Google Exams Lab

Professional Cloud DevOps Engineer - questions & answers

Study template for gradually building a Q&A bank while preparing for the certification. Adjust topics and structure to your plan.

Back to overview Jump to questions

Status: In progress · Questions: 40 · Notes: 40

How to use it

Every question follows the same format: short answer, explanation and steps.

  • Frame the question as a real-world scenario.
  • Answer in one or two sentences.
  • Add detail (why, trade-offs, risks).
  • List steps/diagnostics and tag it.
Template

Question standard

A consistent structure keeps the bank readable and easy to revise.

  • Question - scenario or decision point
  • Short answer - 1-2 sentences
  • Explanation - why this solution fits
  • Steps - implementation or diagnostics
  • Tags - domain, tool, priority

Status legend

Draft Review Mastered Needs revisit

Update the badge in each question to guide your review cycles.

Quick tips

  • Add 1-2 references for every question.
  • Write answers as if explaining to a junior engineer.
  • Capture common pitfalls and anti-patterns.

Question bank

The study blocks are working drafts - adapt them to your plan or the exam guide.

Study block 1 · CI/CD engineering

Build and release orchestration, promotion strategy, and rollback mechanics.

[Question] trunk-based development with feature flags. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "trunk-based development with feature flags" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Run releases manually outside the pipeline without auditability or approvals.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: A. Design and validate "trunk-based development with feature flags" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "trunk-based development with feature flags" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "trunk-based development with feature flags".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer CI/CD Review

Source: Cloudpeakify original question

[Question] Cloud Build private pools for regulated workloads. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Design and validate "Cloud Build private pools for regulated workloads" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: B. Design and validate "Cloud Build private pools for regulated workloads" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "Cloud Build private pools for regulated workloads" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "Cloud Build private pools for regulated workloads".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer CI/CD Review

Source: Cloudpeakify original question

[Question] progressive delivery strategy with Cloud Deploy. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Design and validate "progressive delivery strategy with Cloud Deploy" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: C. Design and validate "progressive delivery strategy with Cloud Deploy" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "progressive delivery strategy with Cloud Deploy" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "progressive delivery strategy with Cloud Deploy".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer CI/CD Review

Source: Cloudpeakify original question

[Question] blue-green rollout for GKE services. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Disable security controls in CI/CD to make builds pass faster.
  • D. Design and validate "blue-green rollout for GKE services" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "blue-green rollout for GKE services" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "blue-green rollout for GKE services" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "blue-green rollout for GKE services".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer CI/CD Review

Source: Cloudpeakify original question

[Question] artifact signing and SLSA provenance in the pipeline. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "artifact signing and SLSA provenance in the pipeline" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Run releases manually outside the pipeline without auditability or approvals.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: A. Design and validate "artifact signing and SLSA provenance in the pipeline" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "artifact signing and SLSA provenance in the pipeline" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "artifact signing and SLSA provenance in the pipeline".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer CI/CD Review

Source: Cloudpeakify original question

[Question] promotion gates across dev, stage, and production. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Design and validate "promotion gates across dev, stage, and production" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: B. Design and validate "promotion gates across dev, stage, and production" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "promotion gates across dev, stage, and production" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "promotion gates across dev, stage, and production".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer CI/CD Review

Source: Cloudpeakify original question

[Question] automatic rollback on error-budget burn. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Design and validate "automatic rollback on error-budget burn" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: C. Design and validate "automatic rollback on error-budget burn" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "automatic rollback on error-budget burn" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "automatic rollback on error-budget burn".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer CI/CD Review

Source: Cloudpeakify original question

[Question] selective monorepo builds based on path filters. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Disable security controls in CI/CD to make builds pass faster.
  • D. Design and validate "selective monorepo builds based on path filters" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "selective monorepo builds based on path filters" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "selective monorepo builds based on path filters" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "selective monorepo builds based on path filters".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer CI/CD Review

Source: Cloudpeakify original question

Study block 2 · Observability & SRE

SLI/SLO, alerting, incident response, postmortems, and on-call operations.

[Question] defining SLI/SLO for latency and availability. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "defining SLI/SLO for latency and availability" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Run releases manually outside the pipeline without auditability or approvals.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: A. Design and validate "defining SLI/SLO for latency and availability" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "defining SLI/SLO for latency and availability" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "defining SLI/SLO for latency and availability".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer SRE Review

Source: Cloudpeakify original question

[Question] multi-window burn-rate alerting setup. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Design and validate "multi-window burn-rate alerting setup" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: B. Design and validate "multi-window burn-rate alerting setup" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "multi-window burn-rate alerting setup" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "multi-window burn-rate alerting setup".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer SRE Review

Source: Cloudpeakify original question

[Question] golden-signals dashboard standardization. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Design and validate "golden-signals dashboard standardization" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: C. Design and validate "golden-signals dashboard standardization" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "golden-signals dashboard standardization" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "golden-signals dashboard standardization".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer SRE Review

Source: Cloudpeakify original question

[Question] synthetic monitoring for critical user journeys. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Disable security controls in CI/CD to make builds pass faster.
  • D. Design and validate "synthetic monitoring for critical user journeys" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "synthetic monitoring for critical user journeys" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "synthetic monitoring for critical user journeys" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "synthetic monitoring for critical user journeys".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer SRE Review

Source: Cloudpeakify original question

[Question] incident runbook quality and ownership. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "incident runbook quality and ownership" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Run releases manually outside the pipeline without auditability or approvals.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: A. Design and validate "incident runbook quality and ownership" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "incident runbook quality and ownership" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "incident runbook quality and ownership".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer SRE Review

Source: Cloudpeakify original question

[Question] tracking action items from blameless postmortems. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Design and validate "tracking action items from blameless postmortems" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: B. Design and validate "tracking action items from blameless postmortems" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "tracking action items from blameless postmortems" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "tracking action items from blameless postmortems".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer SRE Review

Source: Cloudpeakify original question

[Question] chaos experiment cadence in production-like environments. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Design and validate "chaos experiment cadence in production-like environments" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: C. Design and validate "chaos experiment cadence in production-like environments" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "chaos experiment cadence in production-like environments" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "chaos experiment cadence in production-like environments".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer SRE Review

Source: Cloudpeakify original question

[Question] on-call escalation policy and handover quality. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Disable security controls in CI/CD to make builds pass faster.
  • D. Design and validate "on-call escalation policy and handover quality" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "on-call escalation policy and handover quality" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "on-call escalation policy and handover quality" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "on-call escalation policy and handover quality".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer SRE Review

Source: Cloudpeakify original question

Study block 3 · Platform operations

Daily platform operations, automation, drift management, and release stability.

[Question] GKE autoscaling with node auto-provisioning. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "GKE autoscaling with node auto-provisioning" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Run releases manually outside the pipeline without auditability or approvals.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: A. Design and validate "GKE autoscaling with node auto-provisioning" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "GKE autoscaling with node auto-provisioning" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "GKE autoscaling with node auto-provisioning".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Operations Review

Source: Cloudpeakify original question

[Question] Cloud Run tuning for concurrency and min instances. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Design and validate "Cloud Run tuning for concurrency and min instances" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: B. Design and validate "Cloud Run tuning for concurrency and min instances" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "Cloud Run tuning for concurrency and min instances" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "Cloud Run tuning for concurrency and min instances".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Operations Review

Source: Cloudpeakify original question

[Question] infrastructure drift detection in Terraform. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Design and validate "infrastructure drift detection in Terraform" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: C. Design and validate "infrastructure drift detection in Terraform" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "infrastructure drift detection in Terraform" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "infrastructure drift detection in Terraform".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Operations Review

Source: Cloudpeakify original question

[Question] secure secret handling in CI jobs. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Disable security controls in CI/CD to make builds pass faster.
  • D. Design and validate "secure secret handling in CI jobs" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "secure secret handling in CI jobs" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "secure secret handling in CI jobs" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "secure secret handling in CI jobs".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Operations Review

Source: Cloudpeakify original question

[Question] database migration automation in release pipelines. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "database migration automation in release pipelines" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Run releases manually outside the pipeline without auditability or approvals.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: A. Design and validate "database migration automation in release pipelines" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "database migration automation in release pipelines" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "database migration automation in release pipelines".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Operations Review

Source: Cloudpeakify original question

[Question] backup and restore drills in non-production. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Design and validate "backup and restore drills in non-production" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: B. Design and validate "backup and restore drills in non-production" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "backup and restore drills in non-production" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "backup and restore drills in non-production".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Operations Review

Source: Cloudpeakify original question

[Question] maintenance window orchestration with approvals. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Design and validate "maintenance window orchestration with approvals" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: C. Design and validate "maintenance window orchestration with approvals" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "maintenance window orchestration with approvals" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "maintenance window orchestration with approvals".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Operations Review

Source: Cloudpeakify original question

[Question] self-healing automation for common failure scenarios. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Disable security controls in CI/CD to make builds pass faster.
  • D. Design and validate "self-healing automation for common failure scenarios" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "self-healing automation for common failure scenarios" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "self-healing automation for common failure scenarios" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "self-healing automation for common failure scenarios".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Operations Review

Source: Cloudpeakify original question

Study block 4 · Security in delivery

Shift-left security, pipeline governance, and secure deployment controls.

[Question] least-privilege service accounts in CI/CD. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "least-privilege service accounts in CI/CD" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Run releases manually outside the pipeline without auditability or approvals.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: A. Design and validate "least-privilege service accounts in CI/CD" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "least-privilege service accounts in CI/CD" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "least-privilege service accounts in CI/CD".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Security Review

Source: Cloudpeakify original question

[Question] Binary Authorization policy design. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Design and validate "Binary Authorization policy design" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: B. Design and validate "Binary Authorization policy design" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "Binary Authorization policy design" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "Binary Authorization policy design".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Security Review

Source: Cloudpeakify original question

[Question] vulnerability-scanning gate in Artifact Registry. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Design and validate "vulnerability-scanning gate in Artifact Registry" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: C. Design and validate "vulnerability-scanning gate in Artifact Registry" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "vulnerability-scanning gate in Artifact Registry" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "vulnerability-scanning gate in Artifact Registry".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Security Review

Source: Cloudpeakify original question

[Question] SBOM generation and dependency risk workflow. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Disable security controls in CI/CD to make builds pass faster.
  • D. Design and validate "SBOM generation and dependency risk workflow" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "SBOM generation and dependency risk workflow" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "SBOM generation and dependency risk workflow" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "SBOM generation and dependency risk workflow".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Security Review

Source: Cloudpeakify original question

[Question] policy-as-code for Kubernetes admission controls. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "policy-as-code for Kubernetes admission controls" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Run releases manually outside the pipeline without auditability or approvals.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: A. Design and validate "policy-as-code for Kubernetes admission controls" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "policy-as-code for Kubernetes admission controls" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "policy-as-code for Kubernetes admission controls".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Security Review

Source: Cloudpeakify original question

[Question] Workload Identity Federation for CI access to GCP. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Design and validate "Workload Identity Federation for CI access to GCP" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: B. Design and validate "Workload Identity Federation for CI access to GCP" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "Workload Identity Federation for CI access to GCP" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "Workload Identity Federation for CI access to GCP".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Security Review

Source: Cloudpeakify original question

[Question] automatic rotation of deployment credentials. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Design and validate "automatic rotation of deployment credentials" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: C. Design and validate "automatic rotation of deployment credentials" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "automatic rotation of deployment credentials" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "automatic rotation of deployment credentials".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Security Review

Source: Cloudpeakify original question

[Question] segregation of duties for production approvals. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Disable security controls in CI/CD to make builds pass faster.
  • D. Design and validate "segregation of duties for production approvals" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "segregation of duties for production approvals" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "segregation of duties for production approvals" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "segregation of duties for production approvals".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer Security Review

Source: Cloudpeakify original question

Study block 5 · Cost & performance

FinOps in engineering, cost efficiency, performance testing, and optimization.

[Question] rightsizing policy for GKE workloads. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "rightsizing policy for GKE workloads" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Run releases manually outside the pipeline without auditability or approvals.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: A. Design and validate "rightsizing policy for GKE workloads" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "rightsizing policy for GKE workloads" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "rightsizing policy for GKE workloads".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer FinOps Review

Source: Cloudpeakify original question

[Question] spot/preemptible strategy for non-critical jobs. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Design and validate "spot/preemptible strategy for non-critical jobs" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: B. Design and validate "spot/preemptible strategy for non-critical jobs" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "spot/preemptible strategy for non-critical jobs" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "spot/preemptible strategy for non-critical jobs".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer FinOps Review

Source: Cloudpeakify original question

[Question] performance load tests as a release criterion. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Design and validate "performance load tests as a release criterion" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: C. Design and validate "performance load tests as a release criterion" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "performance load tests as a release criterion" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "performance load tests as a release criterion".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer FinOps Review

Source: Cloudpeakify original question

[Question] cache strategy validation before launch. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Disable security controls in CI/CD to make builds pass faster.
  • D. Design and validate "cache strategy validation before launch" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "cache strategy validation before launch" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "cache strategy validation before launch" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "cache strategy validation before launch".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer FinOps Review

Source: Cloudpeakify original question

[Question] BigQuery cost controls for CI analytics. Which approach is most suitable for production? Review

Options:

  • A. Design and validate "BigQuery cost controls for CI analytics" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • B. Run releases manually outside the pipeline without auditability or approvals.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: A. Design and validate "BigQuery cost controls for CI analytics" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "BigQuery cost controls for CI analytics" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "BigQuery cost controls for CI analytics".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer FinOps Review

Source: Cloudpeakify original question

[Question] log sampling and retention optimization. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Design and validate "log sampling and retention optimization" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • C. Rely only on CPU alerts and skip SLO/error-budget governance.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: B. Design and validate "log sampling and retention optimization" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "log sampling and retention optimization" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "log sampling and retention optimization".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer FinOps Review

Source: Cloudpeakify original question

[Question] artifact lifecycle cleanup automation. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Design and validate "artifact lifecycle cleanup automation" in a controlled environment with SLO metrics, rollback, and security guardrails.
  • D. Disable security controls in CI/CD to make builds pass faster.

Short answer: C. Design and validate "artifact lifecycle cleanup automation" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "artifact lifecycle cleanup automation" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "artifact lifecycle cleanup automation".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer FinOps Review

Source: Cloudpeakify original question

[Question] FinOps KPI review as part of sprint rituals. Which approach is most suitable for production? Review

Options:

  • A. Run releases manually outside the pipeline without auditability or approvals.
  • B. Rely only on CPU alerts and skip SLO/error-budget governance.
  • C. Disable security controls in CI/CD to make builds pass faster.
  • D. Design and validate "FinOps KPI review as part of sprint rituals" in a controlled environment with SLO metrics, rollback, and security guardrails.

Short answer: D. Design and validate "FinOps KPI review as part of sprint rituals" in a controlled environment with SLO metrics, rollback, and security guardrails.

Explanation: For "FinOps KPI review as part of sprint rituals" this option is best because it combines controlled validation, impact measurement, governance enforcement, and safe rollback capability.

  • Define target SLI/SLO and acceptance criteria for "FinOps KPI review as part of sprint rituals".
  • Implement the change through IaC/automation and validate it in non-production.
  • Roll out gradually (canary/rolling), monitor key metrics, and keep rollback runbooks ready.
DevOps Engineer FinOps Review

Source: Cloudpeakify original question

Want to add another certification?

Duplicate this page, adjust the blocks and start adding new questions.

Back to exams overview