A.  

Create an HTTP load balancer with a backend configuration that references an existing instance group. Set the health check to healthy (HTTP).

B.  

Create an HTTP load balancer with a backend configuration that references an existing instance group. Define a balancing mode and set the maximum RPS to 10.

C.  

Create a managed instance group. Set the Autohealing health check to healthy (HTTP).

D.  

Create a managed instance group. Verify that the autoscaling setting is on.

A.  

Change the subnet IP range from 10.0.0.0/20 to 10.0.0.0/22.

B.  

Change the subnet IP range from 10.0 0.0/20 to 10.0.0.0718.

C.  

Add a secondary IP range 10.1.0.0/20 to the subnet.

D.  

Convert the subnet IP range from IPv4 to IPv6

A.  

1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.2. Call your application on Cloud Run from the Cloud Function for every message.

B.  

1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.2. Create a Cloud Pub/Sub subscription for that topic.3. Make your application pull messages from that subscription.

C.  

1. Create a service account.2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.

D.  

1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.2. Create a Cloud Pub/Sub subscription for that topic.3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application.

A.  

Your zonal capacity is limited, causing all preemptible VM's to be shutdown torecover capacity. Try deploying your group to another zone.

B.  

You have hit your instance quota for the region.

C.  

Your managed instance group's VM's are toggled to only last 1 minute inpreemptible settings.

D.  

Your managed instance group's health check is repeatedly failing, either to amisconfigured health check or misconfigured firewall rules not allowing the healthcheck to access the instance

A.  

– Create Compute Engine resources in us–central1–b.–Balance the load across both us–central1–a and us–central1–b.

B.  

– Create a Managed Instance Group and specify us–central1–a as the zone.–Configure the Health Check with a short Health Interval.

C.  

– Create an HTTP(S) Load Balancer.–Create one or more global forwarding rules to direct traffic to your VMs.

D.  

– Perform regular backups of your application.–Create a Cloud Monitoring Alert and be notified if your application becomes unavailable.–Restore from backups when notified.

A.  

In the Google Cloud console, validate which SSH keys have been stored as project-wide keys.

B.  

Navigate to Identity-Aware Proxy and check the permissions for these resources.

C.  

Enable Audit logs on the IAM & admin page for all resources, and validate the results.

D.  

Use the gcloud projects get-iam-policy command to view the current role assignments.

A.  

Create a folder to contain all the dev projects Create an organization policy to limit resources in US locations.

B.  

Create an organization to contain all the dev projects. Create an Identity and Access Management (IAM) policy to limit the resources in US regions.

C.  

Create an Identity and Access Management

D.  

Create an Identity and Access Management (IAM)policy to restrict the resources locations in all dev projects. Apply the policy to all dev roles.

A.  

Configure a Standard multi-zonal GKE cluster.

B.  

Configure an Autopilot GKE cluster.

C.  

Configure a Standard zonal GKE cluster.

D.  

Configure a Standard regional GKE cluster.

A.  

Organize projects under folders for each department. Configure both organization policies and log sinks on the folders

B.  

Organize projects under folders for each department. Configure organization policies on the organization and log sinks on the folders.

C.  

Use a standard naming convention for projects that includes the department name. Configure organization policies on the organization and log sinks on the projects.

D.  

Use a standard naming convention for projects that includes the department name. Configure both organization policies and log sinks on the projects.

A.  

Review the Compute Engine activity logs Select and review the Admin Event logs

B.  

Review the Compute Engine activity logs Select and review the System Event logs

C.  

Install the Cloud Logging Agent In Cloud Logging review the Compute Engine syslog logs

D.  

Install the Cloud Logging Agent In Cloud Logging, review the Compute Engine operation logs

A.  

Create a service account per team, and grant the service account the Project Editor role. Ask the teams to provision their infrastructure through the Google Cloud CLI (gcloud CLI), while impersonating their dedicated service account.

B.  

Provide training for all engineering teams you work with to understand the company’s required practices. Allow the engineering teams to provision the infrastructure to best meet their needs.

C.  

Configure organization policies to enforce your company’s required practices. Ask the teams to provision their infrastructure by using the Google Cloud console.

D.  

Write Terraform modules for each component that are compliant with the company’s required practices, and ask teams to implement their infrastructure through these modules.

A.  

Manual Scaling with 3 instances.

B.  

Basic Scaling with min_instances set to 3.

C.  

Basic Scaling with max_instances set to 3.

D.  

Automatic Scaling with min_idle_instances set to 3.

A.  

Perform a rolling-action start-update with maxSurge set to 0 and maxUnavailable set to 1.

B.  

Perform a rolling-action start-update with maxSurge set to 1 and maxUnavailable set to 0.

C.  

Create a new managed instance group with an updated instance template. Add the group to the backend service for the load balancer. When all instances in the new managed instance group are healthy, delete the old managed instance group.

D.  

Create a new instance template with the new application version. Update the existing managed instance group with the new instance template. Delete the instances in the managed instance group to allow the managed instance group to recreate the instance using the new instance template.

A.  

Migrate the workload to a Compute Engine Preemptible VM.

B.  

Migrate the workload to a Google Kubernetes Engine cluster with Preemptible nodes.

C.  

Migrate the workload to a Compute Engine VM. Start and stop the instance as needed.

D.  

Create an Instance Template with Preemptible VMs On. Create a Managed Instance Group from the template and adjust Target CPU Utilization. Migrate the workload.

A.  

Create the instance without a public IP address.

B.  

Create the instance with Private Google Access enabled.

C.  

Create a deny-all egress firewall rule on the VPC network.

D.  

Create a route on the VPC to route all traffic to the instance over the VPN tunnel.

A.  

Migrate the web application to App Engine and the backend API to Cloud Run Use Cloud Tasks to run your background job on Compute Engine

B.  

Migrate the web application to App Engine and the backend API to Cloud Run. Use Cloud Tasks to run your background job on Cloud Run.

C.  

Run the web application on a Cloud Storage bucket and the backend API on Cloud Run Use Cloud Tasks to run your background job on Cloud Run.

D.  

Run the web application on a Cloud Storage bucket and the backend API on Cloud Run. Use Cloud Tasks to run your background job on Compute Engine

A.  

Grant yourself the IAM role of Cloud Spanner Admin

B.  

Create a new VPC network with subnetworks in all desired regions

C.  

Configure your Cloud Spanner instance to be multi-regional

D.  

Enable the Cloud Spanner API

A.  

Migrate the users to Active Directory. Connect the Human Resources system to Active Directory. Turn on Google Cloud Directory Sync (GCDS) for Cloud Identity. Turn on Identity Federation from Cloud Identity to Active Directory.

B.  

Organize the users in Cloud Identity into groups. Enforce multi-factor authentication in Cloud Identity.

C.  

Turn on identity federation between Cloud Identity and Google Workspace. Enforce multi-factor authentication for domain wide delegation.

D.  

Use a third-party identity provider service through federation. Synchronize the users from Google Workplace to the third-party provider in real time.

A.  

Use Spanner for all data.

B.  

Use Cloud SQL for customer data, Cloud Storage (Coldline) for historical logs, and BigQuery for sensor data.

C.  

Use Cloud SQL for customer data, Cloud Storage (Archive) for historical logs, and Bigtable for sensor data.

D.  

Use Firestore for customer data, Cloud Storage (Nearline) for historical logs, and Bigtable for sensor data.

A.  

Deploy the container on Cloud Run.

B.  

Deploy the container on Cloud Run on GKE.

C.  

Deploy the container on App Engine Flexible.

D.  

Deploy the container on Google Kubernetes Engine, with cluster autoscaling and horizontal pod autoscaling enabled.

A.  

Move both projects under the same folder.

B.  

Grant the VM Service Account the role Storage Object Creator on corp-aggregate-reports-storage.

C.  

Create a Shared VPC network between both projects. Grant the VM Service Account the role Storage Object Creator on corp-iot-insights.

D.  

Make corp-aggregate-reports-storage public and create a folder with a pseudo-randomized suffix name. Share the folder with the IoT team.

A.  

Link the acquired company’s projects to your company's billing account.

B.  

Configure the acquired company's billing account and your company's billing account to export the billing data into the same BigQuery dataset.

C.  

Migrate the acquired company’s projects into your company’s GCP organization. Link the migrated projects to your company's billing account.

D.  

Create a new GCP organization and a new billing account. Migrate the acquired company's projects and your company's projects into the new GCP organization and link the projects to the new billing account.

A.  

Enable Private Service Access on the Cloud Storage Bucket.

B.  

Add slorage.googleapis.com to the list of restricted services in a VPC Service Controls perimeter and add your project to the list to protected projects.

C.  

Enable Private Google Access on the subnet within the custom VP

C.  

D.  

Deploy a Cloud NAT instance and route the traffic to the dedicated IP address of the Cloud Storage bucket.

A.  

Confirm that network firewall rules are not blocking traffic for User

A.  

B.  

Review recent configuration changes that may have caused unintended modifications to permissions.

C.  

Verify that User A has the Identity and Access Management (IAM) Project Owner role assigned.

D.  

Review the error message that User A received.

A.  

Use gcloud config configurations describe to review the output.

B.  

Use gcloud config configurations activate and gcloud config list to review the output.

C.  

Use kubectl config get-contexts to review the output.

D.  

Use kubectl config use-context and kubectl config view to review the output.

A.  

Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner.

B.  

Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner.

C.  

Create a custom role by removing delete permissions, and add users to that role only.

D.  

Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.

A.  

Open the Cloud Spanner console to review configurations.

B.  

Open the IAM & admin console to review IAM policies for Cloud Spanner roles.

C.  

Go to the Stackdriver Monitoring console and review information for Cloud Spanner.

D.  

Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles.

A.  

Configure an SSL Proxy load balancer in front of the application servers.

B.  

Configure an Internal UDP load balancer in front of the application servers.

C.  

Configure an External HTTP(s) load balancer in front of the application servers.

D.  

Configure an External Network load balancer in front of the application servers.

A.  

Use App Engine and configure Cloud Scheduler to trigger the application using Pub/Sub.

B.  

Use Cloud Functions and configure the bucket as a trigger resource.

C.  

Use Google Kubernetes Engine and configure a CronJob to trigger the application using Pub/Sub.

D.  

Use Dataflow as a batch job, and configure the bucket as a data source.

A.  

Multi-Regional Storage

B.  

Regional Storage

C.  

Nearline Storage

D.  

Coldline Storage

A.  

Stream data to Pub/Sub, and use Dataflow to send data to Cloud Storage

B.  

Stream data to Pub/Sub. and use Storage Transfer Service to send data to BigQuery.

C.  

Stream data to Dataflow, and use Storage Transfer Service to send data to BigQuery.

D.  

Stream data to Dataflow, and use Dataprep by Trifacta to send data to Bigtable.

A.  

Upload the code to Cloud Functions. Use Cloud Scheduler to start the application.

B.  

Create a container for the set of binaries. Use Cloud Scheduler to start a Cloud Run job for the container.

C.  

Create a container for the set of binaries Deploy the container to Google Kubernetes Engine (GKE) and use the Kubernetes scheduler to start the application.

D.  

Lift and shift to a VM on Compute Engine. Use an instance schedule to start and stop the instance.

A.  

Add the network tag allow-udp-636 to the VM instance running the LDAP server.

B.  

Create a route called allow-udp-636 and set the next hop to be the VM instance running the LDAP server.

C.  

Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP port 636 for that network tag.

D.  

Add a network tag of your choice to the instance running the LDAP server. Create a firewall rule to allow egress on UDP port 636 for that network tag.

A.  

Navigate to Stackdriver Logging and select resource.labels.project_id="*"

B.  

Create a Stackdriver Logging Export with a Sink destination to a BigQuery dataset. Configure the table expiration to 60 days.

C.  

Create a Stackdriver Logging Export with a Sink destination to Cloud Storage. Create a lifecycle rule to delete objects after 60 days.

D.  

Configure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuery. Configure the table expiration to 60 days.

A.  

Deploy the container on Cloud Run for Anthos, and set the minimum number of instances to zero

B.  

Deploy the container on Cloud Run (fully managed), and set the minimum number of instances to zero.

C.  

Deploy the container on App Engine flexible environment with autoscaling. and set the value min_instances to zero in the app yaml

D.  

Deploy the container on App Engine flexible environment with manual scaling, and set the value instances to zero in the app yaml

A.  

Create a custom role, and add all the required compute.disks.list and compute, images.list permissions as includedPermissions. Grant the custom role to the user at the project level.

B.  

Create a custom role based on the Compute Image User role Add the compute.disks, list to theincludedPermissions field Grant the custom role to the user at the project level

C.  

Grant the Compute Storage Admin role at the project level.

D.  

Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.

A.  

Use Cloud SQL database with cross-region replication to store game statistics in the EU, US, and APAC regions.

B.  

Use Cloud Spanner to store user data mapped to the game statistics.

C.  

Use BigQuery to store game statistics with a Redis on Memorystore instance in the front to provide global consistency.

D.  

Store game statistics in a Bigtable database partitioned by username.

A.  

Run gcloud auth login, enter your login credentials in the dialog window, and paste the received login token to gcloud CLI.

B.  

Create a Google Cloud service account, and download the service account key. Place the key file in a folder on your machine where gcloud CLI can find it.

C.  

Download your Cloud Identity user account key. Place the key file in a folder on your machine where gcloud CLI can find it.

D.  

Run gcloud config set compute/zone $my_zone to set the default zone for gcloud CLI.

E.  

Run gcloud config set project $my_project to set the default project for gcloud CLI.

A.  

Assign the appropriate permissions, and then use Cloud Monitoring to review metrics

B.  

Use the export logs API to provide the Admin Activity Audit Logs in the format they want

C.  

Turn on Data Access Logs for the buckets they want to audit, and Then build a query in the log viewer that filters on Cloud Storage

D.  

Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs

A.  

Use gcloud to expand the IP range of the current subnet.

B.  

Delete the subnet, and recreate it using a wider range of IP addresses.

C.  

Create a new project. Use Shared VPC to share the current network with the new project.

D.  

Create a new subnet with the same starting IP but a wider range to overwrite the current subnet.

A.  

Create a Cloud Storage bucket. Establish an Identity and Access Management (IAM) role with write permissions to the bucket. Use the gsutil tool to directly copy files over the network to Cloud Storage.

B.  

Set up a Cloud Interconnect connection between the on-premises network and Google Cloud. Establish a private endpoint for Filestore access. Transfer the data from the existing Network File System (NFS) to Filestore.

C.  

Use Transfer Appliance to request an appliance. Load the data locally, and ship the appliance back to Google for ingestion into Cloud Storage.

D.  

Use Storage Transfer Service to move the data from the selected on-premises file storage systems to a Cloud Storage bucket.

A.  

Enable the BigQuery API and ensure that the BigQuery User IAM role is selected. Change the BigQuery dataset to select a data location.

B.  

Create a Cloud Billing account. Enable the BigQuery Data Transfer Service API to export pricing data.

C.  

Enable Cloud Billing data export to BigQuery when you create a Cloud Billing account.

D.  

Enable Cloud Billing on the project and link a Cloud Billing account. Then view the billing data table in the BigQuery dataset.

A.  

Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected.

B.  

Select Cloud SQL (MySQL). Select the create failover replicas option.

C.  

Select Cloud Spanner. Set up your instance with 2 nodes.

D.  

Select Cloud Spanner. Set up your instance as multi-regional.

A.  

Add the users to roles/browser role.

B.  

Add the users to roles/iam.roleViewer role.

C.  

Add the users to a group, and add this group to roles/browser role.

D.  

Add the users to a group, and add this group to roles/iam.roleViewer role.

A.  

Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.

B.  

Grant all engineer’s permission to create their own billing accounts for each new project.

C.  

Apply for monthly invoiced billing, and have a single invoice tor the project paid by the finance team.

D.  

Create a billing account, associate it with a monthly purchase order (PO), and send the PO to Google Cloud.

A.  

Deploy an ingress resource on the GKE cluster to expose the API to the internet. Use Cloud Armor to filter for IP addresses that can connect to the API. On the Cloud Run service, configure the application to fetch its public IP address and update the Cloud Armor policy on startup to allow this IP address to call the API on ports 80 and 443.

B.  

Create an egress firewall rule on the VPC to allow connections to 0.0.0.0/0 on ports 80 and 443.

C.  

Create an ingress firewall rule on the VPC to allow connections from 0.0.0.0/0 on ports 80 and 443.

D.  

Deploy an internal Application Load Balancer to expose the API on GKE to the VPC. Configure Cloud DNS with the IP address of the internal Application Load Balancer. Deploy a Serverless VPC Access connector to allow the Cloud Run service to call the API through the FQDN on Cloud DNS.

A.  

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource.

B.  

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource.

C.  

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Logging.

D.  

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Monitoring.

A.  

Create a Google Kubernetes Engine cluster, and use horizontal pod autoscaling to scale the application.

B.  

Create an instance template, and use the template in a managed instance group with autoscaling configured.

C.  

Create an instance template, and use the template in a managed instance group that scales up and down based on the time of day.

D.  

Use a set of third-party tools to build automation around scaling the application up and down, based on Stackdriver CPU usage monitoring.

A.  

Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.

B.  

Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.

C.  

Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the “compute.osAdminLogin” role to the Google group corresponding to this team.

D.  

Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.

A.  

Export your bill to a Cloud Storage bucket, and then import into Cloud Bigtable for analysis.

B.  

Export your bill to a Cloud Storage bucket, and then import into Google Sheets for analysis.

C.  

Export your transactions to a local file, and perform analysis with a desktop tool.

D.  

Export your bill to a BigQuery dataset, and then write time window-based SQL queries for analysis.

A.  

Expose the application by using an internal passthrough Network Load Balancer.

B.  

Expose the application by using an external passthrough Network Load Balancer.

C.  

Expose the application by using a global external proxy Network Load Balancer.

D.  

Expose the application by using a regional external proxy Network Load Balancer.

A.  

Grant the financial team the IAM role ofג€Billing Account Userג€ on the billing account linked to your credit card.

B.  

Set up BigQuery billing export and grant your financial department IAM access to query the data.

C.  

Create a ticket with Google Billing Support to ask them to send the invoice to your company.

D.  

Change the billing account of your projects to the billing account of your company.

A.  

Configure Billing Data Export to BigQuery and visualize the data in Data Studio.

B.  

Visit the Cost Table page to get a CSV export and visualize it using Data Studio.

C.  

Fill all resources in the Pricing Calculator to get an estimate of the monthly cost.

D.  

Use the Reports view in the Cloud Billing Console to view the desired cost information.

A.  

When creating the VM via the web console, specify the service account under the ‘Identity and API Access’ section.

B.  

Download a JSON Private Key for the service account. On the Project Metadata, add that JSON as the value for the key compute-engine-service-account.

C.  

Download a JSON Private Key for the service account. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine-service-account.

D.  

Download a JSON Private Key for the service account. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service-account.json.

A.  

Create a single budget for all projects and configure budget alerts on this budget.

B.  

Create a separate billing account per sandbox project and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per billing account.

C.  

Create a budget per project and configure budget alerts on all of these budgets.

D.  

Create a single billing account for all sandbox projects and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per project.

A.  

In the Log Viewer, filter the logs on severity 'Error' and the name of the Service Account.

B.  

Create a sink to BigQuery to export all the logs. Create a Data Studio dashboard on the exported logs.

C.  

Create a custom log-based metric for the specific error to be used in an Alerting Policy.

D.  

Grant Project Owner access to the Service Account.

A.  

Use kubect1 to delete the topic resource.

B.  

Use gcloud CLI to delete the topic.

C.  

Use kubect1 to create the label deleted-by-cnrm and to change its value to true for the topic resource.

D.  

Use gcloud CLI to update the topic label managed-by-cnrm to false.

A.  

Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic.

B.  

Deploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic.

C.  

Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP Console to split traffic between the two apps.

D.  

Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.

A.  

Use the gcloud CLI services enablecloudresourcemanager.googleapis.comcommand to enable all resources.

B.  

Use the gcloud services enablecompute.googleapis.comcommand to enable Compute Engineand thegcloud services enablestorage-api.googleapis.comcommand to enable the Cloud Storage APIs.

C.  

Open the Google Cloud console and enable all Google Cloud APIs from the API dashboard.

D.  

Open the Google Cloud console and run gcloud init --project in a Cloud Shell.

A.  

Enable OS Login for all VMs. Use IAM roles to grant user permissions.

B.  

Enable OS Login for all VMs. Write custom startup scripts to update user permissions.

C.  

Require your developers to create public SSH keys. Make the owner of the public key the root user.

D.  

Require your developers to create public SSH keys. Write custom startup scripts to update user permissions.

A.  

1. Create a consumer Gmail account.2.Write a script that monitors the CPU usage.3.When the CPU usage exceeds the threshold, have that script send an email using the Gmail account and smtp.gmail.com on port 25 as SMTP server.

B.  

1. Create a Stackdriver Workspace, and associate your Google Cloud Platform (GCP) project with it.2.Create an Alerting Policy in Stackdriver that uses the threshold as a trigger condition.3.Configure your email address in the notification channel.

C.  

1. Create a Stackdriver Workspace, and associate your GCP project with it.2.Write a script that monitors the CPU usage and sends it as a custom metric to Stackdriver.3.Create an uptime check for the instance in Stackdriver.

D.  

1. In Stackdriver Logging, create a logs-based metric to extract the CPU usage by using this regular expression: CPU Usage: ([0-9] {1,3}) %2.In Stackdriver Monitoring, create an Alerting Policy based on this metric.3.Configure your email address in the notification channel.

A.  

Modify the minimum number of Cloud Run instances.

B.  

Set a minimum concurrent requests environment variable for the application.

C.  

Modify the maximum number of Cloud Run instances.

D.  

Use traffic splitting.

A.  

.00.0.0/0

B.  

10.0.0.0/8

C.  

172.16.0.0/12

D.  

192.168.0.0/16

A.  

Run a test using simulated maintenance events. If the test is successful, use preemptible N1 Standard VMs when running future jobs.

B.  

Run a test using simulated maintenance events. If the test is successful, use N1 Standard VMs when running future jobs.

C.  

Run a test using a managed instance group. If the test is successful, use N1 Standard VMs in the managed instance group when running future jobs.

D.  

Run a test using N1 standard VMs instead of N2. If the test is successful, use N1 Standard VMs when running future jobs.

A.  

Grant "project owner" for web-applications appropriate roles to crm-databases.

B.  

Grant "project owner" role to crm-databases and the web-applications project.

C.  

Grant "project owner" role to crm-databases and roles/bigquery.dataViewer role to web-applications.

D.  

Grant roles/bigquery.dataViewer role to crm-databases and appropriate roles to web-applications.

A.  

Fill in local SSD. Fill in persistent disk storage and snapshot storage.

B.  

Fill in local SSD. Add estimated cost for cluster management.

C.  

Select Add GPUs. Fill in persistent disk storage and snapshot storage.

D.  

Select Add GPUs. Add estimated cost for cluster management.

A.  

In the Google Cloud console for your organization, select Create role from selection, and choose destination as the startup company's organization

B.  

In the Google Cloud console for the startup company, select Create role from selection and choose source as the startup company's Google Cloud organization.

C.  

Use the gcloud iam roles copy command, and provide the Organization ID of the startup company'sGoogle Cloud Organization as the destination.

D.  

Use the gcloud iam roles copy command, and provide the project IDs of all projects in the startup company s organization as the destination.

A.  

Deploy the application on GKE Autopilot.

B.  

Deploy the application on GKE Standard.

C.  

Deploy the application on Cloud Functions.

D.  

Deploy the application on Cloud Run.

A.  

Create two configurations using gcloud config configurations create [NAME]. Run gcloud config configurations activate [NAME] to switch between accounts when running the commands to start the Compute Engine instances.

B.  

Create two configurations using gcloud config configurations create [NAME]. Run gcloud configurations list to start the Compute Engine instances.

C.  

Activate two configurations using gcloud configurations activate [NAME]. Run gcloud config list to start the Compute Engine instances.

D.  

Activate two configurations using gcloud configurations activate [NAME]. Run gcloud configurations list to start the Compute Engine instances.

A.  

Assign appropriate access for Google services to the service account used by the Compute Engine VM.

B.  

Create a service account with appropriate access for Google services, and configure the application to use this account.

C.  

Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.

D.  

Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.

A.  

Create a VPC with non-overlapping CIDR ranges compared to your on-premises network. When migrating individual workloads, assign each workload a new static internal IP address.

B.  

Migrate your DNS server first. Configure Cloud DNS with a forwarding zone to your migrated DNS server. Then migrate all other workloads with ephemeral internal IP addresses.

C.  

Migrate all workloads to a single VPC subnet. Configure Cloud NAT for the subnet and manually assign a static IP address to the Cloud NAT gateway.

D.  

Create a VPC with the same CIDR ranges as your on-premises network. When migrating individual workloads, assign each workload the same static internal IP address.

A.  

Set up a budget alert on the project with an amount of 100 dollars, a threshold of 100%, and notification type of “email.”

B.  

Set up a budget alert on the billing account with an amount of 100 dollars, a threshold of 100%, and notification type of “email.”

C.  

Export the billing data to BigQuery. Create a Cloud Function that uses BigQuery to sum the egress network costs of the exported billing data for the Apache web server for the current month and sends an email if it is over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

D.  

Use the Stackdriver Logging Agent to export the Apache web server logs to Stackdriver Logging. Create a Cloud Function that uses BigQuery to parse the HTTP response log data in Stackdriver for the current month and sends an email if the size of all HTTP responses, multiplied by current GCP egress prices, totals over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

A.  

The pending Pod's resource requests are too large to fit on a single node of the cluster.

B.  

Too many Pods are already running in the cluster, and there are not enough resources left to schedule the pending Pod.

C.  

The node pool is configured with a service account that does not have permission to pull the container image used by the pending Pod.

D.  

The pending Pod was originally scheduled on a node that has been preempted between the creation of the Deployment and your verification of the Pods’ status. It is currently being rescheduled on a new node.

A.  

kubectl get deployments –output=pods

B.  

gcloud get pods –selector=”app=prod”

C.  

kubectl get pods -I “app=prod”

D.  

gcloud list gke-deployments -filter={pod }

A.  

Create an instance template that contains valid syntax which will be used by the instance group. Delete any persistent disks with the same name as instance names.

B.  

Create an instance template that contains valid syntax that will be used by the instance group. Verify that the instance name and persistent disk name values are not the same in the template.

C.  

Verify that the instance template being used by the instance group contains valid syntax. Delete any persistent disks with the same name as instance names. Set the disks.autoDelete property to true in the instance template.

D.  

Delete the current instance template and replace it with a new instance template. Verify that the instance name and persistent disk name values are not the same in the template. Set the disks.autoDelete property to true in the instance template.

A.  

Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.

B.  

Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.

C.  

Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.

D.  

Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

A.  

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -m 1h gs:///*.

B.  

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -d 1h gs:///.

C.  

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -p 60m gs:///.

D.  

Create a JSON key for the Default Compute Engine Service Account. Execute the command gsutil signurl -t 60m gs:///*

A.  

Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.

B.  

Create a private zone on Cloud DNS, and configure the applications with the DNS name.

C.  

Configure the IP of the database as custom metadata for each instance, and query the metadata server.

D.  

Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.

A.  

Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment.

B.  

Create a new production subnet in the existing VPC and a new production Cloud SQL instance in your existing project, and deploy your application using those resources.

C.  

Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project, in the Shared VP

C.  

D.  

Ask the security team to grant you the Project Editor role in an existing production project used by another division of your company. Once they grant you that role, replicate the setup you have in the development environment in that project.

A.  

Set metadata to enable-oslogin=true for the instance. Grant the dev1 group the compute.osLogin role. Direct them to use the Cloud Shell to ssh to that instance.

B.  

Set metadata to enable-oslogin=true for the instance. Set the service account to no service account for that instance. Direct them to use the Cloud Shell to ssh to that instance.

C.  

Enable block project wide keys for the instance. Generate an SSH key for each user in the dev1 group. Distribute the keys to dev1 users and direct them to use their third-party tools to connect.

D.  

Enable block project wide keys for the instance. Generate an SSH key and associate the key with that instance. Distribute the key to dev1 users and direct them to use their third-party tools to connect.

A.  

Use a custom script to push your application logs to Cloud SQL for exploration.

B.  

Ingest your application logs to Cloud Logging by using Ops Agent, and explore your logs in Logs Explorer.

C.  

Ingest your application logs to Cloud Logging by using Ops Agent, and explore your logs with Log Analytics.

D.  

Use a custom script to push your application logs to BigQuery for exploration.

A.  

Enable Audit Logs for all APIs that are related to data storage.

B.  

Review the IAM permissions for any role that allows for data access.

C.  

Review the Identity-Aware Proxy settings for each resource.

D.  

Create a Data Loss Prevention job.

A.  

Using the GCP Console, filter the Activity log to view the information.

B.  

Using the GCP Console, filter the Stackdriver log to view the information.

C.  

View the bucket in the Storage section of the GCP Console.

D.  

Create a trace in Stackdriver to view the information.

A.  

Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.

B.  

Set up a high-priority (1000) rule that pairs both ingress and egress ports.

C.  

Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.

D.  

Set up a high-priority (1000) rule to allow the appropriate ports.

A.  

Configure a Cloud Router in vpc-a and another Cloud Router in vpc-b.

B.  

Configure a Cloud Interconnect connection between vpc-a and vpc-b.

C.  

Create VPC Network Peering between vpc-a and vpc-b.

D.  

Create an OpenVPN connection between vpc-a and vpc-b.

A.  

An internal HTTP(S) load balancer together with Identity-Aware Proxy to allow only HTTPS traffic.

B.  

An external HTTP(S) load balancer to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend. Install the HTTPS certificates on the instance.

C.  

An external HTTP(S) load balancer with a managed SSL certificate to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend.

D.  

An external network load balancer pointing to the backend instances to distribute the load evenly. The web servers will forward the request to the Cloud Storage as needed.

A.  

Add the user to roles/iam.roleAdmin role.

B.  

Add the user to roles/iam.securityAdmin role.

C.  

Add the user to roles/iam.serviceAccountUser role.

D.  

Add the user to roles/iam.serviceAccountAdmin role.

A.  

Use permissions in your role that use the ‘supported’ support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

B.  

Use permissions in your role that use the ‘supported’ support level for role permissions. Set the role stage to BETA while testing the role permissions.

C.  

Use permissions in your role that use the ‘testing’ support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

D.  

Use permissions in your role that use the ‘testing’ support level for role permissions. Set the role stage to BETA while testing the role permissions.

A.  

Contact cloud-billing@google.com with your bank account details and request a corporate billing account for your company.

B.  

Create a ticket with Google Support and wait for their call to share your credit card details over the phone.

C.  

In the Google Platform Console, go to the Resource Manage and move all projects to the root Organization.

D.  

In the Google Cloud Platform Console, create a new billing account and set up a payment method.

A.  

Create an instance template. Set the disk type to be an SSD Persistent Disk. Launch the instance template as part of a stateful managed instance group.

B.  

Create an instance template. Set the disk type to be an SSD Persistent Disk. Launch the instance template as part of a stateless managed instance group.

C.  

Create an instance template. Set the disk type to be Hyperdisk Extreme. Launch the instance template as part of a stateful managed instance group.

D.  

Create an instance template. Set the disk type to be Hyperdisk Extreme. Launch the instance template as part of a stateless managed instance group.

A.  

Split the users from business units to multiple projects.

B.  

Apply a user- or project-level custom query quota for BigQuery data warehouse.

C.  

Create separate copies of your BigQuery data warehouse for each business unit.

D.  

Split your BigQuery data warehouse into multiple data warehouses for each business unit.

E.  

Change your BigQuery query model from on-demand to flat rate. Apply the appropriate number of slots to each Project.

A.  

Run gcloud compute instances list to get the IP address of the instance, then use the ssh command.

B.  

Use the gcloud compute ssh command.

C.  

Create a key with the ssh-keygen command. Then use the gcloud compute ssh command.

D.  

Create a key with the ssh-keygen command. Upload the key to the instance. Run gcloud compute instances list to get the IP address of the instance, then use the ssh command.

A.  

HTTPS Load Balancer

B.  

Network Load Balancer

C.  

SSL Proxy Load Balancer

D.  

Internal TCP/UDP Load Balancer. Add a firewall rule allowing ingress traffic from 0.0.0.0/0 on the target instances.

A.  

Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists.

B.  

Install a RDP client in your desktop. Set a Windows username and password in the GCP Console. Use the credentials to log in to the instance.

C.  

Set a Windows password in the GCP Console. Verify that a firewall rule for port 22 exists. Click the RDP button in the GCP Console and supply the credentials to log in.

D.  

Set a Windows username and password in the GCP Console. Verify that a firewall rule for port 3389 exists. Click the RDP button in the GCP Console, and supply the credentials to log in.

A.  

Use Cloud Logging filters to create log-based metrics for firewall and instance actions. Monitor the changes and set up reasonable alerts.

B.  

Install Kibana on a compute Instance. Create a log sink to forward Cloud Audit Logs filtered for firewalls andcompute instances to Pub/Sub. Target the Pub/Sub topic to push messages to the Kibana instance. Analyze the logs on Kibana in real time.

C.  

Turn on Google Cloud firewall rules logging, and set up alerts for any insert, update, or delete events.

D.  

Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Cloud Storage.Use BigQuery to periodically analyze log events in the storage bucket.

A.  

Create a Compute Engine snapshot of your base VM. Create your images from that snapshot.

B.  

Create a Compute Engine snapshot of your base VM. Create your instances from that snapshot.

C.  

Create a custom Compute Engine image from a snapshot. Create your images from that image.

D.  

Create a custom Compute Engine image from a snapshot. Create your instances from that image.

A.  

Modify the existing subnet range to 172.16.20.0/24.

B.  

Create a new Secondary IP Range in the VPC and configure the VMs to use that range.

C.  

Create a new VPC network for the VMs. Enable VPC Peering between the VMs’ VPC network and the Dataproc cluster VPC network.

D.  

Create a new VPC network for the VMs with a subnet of 172.32.0.0/16. Enable VPC network Peering between the Dataproc VPC network and the VMs VPC network. Configure a custom Route exchange.