A financial services company is building a CI/CD pipeline using Cloud Build and Cloud Deploy. To comply with internal security policies, they must ensure that only container images that have passed all vulnerability scans and integration tests are deployable to their production GKE clusters. Furthermore, the mechanism enforcing this must be resistant to tampering, even by users with project owner roles. Which combination of services should be implemented to meet these requirements?
You are the SRE lead for a critical order processing service composed of three microservices: an API Gateway, a Processing Service, and a Database Writer. The overall service is considered successful only if an order is accepted by the gateway, fully processed by the service, and successfully written to the database. The individual SLOs are: Gateway (99.95% availability), Processing Service (99.9% availability), and Database Writer (99.99% availability). Assuming these components fail independently, what is the correct composite SLO for the end-to-end user journey?
You are managing a multi-tenant GKE cluster where each tenant application runs in its own namespace. One tenant deployed a custom Fluentd configuration as a DaemonSet to forward their specific application logs to an external analytics service. Shortly after, your central Cloud Logging view stops receiving any logs from the nodes where this tenant's pods are running. Logs from other applications on the same nodes are also missing. What is the most likely cause of this issue?
A development team is starting a new project on Google Cloud and needs to manage their infrastructure as code. The team has extensive experience with Kubernetes YAML but is new to cloud infrastructure provisioning. They want a tool that allows them to define their GCP resources using a Kubernetes-style, declarative syntax and manage them through their GKE cluster. Which IaC tool is the best fit for this team's requirements?
An e-commerce application running on GKE is experiencing intermittent latency spikes during checkout. The system consists of a frontend service, a cart service, and an inventory service. To begin troubleshooting, you need to understand the flow of requests and identify which service call is introducing the most latency. What are the TWO most effective initial steps to take? (Select TWO) ```mermaid sequenceDiagram participant User participant Frontend participant CartSvc as Cart Service participant InvSvc as Inventory Service User->>Frontend: POST /checkout Frontend->>CartSvc: GET /cart/items CartSvc-->>Frontend: Cart Items Frontend->>InvSvc: POST /inventory/reserve InvSvc-->>Frontend: Reservation Confirmed Frontend-->>User: Checkout Complete ```
Your organization manages dozens of GCP projects using Terraform. Multiple teams are making infrastructure changes concurrently, leading to conflicts and accidental overwrites of the Terraform state file. You need to implement a solution that provides state locking and a consistent, shared backend for all team members. Which Google Cloud service should you configure as the Terraform backend to achieve this?
True or False: An error budget represents the maximum amount of time a service can be unavailable or perform below its SLO before violating its contractual SLA with a customer.
Your company's application generates a large volume of debug-level logs that are useful for real-time troubleshooting but are expensive to retain in Cloud Logging for the mandatory 90-day period. You also need to perform complex analytical queries on all retained logs. What is the most cost-effective approach to meet these requirements?
You are creating a dedicated service account for a Cloud Build pipeline. The pipeline needs to perform the following actions: build a Docker image, push the image to Artifact Registry, and deploy the new image as a service revision to Cloud Run. Following the principle of least privilege, which THREE IAM roles should you grant to this service account? (Select THREE)
The Google Cloud Recommender API suggests changing the machine type for a fleet of critical production VMs from `n2-standard-4` to `e2-medium` to save costs. A direct application of this change previously caused an outage due to unexpected performance degradation. As an SRE, what is the best practice for safely validating and implementing this type of recommendation in the future?