CCNA Pca Implementation Reliability Questions

21 of 96 questions · Page 2/2 · Pca Implementation Reliability topic · Answers revealed

76
MCQmedium

An organization needs to run a stateful application on Google Kubernetes Engine (GKE) where the nodes are fully managed by Google and the application workload SLAs are guaranteed. They want to minimize operational overhead. Which GKE mode should they use?

A.GKE Standard with Cluster Autoscaler
B.GKE Standard with node auto-provisioning
C.GKE Standard with sole-tenant nodes
D.GKE Autopilot
AnswerD

Autopilot provides a fully managed cluster with workload SLAs and no node management overhead.

Why this answer

GKE Autopilot manages the entire node infrastructure including node provisioning, scaling, and maintenance. It provides workload-level SLAs (e.g., 99.95% for pods). Standard mode requires the user to manage node pools.

77
MCQmedium

A team is migrating a monolithic application to microservices on GKE. They want to gradually shift users to the new microservices version while keeping the old monolithic version running. They need to route a small percentage of users based on a cookie. Which traffic management approach should they use?

A.Use Istio VirtualService with match rules based on cookie and weighted destinations
B.Use Kubernetes Services with multiple Deployments and manual scaling
C.Configure an HTTP(S) load balancer with URL maps and backend services
D.Deploy two separate GKE clusters and use DNS-based traffic splitting
AnswerA

Istio supports cookie-based matching and weighted routing, enabling canary deployments.

Why this answer

Istio traffic management allows fine-grained routing based on HTTP headers, cookies, or other attributes. It supports traffic splitting and canary deployments with precise percentage control.

78
MCQmedium

A company uses Cloud Storage to store backup files. They need to retain backups for 7 years and must be able to recover deleted or overwritten files within that period. Which Cloud Storage feature should they enable?

A.Object retention policy
B.Lifecycle management
C.Object versioning
D.Uniform bucket-level access
AnswerC

Versioning keeps all versions, allowing recovery of deleted or overwritten objects.

Why this answer

Object versioning keeps multiple versions of an object, allowing recovery from deletion or overwrite. Object retention policies prevent deletion but do not allow recovery of overwritten versions. Lifecycle management is for automation.

Uniform bucket-level access is for permissions.

79
MCQhard

Your organization uses Cloud Logging to collect logs from all GCP projects. The security team wants to be alerted when a specific IAM policy change (e.g., granting roles/compute.admin to a user) occurs in any project. They need near real-time notification via email and a ticketing system. What should you do?

A.Create a log-based alert in Cloud Logging with a filter for SetIamPolicy and configure a Pub/Sub notification channel. Use a Cloud Function subscribed to that topic to create a ticket in the ticketing system.
B.Use Cloud Asset Inventory to monitor IAM policy changes and set up a notification to Pub/Sub.
C.Export all logs to BigQuery and run a scheduled query every hour to detect changes. If found, send an email using Cloud Scheduler.
D.Create a Cloud Monitoring alert policy based on a metric from the Cloud Audit Logs, with email and SMS notifications.
AnswerA

Log-based alerts can directly send to Pub/Sub; the Cloud Function can create a ticket. Email can also be added as another channel.

Why this answer

Log-based alerts in Cloud Logging can monitor logs for a specific filter (e.g., protoPayload.methodName=SetIamPolicy) and send notifications to multiple channels (email, Pub/Sub). Pub/Sub can then trigger a Cloud Function to create a ticket. Alerting policies can also use log-based metrics.

Cloud Audit Logs logs IAM changes. The correct approach is to create a log-based alert with a Pub/Sub notification channel.

80
MCQmedium

Your company uses Cloud VPN (HA VPN) to connect to Google Cloud. You need to achieve a 99.99% SLA for the VPN connection. What configuration is required?

A.One VPN gateway with four tunnels to different on-premises devices
B.Two VPN gateways, each with two tunnels, totaling four tunnels
C.Two VPN gateways, each with one tunnel, using two different edge availability domains
D.One VPN gateway with two tunnels to the same on-premises device
AnswerB

This is the required configuration for 99.99% SLA.

Why this answer

HA VPN provides a 99.99% SLA when configured with two VPN gateways (each with two tunnels) for a total of four tunnels, and the tunnels are configured to use two different edge availability domains in Google Cloud and two different interfaces on the on-premises VPN device.

81
MCQmedium

A company is planning a migration from on-premises to Google Cloud. They want to ensure minimal downtime and the ability to roll back quickly if issues arise. Which deployment strategy should they use?

A.Blue/green deployment
B.Big bang migration
C.Phased migration
D.Canary deployment
AnswerC

Phased migration gradually moves parts of the workload, allowing rollback if needed, minimizing downtime.

Why this answer

Phased migration involves moving workloads in stages, allowing testing and rollback at each phase. This minimizes risk and downtime. Blue/green and canary are more suited for application updates, not infrastructure migration.

A big bang migration is high risk.

82
MCQmedium

An organization wants to receive alerts when their Cloud SQL instance's CPU utilization exceeds 80% for 5 minutes. They want to send the alert to both email and a Pub/Sub topic for further processing. What should they do?

A.Configure a Cloud Scheduler job to check CPU utilization and publish to Pub/Sub
B.Create a log-based alert for CPU utilization using Logging and route to email and Pub/Sub
C.Create a Cloud Monitoring alerting policy with a metric threshold condition on CPU utilization and add both email and Pub/Sub notification channels
D.Use Cloud Functions to poll the Cloud Monitoring API every minute and send notifications
AnswerC

This is the correct approach. Metric threshold conditions trigger on CPU utilization, and multiple notification channels can be added.

Why this answer

In Cloud Monitoring, an alerting policy can have multiple notification channels (email, Pub/Sub, PagerDuty, SMS). The CPU utilization metric is available via the 'cloudsql.googleapis.com' metric type.

83
MCQhard

A company runs a microservices application on GKE Autopilot. They want to implement canary deployments where a new version of a service receives 10% of traffic. Which approach should they use?

A.Use Istio VirtualService to split traffic between two subsets of the same Service
B.Use a Kubernetes Service with label selectors pointing to two Deployments (stable and canary) and scale the number of replicas to achieve 10% traffic
C.Deploy the canary version using a separate Service with a different DNS name and configure the application to split traffic
D.Use Cloud Deploy with a rollout strategy that sets traffic percentage to 10% for the canary
AnswerB

This is a standard Kubernetes canary pattern: a Service routes traffic to pods matching labels from both Deployments. By scaling replicas, you can approximate traffic percentage.

Why this answer

GKE Autopilot supports canary deployments using Kubernetes native features like multiple Deployments with a Service selector using a common label, and adjusting replica counts to control traffic. Istio or Traffic Director are not required. Cloud Deploy can be used but the simplest approach is to use a single Kubernetes Service with label selectors pointing to both Deployments and scaling replicas.

84
MCQmedium

A company has a Cloud SQL for MySQL instance with automated backups enabled. They need to recover the database to a specific point in time within the last hour. Which feature should they use?

A.Failover replica
B.Point-in-time recovery (PITR)
C.Automated backup restore
D.Import using the mysqldump file
AnswerB

PITR allows restoring to any point within the retention period.

Why this answer

Point-in-time recovery (PITR) restores a Cloud SQL instance to a specific time, using binary logs. Automated backups alone restore to the backup time, not arbitrary points. Failover replica is for high availability.

Import is for loading data from a file.

85
MCQhard

An organization wants to implement a canary deployment in GKE, directing 5% of traffic to a new version and 95% to the stable version. They want to use Google Cloud's managed service mesh for traffic splitting. Which approach should they use?

Answer options not yet available.

Why this answer

Anthos Service Mesh (based on Istio) can be used for fine-grained traffic splitting using VirtualService and DestinationRule resources. Cloud Deploy also supports canary deployments but is primarily for continuous delivery, not traffic splitting at the mesh level. For managed service mesh, Anthos Service Mesh is the correct choice.

86
MCQmedium

An organization uses Cloud Storage to store critical documents. They want to protect against accidental deletion or overwriting of objects. Which feature should they enable?

A.Uniform bucket-level access
B.Object lifecycle management rules
C.Object versioning and retention policies
D.Customer-managed encryption keys (CMEK)
AnswerC

Versioning retains previous versions; retention policies prevent deletion. Together they protect against accidents.

Why this answer

Object versioning and retention policies together protect against accidental deletion and overwrites. Versioning keeps multiple versions of objects, and retention policies prevent deletion until a specified time. Uniform bucket-level access is for access control, not protection.

Object lifecycle management automates transitions/deletion, not protection. Encryption protects data at rest.

87
MCQmedium

Your company has a production Cloud SQL for PostgreSQL instance in us-central1 with automated backups enabled. You need to ensure that if the zone fails, the database automatically fails over to a standby in a different zone with minimal downtime. What should you do?

A.Enable deletion protection on the instance.
B.Create a cross-region read replica and manually promote it during a failure.
C.Configure the instance as a highly available (regional) instance.
D.Enable point-in-time recovery (PITR) and keep 30 days of transaction logs.
AnswerC

HA configuration creates a standby in a different zone and enables automatic failover.

Why this answer

Cloud SQL high availability (HA) configuration creates a standby instance in a different zone. The primary and standby use synchronous replication, and automatic failover occurs if the primary zone fails. Enabling deletion protection does not provide HA.

Read replicas are for read scaling, not automatic failover. Automated backups alone do not provide failover.

88
MCQmedium

A company uses Cloud Spanner in a multi-region configuration. They want to ensure the highest availability with an SLA of 99.999%. Which configuration supports this?

A.Single-region configuration
B.Multi-region configuration with three regions
C.Dual-region configuration with read replicas
D.Multi-region configuration with two regions
AnswerB

Spanner multi-region configurations with three regions (e.g., nam3) are designed for 99.999% availability.

Why this answer

Cloud Spanner multi-region configurations are designed for 99.999% availability. The default multi-region setups (e.g., nam3, eur3) include three regions with automatic failover. A single-region configuration offers 99.99%.

Multi-region with two regions does not provide the same SLA.

89
Multi-Selecthard

Your company wants to implement a canary deployment for a microservice running on GKE. You need to gradually shift traffic from the stable version to the canary version while monitoring error rates. Which THREE components or practices should you use? (Choose 3)

Select 3 answers
A.Cloud Deploy with an automated canary strategy and verification
B.Cloud Monitoring to track error rates and trigger rollback
C.Cloud CDN for caching responses
D.Feature flags in the application code
E.Istio for traffic splitting between versions
AnswersA, B, E

Cloud Deploy orchestrates canary deployments with rollback.

Why this answer

A canary deployment on GKE typically uses a service mesh like Istio for fine-grained traffic splitting, Cloud Monitoring for observability, and automated rollback via a progressive delivery tool or manual intervention. Cloud Deploy also supports canary strategies. Cloud CDN is for content delivery, not internal traffic splitting.

Feature flags are for feature toggles, not traffic shifting.

90
Multi-Selectmedium

Your company uses Cloud Storage to store critical documents. You need to prevent accidental deletion or modification of objects for a retention period of 5 years. Which TWO features should you use?

Select 2 answers
A.Object versioning
B.Object hold
C.Requester pays
D.Lifecycle rule to delete objects older than 5 years
E.Retention policy with Bucket Lock
AnswersA, E

Versioning keeps old versions, enabling recovery from accidental changes.

Why this answer

Object versioning preserves previous versions of objects, allowing recovery from accidental deletion or overwrite. Retention policies (bucket-level) enforce a minimum retention period for all objects. Bucket Lock makes the retention policy immutable.

Object holds are per-object and can be removed. Lifecycle policies manage object transitions/deletion, not retention enforcement.

91
MCQhard

A financial services company uses Cloud Storage to store sensitive transaction records. They need to ensure that objects cannot be deleted or overwritten for a retention period of 7 years, even by the bucket owner. Which feature should they enable?

Answer options not yet available.

Why this answer

Bucket Lock with retention policy enforces a minimum retention period for objects. Once locked, the retention policy cannot be removed, preventing deletion or overwrite. Object versioning helps but can be overwritten.

Hold policies are temporary. IAM policies can be overridden by owner.

92
MCQmedium

Your organization stores critical financial data in Cloud Storage. You need to ensure that if an object is deleted or overwritten, you can recover it within 30 days. What feature should you enable?

A.Set a retention policy with a 30-day retention period
B.Configure lifecycle management to delete objects after 30 days
C.Enable object versioning on the bucket
D.Enable Bucket Lock with a retention policy
AnswerC

Versioning retains non-current versions, enabling recovery.

Why this answer

Cloud Storage offers object versioning and retention policies to protect data. Versioning keeps non-current versions of objects, allowing recovery from accidental deletion or overwrites. Object retention policies (e.g., retention policy or hold) prevent deletion or modification for a specified period, but versioning is the primary mechanism to recover from deletion.

93
MCQhard

An engineering team wants to perform load testing on their new microservices-based application deployed on GKE. They need a tool that can simulate thousands of concurrent users, generate detailed performance metrics, and integrate with Cloud Monitoring. Which tool should they use?

A.Locust
B.Cloud Load Testing
C.Apache JMeter
D.gcloud alpha loadtest
AnswerB

Cloud Load Testing is a managed service that generates load from multiple regions and provides metrics in Cloud Monitoring.

Why this answer

Cloud Load Testing (formerly known as Cloud Load Testing) is a Google Cloud service that allows you to create load tests with simulated users and integrates with Cloud Monitoring for detailed metrics. Locust is an open-source alternative but lacks native integration with Cloud Monitoring.

94
Multi-Selectmedium

A team needs to set up alerting for a production service. They want to receive notifications when the 99th percentile latency exceeds 500ms for 5 minutes. Which two Cloud Monitoring components are required? (Choose two.)

Answer options not yet available.

Why this answer

To alert on latency, you need a metric (e.g., from Cloud Monitoring) and an alerting policy that defines the condition and notification channel. A dashboard is not required. SLO is not required, but can be used.

Log-based metrics are for logs, not latency.

95
MCQeasy

You are configuring a Cloud Monitoring alerting policy to notify your SRE team when the error rate of a service exceeds 5% over a 5-minute window. Which type of metric evaluation should you use?

A.Window-based
B.Log-based
C.Request-based
D.Health check-based
AnswerA

Window-based metrics evaluate conditions over a sliding time window.

Why this answer

A window-based metric evaluation (e.g., rate, ratio, or count over a sliding window) is appropriate for error rate over a 5-minute window. Request-based is for latency SLOs.

96
MCQmedium

Your company uses HA VPN to connect on-premises to Google Cloud. You need to ensure the VPN connection meets a 99.99% SLA. Which configuration is required?

A.A single Cloud VPN gateway with two tunnels to the same on-premises peer gateway.
B.Two Cloud VPN gateways in the same region, each with one tunnel.
C.One Cloud VPN gateway with four tunnels to the same on-premises peer gateway.
D.Two Cloud VPN gateways in different regions, each with two tunnels to the same on-premises peer gateway.
AnswerD

This configuration provides redundancy and meets the 99.99% SLA.

Why this answer

HA VPN provides 99.99% SLA when configured with two Cloud VPN gateways (one per region) and two tunnels per gateway (four tunnels total) from each gateway to the on-premises peer gateway. Each gateway uses a different external IP. A single VPN gateway with two tunnels does not meet the SLA requirement because the gateway itself is a single point of failure.

← PreviousPage 2 of 2 · 96 questions total

Ready to test yourself?

Try a timed practice session using only Pca Implementation Reliability questions.