Prepare Professional-Cloud-DevOps-Engineer Exam Questions [2024] Recently Updated Questions
Give push to your success with Professional-Cloud-DevOps-Engineer exam questions
Test Structure
The candidates who want to take this Google exam will have two hours to answer all questions. Even though the vendor doesn’t give details on the total number of questions that the examinees will receive, they should be prepared to solve multiple-choice and multiple-answer inquiries. Besides, the test is delivered in the English language only. As for the registration fee, the test-takers will need to pay $200 to take it. Additional taxes may apply depending on the candidate’s profile and chosen delivery method. By and large, the applicants have two options to take the official exam. They can choose to take it online from any remote location that they prefer. If they choose this option, the candidates should read carefully what the testing requirements are. In case applicants prefer to be present in a classroom when they take the actual testing, then they can search for a test center that is closest to their location. Also, Google doesn’t have any prerequisites for the candidates to be eligible for the evaluation. Still, it recommends that the candidates for the Professional Cloud DevOps Engineer exam should have at least 3 years of experience in the industry including a minimum of one year of experience in managing and developing solutions on GCP.
Google Professional-Cloud-DevOps-Engineer Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
NEW QUESTION # 67
You are designing a new Google Cloud organization for a client. Your client is concerned with the risks associated with long-lived credentials created in Google Cloud. You need to design a solution to completely eliminate the risks associated with the use of JSON service account keys while minimizing operational overhead. What should you do?
- A. Grant the roles/ iam.serviceAccountKeyAdmin IAM role to organization administrators only.
- B. Use custom versions of predefined roles to exclude all iam.serviceAccountKeys. * service account role permissions.
- C. Apply the constraints/iam. disableServiceAccountKeyUp10ad constraint to the organization.
- D. Apply the constraints/iam.disableserviceAccountKeycreation constraint to the organization.
Answer: D
Explanation:
The correct answer is B, Apply the constraints/iam.disableServiceAccountKeyCreation constraint to the organization.
According to the Google Cloud documentation, the constraints/iam.disableServiceAccountKeyCreation constraint is an organization policy constraint that prevents the creation of user-managed service account keys1. User-managed service account keys are long-lived credentials that can be downloaded as JSON or P12 files and used to authenticate as a service account2. These keys pose severe security risks if they are leaked, stolen, or misused by unauthorized entities34. By applying this constraint to the organization, you can completely eliminate the risks associated with the use of JSON service account keys and enforce a more secure alternative for authentication, such as Workload Identity or short-lived access tokens12. This also minimizes operational overhead by avoiding the need to manage, rotate, or revoke user-managed service account keys.
The other options are incorrect because they do not completely eliminate the risks associated with the use of JSON service account keys. Option A is incorrect because it only restricts the IAM permissions to create, list, get, delete, or sign service account keys, but it does not prevent existing keys from being used or leaked. Option C is incorrect because it only disables the upload of user-managed service account keys, but it does not prevent the creation or download of such keys. Option D is incorrect because it only limits the IAM role that can create and manage service account keys, but it does not prevent the keys from being distributed or exposed to unauthorized entities.
Reference:
Disable user-managed service account key creation, Disable user-managed service account key creation. Service accounts, User-managed service accounts. Help keep your Google Cloud service account keys safe, Help keep your Google Cloud service account keys safe. Stop Downloading Google Cloud Service Account Keys!, Stop Downloading Google Cloud Service Account Keys! [Service Account Keys], Service Account Keys. [Disable user-managed service account key upload], Disable user-managed service account key upload. [Granting roles to service accounts], Granting roles to service accounts.
NEW QUESTION # 68
You are ready to deploy a new feature of a web-based application to production. You want to use Google Kubernetes Engine (GKE) to perform a phased rollout to half of the web server pods.
What should you do?
- A. Use a partitioned rolling update.
- B. Use a stateful set with parallel pod management policy.
- C. Use Node taints with NoExecute.
- D. Use a replica set in the deployment specification.
Answer: A
Explanation:
Explanation
https://medium.com/velotio-perspectives/exploring-upgrade-strategies-for-stateful-sets-in-kubernetes-c02b8286f
NEW QUESTION # 69
You are managing the production deployment to a set of Google Kubernetes Engine (GKE) clusters. You want to make sure only images which are successfully built by your trusted CI/CD pipeline are deployed to production. What should you do?
- A. Enable Vulnerability Analysis on the Container Registry.
- B. Set up the Kubernetes Engine clusters as private clusters.
- C. Set up the Kubernetes Engine clusters with Binary Authorization.
- D. Enable Cloud Security Scanner on the clusters.
Answer: B
NEW QUESTION # 70
You are configuring connectivity across Google Kubernetes Engine (GKE) clusters in different VPCs You notice that the nodes in Cluster A are unable to access the nodes in Cluster B You suspect that the workload access issue is due to the network configuration You need to troubleshoot the issue but do not have execute access to workloads and nodes You want to identify the layer at which the network connectivity is broken What should you do?
- A. Enable VPC Flow Logs in both VPCs and monitor packet drops
- B. Use a debug container to run the traceroute command from Cluster A to Cluster B and from Cluster B to Cluster A Identify the common failure point
- C. Install a toolbox container on the node in Cluster A Confirm that the routes to Cluster B are configured appropriately
- D. Use Network Connectivity Center to perform a Connectivity Test from Cluster A to Cluster
Answer: D
Explanation:
Explanation
The best option for troubleshooting the issue without having execute access to workloads and nodes is to use Network Connectivity Center to perform a Connectivity Test from Cluster A to Cluster B. Network Connectivity Center is a service that allows you to create, manage, and monitor network connectivity across Google Cloud, hybrid, and multi-cloud environments. You can use Network Connectivity Center to perform a Connectivity Test, which is a feature that allows you to test the reachability and latency between two endpoints, such as GKE clusters, VM instances, or IP addresses. By using Network Connectivity Center to perform a Connectivity Test from Cluster A to Cluster B, you can identify the layer at which the network connectivity is broken, such as the firewall, routing, or load balancing.
NEW QUESTION # 71
Your team is writing a postmortem after an incident on your external facing application Your team wants to improve the postmortem policy to include triggers that indicate whether an incident requires a postmortem Based on Site Reliability Engineenng (SRE) practices, what triggers should be defined in the postmortem policy?
Choose 2 answers
- A. Data is lost due to an incident
- B. The monitoring system detects that one of the instances for your application has failed
- C. The CD pipeline detects an issue and rolls back a problematic release.
- D. An external stakeholder asks for a postmortem
- E. An internal stakeholder requests a postmortem
Answer: D,E
Explanation:
Explanation
The best options for defining triggers that indicate whether an incident requires a postmortem based on Site Reliability Engineering (SRE) practices are an external stakeholder asks for a postmortem and data is lost due to an incident. An external stakeholder is someone who is affected by or has an interest in the service, such as a customer or a partner. If an external stakeholder asks for a postmortem, it means that they are concerned about the impact or root cause of the incident, and they expect an explanation and remediation from the service provider. Therefore, this should trigger a postmortem to address their concerns and improve their satisfaction. Data loss is a serious consequence of an incident that can affect the integrity and reliability of the service. If data is lost due to an incident, it means that there was a failure in the backup or recovery mechanisms, or that there was a corruption or deletion of data. Therefore, this should trigger a postmortem to investigate the cause and impact of the data loss, and to prevent it from happening again.
NEW QUESTION # 72
You are using Stackdriver to monitor applications hosted on Google Cloud Platform (GCP). You recently deployed a new application, but its logs are not appearing on the Stackdriver dashboard.
You need to troubleshoot the issue. What should you do?
- A. Confirm that your account has the proper permissions to use the Stackdriver dashboard.
- B. Confirm that the application is using the required client library and the service account key has proper permissions.
- C. Confirm that the Stackdriver agent has been installed in the hosting virtual machine.
- D. Confirm that port 25 has been opened in the firewall to allow messages through to Stackdriver.
Answer: A
NEW QUESTION # 73
You need to deploy a new service to production. The service needs to automatically scale using a Managed Instance Group (MIG) and should be deployed over multiple regions. The service needs a large number of resources for each instance and you need to plan for capacity. What should you do?
- A. Deploy the service in one region and use a global load balancer to route traffic to this region.
- B. Monitor results of Stackdriver Trace to determine the required amount of resources.
- C. Validate that the resource requirements are within the available quota limits of each region.
- D. Use the n1-highcpu-96 machine type in the configuration of the MIG.
Answer: D
NEW QUESTION # 74
You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?
- A. Configure Access Context Manager to allow only these members to export logs.
- B. Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
- C. Grant the team members the IAM role of logging.configWriter on Cloud IAM.
- D. Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.
Answer: C
Explanation:
Explanation/Reference: https://cloud.google.com/logging/docs/access-control
NEW QUESTION # 75
You support an application that stores product information in cached memory. For every cache miss, an entry is logged in Stackdriver Logging. You want to visualize how often a cache miss happens over time. What should you do?
- A. Link Stackdriver Logging as a source in Google Data Studio. Filler (he logs on the cache misses.
- B. Create a logs-based metric in Stackdriver Logging and a dashboard for that metric in Stackdriver Monitoring.
- C. Configure Stackdriver Profiler to identify and visualize when the cache misses occur based on the logs.
- D. Configure BigOuery as a sink for Stackdriver Logging. Create a scheduled query to filter the cache miss logs and write them to a separate table
Answer: B
NEW QUESTION # 76
You are developing a strategy for monitoring your Google Cloud Platform (GCP) projects in production using Stackdriver Workspaces. One of the requirements is to be able to quickly identify and react to production environment issues without false alerts from development and staging projects. You want to ensure that you adhere to the principle of least privilege when providing relevant team members with access to Stackdriver Workspaces. What should you do?
- A. Grant relevant team members read access to all GCP production projects. Create Stackdriver workspaces inside each project.
- B. Create a new GCP monitoring project, and create a Stackdriver Workspace inside it. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.
- C. Choose an existing GCP production project to host the monitoring workspace. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.
- D. Grant relevant team members the Project Viewer IAM role on all GCP production projects. Create Slackdriver workspaces inside each project.
Answer: C
NEW QUESTION # 77
You manage an application that is writing logs to Stackdriver Logging. You need to give some team members the ability to export logs. What should you do?
- A. Configure Access Context Manager to allow only these members to export logs.
- B. Create and grant a custom IAM role with the permissions logging.sinks.list and logging.sink.get.
- C. Grant the team members the IAM role of logging.configWriter on Cloud IAM.
- D. Create an Organizational Policy in Cloud IAM to allow only these members to create log exports.
Answer: C
Explanation:
Explanation
https://cloud.google.com/logging/docs/access-control
The logging.configWriter role grants permissions to create, update, and delete log exports. This is the correct role to give team members who need to export logs2.
NEW QUESTION # 78
You support an application running on GCP and want to configure SMS notifications to your team for the most critical alerts in Stackdriver Monitoring. You have already identified the alerting policies you want to configure this for. What should you do?
- A. Configure a Slack notification for each alerting policy. Set up a Slack-to-SMS integration to send SMS messages when Slack messages are received. Ensure that your team members add their SMS/phone numbers to the external integration.
- B. Ensure that your team members set their SMS/phone numbers in their Stackdriver Profile. Select the SMS notification option for each alerting policy and then select the appropriate SMS/phone numbers from the list.
- C. Download and configure a third-party integration between Stackdriver Monitoring and an SMS gateway.
Ensure that your team members add their SMS/phone numbers to the external tool. - D. Select the Webhook notifications option for each alerting policy, and configure it to use a third-party integration tool. Ensure that your team members add their SMS/phone numbers to the external tool.
Answer: A
NEW QUESTION # 79
Your application images are built using Cloud Build and pushed to Google Container Registry (GCR). You want to be able to specify a particular version of your application for deployment based on the release version tagged in source control. What should you do when you push the image?
- A. Use Cloud Build to include the release version tag in the application image.
- B. Reference the image digest in the source control tag.
- C. Use GCR digest versioning to match the image to the tag in source control.
- D. Supply the source control tag as a parameter within the image name.
Answer: D
Explanation:
https://cloud.google.com/container-registry/docs/pushing-and-pulling
NEW QUESTION # 80
Your development team has created a new version of their service's API. You need to deploy the new versions of the API with the least disruption to third-party developers and end users of third-party installed applications. What should you do?
- A. Announce deprecation of the old version of the API.
Contact remaining users on the old API.
Introduce the new version of the API.
Deprecate the old version of the API.
Provide best effort support to users of the old API.
Turn down the old version of the API. - B. Announce deprecation of the old version of the API.
Introduce the new version of the API.
Contact remaining users on the old API.
Deprecate the old version of the API.
Turn down the old version of the API.
Provide best effort support to users of the old API. - C. Introduce the new version of the API.
Contact remaining users of the old API.
Announce deprecation of the old version of the API.
Deprecate the old version of the API.
Turn down the old version of the API.
Provide best effort support to users of the old API. - D. Introduce the new version of the API.
Announce deprecation of the old version of the API.
Deprecate the old version of the API.
Contact remaining users of the old API.
Provide best effort support to users of the old API.
Turn down the old version of the API.
Answer: D
NEW QUESTION # 81
You are responsible for the reliability of a high-volume enterprise application. A large number of users report that an important subset of the application's functionality - a data intensive reporting feature - is consistently failing with an HTTP 500 error. When you investigate your application's dashboards, you notice a strong correlation between the failures and a metric that represents the size of an internal queue used for generating reports. You trace the failures to a reporting backend that is experiencing high I/O wait times. You quickly fix the issue by resizing the backend's persistent disk (PD). How you need to create an availability Service Level Indicator (SLI) for the report generation feature. How would you define it?
- A. As the I/O wait times aggregated across all report generation backends
- B. As the proportion of report generation requests that result in a successful response
- C. As the application's report generation queue size compared to a known-good threshold
- D. As the reporting backend PD throughout capacity compared to a known-good threshold
Answer: C
NEW QUESTION # 82
Your team has recently deployed an NGINX-based application into Google Kubernetes Engine (GKE) and has exposed it to the public via an HTTP Google Cloud Load Balancer (GCLB) ingress. You want to scale the deployment of the application's frontend using an appropriate Service Level Indicator (SLI). What should you do?
- A. Install the Stackdriver custom metrics adapter and configure a horizontal pod autoscaler to use the number of requests provided by the GCLB.
- B. Configure the vertical pod autoscaler in GKE and enable the cluster autoscaler to scale the cluster as pods expand.
- C. Configure the horizontal pod autoscaler to use the average response time from the Liveness and Readiness probes.
- D. Expose the NGINX stats endpoint and configure the horizontal pod autoscaler to use the request metrics exposed by the NGINX deployment.
Answer: A
Explanation:
Explanation
https://cloud.google.com/kubernetes-engine/docs/tutorials/autoscaling-metrics The Google Cloud HTTP Load Balancer (GCLB) provides metrics on the number of requests and the response latency for each backend service. These metrics can be used as custom metrics for the horizontal pod autoscaler (HPA) to scale the deployment based on the load. This is the correct solution to use an appropriate SLI for scaling.
NEW QUESTION # 83
You need to define SLOs for a high-traffic web application. Customers are currently happy with the application performance and availability. Based on current measurement, the 90th percentile Of latency is 160 ms and the 95th percentile of latency is 300 ms over a 28-day window. What latency SLO should you publish?
- A. 90th percentile - 150 ms
95th percentile - 290 ms - B. 90th percentile - 160 ms
95th percentile - 300 ms - C. 90th percentile - 300 ms
95th percentile - 450 ms - D. 90th percentile - 190 ms
95th percentile - 330 ms
Answer: B
Explanation:
Explanation
a latency SLO is a service level objective that specifies a target level of responsiveness for a web application1. A latency SLO can be expressed as a percentile of latency over a time window, such as the 90th percentile of latency over 28 days2. A percentile of latency is the maximum amount of time that a given percentage of requests take to complete. For example, the 90th percentile of latency is the maximum amount of time that 90% of requests take to complete3.
To define a latency SLO, you need to consider the following factors24:
The expectations and satisfaction of your customers. You want to set a latency SLO that reflects the level of performance that your customers are happy with and willing to pay for.
The current and historical measurements of your latency. You want to set a latency SLO that is based on data and realistic for your web application.
The trade-offs and costs of improving your latency. You want to set a latency SLO that balances the benefits of faster response times with the costs of engineering work, infrastructure, and complexity.
Based on these factors, the best option for defining a latency SLO for your web application is option B. Option B sets the latency SLO to match the current measurement of your latency, which means that you are meeting the expectations and satisfaction of your customers. Option B also sets a realistic and achievable target for your web application, which means that you do not need to invest extra resources or effort to improve your latency. Option B also aligns with the best practice of setting conservative SLOs, which means that you have some buffer or margin for error in case your latency fluctuates or degrades5.
NEW QUESTION # 84
You are developing a strategy for monitoring your Google Cloud Platform (GCP) projects in production using Stackdriver Workspaces. One of the requirements is to be able to quickly identify and react to production environment issues without false alerts from development and staging projects. You want to ensure that you adhere to the principle of least privilege when providing relevant team members with access to Stackdriver Workspaces. What should you do?
- A. Grant relevant team members read access to all GCP production projects. Create Stackdriver workspaces inside each project.
- B. Create a new GCP monitoring project, and create a Stackdriver Workspace inside it. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.
- C. Choose an existing GCP production project to host the monitoring workspace. Attach the production projects to this workspace. Grant relevant team members read access to the Stackdriver Workspace.
- D. Grant relevant team members the Project Viewer IAM role on all GCP production projects. Create Slackdriver workspaces inside each project.
Answer: B
Explanation:
Explanation
"A Project can host many Projects and appear in many Projects, but it can only be used as the scoping project once. We recommend that you create a new Project for the purpose of having multiple Projects in the same scope."
NEW QUESTION # 85
You are the on-call Site Reliability Engineer for a microservice that is deployed to a Google Kubernetes Engine (GKE) Autopilot cluster. Your company runs an online store that publishes order messages to Pub/Sub and a microservice receives these messages and updates stock information in the warehousing system. A sales event caused an increase in orders, and the stock information is not being updated quickly enough. This is causing a large number of orders to be accepted for products that are out of stock You check the metrics for the microservice and compare them to typical levels.
You need to ensure that the warehouse system accurately reflects product inventory at the time orders are placed and minimize the impact on customers What should you do?
- A. Add a virtual queue to the online store that allows typical traffic levels
- B. Decrease the acknowledgment deadline on the subscription
- C. Increase the Pod CPU and memory limits
- D. Increase the number of Pod replicas
Answer: D
Explanation:
The best option for ensuring that the warehouse system accurately reflects product inventory at the time orders are placed and minimizing the impact on customers is to increase the number of Pod replicas. Increasing the number of Pod replicas will increase the scalability and availability of your microservice, which will allow it to handle more Pub/Sub messages and update stock information faster. This way, you can reduce the backlog of undelivered messages and oldest unacknowledged message age, which are causing delays in updating product inventory. You can use Horizontal Pod Autoscaler or Cloud Monitoring metrics-based autoscaling to automatically adjust the number of Pod replicas based on load or custom metrics.
NEW QUESTION # 86
You support a high-traffic web application that runs on Google Cloud Platform (GCP). You need to measure application reliability from a user perspective without making any engineering changes to it. What should you do?
Choose 2 answers
- A. Create new synthetic clients to simulate a user journey using the application.
- B. Modify the code to capture additional information for user interaction.
- C. Use current and historic Request Logs to trace customer interaction with the application.
- D. Review current application metrics and add new ones as needed.
- E. Analyze the web proxy logs only and capture response time of each request.
Answer: B,E
NEW QUESTION # 87
You are building an application that runs on Cloud Run The application needs to access a third-party API by using an API key You need to determine a secure way to store and use the API key in your application by following Google-recommended practices What should you do?
- A. Save the API key in Secret Manager as a secret key Mount the secret key under the /sys/api_key directory and decrypt the key in the Cloud Run application
- B. Save the API key in Cloud Key Management Service (Cloud KMS) as a key Reference the key as an environment variable in the Cloud Run application
- C. Encrypt the API key by using Cloud Key Management Service (Cloud KMS) and pass the key to Cloud Run as an environment variable Decrypt and use the key in Cloud Run
- D. Save the API key in Secret Manager as a secret Reference the secret as an environment variable in the Cloud Run application
Answer: D
Explanation:
The best option for storing and using the API key in your application by following Google-recommended practices is to save the API key in Secret Manager as a secret and reference the secret as an environment variable in the Cloud Run application. Secret Manager is a service that allows you to store and manage sensitive data, such as API keys, passwords, and certificates, in Google Cloud. A secret is a resource that represents a logical secret, such as an API key. You can save the API key in Secret Manager as a secret and use IAM policies to control who can access it. You can also reference the secret as an environment variable in the Cloud Run application by using the ${SECRET_NAME} syntax. This way, you can securely store and use the API key in your application without exposing it in your code or configuration files.
NEW QUESTION # 88
You deploy a new release of an internal application during a weekend maintenance window when there is minimal user traffic. After the window ends, you learn that one of the new features isn't working as expected in the production environment. After an extended outage, you roll back the new release and deploy a fix. You want to modify your release process to reduce the mean time to recovery so you can avoid extended outages in the future. What should you do?
Choose 2 answers
- A. Require developers to run automated integration tests on their local development environments before release.
- B. Before merging new code, require 2 different peers to review the code changes.
- C. Configure a CI server. Add a suite of unit tests to your code and have your CI server run them on commit and verify any changes.
- D. Integrate a code linting tool to validate coding standards before any code is accepted into the repository.
- E. Adopt the blue/green deployment strategy when releasing new code via a CD server.
Answer: C,E
NEW QUESTION # 89
You support a user-facing web application. When analyzing the application's error budget over the previous six months, you notice that the application has never consumed more than 5% of its error budget in any given time window. You hold a Service Level Objective (SLO) review with business stakeholders and confirm that the SLO is set appropriately. You want your application's SLO to more closely reflect its observed reliability. What steps can you take to further that goal while balancing velocity, reliability, and business needs? (Choose two.)
- A. Tighten the SLO match the application's observed reliability.
- B. Add more serving capacity to all of your application's zones.
- C. Implement and measure additional Service Level Indicators (SLIs) fro the application.
- D. Announce planned downtime to consume more error budget, and ensure that users are not depending on a tighter SLO.
- E. Have more frequent or potentially risky application releases.
Answer: B,C
NEW QUESTION # 90
You are deploying a Cloud Build job that deploys Terraform code when a Git branch is updated. While testing, you noticed that the job fails. You see the following error in the build logs:
Initializing the backend. ..
Error: Failed to get existing workspaces : querying Cloud Storage failed: googleapi : Error
403
You need to resolve the issue by following Google-recommended practices. What should you do?
- A. Grant the roles/ storage. objectAdmin Identity and Access Management (IAM) role to the Cloud Build service account on the state file bucket.
- B. Create a storage bucket with the name specified in the Terraform configuration.
- C. Grant the roles/ owner Identity and Access Management (IAM) role to the Cloud Build service account on the project.
- D. Change the Terraform code to use local state.
Answer: A
Explanation:
Explanation
The correct answer is D. Grant the roles/storage.objectAdmin Identity and Access Management (IAM) role to the Cloud Build service account on the state file bucket.
According to the Google Cloud documentation, Cloud Build is a service that executes your builds on Google Cloud Platform infrastructure1. Cloud Build uses a service account to execute your build steps and access resources, such as Cloud Storage buckets2. Terraform is an open-source tool that allows you to define and provision infrastructure as code3. Terraform uses a state file to store and track the state of your infrastructure4.
You can configure Terraform to use a Cloud Storage bucket as a backend to store and share the state file across multiple users or environments5.
The error message indicates that Cloud Build failed to access the Cloud Storage bucket that contains the Terraform state file. This is likely because the Cloud Build service account does not have the necessary permissions to read and write objects in the bucket. To resolve this issue, you need to grant the roles/storage.objectAdmin IAM role to the Cloud Build service account on the state file bucket. This role allows the service account to create, delete, and manage objects in the bucket6. You can use the gcloud command-line tool or the Google Cloud Console to grant this role.
The other options are incorrect because they do not follow Google-recommended practices. Option A is incorrect because it changes the Terraform code to use local state, which is not recommended for production or collaborative environments, as it can cause conflicts, data loss, or inconsistency. Option B is incorrect because it creates a new storage bucket with the name specified in the Terraform configuration, but it does not grant any permissions to the Cloud Build service account on the new bucket. Option C is incorrect because it grants the roles/owner IAM role to the Cloud Build service account on the project, which is too broad and violates the principle of least privilege. The roles/owner role grants full access to all resources in the project, which can pose a security risk if misused or compromised.
NEW QUESTION # 91
......
Get Professional-Cloud-DevOps-Engineer Actual Free Exam Q&As to Prepare Certification: https://www.dumpsvalid.com/Professional-Cloud-DevOps-Engineer-still-valid-exam.html
Professional-Cloud-DevOps-Engineer 100% Guarantee Download Professional-Cloud-DevOps-Engineer Exam PDF Q&A: https://drive.google.com/open?id=1m4q8ZuSZ8w5IT39M4-WrzvKlYgVDvb41