1. Home
  2. Google
  3. Google Cloud Certified
  4. Professional Cloud DevOps Engineer Exam Info

Google Professional Cloud DevOps Engineer Exam Questions - Navigate Your Path to Success

The Google Professional Cloud DevOps Engineer (Professional Cloud DevOps Engineer) exam is a good choice and if the candidate manages to pass Google Professional Cloud DevOps Engineer exam, he/she will earn Google Cloud Certified Certification. Below are some essential facts for Google Professional Cloud DevOps Engineer exam candidates:

  • TrendyCerts offers 166 Questions that are based on actual Google Professional Cloud DevOps Engineer syllabus.
  • Our Google Professional Cloud DevOps Engineer Exam Practice Questions were last updated on: Feb 28, 2025

Sample Questions for Google Professional Cloud DevOps Engineer Exam Preparation

Question 1

Your company runs applications in Google Kubernetes Engine (GKE). Several applications rely on ephemeral volumes. You noticed some applications were unstable due to the DiskPressure node condition on the worker nodes. You need to identify which Pods are causing the issue, but you do not have execute access to workloads and nodes. What should you do?

Correct : A

The correct answer is A, Check the node/ephemeral_storage/used_bytes metric by using Metrics Explorer.

The node/ephemeral_storage/used_bytes metric reports the total amount of ephemeral storage used by Pods on each node1. You can use Metrics Explorer to query and visualize this metric and filter it by node name, namespace, or Pod name2. This way, you can identify which Pods are consuming the most ephemeral storage and causing disk pressure on the nodes. You do not need to have execute access to the workloads or nodes to use Metrics Explorer.

The other options are incorrect because they require execute access to the workloads or nodes, which you do not have. The df -h and du -sh * commands are Linux commands that can measure disk usage, but you need to run them inside the Pods or on the nodes, which is not possible in your scenario34.


Monitoring metrics for Kubernetes system components, Node metrics, node/ephemeral_storage/used_bytes. Using Metrics Explorer, Querying metrics. How do I find out disk space utilization information using Linux command line?, df command. How to check disk space in Linux from the command line, du command.

Options Selected by Other Users:
Question 2

You are configuring your CI/CD pipeline natively on Google Cloud. You want builds in a pre-production Google Kubernetes Engine (GKE) environment to be automatically load-tested before being promoted to the production GKE environment. You need to ensure that only builds that have passed this test are deployed to production. You want to follow Google-recommended practices. How should you configure this pipeline with Binary Authorization?

Correct : B

The correct answer is B, Create an attestation for the builds that pass the load test by using a private key stored in Cloud Key Management Service (Cloud KMS) authenticated through Workload Identity.

According to the Google Cloud documentation, Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed on Google Kubernetes Engine (GKE) or Cloud Run1. Binary Authorization uses attestations to certify that a specific image has completed a previous stage in the CI/CD pipeline, such as passing a load test2. Attestations are signed by private keys that are associated with attestors, which are entities that verify the attestations3. To follow Google-recommended practices, you should store your private keys in Cloud Key Management Service (Cloud KMS), which is a secure and scalable service for managing cryptographic keys4. You should also use Workload Identity, which is a feature that allows Kubernetes service accounts to act as Google service accounts, to authenticate to Cloud KMS and sign attestations without having to manage or expose service account keys5.

The other options are incorrect because they do not follow Google-recommended practices. Option A and option D require human intervention to sign the attestations, which is not scalable or automated. Option C exposes the service account JSON key as a Kubernetes Secret, which is less secure than using Workload Identity.


Creating an attestor, Creating an attestor. Cloud Key Management Service Documentation, Overview. Attestations overview, Attestations overview. Using Workload Identity with Binary Authorization, Using Workload Identity with Binary Authorization. Binary Authorization, Binary Authorization.

Options Selected by Other Users:
Google Professional Cloud DevOps Engineer