storing and retrieving the terraform.tfstate file from a source control.

D. Update the pipeline to remove any existing infrastructure before you apply the latest configuration.

Your company is using HTTPS requests to trigger a public Cloud Run-hosted service accessible at the https://booking-engine-abcdef.a.run.app URL. You need to give developers the ability to test the latest revisions of the service before the service is exposed to customers. What should you do?

A. Run the gcloud run deploy booking-engine --no-traffic --tag dev command. Use the https://dev--booking-engine-abcdef.a.run.app URL for testing.

B. Run the gcloud run services update-traffic booking-engine --to-revisions LATEST=1 command. Use the https://booking-engine-abcdef.a.run.app URL for testing.

C. Pass the curl –H “Authorization:Bearer $(gcloud auth print-identity-token)” auth token. Use the https://booking-engine-abcdef.a.run.app URL to test privately.

D. Grant the roles/run.invoker role to the developers testing the booking-engine service. Use the https://booking-engine-abcdef.private.run.app URL for testing.

You need to enforce several constraint templates across your Google Kubernetes Engine (GKE) clusters. The constraints include policy parameters, such as restricting the Kubernetes API. You must ensure that the policy parameters are stored in a GitHub repository and automatically applied when changes occur. What should you do?

A. Set up a GitHub action to trigger Cloud Build when there is a parameter change. In Cloud Build, run a gcloud CLI command to apply the change.

B. When there is a change in GitHub. use a web hook to send a request to Anthos Service Mesh, and apply the change.

C. Configure Anthos Config Management with the GitHub repository. When there is a change in the repository, use Anthos Config Management to apply the change.

D. Configure Config Connector with the GitHub repository. When there is a change in the repository, use Config Connector to apply the change.

Your Cloud Run application writes unstructured logs as text strings to Cloud Logging. You want to convert the unstructured logs to JSON-based structured logs. What should you do?

A. Modify the application to use Cloud Logging software development kit (SDK), and send log entries with a jsonPayload field.

B. Install a Fluent Bit sidecar container, and use a JSON parser.

C. Install the log agent in the Cloud Run container image, and use the log agent to forward logs to Cloud Logging.

D. Configure the log agent to convert log text payload to JSON payload.

You are monitoring a service that uses n2-standard-2 Compute Engine instances that serve large files. Users have reported that downloads are slow. Your Cloud Monitoring dashboard shows that your VMs are running at peak network throughput. You want to improve the network throughput performance. What should you do?

A. Add additional network interface controllers (NICs) to your VMs.

B. Deploy a Cloud NAT gateway and attach the gateway to the subnet of the VMs.

C. Change the machine type for your VMs to n2-standard-8.

D. Deploy the Ops Agent to export additional monitoring metrics.