Google Cloud Professional DevOps Engineer Practice Exam 2025: Latest Questions

Your organization is migrating to Google Cloud and wants centralized control of IAM and billing while letting each product team manage its own resources independently. Which approach best aligns with Google Cloud best practices for bootstrapping the org?

A team runs a microservice on Cloud Run and wants to roll out changes safely. They need to gradually send traffic to a new revision and quickly roll back if error rates increase. What should they do?

You manage an SLO for a user-facing API. Over the last day, error budget burn is trending too fast and risks breaching the SLO before the end of the quarter. What is the most appropriate immediate action according to SRE practices?

A Cloud Run service is experiencing intermittent latency spikes. You want to correlate latency with request paths and identify outliers without instrumenting code first. Which is the best first step using Google Cloud’s managed tooling?

You need to enforce that all new projects created under a specific folder have a predefined set of labels and that only approved regions are used for resource creation. What is the most appropriate solution?

A build pipeline deploys to GKE. The security team requires that only signed container images be deployed and that the verification decision be enforced at deploy time, not just at build time. What should you implement?

Your on-call team is overwhelmed by alerts from a multi-service application. Many alerts are symptoms (CPU spikes, pod restarts) rather than user impact. You want fewer, higher-quality pages aligned to user experience. What is the best approach?

A production service uses Cloud Monitoring. You want to ensure a new alerting policy won’t page repeatedly during a brief transient incident, but it must still page quickly for sustained failures. Which policy configuration best meets this goal?

You operate a global service behind an external HTTP(S) load balancer. Users in one region report slow initial page loads, but backend utilization is low. You suspect suboptimal caching and want to improve performance while minimizing origin changes. What should you do?

A CI/CD pipeline deploys to a managed instance group (MIG) using a rolling update. During deployments, you occasionally see a brief dip in availability and increased error rates, even though health checks are configured. You must keep availability above the SLO during rollouts. What is the best solution?

Your organization uses multiple Google Cloud projects under different folders. You need a centralized, organization-wide view of who can grant IAM roles (role bindings changes) and detect risky policy changes quickly. What should you implement?

A team uses Cloud Build to deploy to a GKE cluster. Security requires that build steps authenticate to Google Cloud without storing long-lived service account keys in the repository or build environment. What is the recommended approach?

You operate a public HTTP(S) service on Cloud Run. You need an availability SLI that reflects real user experience: request success rate for the production URL. Which monitoring approach best fits?

Your company is adopting GitOps for GKE. You need a system that continuously reconciles the cluster state to a Git repository, supports progressive rollouts, and provides auditability of changes. What should you use?

A product team repeatedly exceeds its error budget during peak traffic. Post-incident analysis shows changes were pushed frequently without clear rollback criteria. You want to align release velocity with reliability goals using SRE practices. What should you implement next?

You are responsible for incident response. When an alert fires, responders spend too long figuring out ownership and mitigation steps. You need to reduce mean time to acknowledge (MTTA) and mean time to restore (MTTR). What is the best next step?

A Cloud Run service experiences sporadic latency spikes. You want to determine whether spikes are caused by cold starts, downstream dependencies, or CPU contention. You also want to correlate latency with specific request paths. What should you do?

A BigQuery-based analytics pipeline runs hourly. It sometimes fails due to transient upstream API errors and causes operators to manually re-run it. You want an automated, reliable workflow with retries, backoff, and clear visibility into step-level failures. What should you use?

You have an organization with separate folders for dev, staging, and prod. You must ensure that only approved regions are used across all current and future projects, and you need enforcement rather than reporting. What should you implement?

A regulated workload requires that only verified container images can be deployed to production GKE. You want to cryptographically attest images during CI and enforce that only attested images can run in the prod cluster. Which solution best meets this requirement on Google Cloud?

Your organization uses a hub-and-spoke network where Shared VPC lives in a centralized host project. Multiple application teams deploy GKE clusters in service projects. During an incident, you discover several clusters were created without VPC Flow Logs enabled on their subnets, reducing forensic visibility. You need to enforce that any new or updated subnets used by GKE have Flow Logs enabled across all projects with minimal manual review. What should you do?

You operate a multi-tenant service on Cloud Run. One tenant reports intermittent 503 errors that appear only during high traffic. Metrics show request latency spikes and a high number of container instance restarts. You suspect the service is hitting a memory limit causing OOM kills. What is the most appropriate first step to confirm the hypothesis using Google Cloud’s observability tooling?

Your team uses Cloud Build for CI/CD and deploys to GKE. You want to ensure that only images that pass security scanning are deployed. The requirement is to block deployments when critical vulnerabilities are found, while still allowing teams to deploy quickly when there are no critical findings. What is the best approach?

You are defining SLOs for an internal API used by several product teams. Some clients retry aggressively, which inflates traffic during partial outages. Leadership wants an availability SLO that reflects user experience and discourages retry storms from masking failures. Which SLI is most appropriate?

A latency-sensitive backend on Compute Engine uses Cloud Load Balancing. After a recent change, p99 latency increased, but average latency remained stable. You suspect a small subset of clients is being routed to a distant region. You want to quickly validate whether cross-region traffic is occurring and reduce latency without changing application code. What should you do?