PrepIQ Professional Cloud DevOps Engineer Ultimate Exam, Exams of Technology

This exam evaluates the ability to design, implement, and manage CI/CD pipelines, automate deployments, monitor systems, and manage cloud infrastructure on platforms like Google Cloud. Topics include infrastructure as code, containerization, microservices, release management, cloud security, and performance monitoring. Candidates must demonstrate proficiency in integrating DevOps practices with cloud services for scalable, reliable, and secure applications.

Typology: Exams

2025/2026

Available from 04/19/2026

shilpi-jain-3
shilpi-jain-3 🇮🇳

2.5

(11)

80K documents

1 / 79

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
PrepIQ Professional Cloud DevOps
Engineer Ultimate Exam
**Question 1.** Which GCP resource hierarchy component is the top-most container
for all other resources?
A) Project
B) Folder
C) Organization
D) Billing Account
**Answer:** C
**Explanation:** An Organization is the root of the GCP resource hierarchy; it
contains folders, projects, and all resources.
**Question 2.** In Terraform, which file is used to lock provider versions and ensure
reproducible builds?
A) main.tf
B) variables.tf
C) terraform.lock.hcl
D) outputs.tf
**Answer:** C
**Explanation:** `terraform.lock.hcl` records exact provider versions, preventing
accidental upgrades.
**Question 3.** When using Cloud Deployment Manager, what is the purpose of a
**type provider**?
A) To define reusable templates for resources
B) To import external APIs as resources
C) To manage IAM policies
D) To store state files in Cloud Storage
**Answer:** B
**Explanation:** A type provider lets Deployment Manager interact with external
services by exposing them as resource types.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f

Partial preview of the text

Download PrepIQ Professional Cloud DevOps Engineer Ultimate Exam and more Exams Technology in PDF only on Docsity!

Engineer Ultimate Exam

Question 1. Which GCP resource hierarchy component is the top-most container for all other resources? A) Project B) Folder C) Organization D) Billing Account Answer: C Explanation: An Organization is the root of the GCP resource hierarchy; it contains folders, projects, and all resources. Question 2. In Terraform, which file is used to lock provider versions and ensure reproducible builds? A) main.tf B) variables.tf C) terraform.lock.hcl D) outputs.tf Answer: C Explanation: terraform.lock.hcl records exact provider versions, preventing accidental upgrades. Question 3. When using Cloud Deployment Manager, what is the purpose of a type provider? A) To define reusable templates for resources B) To import external APIs as resources C) To manage IAM policies D) To store state files in Cloud Storage Answer: B Explanation: A type provider lets Deployment Manager interact with external services by exposing them as resource types.

Engineer Ultimate Exam

Question 4. Which IAM role follows the principle of least privilege for a service account that only needs to write logs to Cloud Logging? A) roles/logging.logWriter B) roles/editor C) roles/owner D) roles/logging.viewer Answer: A Explanation: roles/logging.logWriter grants permission to write logs without any extra privileges. Question 5. What is the primary benefit of using a Shared VPC across multiple projects? A) Reduces latency between regions B) Centralizes network administration and allows resource sharing C) Enables automatic VPC peering D) Provides built-in firewall rules for all projects Answer: B Explanation: Shared VPC lets one host project own the network while service projects use its subnets, simplifying management. Question 6. Which GCP service provides a managed, interactive development environment that runs in the browser? A) Cloud Shell B) Cloud Workstations C) Cloud Functions D) Cloud Run Answer: B Explanation: Cloud Workstations delivers fully managed, secure, customizable development environments.

Engineer Ultimate Exam

Question 10. What does Binary Authorization enforce during a Cloud Run deployment? A) Only signed container images can be deployed B) All images must be scanned for vulnerabilities after deployment C) Deployment must occur within a maintenance window D) Only images from a specific GCP project are allowed Answer: A Explanation: Binary Authorization validates that containers are signed by trusted authorities before they run. Question 11. Which Secret Manager feature enables automatic rotation of secrets without updating application code? A) Secret versioning B) Automatic rotation policies C) IAM bindings D) Access approval Answer: B Explanation: Rotation policies rotate secret values on a schedule while keeping the secret’s name unchanged. Question 12. In a blue/green deployment on GKE, how is traffic switched from the blue to the green service? A) Updating the Deployment’s image tag B) Changing the Service selector to point to the green Pods C) Deleting the blue Deployment D) Scaling down the blue Pods to zero Answer: B Explanation: Switching the Service selector directs traffic to the new set of Pods without downtime. Question 13. Which deployment strategy gradually increases traffic to a new version based on a predefined percentage schedule?

Engineer Ultimate Exam

A) Blue/Green B) Canary C) Rolling update D) Recreate Answer: B Explanation: Canary deployments route a small, increasing portion of traffic to the new version. Question 14. When configuring a rolling update in GKE, which field controls how many Pods are updated simultaneously? A) maxSurge B) maxUnavailable C) parallelism D) strategy.type Answer: B Explanation: maxUnavailable defines the maximum number of Pods that can be unavailable during the update. Question 15. Which SLI is most appropriate for measuring the reliability of a REST API that must respond within 200 ms? A) Error rate B) Latency percentile (e.g., 99th-percentile latency) C) Throughput (requests per second) D) CPU utilization Answer: B Explanation: Latency percentiles directly capture response-time reliability. Question 16. An SLO is set at 99.9 % availability per month. What is the monthly error budget in minutes? A) 43.2 minutes B) 4.32 minutes

Engineer Ultimate Exam

Answer: B Explanation: Dashboard panels allow custom visualizations of metrics across resources. Question 20. To alert when a service’s error-rate exceeds 5 % over a 5-minute window, which condition type should be used? A) Metric threshold B) Rate of change C) Percentile threshold D) Burn rate alert Answer: D Explanation: Burn-rate alerts monitor the consumption of the error budget, suited for error-rate thresholds. Question 21. Which Cloud Logging feature lets you export logs to BigQuery for long-term analysis? A) Log sink B) Log bucket C) Log view D) Log metric Answer: A Explanation: A log sink routes selected logs to destinations like BigQuery. Question 22. What is the advantage of using structured logging over plain text logs? A) Smaller storage size B) Faster ingestion C) Enables querying specific fields in Log Explorer D) Automatic alert generation Answer: C

Engineer Ultimate Exam

Explanation: Structured logs contain key-value pairs, making them searchable and filterable. Question 23. Which Cloud Trace feature helps identify latency bottlenecks in a distributed microservice architecture? A) Span annotations B) Sampling rate C) Trace timeline view D) Error reporting integration Answer: C Explanation: The Trace timeline visualizes spans across services, pinpointing slow operations. Question 24. Cloud Profiler collects data at what granularity to minimize overhead? A) Continuous sampling at 100 % B) Periodic snapshots every hour C) Statistical sampling of CPU and heap usage D) Manual instrumentation only Answer: C Explanation: Profiler uses statistical sampling, collecting data intermittently to keep overhead low. Question 25. Which GKE feature automatically adjusts the number of Pods in a Deployment based on CPU utilization? A) Horizontal Pod Autoscaler (HPA) B) Vertical Pod Autoscaler (VPA) C) Cluster Autoscaler D) Node Pool Autoscaling Answer: A

Engineer Ultimate Exam

Question 29. Which Cloud Billing feature helps identify under-utilized resources? A) Cost Table B) Recommender → Rightsizing recommendations C) Budget alerts D) Export to Cloud Storage Answer: B Explanation: Recommender suggests downsizing or terminating idle resources. Question 30. What does the VPC Flow Logs feature capture? A) DNS queries made from VMs B) Packet header information for VPC traffic C) Application-level logs D) IAM audit logs Answer: B Explanation: Flow logs record metadata about network packets, useful for traffic analysis. Question 31. Which Google Cloud service can be used to automatically generate Terraform code from existing resources? A) Cloud Deployment Manager B) Config Connector C) Cloud Asset Inventory → Export to Terraform D) Cloud Shell Answer: C Explanation: Asset Inventory can export existing resources into Terraform configuration files. Question 32. In Cloud Build, which field defines the Docker image used to run a build step?

Engineer Ultimate Exam

A) name B) entrypoint C) args D) env Answer: A Explanation: The name field specifies the container image for the step. Question 33. Which Cloud Deploy feature enables progressive rollout to a subset of traffic before full promotion? A) Canary stage B) Blue/Green stage C) Rollout policy D) Traffic split configuration Answer: D Explanation: Traffic split lets you allocate percentages of traffic to different releases. Question 34. Which IAM permission is required for a service account to pull images from a private Artifact Registry repository? A) artifactregistry.repositories.get B) artifactregistry.repositories.downloadArtifacts C) storage.objects.get D) cloudbuild.builds.create Answer: B Explanation: downloadArtifacts allows read access to repository contents. Question 35. Which Cloud Monitoring alerting policy condition uses a burn rate to indicate rapid SLO consumption? A) Metric threshold B) Rate of change

Engineer Ultimate Exam

C) primary flag D) default version Answer: A Explanation: The latest alias always points to the most recent secret version. Question 39. Which Cloud Run scaling configuration allows zero instances when there is no traffic? A) Minimum instances = 1 B) Maximum instances = 0 C) Autoscaling enabled (default) D) Concurrency = 80 Answer: C Explanation: Cloud Run scales to zero by default when autoscaling is enabled and no requests are received. Question 40. In a GKE cluster, which component is responsible for translating Service objects into network routes? A) kube-proxy B) kube-apiserver C) kube-scheduler D) cloud-controller-manager Answer: A Explanation: kube-proxy implements Service IPs via iptables/ipvs rules. Question 41. Which Cloud Logging feature allows you to create a metric based on a specific log field, such as severity=ERROR? A) Log sink B) Log view C) Log-based metric D) Log bucket

Engineer Ultimate Exam

Answer: C Explanation: Log-based metrics aggregate log entries that match a filter. Question 42. Which SRE metric quantifies the amount of manual work required to keep a service running? A) MTTR B) Error budget burn rate C) Toil D. Service latency Answer: C Explanation: Toil measures repetitive manual tasks that could be automated. Question 43. Which Cloud Monitoring API can be used to programmatically create dashboards? A) Monitoring v1 DashboardsService B) Logging v2 LogEntries C) Cloud Trace v2 Traces D) Cloud Profiler v2 Profiles Answer: A Explanation: The DashboardsService API manages dashboard resources. Question 44. Which Cloud Build option enables parallel execution of multiple build steps? A) waitFor: ["-"] in the step definition B) parallel: true at the top level C) dependentSteps field D) args: ["--parallel"] Answer: A Explanation: Setting waitFor: ["-"] indicates the step does not wait for previous steps, allowing parallel execution.

Engineer Ultimate Exam

Question 48. Which Cloud Logging export destination is best for real-time alerting pipelines? A) Cloud Storage B) BigQuery C) Pub/Sub D) Cloud Datastore Answer: C Explanation: Pub/Sub enables streaming logs to downstream alerting or processing systems. Question 49. Which GKE feature automatically restarts Pods that become unhealthy based on a readiness probe failure? A) Liveness probe B) Readiness probe C) Startup probe D) PodDisruptionBudget Answer: B Explanation: A failing readiness probe marks the Pod as not ready, causing traffic to be removed and triggering restarts if configured. Question 50. Which Cloud Monitoring alerting policy type can suppress alerts during scheduled maintenance windows? A) Notification channel B) Incident auto-close C) Alerting policy with documentation field D) Alerting policy with condition filter alertStrategy notificationRateLimit Answer: D Explanation: The notificationRateLimit and alertStrategy fields allow you to configure alert suppression during maintenance.

Engineer Ultimate Exam

Question 51. Which IAM role grants permission to create and manage Cloud Build triggers? A) roles/cloudbuild.builds.editor B) roles/cloudbuild.builds.viewer C) roles/cloudbuild.builds.builder D) roles/cloudbuild.builds.admin Answer: D Explanation: roles/cloudbuild.builds.admin includes permissions to create, update, and delete triggers. Question 52. Which GCP service can be used to automatically generate documentation for Terraform modules stored in a Cloud Source Repository? A) Cloud Build with terraform-docs plugin B) Cloud Deploy C) Cloud Run D) Cloud Functions Answer: A Explanation: Cloud Build can run terraform-docs during CI to produce module documentation. Question 53. In a CI/CD pipeline, which step should occur before building a Docker image to ensure secret values are not baked into the image? A) Run unit tests B) Pull source code C) Inject secrets via build arguments that are not persisted D) Scan for vulnerabilities Answer: C Explanation: Using build-time secret injection prevents secrets from being stored in the final image layers.

Engineer Ultimate Exam

A) Log bucket with retention = 3650 days B) Log sink with expiration set to never C) Log view with unlimited retention D) Log metric with archive flag Answer: A Explanation: Setting a custom retention period on a log bucket can keep logs for years. Question 58. Which GCP service can be used to store Terraform state securely and enable state locking? A) Cloud Storage with Object Versioning B) Cloud SQL C) Cloud Firestore D) Cloud Spanner Answer: A Explanation: Cloud Storage buckets with versioning and the terraform backend provide secure state storage and locking via GCS. Question 59. Which of the following best describes Canary release in Cloud Deploy? A) Deploy to a separate environment and switch DNS after validation B) Deploy to 100 % of traffic instantly C) Deploy to a small percentage of traffic, monitor, then increase gradually D) Deploy only to internal testers Answer: C Explanation: Canary releases gradually route traffic to the new version. Question 60. Which IAM role is required for a service account to write metrics to Cloud Monitoring? A) roles/monitoring.metricWriter B) roles/monitoring.viewer

Engineer Ultimate Exam

C) roles/logging.logWriter D) roles/monitoring.admin Answer: A Explanation: roles/monitoring.metricWriter allows creating custom metrics. Question 61. Which Cloud Build feature enables caching of Docker layers across builds to speed up image creation? A) --no-cache flag B) Cloud Build Kaniko cache C) --cache-from option in docker builder D) Cloud Build artifact caching with --cache flag Answer: D Explanation: Cloud Build's artifact caching stores intermediate layers for reuse. Question 62. In Cloud Monitoring, what does a burn-rate alert of 0.5x indicate? A) The service is consuming half the error budget per unit time (good) B) The service is over-consuming the error budget C) The service will never hit the SLO D) The service is under-utilized Answer: A Explanation: A burn rate below 1x means the error budget is being consumed slower than expected. Question 63. Which GCP feature can be used to restrict egress traffic from a VPC to only approved internet destinations? A) Firewall rule with deny egress B) VPC Service Controls C) Cloud Armor D) Private Service Connect