A.  

Assign the auditor the IAM role roles/logging.privateLogViewer. Perform the export of logs to Cloud Storage.

B.  

Assign the auditor the IAM role roles/logging.privateLogViewer. Direct the auditor to also review the logs for changes to Cloud IAM policy.

C.  

Assign the auditor’s IAM user to a custom role that has logging.privateLogEntries.list

permission. Perform the export of logs to Cloud Storage.

D.  

Assign the auditor’s IAM user to a custom role that has logging.privateLogEntries.list

permission. Direct the auditor to also review the logs for changes to Cloud IAM policy.

A.  

Migrate the workload to a Compute Engine Preemptible VM.

B.  

Migrate the workload to a Google Kubernetes Engine cluster with Preemptible nodes.

C.  

Migrate the workload to a Compute Engine VM. Start and stop the instance as needed.

D.  

Create an Instance Template with Preemptible VMs On. Create a Managed Instance Group from the template and adjust Target CPU Utilization. Migrate the workload.

A.  

Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range.

B.  

Create a single custom VPC with 2 subnets. Create each subnet in the same region and with the same CIDR range.

C.  

Create 2 custom VPCs, each with a single subnet. Create each subnet is a different region and with a different CIDR range.

D.  

Create 2 custom VPCs, each with a single subnet. Create each subnet in the same region and with the same CIDR range.

A.  

Create a Cloud Function to create an instance template.

B.  

Create a snapshot schedule for the disk using the desired interval.

C.  

Create a cron job to create a new disk from the disk using gcloud.

D.  

Create a Cloud Task to create an image and export it to Cloud Storage.

A.  

Rely on live migration to move the workload to a machine with more memory.

B.  

Use gcloud to add metadata to the VM. Set the key to required-memory-size and the value to 8 G

B.  

C.  

Stop the VM, change the machine type to n1-standard-8, and start the VM.

D.  

Stop the VM, increase the memory to 8 GB, and start the VM.

A.  

Check the app.yaml file for your application and check project settings.

B.  

Check the web-application.xml file for your application and check project settings.

C.  

Go to Deployment Manager and review settings for deployment of applications.

D.  

Go to Cloud Shell and run gcloud config list to review the Google Cloud configuration used for deployment.

A.  

Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

B.  

Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.

C.  

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.

D.  

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

A.  

Assign the appropriate permissions, and then use Cloud Monitoring to review metrics

B.  

Use the export logs API to provide the Admin Activity Audit Logs in the format they want

C.  

Turn on Data Access Logs for the buckets they want to audit, and Then build a query in the log viewer that filters on Cloud Storage

D.  

Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs

A.  

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource.

B.  

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource.

C.  

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Logging.

D.  

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Monitoring.

A.  

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Set the service's externalTrafficPolicy to Cluster.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

B.  

1. In GKE, create a Service of type NodePort that uses the application's Pods as backend.2. Create a Compute Engine instance called proxy with 2 network interfaces, one in each VPC.3. Use iptables on this instance to forward traffic from gce-network to the GKE nodes.4. Configure the Compute Engine instance to use the address of proxy in gce-network as endpoint.

C.  

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add an annotation to this service: cloud.google.com/load-balancer-type: Internal3. Peer the two VPCs together.4. Configure the Compute Engine instance to use the address of the load balancer that has been created.

D.  

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add a Cloud Armor Security Policy to the load balancer that whitelists the internal IPs of the MIG's instances.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

A.  

Deploy the container on Cloud Run for Anthos, and set the minimum number of instances to zero

B.  

Deploy the container on Cloud Run (fully managed), and set the minimum number of instances to zero.

C.  

Deploy the container on App Engine flexible environment with autoscaling. and set the value min_instances to zero in the app yaml

D.  

Deploy the container on App Engine flexible environment with manual scaling, and set the value instances to zero in the app yaml

A.  

Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.

B.  

Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.

C.  

Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.

D.  

Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

A.  

Increase the size of the disk to 1 TB.

B.  

Increase the allocated CPU to the instance.

C.  

Migrate to use a Local SSD on the instance.

D.  

Migrate to use a Regional SSD on the instance.

A.  

Create a bash script that contains all requirement steps as gcloud commands

B.  

Develop templates for the environment using Cloud Deployment Manager

C.  

Use curl in a terminal to send a REST request to the relevant Google API for each individual resource.

D.  

Use the Cloud Console interface to provision and manage all related resources

A.  

Link the acquired company’s projects to your company's billing account.

B.  

Configure the acquired company's billing account and your company's billing account to export the billing data into the same BigQuery dataset.

C.  

Migrate the acquired company’s projects into your company’s GCP organization. Link the migrated projects to your company's billing account.

D.  

Create a new GCP organization and a new billing account. Migrate the acquired company's projects and your company's projects into the new GCP organization and link the projects to the new billing account.

A.  

Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.

B.  

Grant all engineer’s permission to create their own billing accounts for each new project.

C.  

Apply for monthly invoiced billing, and have a single invoice tor the project paid by the finance team.

D.  

Create a billing account, associate it with a monthly purchase order (PO), and send the PO to Google Cloud.

A.  

Upload the code to Cloud Functions. Use Cloud Scheduler to start the application.

B.  

Create a container for the set of binaries. Use Cloud Scheduler to start a Cloud Run job for the container.

C.  

Create a container for the set of binaries Deploy the container to Google Kubernetes Engine (GKE) and use the Kubernetes scheduler to start the application.

D.  

Lift and shift to a VM on Compute Engine. Use an instance schedule to start and stop the instance.

A.  

Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.

B.  

Create a private zone on Cloud DNS, and configure the applications with the DNS name.

C.  

Configure the IP of the database as custom metadata for each instance, and query the metadata server.

D.  

Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.

A.  

Add the cluster’s API as a new Type Provider in Deployment Manager, and use the new type to create the DaemonSet.

B.  

Use the Deployment Manager Runtime Configurator to create a new Config resource that contains the DaemonSet definition.

C.  

With Deployment Manager, create a Compute Engine instance with a startup script that uses kubectl to create the DaemonSet.

D.  

In the cluster’s definition in Deployment Manager, add a metadata that has kube-system as key and the DaemonSet manifest as value.

A.  

Create an Instance template with the container image, and deploy a Managed Instance Group with Autoscaling.

B.  

Upload Docker images to Artifact Registry, and deploy the application on Google Kubernetes Engine using Standard mode.

C.  

Upload Docker images to the Cloud Storage, and deploy the application on Google Kubernetes Engine using Standard mode.

D.  

Upload Docker images to Artifact Registry, and deploy the application on Cloud Run.

A.  

Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.

B.  

Set up a high-priority (1000) rule that pairs both ingress and egress ports.

C.  

Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.

D.  

Set up a high-priority (1000) rule to allow the appropriate ports.

A.  

1. Give the BigQuery Data Editor role on the platform-logs dataset to the service accounts used by your instances.2. Update your instances’ metadata to add the following value: logs-destination: bq://platform-logs.

B.  

1. In Stackdriver Logging, create a logs export with a Cloud Pub/Sub topic called logs as a sink.2. Create a Cloud Function that is triggered by messages in the logs topic.3. Configure that Cloud Function to drop logs that are not from Compute Engine and to insert Compute Engine logs in the platform-logs dataset.

C.  

1. In Stackdriver Logging, create a filter to view only Compute Engine logs.2. Click Create Export.3. Choose BigQuery as Sink Service, and the platform-logs dataset as Sink Destination.

D.  

1. Create a Cloud Function that has the BigQuery User role on the platform-logs dataset.2. Configure this Cloud Function to create a BigQuery Job that executes this query:INSERT INTO dataset.platform-logs (timestamp, log)SELECT timestamp, log FROM compute.logsWHERE timestamp > DATE_SUB(CURRENT_DATE(), INTERVAL 1 DAY)3. Use Cloud Scheduler to trigger this Cloud Function once a day.

A.  

Load data in Cloud Datastore and run a SQL query against it.

B.  

Create a BigQuery table and load data in BigQuery. Run a SQL query on this table and drop this table after you complete your request.

C.  

Create external tables in BigQuery that point to Cloud Storage buckets and run a SQL query on these external tables to complete your request.

D.  

Create a Hadoop cluster and copy the AVRO file to NDFS by compressing it. Load the file in a hive table and provide access to your analysts so that they can run SQL queries.

A.  

Add the network tag allow-udp-636 to the VM instance running the LDAP server.

B.  

Create a route called allow-udp-636 and set the next hop to be the VM instance running the LDAP server.

C.  

Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP port 636 for that network tag.

D.  

Add a network tag of your choice to the instance running the LDAP server. Create a firewall rule to allow egress on UDP port 636 for that network tag.

A.  

Contact cloud-billing@google.com with your bank account details and request a corporate billing account for your company.

B.  

Create a ticket with Google Support and wait for their call to share your credit card details over the phone.

C.  

In the Google Platform Console, go to the Resource Manage and move all projects to the root Organization.

D.  

In the Google Cloud Platform Console, create a new billing account and set up a payment method.

A.  

Deploy the monitoring pod in a StatefulSet object.

B.  

Deploy the monitoring pod in a DaemonSet object.

C.  

Reference the monitoring pod in a Deployment object.

D.  

Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.

A.  

Open the Cloud Spanner console to review configurations.

B.  

Open the IAM & admin console to review IAM policies for Cloud Spanner roles.

C.  

Go to the Stackdriver Monitoring console and review information for Cloud Spanner.

D.  

Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles.

A.  

Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery

B.  

Firebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery

C.  

Cloud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable

D.  

Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery

A.  

Select Google Kubernetes Engine. Use a single-node cluster with a small instance type.

B.  

Select Google Kubernetes Engine. Use a three-node cluster with micro instance types.

C.  

Select Compute Engine. Use preemptible VM instances of the appropriate standard machine type.

D.  

Select Compute Engine. Use VM instance types that support micro bursting.

A.  

Deployment Manager

B.  

Cloud Composer

C.  

Managed Instance Group

D.  

Unmanaged Instance Group

A.  

Run gcloud configurations list followed by gcloud configurations activate .

B.  

Run gcloud config list followed by gcloud config activate.

C.  

Run gcloud config configurations list followed by gcloud config configurations activate.

D.  

Re-authenticate with the gcloud auth login command and select the correct configurations on login.

A.  

Use Binary Authorization and whitelist only the container images used by your customers’ Pods.

B.  

Use the Container Analysis API to detect vulnerabilities in the containers used by your customers’ Pods.

C.  

Create a GKE node pool with a sandbox type configured to gvisor. Add the parameter runtimeClassName: gvisor to the specification of your customers’ Pods.

D.  

Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers’ Pods.

A.  

Run a test using simulated maintenance events. If the test is successful, use preemptible N1 Standard VMs when running future jobs.

B.  

Run a test using simulated maintenance events. If the test is successful, use N1 Standard VMs when running future jobs.

C.  

Run a test using a managed instance group. If the test is successful, use N1 Standard VMs in the managed instance group when running future jobs.

D.  

Run a test using N1 standard VMs instead of N2. If the test is successful, use N1 Standard VMs when running future jobs.

A.  

Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment.

B.  

Create a new production subnet in the existing VPC and a new production Cloud SQL instance in your existing project, and deploy your application using those resources.

C.  

Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project, in the Shared VP

C.  

D.  

Ask the security team to grant you the Project Editor role in an existing production project used by another division of your company. Once they grant you that role, replicate the setup you have in the development environment in that project.

A.  

Create a Data Studio dashboard that uses the related BigQuery tables as a source and give the BI team view access to the Data Studio dashboard.

B.  

Create a Service Account for the BI team and distribute a new private key to each member of the BI team.

C.  

Use Cloud Scheduler to schedule a batch Dataflow job to copy the data from BigQuery to the BI team's internal data warehouse.

D.  

Assign the IAM role of BigQuery User to a Google Group that contains the members of the BI team.

A.  

Run a Kubernetes job to scan the bucket regularly for incoming files, and call the Speech-to-Text API for each unprocessed file.

B.  

Create an App Engine standard environment triggered by Cloud Storage bucket events to submit the file URI to the Google Speech-to-Text API.

C.  

Run a Python script by using a Linux cron job in Compute Engine to scan the bucket regularly for incoming files, and call the Speech-to-Text API for each unprocessed file.

D.  

Create a Cloud Function triggered by Cloud Storage bucket events to submit the file URI to the Google Speech-to-Text API.

A.  

Create an export to the sink that saves logs from Cloud Audit to BigQuery.

B.  

Create an export to the sink that saves logs from Cloud Audit to a Coldline Storage bucket.

C.  

Write a custom script that uses logging API to copy the logs from Stackdriver logs to BigQuery.

D.  

Export these logs to Cloud Pub/Sub and write a Cloud Dataflow pipeline to store logs to Cloud SQL.

A.  

Search for the CMS solution in Google Cloud Marketplace. Use gcloud CLI to deploy the solution.

B.  

Search for the CMS solution in Google Cloud Marketplace. Deploy the solution directly from Cloud Marketplace.

C.  

Search for the CMS solution in Google Cloud Marketplace. Use Terraform and the Cloud Marketplace ID to deploy the solution with the appropriate parameters.

D.  

Use the installation guide of the CMS provider. Perform the installation through your configuration management system.

A.  

Run gcloud iam roles list. Review the output section.

B.  

Run gcloud iam service-accounts list. Review the output section.

C.  

Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles.

D.  

Navigate to the project and then to the Roles section in the GCP Console. Review the roles and status.

A.  

Create a custom role, and add all the required compute.disks.list and compute, images.list permissions as includedPermissions. Grant the custom role to the user at the project level.

B.  

Create a custom role based on the Compute Image User role Add the compute.disks, list to the

includedPermissions field Grant the custom role to the user at the project level

C.  

Grant the Compute Storage Admin role at the project level.

D.  

Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.

A.  

Export Cloud Datastore data using gcloud datastore export.

B.  

Create a Cloud Datastore index using gcloud datastore indexes create.

C.  

Install the google-cloud-sdk-datastore-emulator component using the apt get install command.

D.  

Install the cloud-datastore-emulator component using the gcloud components install command.

A.  

Review details of the myapp-service Service object and check for error messages.

B.  

Review details of the myapp-deployment Deployment object and check for error messages.

C.  

Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.

D.  

View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.

A.  

Create the instance without a public IP address.

B.  

Create the instance with Private Google Access enabled.

C.  

Create a deny-all egress firewall rule on the VPC network.

D.  

Create a route on the VPC to route all traffic to the instance over the VPN tunnel.

A.  

Use granular logging statements within a Deployment Manager template authored in Python.

B.  

Monitor activity of the Deployment Manager execution on the Stackdriver Logging page of the GCP Console.

C.  

Execute the Deployment Manager template against a separate project with the same configuration, and monitor for failures.

D.  

Execute the Deployment Manager template using the –-preview option in the same project, and observe the state of interdependent resources.

A.  

Use gcloud to create the new project, and then deploy your application to the new project.

B.  

Use gcloud to create the new project and to copy the deployed application to the new project.

C.  

Create a Deployment Manager configuration file that copies the current App Engine deployment into a new project.

D.  

Deploy your application again using gcloud and specify the project parameter with the new project name to create the new project.

A.  

Create a custom role with view-only project permissions. Add the user's account to the custom role.

B.  

Create a custom role with view-only service permissions. Add the user's account to the custom role.

C.  

Select the built-in IAM project Viewer role. Add the user's account to this role.

D.  

Select the built-in IAM service Viewer role. Add the user's account to this role.

A.  

In the console, validate which SSH keys have been stored as project-wide keys.

B.  

Navigate to Identity-Aware Proxy and check the permissions for these resources.

C.  

Enable Audit Logs on the IAM & admin page for all resources, and validate the results.

D.  

Use the command gcloud projects get–iam–policy to view the current role assignments.

A.  

* Create service accounts sa-app and sa-db.

• Associate service account: sa-app with the application servers and the service account sa-db with the database servers.

• Create an ingress firewall rule to allow network traffic from source service account sa-app to target service account sa-db.

B.  

• Create network tags app-server and db-server.

• Add the app-server lag lo the application servers and the db-server lag to the database servers.

• Create an egress firewall rule to allow network traffic from source network tag app-server to target network tag db-server.

C.  

* Create a service account sa-app and a network tag db-server.

* Associate the service account sa-app with the application servers and the network tag db-server with

the database servers.

• Create an ingress firewall rule to allow network traffic from source VPC IP addresses and target the subnet-a IP addresses.

D.  

• Create a network lag app-server and service account sa-db.

• Add the tag to the application servers and associate the service account with the database servers.

• Create an egress firewall rule to allow network traffic from source network tag app-server to target service account sa-db.

A.  

Implement a Cloud Run job to rotate all service account keys periodically in pj-sa. Enforce an org policy to deny service account key creation with an exception to pj-sa.

B.  

Implement a Kubernetes Cronjob to rotate all service account keys periodically. Disable attachment of

service accounts to resources in all projects with an exception to pj-sa.

C.  

Enforce an org policy constraint allowing the lifetime of service account keys to be 24 hours. Enforce an org policy constraint denying service account key creation with an exception on pj-sa.

D.  

Enforce a DENY org policy constraint over the lifetime of service account keys for 24 hours. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

A.  

Deploy the new version in the same application and use the --migrate option.

B.  

Deploy the new version in the same application and use the --splits option to give a weight of 99 to the current version and a weight of 1 to the new version.

C.  

Create a new App Engine application in the same project. Deploy the new version in that application. Use the App Engine library to proxy 1% of the requests to the new version.

D.  

Create a new App Engine application in the same project. Deploy the new version in that application. Configure your network load balancer to send 1% of the traffic to that new application.

A.  

In Google Cloud, configure the VPC as a host for Shared VPC.

B.  

In Google Cloud, configure the VPC for VPC Network Peering.

C.  

Create bastion hosts both in your on-premises environment and on Google Cloud. Configure both as proxy servers using their public IP addresses.

D.  

Set up Cloud VPN between the infrastructure on-premises and Google Cloud.

A.  

Update your web application to use the protocol HTTP/2 instead of HTTP/1.1

B.  

Set the concurrency number to 1 for your Cloud Run service.

C.  

Set the maximum number of instances for your Cloud Run service to 100.

D.  

Set the minimum number of instances for your Cloud Run service to 3.

A.  

Save the incoming votes to Firestore. Use Cloud Scheduler to trigger a Cloud Functions instance to periodically process the votes.

B.  

Use a dedicated instance to process the incoming votes. Send the votes directly to this instance.

C.  

Save the incoming votes to a JSON file on Cloud Storage. Process the votes in a batch at the end of the day.

D.  

Save the incoming votes to Pub/Sub. Use the Pub/Sub topic to trigger a Cloud Functions instance to process the votes.

A.  

Create a folder to contain all the dev projects Create an organization policy to limit resources in US locations.

B.  

Create an organization to contain all the dev projects. Create an Identity and Access Management (IAM) policy to limit the resources in US regions.

C.  

Create an Identity and Access Management

D.  

Create an Identity and Access Management (IAM)policy to restrict the resources locations in all dev projects. Apply the policy to all dev roles.

A.  

Save file automatic first-of-the- month backup for three years Store the backup file in an Archive class Cloud Storage bucket

B.  

Convert the automatic first-of-the-month backup to an export file Write the export file to a Coldline class Cloud Storage bucket

C.  

Set up an export job for the first of the month Write the export file to an Archive class Cloud Storage bucket

D.  

Set up an on-demand backup tor the first of the month Write the backup to an Archive class Cloud Storage bucket

A.  

Use a Shielded VM.

B.  

Use a Preemptible VM.

C.  

Use a sole-tenant node.

D.  

Enable deletion protection on the instance.

A.  

Reserve the IP 10.0.3.21 as a static internal IP address using gcloud and assign it to the licensing server.

B.  

Reserve the IP 10.0.3.21 as a static public IP address using gcloud and assign it to the licensing server.

C.  

Use the IP 10.0.3.21 as a custom ephemeral IP address and assign it to the licensing server.

D.  

Start the licensing server with an automatic ephemeral IP address, and then promote it to a static internal IP address.

A.  

In the Google Cloud console, validate which SSH keys have been stored as project-wide keys.

B.  

Navigate to Identity-Aware Proxy and check the permissions for these resources.

C.  

Enable Audit logs on the 1AM & admin page for all resources, and validate the results.

D.  

Use the gcloud projects get-iam-policy command to view the current role assignments.

A.  

Add your SREs to roles/iam.roleAdmin role.

B.  

Add your SREs to roles/accessapproval approver role.

C.  

Add your SREs to a group and then add this group to roles/iam roleAdmin role.

D.  

Add your SREs to a group and then add this group to roles/accessapproval approver role.

A.  

Create a Cloud Monitoring Workspace.

B.  

Create a VPC network in the project.

C.  

Enable the compute googleapis.com API.

D.  

Grant yourself the IAM role of Compute Admin.

A.  

Perform a rolling-action start-update with maxSurge set to 0 and maxUnavailable set to 1.

B.  

Perform a rolling-action start-update with maxSurge set to 1 and maxUnavailable set to 0.

C.  

Create a new managed instance group with an updated instance template. Add the group to the backend service for the load balancer. When all instances in the new managed instance group are healthy, delete the old managed instance group.

D.  

Create a new instance template with the new application version. Update the existing managed instance group with the new instance template. Delete the instances in the managed instance group to allow the managed instance group to recreate the instance using the new instance template.

A.  

Create a health check on port 443 and use that when creating the Managed Instance Group.

B.  

Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.

C.  

In the Instance Template, add the label ‘health-check’.

D.  

In the Instance Template, add a startup script that sends a heartbeat to the metadata server.

A.  

Write a script that runs gsutil Is -| – gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Schedule the script with cron.

B.  

Write a lifecycle management rule in JSON and push it to the bucket with gsutil lifecycle set config-json-file.

C.  

Write a lifecycle management rule in XML and push it to the bucket with gsutil lifecycle set config-xml-file.

D.  

Write a script that runs gsutil Is -Ir gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Repeat this process every morning.

A.  

Cloud SQL

B.  

Cloud Spanner

C.  

Cloud Firestore

D.  

Cloud Datastore

A.  

Configure Cloud Identity-Aware Proxy (or HTTPS resources

B.  

Configure Cloud Identity-Aware Proxy for SSH and TCP resources.

C.  

Create an SSH keypair and store the public key as a project-wide SSH Key

D.  

Create an SSH keypair and store the private key as a project-wide SSH Key

A.  

1. Create a configuration for each project you need to manage.

2. Activate the appropriate configuration when you work with each of your assigned GCP projects.

B.  

1. Create a configuration for each project you need to manage.

2. Use gcloud init to update the configuration values when you need to work with a non-default project

C.  

1. Use the default configuration for one project you need to manage.

2. Activate the appropriate configuration when you work with each of your assigned GCP projects.

D.  

1. Use the default configuration for one project you need to manage.

2. Use gcloud init to update the configuration values when you need to work with a non-default project.

A.  

Split the users from business units to multiple projects.

B.  

Apply a user- or project-level custom query quota for BigQuery data warehouse.

C.  

Create separate copies of your BigQuery data warehouse for each business unit.

D.  

Split your BigQuery data warehouse into multiple data warehouses for each business unit.

E.  

Change your BigQuery query model from on-demand to flat rate. Apply the appropriate number of slots to each Project.

A.  

gcloud deployment-manager deployments create my-gcp-ace-cluster --config cluster.yaml

B.  

gcloud deployment-manager deployments create my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml

C.  

gcloud deployment-manager deployments apply my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml

D.  

gcloud deployment-manager deployments apply my-gcp-ace-cluster --config cluster.yaml

A.  

Ask the other team to grant your default App Engine Service account the role of BigQuery Job User.

B.  

Ask the other team to grant your default App Engine Service account the role of BigQuery Data Viewer.

C.  

In Cloud IAM of your project, ensure that the default App Engine service account has the role of BigQuery Data Viewer.

D.  

In Cloud IAM of your project, grant a newly created service account from the other team the role of BigQuery Job User in your project.

A.  

Create an instance template that contains valid syntax which will be used by the instance group. Delete any persistent disks with the same name as instance names.

B.  

Create an instance template that contains valid syntax that will be used by the instance group. Verify that the instance name and persistent disk name values are not the same in the template.

C.  

Verify that the instance template being used by the instance group contains valid syntax. Delete any persistent disks with the same name as instance names. Set the disks.autoDelete property to true in the instance template.

D.  

Delete the current instance template and replace it with a new instance template. Verify that the instance name and persistent disk name values are not the same in the template. Set the disks.autoDelete property to true in the instance template.

A.  

Go to Data Catalog and search for employee_ssn in the search box.

B.  

Write a shell script that uses the bq command line tool to loop through all the projects in your organization.

C.  

Write a script that loops through all the projects in your organization and runs a query on INFORMATION_SCHEMA.COLUMNS view to find the employee_ssn column.

D.  

Write a Cloud Dataflow job that loops through all the projects in your organization and runs a query on INFORMATION_SCHEMA.COLUMNS view to find employee_ssn column.

A.  

1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.2. Call your application on Cloud Run from the Cloud Function for every message.

B.  

1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.2. Create a Cloud Pub/Sub subscription for that topic.3. Make your application pull messages from that subscription.

C.  

1. Create a service account.2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.

D.  

1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.2. Create a Cloud Pub/Sub subscription for that topic.3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application.

A.  

• Ensure that the Ops Agent Is Installed on the Compute Engine instance.

• Create a custom metric in the Cloud Monitoring dashboard.

• Provide the security team member with access to this dashboard.

B.  

• Ensure that the Ops Agent is installed on tie Compute Engine instance.

• Provide the security team member roles/configure.inventoryViewer permission.

C.  

• Ensure that the OS Config agent Is Installed on the Compute Engine instance.

• Provide the security team member roles/configure.vulnerabilityViewer permission.

D.  

• Ensure that the OS Config agent is installed on the Compute Engine instance

• Create a log sink Co a BigQuery dataset.

• Provide the security team member with access to this dataset.

A.  

Verify that you are Project Billing Manager for the GCP project. Update the existing project to link it to the existing billing account.

B.  

Verify that you are Project Billing Manager for the GCP project. Create a new billing account and link the new billing account to the existing project.

C.  

Verify that you are Billing Administrator for the billing account. Create a new project and link the new project to the existing billing account.

D.  

Verify that you are Billing Administrator for the billing account. Update the existing project to link it to the existing billing account.

A.  

1. Verify that you are assigned the Project Owners IAM role for this project.

2. Locate the project in the GCP console, click Shut down and then enter the project ID.

B.  

1. Verify that you are assigned the Project Owners IAM role for this project.

2. Switch to the project in the GCP console, locate the resources and delete them.

C.  

1. Verify that you are assigned the Organizational Administrator IAM role for this project.

2. Locate the project in the GCP console, enter the project ID and then click Shut down.

D.  

1. Verify that you are assigned the Organizational Administrators IAM role for this project.

2. Switch to the project in the GCP console, locate the resources and delete them.

A.  

Download and deploy the Jenkins Java WAR to App Engine Standard.

B.  

Create a new Compute Engine instance and install Jenkins through the command line interface.

C.  

Create a Kubernetes cluster on Compute Engine and create a deployment with the Jenkins Docker image.

D.  

Use GCP Marketplace to launch the Jenkins solution.

A.  

Enable Cloud Identity in the GCP Console for your domain.

B.  

Grant them the required IAM roles using their G Suite email address.

C.  

Create a CSV sheet with all users’ email addresses. Use the gcloud command line tool to convert them into Google Cloud Platform accounts.

D.  

In the G Suite console, add the users to a special group called cloud-console-users@yourdomain.com. Rely on the default behavior of the Cloud Platform to grant users access if they are members of this group.

A.  

Give “project owner” for web-applications appropriate roles to crm-databases- proj

B.  

Give “project owner” role to crm-databases-proj and the web-applications project.

C.  

Give “project owner” role to crm-databases-proj and bigquery.dataViewer role to web-applications.

D.  

Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.

A.  

The pending Pod's resource requests are too large to fit on a single node of the cluster.

B.  

Too many Pods are already running in the cluster, and there are not enough resources left to schedule the pending Pod.

C.  

The node pool is configured with a service account that does not have permission to pull the container image used by the pending Pod.

D.  

The pending Pod was originally scheduled on a node that has been preempted between the creation of the Deployment and your verification of the Pods’ status. It is currently being rescheduled on a new node.

A.  

Use Cloud Bigtable for data storage.

B.  

Use Cloud SQL for data storage.

C.  

Use Cloud Spanner for data storage.

D.  

Use Firestore for data storage.