A.  

Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application.

B.  

Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications.

C.  

Create a single G Suite account to manage users with each stage of each application in its own project.

D.  

Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment.

A.  

A single VPN tunnel, which limits throughput

B.  

A tier of Google Cloud Storage that is not suited for this task

C.  

A copy command that is not suited to operate over long distances

D.  

Fewer virtual machines (VMs) in GCP than on-premises machines

E.  

A separate storage layer outside the VMs, which is not suited for this task

F.  

Complicated internet connectivity between the on-premises infrastructure and GCP

A.  

Delete the virtual machine (VM) and disks and create a new one.

B.  

Delete the instance, attach the disk to a new VM, and investigate.

C.  

Take a snapshot of the disk and connect to a new machine to investigate.

D.  

Check inbound firewall rules for the network the machine is connected to.

E.  

Connect the machine to another network with very simple firewall rules and investigate.

F.  

Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate.

A.  

Save the files in a Multi-Regional Cloud Storage bucket.

B.  

Save the files in a Regional Cloud Storage bucket, one bucket per zone of the region.

C.  

Save the files in multiple Regional Cloud Storage buckets, one bucket per zone per region.

D.  

Save the files in multiple Multi-Regional Cloud Storage buckets, one bucket per multi-region.

A.  

Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs).

B.  

Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs.

C.  

Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs

D.  

Deploy a custom authentication service on GCE/Google Container Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs.

A.  

Ensure every code check-in is peer reviewed by a security SME.

B.  

Use source code security analyzers as part of the CI/CD pipeline.

C.  

Ensure you have stubs to unit test all interfaces between components.

D.  

Enable code signing and a trusted binary repository integrated with your CI/CD pipeline.

E.  

Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD) pipeline.

A.  

1. Set a CORS configuration in the target Cloud Storage bucket where the base URL of the App

Engine application is an allowed origin.

2. Use the Cloud Storage Signed URL feature to generate a POST URL.

B.  

1. Set a CORS configuration in the target Cloud Storage bucket where the base URL of the App

Engine application is an allowed origin.

2. Assign the Cloud Storage WRITER role to users who upload files.

C.  

1. Use the Cloud Storage Signed URL feature to generate a POST URL.

2. Use App Engine default credentials to sign requests against Cloud Storage.

D.  

1. Assign the Cloud Storage WRITER role to users who upload files.

2. Use App Engine default credentials to sign requests against Cloud Storage.

A.  

Have users upload the images to Cloud Storage. Protect the bucket with a password that expires after 24 hours.

B.  

Have users upload the images to Cloud Storage using a signed URL that expires after 24 hours.

C.  

Create an App Engine web application where users can upload images. Configure App Engine to disable the application after 24 hours. Authenticate users via Cloud Identity.

D.  

Create an App Engine web application where users can upload images for the next 24 hours. Authenticate users via Cloud Identity.

A.  

Use a unique identifier for each individual. Upon a deletion request, delete all rows from BigQuery with this identifier.

B.  

When ingesting new data in BigQuery, run the data through the Data Loss Prevention (DLP) API to identify any personal information. As part of the DLP scan, save the result to Data Catalog. Upon a deletion request, query Data Catalog to find the column with personal information.

C.  

Create a BigQuery view over the table that contains all data. Upon a deletion request, exclude the rows that affect the subject’s data from this view. Use this view instead of the source table for all analysis tasks.

D.  

Use a unique identifier for each individual. Upon a deletion request, overwrite the column with the unique identifier with a salted SHA256 of its value.

A.  

All admin and VM system logs are automatically collected by Stackdriver.

B.  

Stackdriver automatically collects admin activity logs for most services. The Stackdriver Logging agent

must be installed on each instance to collect system logs.

C.  

Launch a custom syslogd compute instance and configure your GCP project and VMs to forward all logs to it.

D.  

Install the Stackdriver Logging agent on a single compute instance and let it collect all audit and access logs for your environment.

A.  

Store time-series data from the game servers in Google Bigtable, and view it using Google Data Studio.

B.  

Output custom metrics to Stackdriver from the game servers, and create a Dashboard in Stackdriver

Monitoring Console to view them.

C.  

Schedule BigQuery load jobs to ingest analytics files uploaded to Cloud Storage every ten minutes, and visualize the results in Google Data Studio.

D.  

Insert the KPIs into Cloud Datastore entities, and run ad hoc analysis and visualizations of them in Cloud Datalab.

A.  

Request Transfer Appliances from Google Cloud, export the data to appliances, and return the appliances to Google Cloud.

B.  

Configure the Storage Transfer service from Google Cloud to send the data from your data center to Cloud Storage

C.  

Make sure there are no other users consuming the 1 Gbps link, and use multi-thread transfer to upload the data to Cloud Storage.

D.  

Export files to an encrypted USB device, send the device to Google Cloud, and request an import of the data to Cloud Storage

A.  

Create a Kubernetes admission controller to prevent the container from starting if it is not approved for usage in the given environment

B.  

Configure a Kubernetes lifecycle hook to prevent the container from starting if it is not approved for usage in the given environment

C.  

Implement a corporate policy to prevent teams from deploying Docker image to an environment unless the Docker image was tested in an earlier environment

D.  

Configure the binary authorization policies for the development, staging and production clusters. Create attestations as part of the continuous integration pipeline”

A.  

Create a BigQuery table for the European data, and set the table retention period to 36 months. For Cloud Storage, use gsutil to enable lifecycle management using a DELETE action with an Age condition of 36 months.

B.  

Create a BigQuery table for the European data, and set the table retention period to 36 months. For Cloud Storage, use gsutil to create a SetStorageClass to NONE action when with an Age condition of 36 months.

C.  

Create a BigQuery time-partitioned table for the European data, and set the partition expiration period to 36 months. For Cloud Storage, use gsutil to enable lifecycle management using a DELETE action with an Age condition of 36 months.

D.  

Create a BigQuery time-partitioned table for the European data, and set the partition period to 36 months. For Cloud Storage, use gsutil to create a SetStorageClass to NONE action with an Age condition of 36 months.

A.  

Create a scheduled job in Cloud Run to invoke a container every minute. The container will check the application URL If the application is down, switch the URL to the "Site is unavailable" page, and notify the Ops team.

B.  

Create a cron job on a Compute Engine VM that runs every minute. The cron job invokes a Python program to check the application URL If the application is down, switch the URL to the "Site is unavailable" page, and notify the Ops team.

C.  

Create a Cloud Monitoring uptime check to validate the application URL If it fails, put a message in a Pub/Sub queue that triggers a Cloud Function to switch the URL to the "Site is unavailable" page, and notify the Ops team.

D.  

Use Cloud Error Reporting to check the application URL If the application is down, switch the URL to the "Site is unavailable" page, and notify the Ops team.

A.  

Create a Cloud Storage lifecycle rule with Age: “30”, Storage Class: “Standard”, and Action: “Set to Coldline”, and create a second GCS life-cycle rule with Age: “365”, Storage Class: “Coldline”, and Action: “Delete”.

B.  

Create a Cloud Storage lifecycle rule with Age: “30”, Storage Class: “Coldline”, and Action: “Set to Nearline”, and create a second GCS life-cycle rule with Age: “91”, Storage Class: “Coldline”, and Action: “Set to Nearline”.

C.  

Create a Cloud Storage lifecycle rule with Age: “90”, Storage Class: “Standard”, and Action: “Set to Nearline”, and create a second GCS life-cycle rule with Age: “91”, Storage Class: “Nearline”, and Action: “Set to Coldline”.

D.  

Create a Cloud Storage lifecycle rule with Age: “30”, Storage Class: “Standard”, and Action: “Set to Coldline”, and create a second GCS life-cycle rule with Age: “365”, Storage Class: “Nearline”, and Action: “Delete”.

A.  

Set up a streaming Cloud Dataflow job, receiving data by the ingestion process. Clean the data in a Cloud Dataflow pipeline.

B.  

Create a Cloud Function that reads data from BigQuery and cleans it. Trigger it. Trigger the Cloud Function from a Compute Engine instance.

C.  

Create a SQL statement on the data in BigQuery, and save it as a view. Run the view daily, and save the result to a new table.

D.  

Use Cloud Dataprep and configure the BigQuery tables as the source. Schedule a daily job to clean the data.

A.  

Google Kubernetes Engine with an SSL Ingress

B.  

Cloud IoT Core with public/private key pairs

C.  

Compute Engine with project-wide SSH keys

D.  

Compute Engine with specific SSH keys

A.  

Open a support case regarding the CVE and chat with the support engineer.

B.  

Read the CVEs from the Google Cloud Status Dashboard to understand the impact.

C.  

Read the CVEs from the Google Cloud Platform Security Bulletins to understand the impact

D.  

Post a question regarding the CVE in Stack Overflow to get an explanation

E.  

Post a question regarding the CVE in a Google Cloud discussion group to get an explanation

A.  

Use gRPC instead of HTTP for better performance.

B.  

Implement retry logic using a truncated exponential backoff strategy.

C.  

Make sure the Cloud Storage bucket is multi-regional for geo-redundancy.

D.  

Monitor https://status.cloud.google.com/feed.atom and only make requests if Cloud Storage is not reporting

an incident.

A.  

Create a token and pass it in as an environment variable to func_display. When invoking func_query, include the token in the request Pass the same token to func _query and reject the invocation if the tokens are different.

B.  

Make func_query 'Require authentication.' Create a unique service account and associate it to func_display. Grant the service account invoker role for func_query. Create an id token in func_display and include the token to the request when invoking func_query.

C.  

Make func _query 'Require authentication' and only accept internal traffic. Create those two functions in the same VP

C.  

D.  

Create those two functions in the same project and VPC. Make func_query only accept internal traffic. Create an ingress firewall for func_query to only allow traffic from func_display. Also, make sure both functions use the same service account.

A.  

Replace the existing data warehouse with BigQuery. Use table partitioning.

B.  

Replace the existing data warehouse with a Compute Engine instance with 96 CPUs.

C.  

Replace the existing data warehouse with BigQuery. Use federated data sources.

D.  

Replace the existing data warehouse with a Compute Engine instance with 96 CPUs. Add an additional Compute Engine pre-emptible instance with 32 CPUs.

A.  

Error rates for requests from Asia

B.  

Latency difference between US and Asia

C.  

Total visits, error rates, and latency from Asia

D.  

Total visits and average latency for users in Asia

E.  

The number of character sets present in the database

A.  

Set up Cloud Tasks and a Cloud Storage bucket that triggers a Cloud Function.

B.  

Set up a Cloud Logging sink and a Cloud Storage bucket that triggers a Cloud Function.

C.  

Configure the deployment job to notify a Pub/Sub queue that triggers a Cloud Function.

D.  

Set up Identity and Access Management (IAM) and Confidential Computing to trigger a Cloud Function.

A.  

Use Explainable AI.

B.  

Use Vision AI.

C.  

Use Google Cloud’s operations suite.

D.  

Use Jupyter Notebooks.

A.  

glouc compute firewall rules update hlr-policy \

--priority 1000 \

target tags-sourceiplist fastly \

--allow tcp:443

B.  

gcloud compute security policies rules update 1000 \

--security-policy hlr-policy \

--expression "evaluatePreconfiguredExpr('sourceiplist-fastly')" \

--action " allow"

C.  

gcloud compute firewall rules update

sourceiplist-fastly \

priority 1000 \

allow tcp: 443

D.  

gcloud compute priority-policies rules update

1000 \

security policy from fastly

--src- ip-ranges"

-- action " allow"

A.  

Assign custom IAM roles to the Google Groups you created in order to enforce security requirements.

Encrypt data with a customer-supplied encryption key when storing files in Cloud Storage.

B.  

Assign custom IAM roles to the Google Groups you created in order to enforce security requirements.

Enable default storage encryption before storing files in Cloud Storage.

C.  

Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements.

Utilize Google’s default encryption at rest when storing files in Cloud Storage.

D.  

Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Ensure that the default Cloud KMS key is set before storing files in Cloud Storage.

A.  

Migrate the web application layer to App Engine, and MySQL to Cloud Datastore, and NAS to Cloud Storage. Deploy RabbitMQ, and deploy Hadoop servers using Deployment Manager.

B.  

Migrate RabbitMQ to Cloud Pub/Sub, Hadoop to BigQuery, and NAS to Compute Engine with Persistent Disk storage. Deploy Tomcat, and deploy Nginx using Deployment Manager.

C.  

Implement managed instance groups for Tomcat and Nginx. Migrate MySQL to Cloud SQL, RabbitMQ to Cloud Pub/Sub, Hadoop to Cloud Dataproc, and NAS to Compute Engine with Persistent Disk storage.

D.  

Implement managed instance groups for the Tomcat and Nginx. Migrate MySQL to Cloud SQL, RabbitMQ to Cloud Pub/Sub, Hadoop to Cloud Dataproc, and NAS to Cloud Storage.

A.  

Deploy Nginx and Tomcat using Cloud Deployment Manager to Compute Engine. Deploy a Cloud SQL server to replace MySQL. Deploy Jenkins using Cloud Deployment Manager.

B.  

Deploy Nginx and Tomcat using Cloud Launcher. Deploy a MySQL server using Cloud Launcher. Deploy Jenkins to Compute Engine using Cloud Deployment Manager scripts.

C.  

Migrate Nginx and Tomcat to App Engine. Deploy a Cloud Datastore server to replace the MySQL server in a high-availability configuration. Deploy Jenkins to Compute Engine using Cloud Launcher.

D.  

Migrate Nginx and Tomcat to App Engine. Deploy a MySQL server using Cloud Launcher. Deploy Jenkins to Compute Engine using Cloud Launcher.

A.  

Build or leverage an OAuth-compatible access control system.

B.  

Build SAML 2.0 SSO compatibility into your authentication system.

C.  

Restrict data access based on the source IP address of the partner systems.

D.  

Create secondary credentials for each dealer that can be given to the trusted third party.

A.  

Use Stackdriver Trace to create a trace list analysis.

B.  

Use Stackdriver Monitoring to create a dashboard on the project’s activity.

C.  

Enable Cloud Identity-Aware Proxy in all projects, and add the group of Administrators as a member.

D.  

Use the Activity page in the GCP Console and Stackdriver Logging to provide the required insight.

A.  

Replace RabbitMQ with Google Pub/Sub.

B.  

Downgrade MySQL to v5.7, which is supported by Cloud SQL for MySQL.

C.  

Resize compute resources to match predefined Compute Engine machine types.

D.  

Containerize the micro services and host them in Google Kubernetes Engine.

A.  

Web applications deployed using App Engine standard environment

B.  

RabbitMQ deployed using an unmanaged instance group

C.  

Hadoop/Spark deployed using Cloud Dataproc Regional in High Availability mode

D.  

Jenkins, monitoring, bastion hosts, security scanners services deployed on custom machine types

A.  

Have the vehicle’ computer compress the data in hourly snapshots, and store it in a Google Cloud storage (GCS) Nearline bucket.

B.  

Push the telemetry data in Real-time to a streaming dataflow job that compresses the data, and store it in Google BigQuery.

C.  

Push the telemetry data in real-time to a streaming dataflow job that compresses the data, and store it in Cloud Bigtable.

D.  

Have the vehicle's computer compress the data in hourly snapshots, a Store it in a GCS Coldline bucket.

A.  

Use Google App Engine with Google Cloud Endpoints. Focus on an API for dealers and partners.

B.  

Use Google App Engine with a JAX-RS Jersey Java-based framework. Focus on an API for the public.

C.  

Use Google App Engine with the Swagger (open API Specification) framework. Focus on an API for the public.

D.  

Use Google Container Engine with a Django Python container. Focus on an API for the public.

E.  

Use Google Container Engine with a Tomcat container with the Swagger (Open API Specification) framework. Focus on an API for dealers and partners.

A.  

Create a scalable environment in GCP for simulating production load.

B.  

Use the existing infrastructure to test the GCP-based backend at scale.

C.  

Build stress tests into each component of your application using resources internal to GCP to simulate load.

D.  

Create a set of static environments in GCP to test different levels of load — for example, high, medium, and low.

A.  

Google Cloud Storage, Google Cloud Dataflow, Google Compute Engine

B.  

Google Cloud Storage, Google App Engine, Google Network Load Balancer

C.  

Google Kubernetes Registry, Google Container Engine, Google HTTP(S) Load Balancer

D.  

Google Cloud Functions, Google Cloud Pub/Sub, Google Cloud Deployment Manager

A.  

Tests should scale well beyond the prior approaches.

B.  

Unit tests are no longer required, only end-to-end tests.

C.  

Tests should be applied after the release is in the production environment.

D.  

Tests should include directly testing the Google Cloud Platform (GCP) infrastructure.

A.  

Create a project for development and test and another for staging and production.

B.  

Create a network for development and test and another for staging and production.

C.  

Create one subnetwork for development and another for staging and production.

D.  

Create one project for development, a second for staging and a third for production.

A.  

Container Engine, Cloud Pub/Sub, and Cloud SQL

B.  

Cloud Dataflow, Cloud Storage, Cloud Pub/Sub, and BigQuery

C.  

Cloud SQL, Cloud Storage, Cloud Pub/Sub, and Cloud Dataflow

D.  

Cloud Dataproc, Cloud Pub/Sub, Cloud SQL, and Cloud Dataflow

E.  

Cloud Pub/Sub, Compute Engine, Cloud Storage, and Cloud Dataproc

A.  

Verify that the database is online.

B.  

Verify that the project quota hasn't been exceeded.

C.  

Verify that the new feature code did not introduce any performance bugs.

D.  

Verify that the load-testing team is not running their tool against production.

A.  

Cloud Spanner

B.  

Google BigQuery

C.  

Google Cloud SQL

D.  

Google Cloud Datastore

A.  

Create a service account (SA) in the legacy game's Google Cloud project, add this SA in the new game's IAM page, and then give it the Firebase Admin role in both projects

B.  

Create a service account (SA) in the legacy game's Google Cloud project, add a second SA in the new game's IAM page, and then give the Organization Admin role to both SAs

C.  

Create a service account (SA) in the legacy game's Google Cloud project, give it the Firebase Admin role, and then migrate the new game to the legacy game's project.

D.  

Create a service account (SA) in the lgacy game's Google Cloud project, give the SA the Organization Admin rule and then give it the Firebase Admin role in both projects

A.  

Create network load balancers. Use preemptible Compute Engine instances.

B.  

Create network load balancers. Use non-preemptible Compute Engine instances.

C.  

Create a global load balancer with managed instance groups and autoscaling policies. Use preemptible Compute Engine instances.

D.  

Create a global load balancer with managed instance groups and autoscaling policies. Use non-preemptible Compute Engine instances.

A.  

Evaluate the impact of migrating their current batch ETL code to Cloud Dataflow.

B.  

Write a schema migration plan to denormalize data for better performance in BigQuery.

C.  

Draw an architecture diagram that shows how to move from a single MySQL database to a MySQL cluster.

D.  

Load 10 TB of analytics data from a previous game into a Cloud SQL instance, and run test queries against the full dataset to confirm that they complete successfully.

E.  

Integrate Cloud Armor to defend against possible SQL injection attacks in analytics files uploaded to Cloud Storage.

A.  

Configure two Partner Interconnect connections in one metro (City), and make sure the Interconnect connections are placed in different metro zones.

B.  

Configure two VPN connections from on-premises to Google Cloud, and make sure the VPN devices on-premises are in separate racks.

C.  

Configure Direct Peering between EHR Healthcare and Google Cloud, and make sure you are peering at least two Google locations.

D.  

Configure two Dedicated Interconnect connections in one metro (City) and two connections in another metro, and make sure the Interconnect connections are placed in different metro zones.

A.  

Verify EHR's product usage against the list of compliant products on the Google Cloud compliance page.

B.  

Advise EHR to execute a Business Associate Agreement (BAA) with Google Cloud.

C.  

Use Firebase Authentication for EHR's user facing applications.

D.  

Implement Prometheus to detect and prevent security breaches on EHR's web-based applications.

E.  

Use GKE private clusters for all Kubernetes workloads.

A.  

Use a private cluster with a private endpoint with master authorized networks configured.

B.  

Use a public cluster with firewall rules and Virtual Private Cloud (VPC) routes.

C.  

Use a private cluster with a public endpoint with master authorized networks configured.

D.  

Use a public cluster with master authorized networks enabled and firewall rules.

A.  

Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances.

B.  

Revoke the compute.networkAdmin role from all users in the project with front end instances.

C.  

Create an Identity and Access Management (IAM) policy that maps the IT staff to the compute.networkAdmin role for the organization.

D.  

Create a custom Identity and Access Management (IAM) role named GCE_FRONTEND with the compute.addresses.create permission.

A.  

Increase the Pub/Sub Total Timeout retry value.

B.  

Move from a Pub/Sub subscriber pull model to a push model.

C.  

Turn off Pub/Sub message batching.

D.  

Create a backup Pub/Sub message queue.

A.  

Enable Binary Authorization on GKE, and sign containers as part of a CI/CD pipeline.

B.  

Configure Jenkins to utilize Kritis to cryptographically sign a container as part of a CI/CD pipeline.

C.  

Configure Container Registry to only allow trusted service accounts to create and deploy containers from the registry.

D.  

Configure Container Registry to use vulnerability scanning to confirm that there are no vulnerabilities before deploying the workload.

A.  

Add a new Dedicated Interconnect connection

B.  

Upgrade the bandwidth on the Dedicated Interconnect connection to 100 G

C.  

Add three new Cloud VPN connections

D.  

Add a new Carrier Peering connection

A.  

Add a new Dedicated Interconnect connection.

B.  

Upgrade the bandwidth on the Dedicated Interconnect connection to 100 G.

C.  

Add three new Cloud VPN connections.

D.  

Add a new Carrier Peering connection.

A.  

Google Cloud Storage Coldline to store the data, and gsutil to access the data.

B.  

Google Cloud Storage Nearline to store the data, and gsutil to access the data.

C.  

Google Bigtabte with US or EU as location to store the data, and gcloud to access the data.

D.  

BigQuery to store the data, and a web server cluster in a managed instance group to access the data. Google Cloud SQL mirrored across two distinct regions to store the data, and a Redis cluster in a managed instance group to access the data.