A.  

Use a Shielded VM.

B.  

Use a Preemptible VM.

C.  

Use a sole-tenant node.

D.  

Enable deletion protection on the instance.

A.  

Assign the appropriate permissions, and then use Cloud Monitoring to review metrics

B.  

Use the export logs API to provide the Admin Activity Audit Logs in the format they want

C.  

Turn on Data Access Logs for the buckets they want to audit, and Then build a query in the log viewer that filters on Cloud Storage

D.  

Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs

A.  

Change the subnet IP range from 10.0.0.0/20 to 10.0.0.0/22.

B.  

Change the subnet IP range from 10.0 0.0/20 to 10.0.0.0718.

C.  

Add a secondary IP range 10.1.0.0/20 to the subnet.

D.  

Convert the subnet IP range from IPv4 to IPv6

A.  

Grant yourself the IAM role of Cloud Spanner Admin

B.  

Create a new VPC network with subnetworks in all desired regions

C.  

Configure your Cloud Spanner instance to be multi-regional

D.  

Enable the Cloud Spanner API

A.  

Ask the other team to grant your default App Engine Service account the role of BigQuery Job User.

B.  

Ask the other team to grant your default App Engine Service account the role of BigQuery Data Viewer.

C.  

In Cloud IAM of your project, ensure that the default App Engine service account has the role of BigQuery Data Viewer.

D.  

In Cloud IAM of your project, grant a newly created service account from the other team the role of BigQuery Job User in your project.

A.  

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Set the service's externalTrafficPolicy to Cluster.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

B.  

1. In GKE, create a Service of type NodePort that uses the application's Pods as backend.2. Create a Compute Engine instance called proxy with 2 network interfaces, one in each VPC.3. Use iptables on this instance to forward traffic from gce-network to the GKE nodes.4. Configure the Compute Engine instance to use the address of proxy in gce-network as endpoint.

C.  

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add an annotation to this service: cloud.google.com/load-balancer-type: Internal3. Peer the two VPCs together.4. Configure the Compute Engine instance to use the address of the load balancer that has been created.

D.  

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add a Cloud Armor Security Policy to the load balancer that whitelists the internal IPs of the MIG's instances.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

A.  

Deploy the application lo Cloud. Run. Use gradual rollouts for traffic splitting .

B.  

Deploy the application lo Google Kubemetes Engine. Use Anthos Service Mesh for traffic splitting.

C.  

Deploy the application to Cloud functions. Saucily the version number in the functions name.

D.  

Deploy the application to App Engine. For each new version, create a new service.

A.  

Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to the role.

B.  

Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to a new group. Add the group to the role.

C.  

Run gcloud iam roles describe roles/spanner.viewer --project my-project. Add the users to the role.

D.  

Run gcloud iam roles describe roles/spanner.viewer --project my-project. Add the users to a new group. Add the group to the role.

A.  

Add your SREs to roles/iam.roleAdmin role.

B.  

Add your SREs to roles/accessapproval approver role.

C.  

Add your SREs to a group and then add this group to roles/iam roleAdmin role.

D.  

Add your SREs to a group and then add this group to roles/accessapproval approver role.

A.  

Create a Cloud Memorystore for Redis instance with 32-GB capacity.

B.  

Run it on Compute Engine, and choose a custom instance type with 6 vCPUs and 32 GB of memory.

C.  

Package it in a container image, and run it on Kubernetes Engine, using n1-standard-32 instances as nodes.

D.  

Run it on Compute Engine, choose the instance type n1-standard-1, and add an SSD persistent disk of 32 GB.

A.  

Create a Data Studio dashboard that uses the related BigQuery tables as a source and give the BI team view access to the Data Studio dashboard.

B.  

Create a Service Account for the BI team and distribute a new private key to each member of the BI team.

C.  

Use Cloud Scheduler to schedule a batch Dataflow job to copy the data from BigQuery to the BI team's internal data warehouse.

D.  

Assign the IAM role of BigQuery User to a Google Group that contains the members of the BI team.

A.  

Modify the existing subnet range to 172.16.20.0/24.

B.  

Create a new Secondary IP Range in the VPC and configure the VMs to use that range.

C.  

Create a new VPC network for the VMs. Enable VPC Peering between the VMs’ VPC network and the Dataproc cluster VPC network.

D.  

Create a new VPC network for the VMs with a subnet of 172.32.0.0/16. Enable VPC network Peering between the Dataproc VPC network and the VMs VPC network. Configure a custom Route exchange.

A.  

Create a multi-region Cloud Spanner instance with an optimized schema.

B.  

Create a multi-region Firestore database with aggregation query enabled.

C.  

Create a multi-region Cloud SQL for PostgreSQL database with optimized indexes.

D.  

Create a multi-region BigQuery dataset with optimized tables.

A.  

Create a Compute Engine snapshot of your base VM. Create your images from that snapshot.

B.  

Create a Compute Engine snapshot of your base VM. Create your instances from that snapshot.

C.  

Create a custom Compute Engine image from a snapshot. Create your images from that image.

D.  

Create a custom Compute Engine image from a snapshot. Create your instances from that image.

A.  

Configure username and password by using gcloud configure set proxy/username and gcloud configure set proxy/ proxy/password commands.

B.  

Encode username and password in sha256 encoding, and save it to a text file. Use filename as a value in the gcloud configure set core/custom_ca_certs_file command.

C.  

Provide values for CLOUDSDK_USERNAME and CLOUDSDK_PASSWORD in the gcloud CLI tool configure file.

D.  

Set the CLOUDSDK_PROXY_USERNAME and CLOUDSDK_PROXY PASSWORD properties by using environment variables in your command line tool.

A.  

Arrange to switch to Flat-Rate pricing for this query, then move back to on-demand.

B.  

Use the command line to run a dry run query to estimate the number of bytes read. Then convert that bytes estimate to dollars using the Pricing Calculator.

C.  

Use the command line to run a dry run query to estimate the number of bytes returned. Then convert that bytes estimate to dollars using the Pricing Calculator.

D.  

Run a select count (*) to get an idea of how many records your query will look through. Then convert that number of rows to dollars using the Pricing Calculator.

A.  

Use App Engine and configure Cloud Scheduler to trigger the application using Pub/Sub.

B.  

Use Cloud Functions and configure the bucket as a trigger resource.

C.  

Use Google Kubernetes Engine and configure a CronJob to trigger the application using Pub/Sub.

D.  

Use Dataflow as a batch job, and configure the bucket as a data source.

A.  

Create a Cloud Function to create an instance template.

B.  

Create a snapshot schedule for the disk using the desired interval.

C.  

Create a cron job to create a new disk from the disk using gcloud.

D.  

Create a Cloud Task to create an image and export it to Cloud Storage.

A.  

Select the MIG from the Compute Engine console and, in the menu, select Replace VMs.

B.  

Use the gcloud compute instance-groups managed recreate-instances command to recreate theVM.

C.  

Use the gcloud compute instances update command with a REFRESH action for the VM.

D.  

Update and apply the instance template of the MIG.

A.  

Create a second VPC with the same subnet IP range, and connect this VPC to the existing VPC by using VPC Network Peering.

B.  

Delete the existing subnet, and create a new subnet with double the IP range available.

C.  

Use the Google Cloud CLI tool to expand the primary IP range of your subnet.

D.  

Permit additional traffic from the expected range of private IP addresses to reach your VMs by configuring firewall rules.

A.  

Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.

B.  

Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.

C.  

Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.

D.  

Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

A.  

Deployment Manager

B.  

Cloud Composer

C.  

Managed Instance Group

D.  

Unmanaged Instance Group

A.  

Use Google Cloud Directory Sync (GCDS) to synchronize users into Cloud Identity.

B.  

Use the cloud Identity APIs and write a script to synchronize users to Cloud Identity.

C.  

Export users from Active Directory as a CSV and import them to Cloud Identity via the Admin Console.

D.  

Ask each employee to create a Google account using self signup. Require that each employee use their company email address and password.

A.  

Add the user to roles/iam.roleAdmin role.

B.  

Add the user to roles/iam.securityAdmin role.

C.  

Add the user to roles/iam.serviceAccountUser role.

D.  

Add the user to roles/iam.serviceAccountAdmin role.

A.  

Create a VPC with non-overlapping CIDR ranges compared to your on-premises network. When migrating individual workloads, assign each workload a new static internal IP address.

B.  

Migrate your DNS server first. Configure Cloud DNS with a forwarding zone to your migrated DNS server. Then migrate all other workloads with ephemeral internal IP addresses.

C.  

Migrate all workloads to a single VPC subnet. Configure Cloud NAT for the subnet and manually assign a static IP address to the Cloud NAT gateway.

D.  

Create a VPC with the same CIDR ranges as your on-premises network. When migrating individual workloads, assign each workload the same static internal IP address.

A.  

Move both projects under the same folder.

B.  

Grant the VM Service Account the role Storage Object Creator on corp-aggregate-reports-storage.

C.  

Create a Shared VPC network between both projects. Grant the VM Service Account the role Storage Object Creator on corp-iot-insights.

D.  

Make corp-aggregate-reports-storage public and create a folder with a pseudo-randomized suffix name. Share the folder with the IoT team.

A.  

Link the acquired company’s projects to your company's billing account.

B.  

Configure the acquired company's billing account and your company's billing account to export the billing data into the same BigQuery dataset.

C.  

Migrate the acquired company’s projects into your company’s GCP organization. Link the migrated projects to your company's billing account.

D.  

Create a new GCP organization and a new billing account. Migrate the acquired company's projects and your company's projects into the new GCP organization and link the projects to the new billing account.

A.  

Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range.

B.  

Create a single custom VPC with 2 subnets. Create each subnet in the same region and with the same CIDR range.

C.  

Create 2 custom VPCs, each with a single subnet. Create each subnet is a different region and with a different CIDR range.

D.  

Create 2 custom VPCs, each with a single subnet. Create each subnet in the same region and with the same CIDR range.

A.  

Provision a Standard zonal Google Kubernetes Engine (GKE) cluster.

B.  

Provision a fleet of Compute Engine instances and install Kubernetes.

C.  

Provision a Google Kubernetes Engine (GKE) Autopilot cluster.

D.  

Provision a Standard regional Google Kubernetes Engine (GKE) cluster.

A.  

Perform a rolling-action start-update with maxSurge set to 0 and maxUnavailable set to 1.

B.  

Perform a rolling-action start-update with maxSurge set to 1 and maxUnavailable set to 0.

C.  

Create a new managed instance group with an updated instance template. Add the group to the backend service for the load balancer. When all instances in the new managed instance group are healthy, delete the old managed instance group.

D.  

Create a new instance template with the new application version. Update the existing managed instance group with the new instance template. Delete the instances in the managed instance group to allow the managed instance group to recreate the instance using the new instance template.

A.  

Use the gcloud pubsub subscriptions seek email-updates command.

B.  

Use the gcloud pubsub topics describe new-orders command.

C.  

Use the gcloud pubsub subscriptions pull email-updates —auto-ack command.

D.  

Use the gcloud pubsub topics list-subscriptions new-orders —1ilter="email-updates" command.

A.  

Assign appropriate access for Google services to the service account used by the Compute Engine VM.

B.  

Create a service account with appropriate access for Google services, and configure the application to use this account.

C.  

Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.

D.  

Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.

A.  

Grant the basic role roles/viewer and the predefined role roles/compute.admin to the DevOps group.

B.  

Create an IAM policy and grant all compute. instanceAdmln." permissions to the policy Attach the policy to the DevOps group.

C.  

Create a custom role at the folder level and grant all compute. instanceAdmln. * permissions to the role Grant the custom role to the DevOps group.

D.  

Grant the basic role roles/editor to the DevOps group.

A.  

Run gcloud iam roles list. Review the output section.

B.  

Run gcloud iam service-accounts list. Review the output section.

C.  

Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles.

D.  

Navigate to the project and then to the Roles section in the GCP Console. Review the roles and status.

A.  

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

B.  

Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

C.  

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

D.  

Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

A.  

Deploy your application to a second Cloud Run service, and ask your customers to use the second Cloud Run service.

B.  

Ask your customers to retry access to your service with exponential backoff to mitigate any potential problems after the new revision is deployed.

C.  

Gradually roll out the new revision and split customer traffic between the revisions to allow rollback in case a problem occurs.

D.  

Send all customer traffic to the new revision, and roll back to a previous revision if you witness any problems in production.

A.  

Create an export to the sink that saves logs from Cloud Audit to BigQuery.

B.  

Create an export to the sink that saves logs from Cloud Audit to a Coldline Storage bucket.

C.  

Write a custom script that uses logging API to copy the logs from Stackdriver logs to BigQuery.

D.  

Export these logs to Cloud Pub/Sub and write a Cloud Dataflow pipeline to store logs to Cloud SQL.

A.  

Use the BigQuery interface to review the nightly Job and look for any errors

B.  

Review the Error Reporting page in the Cloud Console to find any errors.

C.  

In Cloud Logging create a filter for your Data Studio report

D.  

Use the open source CLI tool. Snapshot Debugger, to find out why the data was not refreshed correctly.

A.  

Create one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively.

B.  

Create one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively.

C.  

Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.

D.  

Create one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively.

A.  

Use your existing CI/CD pipeline Use the generated Docker images and deploy them to Cloud Run. Update the configurations and the required endpoints.

B.  

Use your existing continuous integration and delivery (CI/CD) pipeline. Use the generated Docker images and deploy them to Cloud Function. Use the same configuration as on-premises.

C.  

Use the existing codebase and deploy each service as a separate Cloud Function Update the configurations and the required endpoints.

D.  

Use your existing codebase and deploy each service as a separate Cloud Run Use the same configurations as on-premises.

A.  

For each GCP product in the solution, review the pricing details on the products pricing page. Use the pricing calculator to total the monthly costs for each GCP product.

B.  

For each GCP product in the solution, review the pricing details on the products pricing page. Create a Google Sheet that summarizes the expected monthly costs for each product.

C.  

Provision the solution on GCP. Leave the solution provisioned for 1 week. Navigate to the Billing Report page in the Google Cloud Platform Console. Multiply the 1 week cost to determine the monthly costs.

D.  

Provision the solution on GCP. Leave the solution provisioned for 1 week. Use Stackdriver to determine the provisioned and used resource amounts. Multiply the 1 week cost to determine the monthly costs.

A.  

Create a dataflow job that copies data from Cloud Bigtable and Cloud Storage for specific users.

B.  

Create a dataflow job that copies data from Cloud Bigtable and Cloud Spanner for specific users.

C.  

Create a Cloud Dataproc cluster that runs a Spark job to extract data from Cloud Bigtable and Cloud Storage for specific users.

D.  

Create two separate BigQuery external tables on Cloud Storage and Cloud Bigtable. Use the BigQuery console to join these tables through user fields, and apply appropriate filters.

A.  

A cross-region internal Application Load Balancer together with Identity-Aware Proxy to allow only HTTPS traffic.

B.  

A global external Application Load Balancer with a managed SSL certificate to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend.

C.  

A global external Network Load Balancer pointing to the backend instances to distribute the load evenly. The web servers will forward the request to the Cloud Storage as needed.

D.  

A global external Application Load Balancer to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend. Install the HTTPS certificates on the instance.

A.  

Open the Google Cloud console, and run a query to determine which resources this service account can access.

B.  

Open the Google Cloud console, and run a query of the audit logs to find permission denied errors for this service account.

C.  

Open the Google Cloud console, and check the organization policies.

D.  

Open the Google Cloud console, and check the Identity and Access Management (IAM) roles assigned to the service account at the project or inherited from the folder or organization levels.

A.  

Select Google Kubernetes Engine. Use a single-node cluster with a small instance type.

B.  

Select Google Kubernetes Engine. Use a three-node cluster with micro instance types.

C.  

Select Compute Engine. Use preemptible VM instances of the appropriate standard machine type.

D.  

Select Compute Engine. Use VM instance types that support micro bursting.

A.  

Instruct the external consultant to use the gcloud compute ssh command line tool by using Identity-Aware Proxy to access the instance.

B.  

Instruct the external consultant to use the gcloud compute ssh command line tool by using the public IP address of the instance to access it.

C.  

Instruct the external consultant to generate an SSH key pair, and request the public key from the consultant.Add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key.

D.  

Instruct the external consultant to generate an SSH key pair, and request the private key from the consultant.Add the private key to the instance yourself, and have the consultant access the instance through SSH with their public key.

A.  

Add the users to roles/browser role.

B.  

Add the users to roles/iam.roleViewer role.

C.  

Add the users to a group, and add this group to roles/browser role.

D.  

Add the users to a group, and add this group to roles/iam.roleViewer role.

A.  

Use the command gcloud config set container/cluster dev.

B.  

Use the command gcloud container clusters update dev.

C.  

Create a file called gke.default in the ~/.gcloud aname.

D.  

Create a file called defaults.json in the ~/.gcloud folder that contains the cluster name.

A.  

Create individual VPCs per Google Cloud project. Peer all the VPCs together. Apply organization policies on the organization level.

B.  

Create individual VPCs for each Google Cloud project. Peer all the VPCs together. Apply hierarchical firewall policies on the organization level.

C.  

Create a host VPC project with each production project as its service project. Apply organization policies on the organization level.

D.  

Create a host VPC project with each production project as its service project. Apply hierarchical firewall policies on the organization level.

A.  

Enable retention policies on the bucket, and use Cloud Scheduler to invoke a Cloud Function to move or delete your documents based on their metadata.

B.  

Enable retention policies on the bucket, use lifecycle rules to change the storage classes of the objects, set the number of versions, and delete old files.

C.  

Enable object versioning on the bucket, and use Cloud Scheduler to invoke a Cloud Functions instance to move or delete your documents based on their metadata.

D.  

Enable object versioning on the bucket, use lifecycle conditions to change the storage class of the objects, set the number of versions, and delete old files.

A.  

Google Compute Engine

B.  

Google App Engine

C.  

Cloud Functions

D.  

Google Kubernetes Engine

A.  

1. Create a Cloud Monitoring Dashboard2. Collect metrics and publish them into the Pub/Sub topics 3. Add CPU and network Charts (or each of (he three projects

B.  

1. Create a Cloud Monitoring Dashboard.2. Select the CPU and Network metrics from the three projects.3. Add CPU and network Charts lot each of the three protects.

C.  

1 Create a Service Account and apply roles/viewer on the three projects2. Collect metrics and publish them lo the Cloud Monitoring API3. Add CPU and network Charts for each of the three projects.

D.  

1. Create a fourth Google Cloud project2 Create a Cloud Workspace from the fourth project and add the other three projects

A.  

kubectl delete deployment nginx

B.  

kubectl delete –deployment=nginx

C.  

kubectl delete pod nginx-84748895c4-k6bzl –no-restart 2

D.  

kubectl delete inginx

A.  

Change the default region property setting in the existing GCP project to asia-northeast1.

B.  

Change the region property setting in the existing App Engine application from us-central to asia-northeast1.

C.  

Create a second App Engine application in the existing GCP project and specify asia-northeast1 as the region to serve your application.

D.  

Create a new GCP project and create an App Engine application inside this new project. Specify asia-northeast1 as the region to serve your application.

A.  

Use kubectl app deploy .

B.  

Use gcloud app deploy .

C.  

Create a docker image from the Dockerfile and upload it to Container Registry. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.

D.  

Create a docker image from the Dockerfile and upload it to Cloud Storage. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.

A.  

Verify that both projects are in a GCP Organization. Create a new VPC and add all instances.

B.  

Verify that both projects are in a GCP Organization. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC.

C.  

Verify that you are the Project Administrator of both projects. Create two new VPCs and add all instances.

D.  

Verify that you are the Project Administrator of both projects. Create a new VPC and add all instances.

A.  

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Coldline Storage.

B.  

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage.

C.  

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Coldline Storage.

D.  

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Nearline Storage.

A.  

Use a Cloud Scheduler cron job to trigger a Cloud Function that queries Cloud Logging and sends the logs to the SaaS tool.

B.  

Create a Cloud Logging sink and configure Pub/Sub as the destination. Configure the SaaS tool to subscribe to the Pub/Sub topic to retrieve the logs.

C.  

Create a Cloud Logging sink and configure Cloud Storage as the destination. Configure the SaaS tool to read the Cloud Storage bucket to retrieve the logs.

D.  

Create a Cloud Logging sink and configure BigQuery as the destination. Configure the SaaS tool to query BigQuery to retrieve the logs.

A.  

Use the gsutil to rewrite the storage class for the bucket Change the default storage class for the bucket

B.  

Use the gsutil to rewrite the storage class for the bucket Set up Object Lifecycle management on the bucket

C.  

Create a new bucket and change the default storage class for the bucket Set up Object Lifecycle management on lite bucket

D.  

Create a new bucket and change the default storage class for the bucket import the files from the previous bucket into the new bucket

A.  

Using the GCP Console, filter the Activity log to view the information.

B.  

Using the GCP Console, filter the Stackdriver log to view the information.

C.  

View the bucket in the Storage section of the GCP Console.

D.  

Create a trace in Stackdriver to view the information.

A.  

Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner.

B.  

Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner.

C.  

Create a custom role by removing delete permissions, and add users to that role only.

D.  

Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.

A.  

kubectl get deployments –output=pods

B.  

gcloud get pods –selector=”app=prod”

C.  

kubectl get pods -I “app=prod”

D.  

gcloud list gke-deployments -filter={pod }

A.  

1. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)• Protocols: allow all

B.  

1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow TCP: 8080

C.  

1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow all

D.  

1. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)• Protocols: allow TCP: 8080

A.  

Use SSL proxy load balancing for the MIG and an A record in your DNS private zone with the load balancer's IP address.

B.  

Use SSL proxy load balancing for the MIG and a CNAME record in your DNS public zone with the load balancer's IP address.

C.  

Use HTTP(S) load balancing for the MIG and a CNAME record in your DNS private zone with the load balancer's IP address.

D.  

Use HTTP(S) load balancing for the MIG and an A record in your DNS public zone with the load balancer's IP address.

A.  

Write a script that runs gsutil Is -| – gs://myapp-gcp-ace-logs/ to find and remove items older than 90 days. Schedule the script with cron.

B.  

Write a lifecycle management rule in JSON and push it to the bucket with gsutil lifecycle set config-json-file.

C.  

Write a lifecycle management rule in XML and push it to the bucket with gsutil lifecycle set config-xml-file.

D.  

Write a script that runs gsutil Is -Ir gs://myapp-gcp-ace-logs/ to find and remove items older than 90 days. Repeat this process every morning.

A.  

Configure Billing Data Export to BigQuery and visualize the data in Data Studio.

B.  

Visit the Cost Table page to get a CSV export and visualize it using Data Studio.

C.  

Fill all resources in the Pricing Calculator to get an estimate of the monthly cost.

D.  

Use the Reports view in the Cloud Billing Console to view the desired cost information.

A.  

Use the GCP Console to transfer the file instead of gsutil.

B.  

Enable parallel composite uploads using gsutil on the file transfer.

C.  

Decrease the TCP window size on the machine initiating the transfer.

D.  

Change the storage class of the bucket from Nearline to Multi-Regional.

A.  

Grant "project owner" for web-applications appropriate roles to crm-databases.

B.  

Grant "project owner" role to crm-databases and the web-applications project.

C.  

Grant "project owner" role to crm-databases and roles/bigquery.dataViewer role to web-applications.

D.  

Grant roles/bigquery.dataViewer role to crm-databases and appropriate roles to web-applications.

A.  

Configure Cloud Identity-Aware Proxy (or HTTPS resources

B.  

Configure Cloud Identity-Aware Proxy for SSH and TCP resources.

C.  

Create an SSH keypair and store the public key as a project-wide SSH Key

D.  

Create an SSH keypair and store the private key as a project-wide SSH Key

A.  

Run gcloud configurations list followed by gcloud configurations activate .

B.  

Run gcloud config list followed by gcloud config activate.

C.  

Run gcloud config configurations list followed by gcloud config configurations activate.

D.  

Re-authenticate with the gcloud auth login command and select the correct configurations on login.

A.  

Set up Error Reporting to identify stack traces that indicate slowdowns in Dataflow jobs. Set up alerts based on these log entries.

B.  

Use the Personalized Service Health dashboard to identify issues with Dataflow jobs across regions.

C.  

Update the Dataflow job configurations to send messages to a Pub/Sub topic when there are delays. Configure a backup Dataflow job to process jobs that are delayed. Use Cloud Tasks to trigger an alert when messages are pushed to the Pub/Sub topic.

D.  

Set up Cloud Monitoring alerts on the data freshness metric for the Dataflow jobs to receive a notification when a certain threshold is reached.

A.  

Create a custom role with view-only project permissions. Add the user's account to the custom role.

B.  

Create a custom role with view-only service permissions. Add the user's account to the custom role.

C.  

Select the built-in IAM project Viewer role. Add the user's account to this role.

D.  

Select the built-in IAM service Viewer role. Add the user's account to this role.

A.  

Enable OS Login for all VMs. Use IAM roles to grant user permissions.

B.  

Enable OS Login for all VMs. Write custom startup scripts to update user permissions.

C.  

Require your developers to create public SSH keys. Make the owner of the public key the root user.

D.  

Require your developers to create public SSH keys. Write custom startup scripts to update user permissions.

A.  

Create a cron job that runs on a scheduled basis to review stackdriver monitoring metrics, and then resize the Spanner instance accordingly.

B.  

Create a Stackdriver alerting policy to send an alert to oncall SRE emails when Cloud Spanner CPU exceeds the threshold. SREs would scale resources up or down accordingly.

C.  

Create a Stackdriver alerting policy to send an alert to Google Cloud Support email when Cloud Spanner CPU exceeds your threshold. Google support would scale resources up or down accordingly.

D.  

Create a Stackdriver alerting policy to send an alert to webhook when Cloud Spanner CPU is over or under your threshold. Create a Cloud Function that listens to HTTP and resizes Spanner resources accordingly.

A.  

Create an Instance template with the container image, and deploy a Managed Instance Group withAutoscaling.

B.  

Upload Docker images to Artifact Registry, and deploy the application on Google Kubernetes Engine usingStandard mode.

C.  

Upload Docker images to the Cloud Storage, and deploy the application on Google Kubernetes Engine usingStandard mode.

D.  

Upload Docker images to Artifact Registry, and deploy the application on Cloud Run.

A.  

Navigate to Stackdriver Logging and select resource.labels.project_id="*"

B.  

Create a Stackdriver Logging Export with a Sink destination to a BigQuery dataset. Configure the table expiration to 60 days.

C.  

Create a Stackdriver Logging Export with a Sink destination to Cloud Storage. Create a lifecycle rule to delete objects after 60 days.

D.  

Configure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuery. Configure the table expiration to 60 days.

A.  

.00.0.0/0

B.  

10.0.0.0/8

C.  

172.16.0.0/12

D.  

192.168.0.0/16

A.  

View System Event Logs in Stackdriver. Search for the user’s email as the principal.

B.  

View System Event Logs in Stackdriver. Search for the service account associated with the user.

C.  

View Data Access audit logs in Stackdriver. Search for the user’s email as the principal.

D.  

View the Admin Activity log in Stackdriver. Search for the service account associated with the user.

A.  

Deploy the container on Cloud Run.

B.  

Deploy the container on Cloud Run on GKE.

C.  

Deploy the container on App Engine Flexible.

D.  

Deploy the container on Google Kubernetes Engine, with cluster autoscaling and horizontal pod autoscaling enabled.

A.  

Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery

B.  

Firebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery

C.  

Cloud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable

D.  

Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery

A.  

Ask the auditor for their Google account, and give them the Viewer role on the project.

B.  

Ask the auditor for their Google account, and give them the Security Reviewer role on the project.

C.  

Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.

D.  

Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project.

A.  

Use traffic splitting

B.  

Modify the minimum number of Cloud Run instances.

C.  

Set a minimum concurrent requests environment variable for the application.

D.  

Increase the maximum number of Cloud Run instances.

A.  

Open the Cloud Spanner console to review configurations.

B.  

Open the IAM & admin console to review IAM policies for Cloud Spanner roles.

C.  

Go to the Stackdriver Monitoring console and review information for Cloud Spanner.

D.  

Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles.

A.  

Create a cluster with a single node-pool by using standard VMs. Label the fault-tolerant Deployments as spot-true.

B.  

Create a cluster with a single node-pool by using Spot VMs. Label the critical Deployments as spot-false.

C.  

Create a cluster with both a Spot W node pool and a rode pool by using standard VMs Deploy the critical.deployments on the Spot VM node pool and the fault; tolerant deployments on the node pool by using standard VMs.

D.  

Create a cluster with both a Spot VM node pool and by using standard VMs. Deploy the critical deployments on the mode pool by using standard VMs and the fault-tolerant deployments on the Spot VM node pool.

A.  

Use Cloud Logging filters to create log-based metrics for firewall and instance actions. Monitor the changes and set up reasonable alerts.

B.  

Install Kibana on a compute Instance. Create a log sink to forward Cloud Audit Logs filtered for firewalls andcompute instances to Pub/Sub. Target the Pub/Sub topic to push messages to the Kibana instance. Analyze the logs on Kibana in real time.

C.  

Turn on Google Cloud firewall rules logging, and set up alerts for any insert, update, or delete events.

D.  

Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Cloud Storage.Use BigQuery to periodically analyze log events in the storage bucket.

A.  

Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

B.  

Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.

C.  

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.

D.  

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

A.  

Create a health check on port 443 and use that when creating the Managed Instance Group.

B.  

Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.

C.  

In the Instance Template, add the label ‘health-check’.

D.  

In the Instance Template, add a startup script that sends a heartbeat to the metadata server.

A.  

Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.

B.  

Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service.

C.  

Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.

D.  

Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application. Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on.

A.  

Use the Google Cloud Pricing Calculator to determine the cost of every Google Cloud resource you expect to use. Use similar size instances for the web server, and use your current on-premises machines as a comparison for Cloud SQL.

B.  

Implement a similar architecture on Google Cloud, and run a reasonable load test on a smaller scale. Check the billing information, and calculate the estimated costs based on the real load your system usually handles.

C.  

Use the Google Cloud Pricing Calculator and select the Cloud Operations template to define your web application with as much detail as possible.

D.  

Create a Google spreadsheet with multiple Google Cloud resource combinations. On a separate sheet, import the current Google Cloud prices and use these prices for the calculations within formulas.

A.  

Create two configurations using gcloud config. Write a script that sets configurations as active, individually. For each configuration, use gcloud compute instances list to get a list of compute resources.

B.  

Create two configurations using gsutil config. Write a script that sets configurations as active, individually. For each configuration, use gsutil compute instances list to get a list of compute resources.

C.  

Go to Cloud Shell and export this information to Cloud Storage on a daily basis.

D.  

Go to GCP Console and export this information to Cloud SQL on a daily basis.

A.  

Upload the code to Cloud Functions. Use Cloud Scheduler to start the application.

B.  

Create a container for the set of binaries. Use Cloud Scheduler to start a Cloud Run job for the container.

C.  

Create a container for the set of binaries Deploy the container to Google Kubernetes Engine (GKE) and use the Kubernetes scheduler to start the application.

D.  

Lift and shift to a VM on Compute Engine. Use an instance schedule to start and stop the instance.

A.  

Enable the Cloud Pub/Sub API in the API Library on the GCP Console.

B.  

Rely on the automatic enablement of the Cloud Pub/Sub API when the Service Account accesses it.

C.  

Use Deployment Manager to deploy your application. Rely on the automatic enablement of all APIs used by the application being deployed.

D.  

Grant the App Engine Default service account the role of Cloud Pub/Sub Admin. Have your application enable the API on the first connection to Cloud Pub/Sub.

A.  

Configure a Standard multi-zonal GKE cluster.

B.  

Configure an Autopilot GKE cluster.

C.  

Configure a Standard zonal GKE cluster.

D.  

Configure a Standard regional GKE cluster.

A.  

Fill in local SSD. Fill in persistent disk storage and snapshot storage.

B.  

Fill in local SSD. Add estimated cost for cluster management.

C.  

Select Add GPUs. Fill in persistent disk storage and snapshot storage.

D.  

Select Add GPUs. Add estimated cost for cluster management.

A.  

Create a retention policy on the storage bucket of 30 days, and lock the bucket by using a retention policy lock.

B.  

Enable object versioning on the storage bucket and add lifecycle rules to expire non-current versions after 30 days

C.  

Create an object lifecycle on the storage bucket to change the storage class to Archive Storage for objects with an age over 30 days.

D.  

Create a cron job in Cloud Scheduler to call a Cloud Functions instance every day to delete files older than 30 days.

A.  

1. Verify that you ace assigned the Billing Administrator IAM role tor your organization's Google Cloud Project for the Marketing department2. Link the new project to a Marketing Billing Account

B.  

1. Verify that you are assigned the Billing Administrator IAM role for your organization's Google Cloud account2. Create a new Google Cloud Project for the Marketing department3. Set the default key-value project labels to department marketing for all services in this project

C.  

1. Verify that you are assigned the Organization Administrator IAM role for your organization's Google Cloud account2. Create a new Google Cloud Project for the Marketing department 3. Link the new project to a Marketing Billing Account.

D.  

1. Verity that you are assigned the Organization Administrator IAM role for your organization's Google Cloud account2. Create a new Google Cloud Project for the Marketing department3. Set the default key value project labels to department marketing for all services in this protect

A.  

Reserve the IP 10.0.3.21 as a static internal IP address using gcloud and assign it to the licensing server.

B.  

Reserve the IP 10.0.3.21 as a static public IP address using gcloud and assign it to the licensing server.

C.  

Use the IP 10.0.3.21 as a custom ephemeral IP address and assign it to the licensing server.

D.  

Start the licensing server with an automatic ephemeral IP address, and then promote it to a static internal IP address.

A.  

Use labels to group resources that share common IAM policies

B.  

Use folders to group resources that share common IAM policies

C.  

Set up a proper billing account structure to group IAM policies

D.  

Set up a proper project naming structure to group IAM policies

A.  

Create a Cloud Bigtable cluster and use the HBase API

B.  

Deploy MongoDB Alias from the Google Cloud Marketplace

C.  

Download a MongoDB installation package and run it on Compute Engine instances

D.  

Download a MongoDB installation package, and run it on a Managed Instance Group