Google Updated Professional-Cloud-DevOps-Engineer Exam Questions and Answers by fern

The best option for managing all charts uniformly, with native access control and VPC Service Controls is to store public and private charts in OCI format by using Artifact Registry. Artifact Registry is a service that allows you to store and manage container images and other artifacts in Google Cloud. Artifact Registry supports OCI format, which is an open standard for storing container images and other artifacts such as Helm charts. You can use Artifact Registry to store public and private charts in OCI format and manage them uniformly. You can also use Artifact Registry’s native access control features, such as IAM policies and VPC Service Controls, to secure your charts and control who can access them.

The best option for selecting a deployment and testing strategy that meets your requirements is to use blue/green deployment and canary testing. A blue/green deployment is a deployment strategy that involves creating two identical environments, one running the current version of the application (blue) and one running the new version of the application (green). The traffic is switched from blue to green after testing the new version, and if any issues are discovered, the traffic can be switched back to blue instantly. This way, you can reduce the complexity of release deployments and minimize the duration of deployment rollbacks. A canary testing is a testing strategy that involves releasing a new version of an application to a subset of users or servers and monitoring its performance and reliability. This way, you can test real production traffic with a gradual increase in the number of affected users.

Cloud Build Private Pools allow your builds to run in a secure, isolated environment with direct access to resources inside your private VPC network, without exposing them to the public internet. This is the Google-recommended approach for minimizing management overhead while maintaining strong security boundaries.

From the official documentation:

"Private pools run your builds in a dedicated and secure environment that can connect to private network resources."

— Cloud Build Private Pools Overview

"You can configure private pools to access resources in a VPC network, which enables secure access to services without using public IPs."

— Accessing Private Resources

This method eliminates the need to create and manage additional compute instances or complex load balancing setups, providing seamless integration with your private services during CI pipeline execution.

The correct answer is B. Cloud Infrastructure (Terraform) repository is shared: different directories are different environments. GKE Infrastructure (Anthos Config Management Kustomize manifests) repositories are separated: different branches are different environments. Application (app source code) repositories are separated: different branches are different features.

This answer follows the best practices for using Terraform and Anthos Config Management with GitOps, as described in the following sources:

For Terraform, it is recommended to use a single repository for all environments, and use directories to separate them. This way, you can reuse the same Terraform modules and configurations across environments, and avoid code duplication and drift.You can also use Terraform workspaces to isolate the state files for each environment12.

For Anthos Config Management, it is recommended to use separate repositories for each environment, and use branches to separate the clusters within each environment. This way, you can enforce different policies and configurations for each environment, and use pull requests to promote changes across environments.You can also use Kustomize to create overlays for each cluster that apply specific patches or customizations34.

For application code, it is recommended to use separate repositories for each application, and use branches to separate the features or bug fixes for each application. This way, you can isolate the development and testing of each application, and use pull requests to merge changes into the main branch.You can also use tags or labels to trigger deployments to different environments5.