Visit here for our full Google Professional Cloud Developer exam dumps and practice test questions.

Question 76:

A developer is building a serverless application that processes images uploaded to Cloud Storage. Which Google Cloud service should be used to automatically trigger processing when new images are uploaded?

A) Cloud Scheduler

B) Cloud Functions

C) Cloud Run

D) Pub/Sub

Answer: B

Explanation:

Cloud Functions should be used to automatically trigger processing when new images are uploaded to Cloud Storage in a serverless application. Cloud Functions is Google Cloud’s event-driven serverless compute platform that executes code in response to events from various Google Cloud services without requiring server management or infrastructure provisioning. Cloud Functions natively supports Cloud Storage triggers, making it the ideal choice for scenarios where actions must occur automatically when files are created, deleted, or modified in storage buckets.

When configuring a Cloud Function with a Cloud Storage trigger, developers specify the bucket to monitor and the event type to respond to, such as finalize/create for new file uploads, delete for file removals, or metadata update for attribute changes. When matching events occur, Cloud Functions automatically invokes the function code, passing event data including the bucket name, file name, content type, and other metadata. The function can then perform any required processing such as image resizing, format conversion, thumbnail generation, virus scanning, or metadata extraction without requiring any polling or infrastructure management.

Cloud Functions provides several advantages for this use case including automatic scaling where Google Cloud provisions compute resources based on incoming event volume, pay-per-use pricing where costs are incurred only when functions execute, simplified development with support for multiple languages including Python, Node.js, Go, and Java, and built-in retry logic for handling transient failures. Functions can access the uploaded files directly from Cloud Storage, process them, and write results back to storage buckets or other services like databases or message queues.

Cloud Scheduler triggers functions on time-based schedules not storage events. Cloud Run requires container images and lacks native storage triggers. Pub/Sub could be used with storage notifications but adds unnecessary complexity compared to direct Cloud Functions integration. Cloud Functions provides the most direct and efficient solution for event-driven serverless image processing triggered by Cloud Storage uploads.

Question 77:

An application deployed on Google Kubernetes Engine needs to access Cloud SQL. What is the recommended method to securely connect to Cloud SQL from GKE?

A) Use public IP with SSL certificates

B) Use Cloud SQL Proxy as a sidecar container

C) Store database credentials in ConfigMaps

D) Use VPC peering

Answer: B

Explanation:

Using Cloud SQL Proxy as a sidecar container is the recommended method to securely connect to Cloud SQL from applications deployed on Google Kubernetes Engine. The Cloud SQL Proxy is a secure intermediary that handles authentication and encryption for database connections, eliminating the need to manage SSL certificates or whitelist IP addresses. When deployed as a sidecar container alongside application containers in the same pod, the proxy provides a secure local connection interface that applications connect to using localhost, while the proxy manages the secure connection to Cloud SQL instances.

The sidecar deployment pattern places the Cloud SQL Proxy container in each pod alongside the application container, ensuring every application instance has its own dedicated proxy. The application connects to the proxy via localhost on a specified port using standard database connection libraries. The proxy authenticates to Cloud SQL using the pod’s service account credentials through Workload Identity, Google Cloud’s recommended method for granting GKE workloads access to Google Cloud services. The proxy establishes encrypted connections to Cloud SQL instances, automatically handling SSL/TLS encryption without requiring certificate management in the application.

This architecture provides multiple security benefits including eliminating the need for static database credentials since authentication uses service account identity, removing the requirement to expose Cloud SQL instances with public IP addresses since connections can use private IPs, automating SSL/TLS encryption for all database traffic, and simplifying credential rotation since identity-based authentication eliminates password management. The proxy also provides connection pooling and automatic retry logic, improving reliability and performance of database connections from GKE applications.

Public IP with SSL certificates requires managing certificates and exposes databases publicly. Storing credentials in ConfigMaps is insecure as ConfigMaps are not encrypted. VPC peering alone does not provide authentication or encryption. Cloud SQL Proxy as a sidecar container is the Google-recommended best practice for secure, manageable Cloud SQL connectivity from GKE.

Question 78:

A developer needs to implement caching for frequently accessed data in a Cloud Run application. Which Google Cloud service provides a fully managed, in-memory data store?

A) Cloud Memorystore

B) Cloud Storage

C) Cloud Datastore

D) Cloud Bigtable

Answer: A

Explanation:

Cloud Memorystore provides a fully managed, in-memory data store suitable for implementing caching for frequently accessed data in Cloud Run applications. Cloud Memorystore is Google Cloud’s managed service for Redis and Memcached, offering highly available, scalable in-memory data stores without requiring users to manage infrastructure, perform software updates, or handle replication and failover. The in-memory architecture delivers sub-millisecond latency for cache read and write operations, making it ideal for reducing database load and improving application response times.

Cloud Memorystore for Redis provides rich data structure support including strings, lists, sets, sorted sets, hashes, and geospatial indexes, enabling sophisticated caching strategies beyond simple key-value storage. The service offers multiple tiers with different availability guarantees: Basic tier provides a single-node instance suitable for development and non-critical caching, while Standard tier provides high availability with automatic failover through read replicas. Cloud Memorystore handles operational tasks including automated backups, point-in-time recovery, monitoring through Cloud Monitoring integration, and maintenance window management with minimal downtime.

Cloud Run applications connect to Cloud Memorystore instances using Serverless VPC Access connectors, which route traffic from serverless environments to VPC networks where Memorystore instances reside. Applications use standard Redis or Memcached client libraries to interact with Cloud Memorystore, implementing caching patterns like cache-aside where applications check cache before querying databases, write-through where cache updates occur synchronously with database writes, or time-based expiration where cached data automatically expires after specified durations. The managed nature of Cloud Memorystore eliminates operational overhead while providing enterprise-grade reliability and performance.

Cloud Storage is object storage not in-memory caching. Cloud Datastore is a document database not optimized for caching. Cloud Bigtable is a NoSQL database but not in-memory. Cloud Memorystore is the purpose-built, fully managed in-memory data store for caching in Google Cloud applications including Cloud Run.

Question 79:

An application needs to process messages asynchronously with guaranteed delivery and automatic retry for failed processing. Which Google Cloud service should be used?

A) Cloud Tasks

B) Cloud Scheduler

C) Cloud Pub/Sub

D) Cloud Functions

Answer: C

Explanation:

Cloud Pub/Sub should be used for processing messages asynchronously with guaranteed delivery and automatic retry for failed processing. Cloud Pub/Sub is Google Cloud’s fully managed, real-time messaging service that enables asynchronous communication between independent applications. It provides at-least-once message delivery guarantees, durable message storage, and configurable retry policies that ensure messages are processed even when downstream systems temporarily fail, making it ideal for building reliable, decoupled application architectures.

Cloud Pub/Sub operates on a publisher-subscriber model where publishers send messages to topics without knowledge of subscribers, and subscribers receive messages from subscriptions associated with those topics. Messages published to topics are durably stored across multiple zones until all subscriptions acknowledge successful processing. If message processing fails, Pub/Sub automatically retries delivery based on configured retry policies including exponential backoff, maximum retry attempts, and dead letter topics for messages that exceed retry limits. This automatic retry mechanism ensures reliable message processing without requiring custom retry logic in application code.

The service provides several features critical for reliable asynchronous processing including message ordering guarantees for messages with the same ordering key, push and pull subscription models where push subscriptions deliver messages to webhook endpoints and pull subscriptions allow applications to retrieve messages on demand, message filtering to route specific messages to appropriate subscribers, and exactly-once delivery semantics in preview for applications requiring stricter delivery guarantees. Pub/Sub scales automatically to handle millions of messages per second with global message distribution and low-latency delivery.

Cloud Tasks is for task queue management with specific execution timing. Cloud Scheduler is for cron-like scheduled job execution. Cloud Functions can subscribe to Pub/Sub but is not itself the messaging service. Cloud Pub/Sub is the comprehensive messaging platform providing guaranteed delivery and automatic retry for reliable asynchronous message processing in Google Cloud.

Question 80:

A developer is building a REST API that needs to authenticate users and validate JWT tokens. Which Google Cloud service provides this functionality?

A) Cloud Identity

B) Cloud IAM

C) Cloud Endpoints

D) API Gateway

Answer: D

Explanation:

API Gateway provides functionality for authenticating users and validating JWT tokens for REST APIs in Google Cloud. API Gateway is a fully managed service that enables developers to create, secure, monitor, and manage APIs with capabilities including authentication and authorization, request/response transformation, rate limiting, and API versioning. API Gateway natively supports JWT validation, allowing developers to configure API security policies that verify JSON Web Tokens issued by identity providers like Firebase Authentication, Google Identity Platform, or third-party OAuth providers before routing requests to backend services.

API Gateway JWT validation works by configuring authentication requirements in the API specification using OpenAPI specifications with security definitions. Developers specify the JWT issuer, JSON Web Key Set (JWKS) URL where the gateway retrieves public keys for token signature verification, and audience claims that must be present in valid tokens. When requests arrive at API Gateway, the service automatically extracts JWT tokens from Authorization headers, validates token signatures using public keys from the JWKS endpoint, verifies token expiration times and audience claims, and rejects invalid requests before they reach backend services. Valid tokens are passed to backends with decoded claims available for authorization decisions.

API Gateway provides additional API management capabilities including request transformation to modify headers or payloads before forwarding to backends, response transformation to standardize output formats, quota management to enforce rate limits per API consumer, monitoring and logging through Cloud Monitoring and Cloud Logging integration, and versioning to manage multiple API versions simultaneously. The service scales automatically to handle varying request volumes and provides low-latency request processing with global distribution. API Gateway integrates with various backend types including Cloud Functions, Cloud Run, App Engine, and Compute Engine services.

Cloud Identity manages user identities but not API authentication. Cloud IAM manages service-to-service authorization not user JWT validation. Cloud Endpoints provides similar functionality but API Gateway is Google’s newer, recommended service for API management with comprehensive JWT validation capabilities for REST APIs.

Question 81:

An application deployed on Compute Engine needs to write logs that can be queried and analyzed. Which is the recommended approach?

A) Write logs to local files and use SSH to access them

B) Use the Cloud Logging API to write structured logs

C) Store logs in Cloud Storage buckets

D) Write logs to a Cloud SQL database

Answer: B

Explanation:

Using the Cloud Logging API to write structured logs is the recommended approach for applications deployed on Compute Engine that need queryable and analyzable logs. Cloud Logging is Google Cloud’s fully managed logging service that aggregates logs from all Google Cloud resources and applications, providing centralized log management with powerful querying, filtering, alerting, and analysis capabilities. Writing logs through the Cloud Logging API ensures logs are properly formatted, enriched with metadata, indexed for efficient querying, and integrated with Google Cloud’s observability ecosystem.

The Cloud Logging API supports structured logging where log entries include fields beyond simple text messages such as severity levels, timestamps, resource labels, operation identifiers, and custom JSON payloads. Structured logs enable sophisticated queries using the Logs Explorer query language, allowing developers and operators to filter logs by specific fields, search for patterns across distributed systems, correlate logs from related operations, and aggregate log data for analysis. Applications can use Cloud Logging client libraries available for multiple languages including Python, Java, Node.js, Go, and others, which simplify API interaction and handle batching, retry logic, and authentication automatically.

Cloud Logging provides numerous benefits over alternative logging approaches including centralized access where logs from all instances and services are available in one location, retention policies with configurable storage duration and archival to Cloud Storage for long-term retention, real-time log streaming to support live monitoring and debugging, integration with Cloud Monitoring for metrics extraction from logs and log-based alerting, and security features including IAM-based access control and audit logging. Logs are automatically enriched with resource metadata such as project ID, instance ID, and zone information, facilitating debugging in distributed environments.

Writing logs to local files requires manual collection and lacks queryability. Storing logs in Cloud Storage requires custom indexing for queries. Writing to Cloud SQL adds database management overhead and cost. Using Cloud Logging API is the recommended, purpose-built solution for queryable, analyzable application logs in Google Cloud.

Question 82:

A developer needs to store user session data with automatic expiration after 30 minutes of inactivity. Which Google Cloud service is most appropriate?

A) Cloud Firestore

B) Cloud Memorystore

C) Cloud SQL

D) Cloud Spanner

Answer: B

Explanation:

Cloud Memorystore is the most appropriate Google Cloud service for storing user session data with automatic expiration after 30 minutes of inactivity. Cloud Memorystore provides managed Redis and Memcached services that offer native support for time-to-live (TTL) functionality, allowing data to automatically expire after specified durations. The in-memory architecture delivers the sub-millisecond read and write latency required for session management, ensuring fast user experiences without the overhead of querying persistent databases for every request.

Redis, available through Cloud Memorystore, provides built-in expiration capabilities through commands like SETEX and EXPIRE that associate TTL values with keys. When storing session data, applications can set expiration times of 30 minutes that automatically reset on each user activity by updating the session key. If users remain inactive for 30 minutes, Redis automatically deletes expired session keys without requiring application code to manually clean up stale sessions. Redis also supports complex data structures like hashes for storing structured session information including user preferences, shopping cart contents, and authentication tokens within single session keys.

Cloud Memorystore handles operational tasks including memory management, replication for high availability in Standard tier deployments, automated backups, and monitoring through Cloud Monitoring integration. The service scales vertically to handle larger memory requirements and provides read replicas to distribute read load for applications with high session read volumes. Session data stored in Cloud Memorystore is accessible from multiple application instances, supporting horizontally scaled web applications where any instance can serve user requests by retrieving session state from the shared cache.

Cloud Firestore and Cloud SQL can store session data but require application logic for expiration cleanup and have higher latency than in-memory storage. Cloud Spanner is over-engineered for session storage. Cloud Memorystore with Redis TTL is the purpose-built, efficient solution for session management with automatic expiration in Google Cloud applications.

Question 83:

An application needs to store and retrieve large binary files with high throughput and low latency. Which Google Cloud storage option should be used?

A) Cloud Storage

B) Cloud Filestore

C) Cloud SQL

D) Persistent Disk

Answer: A

Explanation:

Cloud Storage should be used for storing and retrieving large binary files with high throughput and low latency. Cloud Storage is Google Cloud’s object storage service designed for storing unstructured data including images, videos, backups, archives, and application binary files. The service provides unlimited storage capacity, automatic scaling to handle varying workloads, global accessibility with edge caching through Cloud CDN integration, and multiple storage classes optimized for different access patterns and cost requirements.

Cloud Storage delivers high throughput through parallel composite uploads for large files and automatic load distribution across Google’s global infrastructure. The service supports files up to 5 TB in size and provides consistent sub-100 millisecond latency for Standard storage class retrievals when accessed from the same region as the bucket. For globally distributed applications, Cloud Storage integrates with Cloud CDN to cache frequently accessed files at Google’s edge locations worldwide, further reducing latency for end users. The service handles millions of operations per second per bucket, making it suitable for applications with high request volumes.

Cloud Storage provides additional features beneficial for binary file management including versioning to maintain multiple versions of objects and recover from accidental deletions, lifecycle management to automatically transition objects between storage classes or delete old objects based on age or version count, signed URLs for secure temporary access without requiring authentication, resumable uploads for reliable large file transfers that can recover from network interruptions, and customer-managed encryption keys for enhanced security control. The service offers multiple storage classes including Standard for frequently accessed data, Nearline for monthly access, Coldline for quarterly access, and Archive for annual access, enabling cost optimization based on access patterns.

Cloud Filestore provides NFS file systems not object storage. Cloud SQL stores structured data in databases not binary files. Persistent Disk is block storage for Compute Engine instances. Cloud Storage is the purpose-built, scalable object storage service for large binary files with high throughput requirements in Google Cloud.

Question 84:

A Cloud Function needs to be triggered every day at midnight to perform cleanup tasks. Which Google Cloud service should be used to schedule the function?

A) Cloud Tasks

B) Cloud Scheduler

C) Pub/Sub

D) Cloud Workflows

Answer: B

Explanation:

Cloud Scheduler should be used to trigger a Cloud Function every day at midnight for performing cleanup tasks. Cloud Scheduler is Google Cloud’s fully managed cron job service that allows scheduling arbitrary jobs including HTTP/HTTPS endpoints, Pub/Sub topics, and App Engine applications at specified times using unix-cron format or natural language descriptions. For Cloud Functions, Cloud Scheduler creates scheduled triggers that invoke functions reliably at defined intervals without requiring persistent infrastructure or custom scheduling code.

Cloud Scheduler jobs are configured with schedules using standard cron syntax like “0 0 * * *” for daily midnight execution or descriptive formats like “every day at 00:00”. The scheduler supports multiple time zones ensuring jobs execute at correct local times regardless of where Google Cloud infrastructure runs. When scheduled times arrive, Cloud Scheduler reliably invokes configured targets with configurable retry policies for handling transient failures. For Cloud Functions, the scheduler can invoke functions through HTTP endpoints or Pub/Sub topics, with HTTP invocation being simpler for functions that do not require message queue capabilities.

Cloud Scheduler provides enterprise features including job execution history showing success and failure logs with timestamps and error messages, configurable retry settings including maximum retry attempts and exponential backoff parameters, pause functionality to temporarily disable jobs without deleting configurations, and monitoring integration with Cloud Monitoring for alerting on job failures. The service guarantees at-least-once execution for scheduled jobs, ensuring critical maintenance tasks like cleanup operations execute even if initial attempts fail due to transient issues.

Cloud Tasks manages task queues with specific execution timing but is designed for asynchronous task processing not recurring schedules. Pub/Sub is a messaging service that does not provide scheduling capabilities. Cloud Workflows orchestrates multi-step processes but requires external triggering. Cloud Scheduler is the purpose-built service for time-based scheduling of Cloud Functions and other periodic jobs in Google Cloud.

Question 85:

A developer is implementing continuous deployment for a containerized application to Google Kubernetes Engine. Which Google Cloud service provides native integration with source repositories and automated deployment?

A) Cloud Build

B) Cloud Deploy

C) Container Registry

D) Artifact Registry

Answer: B

Explanation:

Cloud Deploy provides native integration with source repositories and automated continuous deployment for containerized applications to Google Kubernetes Engine. Cloud Deploy is Google Cloud’s managed continuous delivery service designed specifically for deploying applications to GKE and Cloud Run. The service provides declarative deployment pipelines with progression through multiple environments such as development, staging, and production, automated rollout strategies including canary and blue-green deployments, approval gates for production deployments, and comprehensive audit logging of all deployment activities.

Cloud Deploy integrates with Cloud Build for building container images and with source repositories including Cloud Source Repositories, GitHub, and GitLab for triggering deployments from code commits. Developers define deployment pipelines in configuration files specifying target environments, deployment strategies, and approval requirements. When new application versions are ready for deployment, Cloud Deploy orchestrates the rollout process by rendering Kubernetes manifests with environment-specific configurations, applying manifests to target GKE clusters, monitoring rollout progress and health checks, and automatically promoting successful deployments to subsequent pipeline stages when approval gates are satisfied.

The service provides sophisticated rollout capabilities including progressive delivery where new versions are gradually rolled out to subsets of traffic while monitoring for errors, automatic rollback triggered by failed health checks or error rate thresholds, parallel deployments to multiple clusters for multi-region applications, and deployment verification hooks for running custom validation tests before considering deployments successful. Cloud Deploy maintains complete deployment history with visibility into which application versions are deployed to which environments, who approved deployments, and when rollouts occurred, supporting compliance and audit requirements.

Cloud Build handles building and testing but not continuous deployment orchestration. Container Registry and Artifact Registry store container images but do not deploy them. Cloud Deploy is Google Cloud’s purpose-built continuous delivery service providing automated deployment pipelines for containerized applications to GKE with approval workflows and progressive delivery capabilities.

Question 86:

An application needs to perform complex queries across large datasets with SQL syntax. Which Google Cloud service provides a fully managed data warehouse?

A) Cloud SQL

B) Cloud Spanner

C) BigQuery

D) Cloud Bigtable

Answer: C

Explanation:

BigQuery provides a fully managed data warehouse for performing complex queries across large datasets using SQL syntax. BigQuery is Google Cloud’s serverless, highly scalable enterprise data warehouse designed for analytics workloads that require querying petabytes of data with standard SQL. The service separates storage and compute, allowing unlimited data storage while dynamically allocating compute resources to execute queries, enabling organizations to analyze massive datasets without infrastructure management or capacity planning.

BigQuery’s architecture delivers exceptional query performance through columnar storage that reads only relevant columns for queries, partitioning and clustering that prune unnecessary data before scanning, distributed query execution across thousands of workers in parallel, and in-memory BI Engine acceleration for interactive dashboard queries. The service supports standard ANSI SQL with extensions for analytics including window functions, user-defined functions, geographic functions, and machine learning capabilities through BigQuery ML that enable training and deploying models directly within SQL queries.

The fully managed nature eliminates operational overhead including automatic scaling where query resources adjust based on workload demands, high availability with automatic replication across zones, scheduled queries for recurring data processing and reporting, streaming ingestion for real-time data analysis, and integration with business intelligence tools like Looker, Tableau, and Data Studio. BigQuery provides multiple pricing models including on-demand pricing where costs are based on data processed by queries, and flat-rate pricing for predictable costs with reserved compute capacity. Data is encrypted at rest and in transit, with fine-grained access control through IAM and column-level security.

Cloud SQL is for transactional workloads not analytics. Cloud Spanner provides horizontal scalability for OLTP not analytics workloads. Cloud Bigtable is a NoSQL database without SQL support. BigQuery is the purpose-built, fully managed data warehouse optimized for complex SQL analytics across large datasets in Google Cloud.

Question 87:

A developer needs to implement distributed tracing to troubleshoot latency issues across microservices. Which Google Cloud service should be used?

A) Cloud Monitoring

B) Cloud Logging

C) Cloud Trace

D) Cloud Profiler

Answer: C

Explanation:

Cloud Trace should be used to implement distributed tracing for troubleshooting latency issues across microservices. Cloud Trace is Google Cloud’s distributed tracing system that collects and displays latency data from applications, showing how requests propagate through microservices architectures and identifying bottlenecks causing performance degradation. The service provides end-to-end visibility into request flows, displaying timing information for each service hop, allowing developers to pinpoint which components contribute most to overall request latency.

Cloud Trace works by instrumenting application code to create spans representing units of work within services. Each span records timing information including start time, duration, and metadata like operation names and custom attributes. When requests traverse multiple services, trace context is propagated between services through HTTP headers or gRPC metadata, allowing Cloud Trace to reconstruct complete request paths showing how calls flow from frontend services through backend dependencies. The service supports automatic instrumentation for popular frameworks and languages through client libraries that minimize code changes required to enable tracing.

The Cloud Trace console provides powerful visualization and analysis tools including trace timeline views showing sequential and parallel service calls with duration bars, waterfall diagrams identifying critical path components causing longest delays, latency distribution histograms showing performance variability across request samples, and analysis reports highlighting slow RPC calls or database queries. Developers can filter traces by latency ranges to examine specifically slow requests, compare traces to understand performance differences, and set up alerts when service latency exceeds thresholds. Integration with other observability tools like Cloud Logging allows correlating trace IDs with application logs for comprehensive debugging.

Cloud Monitoring tracks metrics but not request traces. Cloud Logging captures logs but not distributed traces. Cloud Profiler analyzes code performance but not request flows. Cloud Trace is the purpose-built distributed tracing service for identifying latency issues across microservices in Google Cloud applications.

Question 88:

An application needs to store structured data with ACID transactions and horizontal scalability. Which Google Cloud database service should be used?

A) Cloud SQL

B) Cloud Spanner

C) Cloud Firestore

D) Cloud Bigtable

Answer: B

Explanation:

Cloud Spanner should be used for storing structured data with ACID transactions and horizontal scalability. Cloud Spanner is Google Cloud’s globally distributed, strongly consistent relational database service that uniquely combines the benefits of traditional relational databases including ACID transactions, SQL query support, and relational schema with the horizontal scalability and high availability typically associated with NoSQL databases. This combination makes Cloud Spanner ideal for applications requiring both strong consistency guarantees and the ability to scale to millions of transactions per second.

Cloud Spanner provides full ACID transaction support with strong consistency across all reads and writes, ensuring applications always see the most recent committed data regardless of geographic distribution. The service uses Google’s TrueTime API and distributed consensus protocols to provide external consistency, where transaction ordering matches the order in which transactions commit globally. This strong consistency eliminates complex application logic for handling eventual consistency and data conflicts. Cloud Spanner supports standard SQL queries, secondary indexes, foreign keys, and joins, allowing developers to use familiar relational database concepts and tools.

The horizontal scalability of Cloud Spanner allows databases to grow from initial deployments handling moderate workloads to massive deployments handling petabytes of data and millions of queries per second simply by adding processing nodes. The service automatically handles data distribution across nodes, query routing to appropriate data locations, and data rebalancing as workloads change. Cloud Spanner provides configurable replication with regional and multi-regional configurations for high availability and disaster recovery, automatic failover with no downtime during outages, and backup and point-in-time recovery capabilities. The managed nature eliminates operational tasks including patching, replication setup, and capacity planning.

Cloud SQL provides ACID transactions but limited horizontal scalability. Cloud Firestore provides scalability but with limited SQL support. Cloud Bigtable provides scalability but is NoSQL without ACID transactions. Cloud Spanner uniquely provides both ACID transactions and horizontal scalability with SQL support for Google Cloud applications.

Question 89:

A developer needs to debug a production issue in a Cloud Run service without modifying the deployed code. Which feature should be used?

A) Cloud Logging

B) Cloud Debugger

C) Cloud Profiler

D) Error Reporting

Answer: B

Explanation:

Cloud Debugger should be used to debug production issues in a Cloud Run service without modifying deployed code. Cloud Debugger is Google Cloud’s live debugging tool that allows developers to inspect application state including variables, call stacks, and execution paths in running applications without stopping service execution, deploying debug builds, or adding extensive logging statements. This capability enables troubleshooting production issues that are difficult to reproduce in development environments while maintaining service availability and performance for end users.

Cloud Debugger works by setting snapshots at specific lines of code through the Google Cloud console, command-line tools, or IDE plugins. When application execution reaches snapshot locations, the debugger captures complete program state including local variables, function arguments, instance fields, and call stack information, making this data available for inspection through the debugger interface. Unlike traditional breakpoints that pause program execution, Cloud Debugger snapshots capture state without blocking request processing, ensuring production services remain responsive. The debugger supports conditional snapshots that capture state only when specified expressions evaluate to true, reducing data collection overhead for high-traffic services.

Cloud Debugger supports multiple languages including Java, Python, Node.js, Go, and .NET, with language-specific agents that integrate with application runtimes. The tool integrates with source code repositories, displaying snapshot locations in actual source code context for easier debugging. Developers can inspect snapshot data through web interfaces showing formatted variable values, expandable object hierarchies, and source code with execution context. Logpoints provide another capability where developers insert dynamic log messages at specific code locations without redeploying, with messages appearing in Cloud Logging alongside regular application logs. The debugger requires minimal application changes, typically just including a small agent library.

Cloud Logging shows log output but does not inspect variables. Cloud Profiler analyzes performance but not variable state. Error Reporting aggregates errors but does not provide debugging. Cloud Debugger is the specialized tool for live debugging of production applications without code modifications in Google Cloud.

Question 90:

An application needs to implement A/B testing by routing different percentages of traffic to multiple versions. Which Google Cloud service provides this capability for containerized applications?

A) Cloud Load Balancing

B) Traffic Director

C) Cloud Run

D) Istio on GKE

Answer: D

Explanation:

Istio on GKE provides sophisticated traffic management capabilities including A/B testing by routing different percentages of traffic to multiple versions for containerized applications. Istio is an open-source service mesh that adds observability, security, and traffic management to microservices without requiring application code changes. When deployed on Google Kubernetes Engine, Istio intercepts all network traffic between services using sidecar proxies, enabling fine-grained control over request routing including percentage-based traffic splits for A/B testing, canary deployments, and gradual rollouts.

Istio implements traffic splitting through VirtualService resources that define routing rules specifying how traffic should be distributed across different service versions. Developers create rules like “route 90 percent of traffic to version 1 and 10 percent to version 2” using declarative YAML configurations. Istio enforces these rules at runtime through Envoy proxy sidecars that intercept requests and route them according to specified weights. The service mesh provides additional capabilities valuable for experimentation including request matching based on headers allowing specific user segments to access experimental versions, fault injection for testing resilience, request timeouts and retries for reliability, and traffic mirroring for shadowing production traffic to new versions without impacting users.

Istio on GKE integrates with Google Cloud observability services, sending metrics to Cloud Monitoring, traces to Cloud Trace, and logs to Cloud Logging, providing comprehensive visibility into how traffic splits affect service performance and user experience. The service mesh enables gradual migration strategies where developers start with small traffic percentages to experimental versions, monitor key metrics like error rates and latency, and progressively increase traffic as confidence grows. If issues arise, traffic weights can be adjusted immediately through configuration changes without redeploying applications. Istio also provides mutual TLS encryption between services and fine-grained authorization policies for security.

Cloud Load Balancing provides basic traffic splitting but lacks advanced service mesh capabilities. Traffic Director is related but Istio provides more comprehensive features. Cloud Run has basic traffic splitting but limited compared to Istio. Istio on GKE is the comprehensive solution for A/B testing and advanced traffic management for containerized microservices in Google Cloud.