[Q111-Q136] Free Sales Ending Soon - Use Real Professional-Cloud-Developer PDF Questions [Jul 28, 2025]

Share

Free Sales Ending Soon - Use Real Professional-Cloud-Developer PDF Questions [Jul 28, 2025]

Updated Jul-2025 Exam Professional-Cloud-Developer Dumps - Pass Your Certification Exam


Google Professional-Cloud-Developer certification is an industry-recognized credential that demonstrates one’s expertise in cloud-native application development on the Google Cloud Platform. Google Certified Professional - Cloud Developer certification is particularly valuable for developers who work with Google Cloud technologies and are responsible for creating cloud-native applications that can scale and adapt to changing business requirements.

 

NEW QUESTION # 111
You are running a web application on Google Kubernetes Engine that you inherited. You want to determine whether the application is using libraries with known vulnerabilities or is vulnerable to XSS attacks. Which service should you use?

  • A. Google Cloud Armor
  • B. Error Reporting
  • C. Web Security Scanner
  • D. Debugger

Answer: C

Explanation:
https://cloud.google.com/security-command-center/docs/concepts-web-security-scanner-overview Web Security Scanner identifies security vulnerabilities in your App Engine, Google Kubernetes Engine (GKE), and Compute Engine web applications. It crawls your application, following all links within the scope of your starting URLs, and attempts to exercise as many user inputs and event handlers as possible.


NEW QUESTION # 112
HipLocal has connected their Hadoop infrastructure to GCP using Cloud Interconnect in order to query data stored on persistent disks.
Which IP strategy should they use?

  • A. Create an auto mode subnet.
  • B. Create multiple peered VPCs.
  • C. Create manual subnets.
  • D. Provision a single instance for NAT.

Answer: C

Explanation:
Topic 2, Mix Questions
Mix Questions
Professional-Cloud-Developer Mix Questions IN THIS CASE STUDY


NEW QUESTION # 113
You are running a containerized application on Google Kubernetes Engine. Your container images are stored in Container Registry. Your team uses CI/CD practices. You need to prevent the deployment of containers with known critical vulnerabilities. What should you do?

  • A. * Enable the Container Scanning API to perform vulnerability scanning
    * Programmatically review vulnerability reporting through the Container Scanning API, and provide an attestation that the container is free of known critical vulnerabilities
    * Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
  • B. * Use Web Security Scanner to automatically crawl your application
    * Review your application logs for scan results, and provide an attestation that the container is free of known critical vulnerabilities
    * Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
  • C. * Enable the Container Scanning API to perform vulnerability scanning
    * Review vulnerability reporting in Container Registry in the Cloud Console, and provide an attestation that the container is free of known critical vulnerabilities
    * Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed
  • D. * Use Web Security Scanner to automatically crawl your application
    * Review the scan results in the scan details page in the Cloud Console, and provide an attestation that the container is free of known critical vulnerabilities
    * Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed

Answer: A

Explanation:
Explanation
https://cloud.google.com/binary-authorization/docs/creating-attestations-kritis
https://cloud.google.com/container-analysis/docs/os-overview


NEW QUESTION # 114
You are planning to migrate a MySQL database to the managed Cloud SQL database for Google Cloud. You have Compute Engine virtual machine instances that will connect with this Cloud SQL instance. You do not want to whitelist IPs for the Compute Engine instances to be able to access Cloud SQL.
What should you do?

  • A. Create a CloudSQL instance on one project. Create Compute engine instances in a different project.Create a VPN between these two projects to allow internal access to CloudSQL.
  • B. Whitelist a project to access Cloud SQL, and add Compute Engine instances in the whitelisted project.
  • C. Create a role in Cloud SQL that allows access to the database from external instances, and assign the Compute Engine instances to that role.
  • D. Enable private IP for the Cloud SQL instance.

Answer: C


NEW QUESTION # 115
You need to deploy resources from your laptop to Google Cloud using Terraform. Resources in your Google Cloud environment must be created using a service account. Your Cloud Identity has the roles/iam.serviceAccountTokenCreator Identity and Access Management (IAM) role and the necessary permissions to deploy the resources using Terraform. You want to set up your development environment to deploy the desired resources following Google-recommended best practices. What should you do?

  • A. 1) Store the service account's key file in JSON format in Hashicorp Vault.
    2) Integrate Terraform with Vault to retrieve the key file dynamically, and authenticate to Vault using a short-lived access token.
  • B. 1) Download the service account's key file in JSON format, and store it locally on your laptop.
    2) Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of your downloaded key file.
  • C. 1) Run the following command from a command line: gcloud auth application-default login.
    2) In the browser window that opens, authenticate using your personal credentials.
  • D. 1) Run the following command from a command line: gcloud config set
    auth/impersonate_service_account [email protected].
    2) Set the GOOGLE_OAUTH_ACCESS_TOKEN environment variable to the value that is returned by the gcloud auth print-access-token command.

Answer: A

Explanation:
Explanation
https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys#file-system Whenever possible, avoid storing service account keys on a file system. If you can't avoid storing keys on disk, make sure to restrict access to the key file, configure file access auditing, and encrypt the underlying disk.
https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys#software-keystore In situations where using a hardware-based key store isn't viable, use a software-based key store to manage service account keys. Similar to hardware-based options, a software-based key store lets users or applications use service account keys without revealing the private key. Software-based key store solutions can help you control key access in a fine-grained manner and can also ensure that each key access is logged.


NEW QUESTION # 116
Your service adds text to images that it reads from Cloud Storage. During busy times of the year, requests to Cloud Storage fail with an HTTP 429 "Too Many Requests" status code.
How should you handle this error?

  • A. Change the storage class of the Cloud Storage bucket to Multi-regional.
  • B. Retry the request with a truncated exponential backoff strategy.
  • C. Add a cache-control header to the objects.
  • D. Request a quota increase from the GCP Console.

Answer: B

Explanation:
Reference: https://developers.google.com/gmail/api/v1/reference/quota


NEW QUESTION # 117
Before promoting your new application code to production, you want to conduct testing across a variety of different users. Although this plan is risky, you want to test the new version of the application with production users and you want to control which users are forwarded to the new version of the application based on their operating system. If bugs are discovered in the new version, you want to roll back the newly deployed version of the application as quickly as possible.
What should you do?

  • A. Deploy your application on App Engine. Use traffic splitting to direct a subset of user traffic to the new version based on the IP address.
  • B. Deploy your application on Google Kubernetes Engine with Anthos Service Mesh. Use traffic splitting to direct a subset of user traffic to the new version based on the user-agent header.
  • C. Deploy your application on Compute Engine. Use Traffic Director to direct a subset of user traffic to the new version based on predefined weights.
  • D. Deploy your application on Cloud Run. Use traffic splitting to direct a subset of user traffic to the new version based on the revision tag.

Answer: B


NEW QUESTION # 118
Your team develops services that run on Google Cloud. You need to build a data processing service and will use Cloud Functions. The data to be processed by the function is sensitive. You need to ensure that invocations can only happen from authorized services and follow Google-recommended best practices for securing functions. What should you do?

  • A. Create a service account with the Cloud Functions Viewer role. Use that service account to invoke the function.
  • B. Create a service account with the Cloud Functions Invoker role. Use that service account to invoke the function.
  • C. Create an OAuth 2.0 client ID for your calling service in the same project as the function you want to secure. Use those credentials to invoke the function.
  • D. Enable Identity-Aware Proxy in your project. Secure function access using its permissions.

Answer: B


NEW QUESTION # 119
You need to containerize a web application that will be hosted on Google Cloud behind a global load balancer with SSL certificates. You don't have the time to develop authentication at the application level, and you want to offload SSL encryption and management from your application. You want to configure the architecture using managed services where possible What should you do?

  • A. Host the application on Google Kubernetes Engine, and deploy cert-manager to manage SSL certificates.
  • B. Host the application on Google Kubernetes Engine and use Identity-Aware Proxy (IAP) with Cloud Load Balancing and Google-managed certificates.
  • C. Host the application on Google Kubernetes Engine, and deploy an NGINX Ingress Controller to handle authentication.
  • D. Host the application on Compute Engine, and configure Cloud Endpoints for your application.

Answer: B


NEW QUESTION # 120
Your company wants to expand their users outside the United States for their popular application. The company wants to ensure 99.999% availability of the database for their application and also wants to minimize the read latency for their users across the globe.
Which two actions should they take? (Choose two.)

  • A. Create a minimum of two Cloud Spanner instances in separate regions with at least one node.
  • B. Create a multi-regional Cloud Spanner instance with "nam-asia-eur1" configuration.
  • C. Create a Cloud Dataflow pipeline to replicate data across different databases.
  • D. Create a multi-regional Cloud Spanner instance with "nam3" configuration.
  • E. Create a cluster with at least 1 Spanner node.
  • F. Create a cluster with at least 3 Spanner nodes.

Answer: C,D


NEW QUESTION # 121
You are deploying a microservices application to Google Kubernetes Engine (GKE) that will broadcast livestreams. You expect unpredictable traffic patterns and large variations in the number of concurrent users.
Your application must meet the following requirements:
* Scales automatically during popular events and maintains high availability
* Is resilient in the event of hardware failures
How should you configure the deployment parameters? (Choose two.)

  • A. Create alerting policies in Cloud Monitoring based on GKE CPU and memory utilization. Ask an on-duty engineer to scale the workload by executing a script when CPU and memory usage exceed predefined thresholds.
  • B. Create a managed instance group for Compute Engine with the cluster nodes. Configure autoscaling rules for the managed instance group.
  • C. Distribute your workload evenly using multiple zonal node pools.
  • D. Use cluster autoscaler to resize the number of nodes in the node pool, and use a Horizontal Pod Autoscaler to scale the workload.
  • E. Distribute your workload evenly using a multi-zonal node pool.

Answer: D,E


NEW QUESTION # 122
For this question, refer to the HipLocal case study.
How should HipLocal redesign their architecture to ensure that the application scales to support a large increase in users?

  • A. Use multiple Compute Engine instances to run MySQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.
  • B. Use a Cloud Storage bucket to serve the application as a static website, and use another Cloud Storage bucket to store user state information.
  • C. Use Memorystore to store session information and CloudSQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.
  • D. Use Google Kubernetes Engine (GKE) to run the application as a microservice. Run the MySQL database on a dedicated GKE node.

Answer: B


NEW QUESTION # 123
Your data is stored in Cloud Storage buckets. Fellow developers have reported that data downloaded from Cloud Storage is resulting in slow API performance. You want to research the issue to provide details to the GCP support team. Which command should you run?

  • A. gcloud compute scp example-instance:~/test-data -o output.json gs://my-bucket
  • B. gsutil perfdiag -o output.json gs://my-bucket
  • C. gsutil test -o output.json gs://my-bucket
  • D. gcloud services test -o output.json gs://my-bucket

Answer: B

Explanation:
Reference: https://groups.google.com/forum/#!topic/gce-discussion/xBl9Jq5HDsY


NEW QUESTION # 124
Your company's development teams want to use Cloud Build in their projects to build and push Docker images to Container Registry. The operations team requires all Docker images to be published to a centralized, securely managed Docker registry that the operations team manages.
What should you do?

  • A. Create a separate project for the operations team that has Container Registry configured. Assign appropriate permissions to the Cloud Build service account in each developer team's project to allow access to the operation team's registry.
  • B. Create a separate project for the operations team that has Container Registry configured. Create a Service Account for each development team and assign the appropriate permissions to allow it access to the operations team's registry. Store the service account key file in the source code repository and use it to authenticate against the operations team's registry.
  • C. Use Container Registry to create a registry in each development team's project. Configure the Cloud Build build to push the Docker image to the project's registry. Grant the operations team access to each development team's registry.
  • D. Create a separate project for the operations team that has the open source Docker Registry deployed on a Compute Engine virtual machine instance. Create a username and password for each development team.Store the username and password in the source code repository and use it to authenticate against the operations team's Docker registry.

Answer: C


NEW QUESTION # 125
You are developing an application that will handle requests from end users. You need to secure a Cloud Function called by the application to allow authorized end users to authenticate to the function via the application while restricting access to unauthorized users. You will integrate Google Sign-In as part of the solution and want to follow Google-recommended best practices. What should you do?

  • A. Deploy from your local machine using gcloud and grant users the roles/cloudfunctions.admin role
  • B. Deploy from a source code repository and grant users the roles/cloudfunctions.invoker role
  • C. Deploy from your local machine using gcloud and grant users the roles/cloudfunctions.developer role
  • D. Deploy from a source code repository and grant users the roles/cloudfunctions.viewer role.

Answer: A


NEW QUESTION # 126
You need to configure a Deployment on Google Kubernetes Engine (GKE). You want to include a check that verifies that the containers can connect to the database. If the Pod is failing to connect, you want a script on the container to run to complete a graceful shutdown. How should you configure the Deployment?

  • A. Create two jobs: one that checks whether the container can connect to the database, and another that runs the shutdown script if the Pod is failing.
  • B. Create the Deployment with a livenessProbe for the container that will fail if the container can't connect to the database. Configure a Prestop lifecycle handler that runs the shutdown script if the container is failing.
  • C. Create the Deployment with a PostStart lifecycle handler that checks the service availability. Configure a PreStop lifecycle handler that runs the shutdown script if the container is failing.
  • D. Create the Deployment with an initContainer that checks the service availability. Configure a Prestop lifecycle handler that runs the shutdown script if the Pod is failing.

Answer: B

Explanation:
Explanation
https://cloud.google.com/architecture/best-practices-for-running-cost-effective-kubernetes-applications-on-gke#m


NEW QUESTION # 127
You are a developer at a large organization. You have an application written in Go running in a production Google Kubernetes Engine (GKE) cluster. You need to add a new feature that requires access to BigQuery.
You want to grant BigQuery access to your GKE cluster following Google-recommended best practices. What should you do?

  • A. Create a Google service account with BigQuery access. Add the Google service account JSON key to Secret Manager, and use an init container to access the secret for the application to use.
  • B. Create a Google service account with BigQuery access. Add the JSON key to Secret Manager, and use the Go client library to access the JSON key.
  • C. Create a Google service account and a Kubernetes service account. Configure Workload Identity on the GKE cluster, and reference the Kubernetes service account on the application Deployment.
  • D. Create a Google service account with BigQuery access. Add the Google service account JSON key as a Kubernetes secret, and configure the application to use this secret.

Answer: C

Explanation:
https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#what_is Applications running on GKE might need access to Google Cloud APIs such as Compute Engine API, BigQuery Storage API, or Machine Learning APIs.
Workload Identity allows a Kubernetes service account in your GKE cluster to act as an IAM service account.
Pods that use the configured Kubernetes service account automatically authenticate as the IAM service account when accessing Google Cloud APIs. Using Workload Identity allows you to assign distinct, fine-grained identities and authorization for each application in your cluster.


NEW QUESTION # 128
You are developing a web application that will be accessible over both HTTP and HTTPS and will run on Compute Engine instances. On occasion, you will need to SSH from your remote laptop into one of the Compute Engine instances to conduct maintenance on the app. How should you configure the instances while following Google-recommended best practices?

  • A. Set up a backend with Compute Engine web server instances with a private IP address behind an HTTP(S) load balancer. Set up a bastion host with a public IP address and open firewall ports. Connect to the web instances using the bastion host.
  • B. Configure Cloud Identity-Aware Proxy API for SSH access. Then configure the Compute Engine servers with private IP addresses behind an HTTP(s) load balancer for the application web traffic.
  • C. Set up a backend with Compute Engine web server instances with a private IP address behind a TCP proxy load balancer.
  • D. Configure the firewall rules to allow all ingress traffic to connect to the Compute Engine web servers, with each server having a unique external IP address.

Answer: B

Explanation:
Reference:
https://cloud.google.com/solutions/connecting-securely#storing_host_keys_by_enabling_guest_attributes


NEW QUESTION # 129
You are developing a microservice-based application that will run on Google Kubernetes Engine (GKE).
Some of the services need to access different Google Cloud APIs. How should you set up authentication of these services in the cluster following Google-recommended best practices? (Choose two.)

  • A. Enable Workload Identity in the cluster via the gcloud command-line tool.
  • B. Use the service account attached to the GKE node.
  • C. Store the Google service account keys in a central secret management service.
  • D. Use gcloud to bind the Kubernetes service account and the Google service account using roles/iam.workloadIdentity.
  • E. Access the Google service account keys from a secret management service.

Answer: A,D

Explanation:
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity


NEW QUESTION # 130
You want to view the memory usage of your application deployed on Compute Engine. What should you do?

  • A. Use the Stackdriver Metrics Explorer.
  • B. Install the Stackdriver Client Library.
  • C. Use the Google Cloud Platform Console.
  • D. Install the Stackdriver Monitoring Agent.

Answer: A

Explanation:
Reference:
https://stackoverflow.com/questions/43991246/google-cloud-platform-how-to-monitor-memory-usage-of-vm-ins


NEW QUESTION # 131
You work for an organization that manages an ecommerce site. Your application is deployed behind a global HTTP(S) load balancer. You need to test a new product recommendation algorithm. You plan to use A/B testing to determine the new algorithm's effect on sales in a randomized way. How should you test this feature?

  • A. Split traffic between versions using weights.
  • B. Mirror traffic to the new version of your application.
  • C. Enable the new recommendation feature flag on a single instance.
  • D. Use HTTP header-based routing.

Answer: A

Explanation:
Explanation
https://cloud.google.com/load-balancing/docs/https/traffic-management-global#traffic_actions_weight-based_tra Deploying a new version of an existing production service generally incurs some risk. Even if your tests pass in staging, you probably don't want to subject 100% of your users to the new version immediately. With traffic management, you can define percentage-based traffic splits across multiple backend services.
For example, you can send 95% of the traffic to the previous version of your service and 5% to the new version of your service. After you've validated that the new production version works as expected, you can gradually shift the percentages until 100% of the traffic reaches the new version of your service. Traffic splitting is typically used for deploying new versions, A/B testing, service migration, and similar processes.
https://cloud.google.com/traffic-director/docs/advanced-traffic-management#weight-based_traffic_splitting_for_
https://cloud.google.com/architecture/implementing-deployment-and-testing-strategies-on-gke#split_the_traffic_
https://cloud.google.com/load-balancing/docs/https/traffic-management-global#traffic_actions_weight-based_tra


NEW QUESTION # 132
You are evaluating developer tools to help drive Google Kubernetes Engine adoption and integration with your development environment, which includes VS Code and IntelliJ. What should you do?

  • A. Use Cloud Code to develop applications.
  • B. Use a Cloud Notebook instance to ingest and process data and deploy models.
  • C. Use the Cloud Shell integrated Code Editor to edit code and configuration files.
  • D. Use Cloud Shell to manage your infrastructure and applications from the command line.

Answer: A


NEW QUESTION # 133
HipLocal's.net-based auth service fails under intermittent load.
What should they do?

  • A. Use a Compute Engine cluster for the service.
  • B. Use a dedicated Compute Engine virtual machine instance for the service.
  • C. Use App Engine for autoscaling.
  • D. Use Cloud Functions for autoscaling.

Answer: B


NEW QUESTION # 134
You are planning to deploy your application in a Google Kubernetes Engine (GKE) cluster The application exposes an HTTP-based health check at /healthz. You want to use this health check endpoint to determine whether traffic should be routed to the pod by the load balancer.
Which code snippet should you include in your Pod configuration?

  • A. Option A
  • B. Option C
  • C. Option B
  • D. Option D

Answer: C

Explanation:
For the GKE ingress controller to use your readinessProbes as health checks, the Pods for an Ingress must exist at the time of Ingress creation. If your replicas are scaled to 0, the default health check will apply.


NEW QUESTION # 135
You are developing an application hosted on Google Cloud that uses a MySQL relational database schema.
The application will have a large volume of reads and writes to the database and will require backups and ongoing capacity planning. Your team does not have time to fully manage the database but can take on small administrative tasks. How should you host the database?

  • A. Configure Cloud Spanner to host the database, and import the schema into Cloud Spanner.
  • B. Configure Bigtable to host the database, and import the data into Bigtable.
  • C. Configure Cloud SQL to host the database, and import the schema into Cloud SQL.
  • D. Deploy MySQL from the Google Cloud Marketplace to the database using a client, and import the schema.
  • E. Configure Firestore to host the database, and import the data into Firestore.

Answer: C

Explanation:
https://cloud.google.com/spanner/docs/migrating-mysql-to-spanner#migration-process Cloud SQL: Cloud SQL is a web service that allows you to create, configure, and use relational databases that live in Google's cloud. It is a fully-managed service that maintains, manages, and administers your databases, allowing you to focus on your applications and services.
https://cloud.google.com/sql/docs/mysql Cloud SQL for MySQL is a fully-managed database service that helps you set up, maintain, manage, and administer your MySQL relational databases on Google Cloud Platform.


NEW QUESTION # 136
......


Target Audience and Prerequisites

The Google Professional Cloud Developer certification exam is intended for those App Developers who are involved in designing and building applications to run on Google Cloud Platform. These specialists should be familiar with the Google Cloud Platform products, such as Cloud Storage, Compute Engine, Security Key Enforcement, as well as BigQuery.

There are no obligatory requirements that the candidates need to meet to become eligible for the qualifying test. Nevertheless, the target individuals are recommended to have three or more years of industry experience, including one or more years of experience in designing and managing solutions using Google Cloud. Besides that, the students need to develop a comprehensive understanding of the exam topics.


How to Prepare For Google Professional Cloud Developer Exam

Preparation Guide for Google Professional Cloud Developer Exam

Introduction

Google has designed different Role Based Certifications for the IT professionals to validate their skillset one among them is Google Professional Cloud Developer. This program gives Google cloud professionals a way to demonstrate their skills. The evaluation relies on a meticulous exam using industry standard methodology to validate aspirants proficiency standards to meet Google's proficiency standards.

According to Google, a Google Certified Professional Cloud Developer facilitate organizations to influence Google Cloud technologies. With a thorough understanding of cloud developer and Google Cloud Platform, this individual can design, develop, and manage robust, secure, scalable, highly available, and dynamic solutions to drive business objectives.

In this guide, we will cover the Google Professional Cloud Developer Exam, Google Professional Cloud Developer Certified Professionals salary and all aspects of the Google Professional Cloud Developer Certification.

 

Professional-Cloud-Developer Dumps To Pass Cloud Developer Exam in One Day: https://www.actual4cert.com/Professional-Cloud-Developer-real-questions.html

Latest Real Google Professional-Cloud-Developer Exam Dumps Questions: https://drive.google.com/open?id=1R-igU63qQpf9L0gWYB2EicWYSckwqid4