You are designing a deployment technique for your new applications on Google Cloud. As part of your deployment planning, you want to use live traffic to gather performance metrics for both new and existing applications. You need to test against the full production load prior to launch. What should you do?

A. Use canary deployment

B. Use blue/green deployment

C. Use rolling updates deployment

D. Use A/B testing with traffic mirroring during deployment

You are running a containerized application on Google Kubernetes Engine. Your container images are stored in Container Registry. Your team uses CI/CD practices. You need to prevent the deployment of containers with known critical vulnerabilities. What should you do?

A. Use Web Security Scanner to automatically crawl your application Review your application logs for scan results, and provide an attestation that the container is free of known critical vulnerabilities Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed

B. Use Web Security Scanner to automatically crawl your application Review the scan results in the scan details page in the Cloud Console, and provide an attestation that the container is free of known critical vulnerabilities Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed

C. Enable the Container Scanning API to perform vulnerability scanning Review vulnerability reporting in Container Registry in the Cloud Console, and provide an attestation that the container is free of known critical vulnerabilities Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed

D. Enable the Container Scanning API to perform vulnerability scanning Programmatically review vulnerability reporting through the Container Scanning API, and provide an attestation that the container is free of known critical vulnerabilities Use Binary Authorization to implement a policy that forces the attestation to be provided before the container is deployed

Your existing application keeps user state information in a single MySQL database. This state information is very user-specific and depends heavily on how long a user has been using an application.

The MySQL database is causing challenges to maintain and enhance the schema for various users.

Which storage option should you choose?

A. Cloud SQL

B. Cloud Storage

C. Cloud Spanner

D. Cloud Datastore/Firestore

Your company has a new security initiative that requires all data stored in Google Cloud to be encrypted by customer-managed encryption keys. You plan to use Cloud Key Management Service (KMS) to configure access to the keys. You need to follow the "separation of duties" principle and Google-recommended best practices. What should you do? (Choose two.)

A. Provision Cloud KMS in its own project.

B. Do not assign an owner to the Cloud KMS project.

C. Provision Cloud KMS in the project where the keys are being used.

D. Grant the roles/cloudkms.admin role to the owner of the project where the keys from Cloud KMS are being used.

E. Grant an owner role for the Cloud KMS project to a different user than the owner of the project where the keys from Cloud KMS are being used.

You manage an application that runs in a Compute Engine instance. You also have multiple backend services executing in stand-alone Docker containers running in Compute Engine instances. The Compute Engine instances supporting the backend services are scaled by managed instance groups in multiple regions. You want your calling application to be loosely coupled. You need to be able to invoke distinct service implementations that are chosen based on the value of an HTTP header found in the request. Which Google Cloud feature should you use to invoke the backend services?

A. Traffic Director

B. Service Directory

C. Anthos Service Mesh

D. Internal HTTP(S) Load Balancing