Associate-Cloud-Engineer Exam Dumps - Google Cloud Certified - Associate Cloud Engineer

Set the europe-west1-d zone as the default zone using the gcloud config subcommand.

In the Settings page for Compute Engine under Default location, set the zone to europe–west1-d.

In the CLI installation directory, create a file called default.conf containing zone=europe–west1–d.

Create a Metadata entry on the Compute Engine page with key compute/zone and value europe–west1–d.

Add the users to roles/browser role.

Add the users to roles/iam.roleViewer role.

Add the users to a group, and add this group to roles/browser role.

Add the users to a group, and add this group to roles/iam.roleViewer role.

Create one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively.

Create one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively.

Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.

Create one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively.

Write a script that runs gsutil Is -| – gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Schedule the script with cron.

Write a lifecycle management rule in JSON and push it to the bucket with gsutil lifecycle set config-json-file.

Write a lifecycle management rule in XML and push it to the bucket with gsutil lifecycle set config-xml-file.

Write a script that runs gsutil Is -Ir gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Repeat this process every morning.

Implement a Cloud Run job to rotate all service account keys periodically in pj-sa. Enforce an org policy to deny service account key creation with an exception to pj-sa.

Implement a Kubernetes Cronjob to rotate all service account keys periodically. Disable attachment of

service accounts to resources in all projects with an exception to pj-sa.

Enforce an org policy constraint allowing the lifetime of service account keys to be 24 hours. Enforce an org policy constraint denying service account key creation with an exception on pj-sa.

Enforce a DENY org policy constraint over the lifetime of service account keys for 24 hours. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

gcloud deployment-manager deployments create my-gcp-ace-cluster --config cluster.yaml

gcloud deployment-manager deployments create my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml

gcloud deployment-manager deployments apply my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml

gcloud deployment-manager deployments apply my-gcp-ace-cluster --config cluster.yaml

Deploy a Dataflow job from the batch template "Datastore lo Cloud Storage" Schedule the batch job on the desired interval

In the Cloud Console, go to Cloud Storage Upload the relevant images to the appropriate bucket

Create a script that uses the gsutil command line interface to synchronize the on-premises storage with Cloud Storage Schedule the script as a cron job

Create a Pub/Sub topic, and enable a Cloud Storage trigger for the Pub/Sub topic. Create an application that sends all medical images to the Pub/Sub lope

Use the projects. move method to move the project to your organization. Update the billing account of the project to that of your organization.

Ensure that you have an Organization Administrator Identity and Access Management (IAM) role assigned to you in both organizations. Navigate to the Resource Manager in the startup's Google Cloud organization, and drag the project to your company's organization.

Create a Private Catalog tor the Google Cloud Marketplace, and upload the resources of the startup’s production project to the Catalog. Share the Catalog with your organization, and deploy the resources in your company’s project.

Create an infrastructure-as-code template tor all resources in the project by using Terraform. and deploy that template to a new project in your organization. Delete the protect from the startup's Google Cloud organization.

Use labels to group resources that share common IAM policies

Use folders to group resources that share common IAM policies

Set up a proper billing account structure to group IAM policies

Set up a proper project naming structure to group IAM policies

Create an instance template that contains valid syntax which will be used by the instance group. Delete any persistent disks with the same name as instance names.

Create an instance template that contains valid syntax that will be used by the instance group. Verify that the instance name and persistent disk name values are not the same in the template.

Verify that the instance template being used by the instance group contains valid syntax. Delete any persistent disks with the same name as instance names. Set the disks.autoDelete property to true in the instance template.

Delete the current instance template and replace it with a new instance template. Verify that the instance name and persistent disk name values are not the same in the template. Set the disks.autoDelete property to true in the instance template.

• Navigate to Cloud Mentioning in the Google Cloud console, and create a custom monitoring job for the

Bigtable instance to track all changes.

• Create an alert by using webhook endpoints. with the SIEM endpoint as a receiver

• Navigate to the Audit Logs page in the Google Cloud console, and enable Data Read. Data Write and Admin Read logs for the Bigtable instance

• Create a Pub/Sub topic as a Cloud Logging sink destination, and add your SIEM as a subscriber to the topic.

• Install the Ops Agent on the Bigtable instance during configuration. K

• Create a service account with read permissions for the Bigtable instance.

• Create a custom Dataflow job with this service account to export logs to the company's SIEM system.

• Navigate to the Audit Logs page in the Google Cloud console, and enable Admin Write logs for the

Biglable instance.

• Create a Cloud Functions instance to export logs from Cloud Logging to your SIEM.

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

Project Editor

Storage Admin

Storage Object Admin

Storage Object Creator

Set the maximum number of instances to 1.

Decrease the maximum number of instances to 3.

Use a TCP health check instead of an HTTP health check.

Increase the initial delay of the HTTP health check to 200 seconds.

Create two configurations using gcloud config configurations create [NAME]. Run gcloud config configurations activate [NAME] to switch between accounts when running the commands to start the Compute Engine instances.

Create two configurations using gcloud config configurations create [NAME]. Run gcloud configurations list to start the Compute Engine instances.

Activate two configurations using gcloud configurations activate [NAME]. Run gcloud config list to start the Compute Engine instances.

Activate two configurations using gcloud configurations activate [NAME]. Run gcloud configurations list to start the Compute Engine instances.

Configure the Horizontal Pod Autoscaler for availability, and configure the cluster autoscaler for suggestions.

Configure the Horizontal Pod Autoscaler for availability, and configure the Vertical Pod Autoscaler recommendations for suggestions.

Configure the Vertical Pod Autoscaler recommendations for availability, and configure the Cluster autoscaler for suggestions.

Configure the Vertical Pod Autoscaler recommendations for availability, and configure the Horizontal Pod Autoscaler for suggestions.

Perform a rolling-action start-update with maxSurge set to 0 and maxUnavailable set to 1.

Perform a rolling-action start-update with maxSurge set to 1 and maxUnavailable set to 0.

Create a new managed instance group with an updated instance template. Add the group to the backend service for the load balancer. When all instances in the new managed instance group are healthy, delete the old managed instance group.

Create a new instance template with the new application version. Update the existing managed instance group with the new instance template. Delete the instances in the managed instance group to allow the managed instance group to recreate the instance using the new instance template.

• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions in one project within the Google Cloud organization.

• Copy the role across all projects created within the organization with the gcloud iam roles copy command.

• Assign the role to developers in those projects.

• Add all developers to a Google group in Google Groups for Workspace.

• Assign the predefined role of Compute Admin to the Google group at the Google Cloud organization level.

• Add all developers to a Google group in Cloud Identity.

• Assign predefined roles for Compute Engine, Cloud Functions, and Cloud SQL permissions to the Google group for each project in the Google Cloud organization.

• Add all developers to a Google group in Cloud Identity.

• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level.

• Assign the custom role to the Google group.

Create a custom role with view-only project permissions. Add the user's account to the custom role.

Create a custom role with view-only service permissions. Add the user's account to the custom role.

Select the built-in IAM project Viewer role. Add the user's account to this role.

Select the built-in IAM service Viewer role. Add the user's account to this role.

Enable API and then share charts from project A, B, and C.

Enable API and then give the metrics.reader role to projects A, B, and C.

Enable API and then use default dashboards to view all projects in sequence.

Enable API, create a workspace under project A, and then add project B and C.

1. Create a configuration for each project you need to manage.

2. Activate the appropriate configuration when you work with each of your assigned GCP projects.

1. Create a configuration for each project you need to manage.

2. Use gcloud init to update the configuration values when you need to work with a non-default project

1. Use the default configuration for one project you need to manage.

2. Activate the appropriate configuration when you work with each of your assigned GCP projects.

1. Use the default configuration for one project you need to manage.

2. Use gcloud init to update the configuration values when you need to work with a non-default project.

1. Create a consumer Gmail account.

2.Write a script that monitors the CPU usage.

3.When the CPU usage exceeds the threshold, have that script send an email using the Gmail account and smtp.gmail.com on port 25 as SMTP server.

1. Create a Stackdriver Workspace, and associate your Google Cloud Platform (GCP) project with it.

2.Create an Alerting Policy in Stackdriver that uses the threshold as a trigger condition.

3.Configure your email address in the notification channel.

1. Create a Stackdriver Workspace, and associate your GCP project with it.

2.Write a script that monitors the CPU usage and sends it as a custom metric to Stackdriver.

3.Create an uptime check for the instance in Stackdriver.

1. In Stackdriver Logging, create a logs-based metric to extract the CPU usage by using this regular expression: CPU Usage: ([0-9] {1,3}) %

2.In Stackdriver Monitoring, create an Alerting Policy based on this metric.

3.Configure your email address in the notification channel.

Invite the user to transfer their existing account

Invite the user to use an email alias to resolve the conflict

Tell the user that they must delete their existing account

Tell the user to remove all personal email from the existing account

Use SSL proxy load balancing for the MIG and an A record in your DNS private zone with the load balancer's IP address.

Use SSL proxy load balancing for the MIG and a CNAME record in your DNS public zone with the load balancer's IP address.

Use HTTP(S) load balancing for the MIG and a CNAME record in your DNS private zone with the load balancer's IP address.

Use HTTP(S) load balancing for the MIG and an A record in your DNS public zone with the load balancer's IP address.

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Coldline Storage.

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage.

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Coldline Storage.

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Nearline Storage.

Deploy the new version in the same application and use the --migrate option.

Deploy the new version in the same application and use the --splits option to give a weight of 99 to the current version and a weight of 1 to the new version.

Create a new App Engine application in the same project. Deploy the new version in that application. Use the App Engine library to proxy 1% of the requests to the new version.

Create a new App Engine application in the same project. Deploy the new version in that application. Configure your network load balancer to send 1% of the traffic to that new application.

Use kubect1 to delete the topic resource.

Use gcloud CLI to delete the topic.

Use kubect1 to create the label deleted-by-cnrm and to change its value to true for the topic resource.

Use gcloud CLI to update the topic label managed-by-cnrm to false.

1. Give the BigQuery Data Editor role on the platform-logs dataset to the service accounts used by your instances.2. Update your instances’ metadata to add the following value: logs-destination: bq://platform-logs.

1. In Stackdriver Logging, create a logs export with a Cloud Pub/Sub topic called logs as a sink.2. Create a Cloud Function that is triggered by messages in the logs topic.3. Configure that Cloud Function to drop logs that are not from Compute Engine and to insert Compute Engine logs in the platform-logs dataset.

1. In Stackdriver Logging, create a filter to view only Compute Engine logs.2. Click Create Export.3. Choose BigQuery as Sink Service, and the platform-logs dataset as Sink Destination.

1. Create a Cloud Function that has the BigQuery User role on the platform-logs dataset.2. Configure this Cloud Function to create a BigQuery Job that executes this query:INSERT INTO dataset.platform-logs (timestamp, log)SELECT timestamp, log FROM compute.logsWHERE timestamp > DATE_SUB(CURRENT_DATE(), INTERVAL 1 DAY)3. Use Cloud Scheduler to trigger this Cloud Function once a day.

Create a custom role, and add all the required compute.disks.list and compute, images.list permissions as includedPermissions. Grant the custom role to the user at the project level.

Create a custom role based on the Compute Image User role Add the compute.disks, list to the

includedPermissions field Grant the custom role to the user at the project level

Grant the Compute Storage Admin role at the project level.

Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.

Review details of the myapp-service Service object and check for error messages.

Review details of the myapp-deployment Deployment object and check for error messages.

Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.

View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.

Use App Engine and configure Cloud Scheduler to trigger the application using Pub/Sub.

Use Cloud Functions and configure the bucket as a trigger resource.

Use Google Kubernetes Engine and configure a CronJob to trigger the application using Pub/Sub.

Use Dataflow as a batch job, and configure the bucket as a data source.

Use the gsutil to rewrite the storage class for the bucket Change the default storage class for the bucket

Use the gsutil to rewrite the storage class for the bucket Set up Object Lifecycle management on the bucket

Create a new bucket and change the default storage class for the bucket Set up Object Lifecycle management on lite bucket

Create a new bucket and change the default storage class for the bucket import the files from the previous bucket into the new bucket

Deploy the application on a managed instance group and configure autoscaling.

Deploy the application on a Kubernetes Engine cluster and configure node pool autoscaling.

Deploy the application on Cloud Functions and configure the maximum number instances.

Deploy the application on Cloud Run and configure autoscaling.

1. Update your instances’ metadata to add the following value: snapshot–schedule: 0 1 * * *

2. Update your instances’ metadata to add the following value: snapshot–retention: 30

1. In the Cloud Console, go to the Compute Engine Disks page and select your instance’s disk.

2. In the Snapshot Schedule section, select Create Schedule and configure the following parameters:

–Schedule frequency: Daily

–Start time: 1:00 AM – 2:00 AM

–Autodelete snapshots after 30 days

1. Create a Cloud Function that creates a snapshot of your instance’s disk.

2.Create a Cloud Function that deletes snapshots that are older than 30 days.

3.Use Cloud Scheduler to trigger both Cloud Functions daily at 1:00 AM.

1. Create a bash script in the instance that copies the content of the disk to Cloud Storage.

2.Create a bash script in the instance that deletes data older than 30 days in the backup Cloud Storage bucket.

3.Configure the instance’s crontab to execute these scripts daily at 1:00 AM.

Create a health check on port 443 and use that when creating the Managed Instance Group.

Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.

In the Instance Template, add the label ‘health-check’.

In the Instance Template, add a startup script that sends a heartbeat to the metadata server.

1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.2. Call your application on Cloud Run from the Cloud Function for every message.

1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.2. Create a Cloud Pub/Sub subscription for that topic.3. Make your application pull messages from that subscription.

1. Create a service account.2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.

1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.2. Create a Cloud Pub/Sub subscription for that topic.3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application.

Add your SREs to roles/iam.roleAdmin role.

Add your SREs to roles/accessapproval approver role.

Add your SREs to a group and then add this group to roles/iam roleAdmin role.

Add your SREs to a group and then add this group to roles/accessapproval approver role.

Deploy the application lo Cloud. Run. Use gradual rollouts for traffic spelling.

Deploy the application lo Google Kubemetes Engine. Use Anthos Service Mesh for traffic splitting.

Deploy the application to Cloud functions. Saucily the version number in the functions name.

Deploy the application to App Engine. For each new version, create a new service.

Add the auditors group to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles.

Add the auditors group to two new custom IAM roles.

Add the auditor user accounts to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles.

Add the auditor user accounts to two new custom IAM roles.

Use Shared VPC to connect all projects, and link Stackdriver to one of the projects.

For each project, create a Stackdriver account. In each project, create a service account for that project and grant it the role of Stackdriver Account Editor in all other projects.

Configure a single Stackdriver account, and link all projects to the same account.

Configure a single Stackdriver account for one of the projects. In Stackdriver, create a Group and add the other project names as criteria for that Group.

Rely on live migration to move the workload to a machine with more memory.

Use gcloud to add metadata to the VM. Set the key to required-memory-size and the value to 8 GB.

Stop the VM, change the machine type to n1-standard-8, and start the VM.

Stop the VM, increase the memory to 8 GB, and start the VM.

1. Build an instruction guide to install Cassandra on GCP.

2. Make the instruction guide accessible to your developers.

1. Advise your developers to go to Cloud Marketplace.

2. Ask the developers to launch a Cassandra image for their development work.

1. Build a Cassandra Compute Engine instance and take a snapshot of it.

2. Use the snapshot to create instances for your developers.

1. Build a Cassandra Compute Engine instance and take a snapshot of it.

2.Upload the snapshot to Cloud Storage and make it accessible to your developers.

3.Build instructions to create a Compute Engine instance from the snapshot so that developers can do it themselves.

Navigate to Cloud Logging and view the application logs.

Connect to the instance’s serial console and read the application logs.

Configure a Health Check on the instance and set a Low Healthy Threshold value.

Install and configure the Cloud Logging Agent and view the logs from Cloud Logging.

Run a test using simulated maintenance events. If the test is successful, use preemptible N1 Standard VMs when running future jobs.

Run a test using simulated maintenance events. If the test is successful, use N1 Standard VMs when running future jobs.

Run a test using a managed instance group. If the test is successful, use N1 Standard VMs in the managed instance group when running future jobs.

Run a test using N1 standard VMs instead of N2. If the test is successful, use N1 Standard VMs when running future jobs.

1. Create a subnetwork in the same VPC, in europe-west1.2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

1. Create a VPC and a subnetwork in europe-west1.2. Expose the application with an internal load balancer.3. Create the new instance in the new subnetwork and use the load balancer's address as the endpoint.

1. Create a subnetwork in the same VPC, in europe-west1.2. Use Cloud VPN to connect the two subnetworks.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

1. Create a VPC and a subnetwork in europe-west1.2. Peer the 2 VPCs.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

Grant the financial team the IAM role of ג€Billing Account Userג€ on the billing account linked to your credit card.

Set up BigQuery billing export and grant your financial department IAM access to query the data.

Create a ticket with Google Billing Support to ask them to send the invoice to your company.

Change the billing account of your projects to the billing account of your company.

Provision preemptible Compute Engine instances.

Provision Compute Engine instances with GPUs attached.

Provision Compute Engine instances with local SSDs attached.

Provision Compute Engine instances with M1 machine type.

Use Cloud Bigtable for data storage.

Use Cloud SQL for data storage.

Use Cloud Spanner for data storage.

Use Firestore for data storage.

1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.

1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.

1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.

1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.

Create Java packages that utilize the Google Cloud Client Libraries for Java to configure Google Cloud products. Store and share the packages in a source code repository.

Create bash scripts that utilize the Google Cloud CLI to configure Google Cloud products. Store and share the bash scripts in a source code repository.

Create Terraform modules that utilize the Google Cloud Terraform Provider to configure Google Cloud products. Store and share the modules in a source code repository.

Use the Google Cloud APIs by using curl to configure Google Cloud products. Store and share the curl commands in a source code repository.

Go to Data Catalog and search for employee_ssn in the search box.

Write a shell script that uses the bq command line tool to loop through all the projects in your organization.

Write a script that loops through all the projects in your organization and runs a query on INFORMATION_SCHEMA.COLUMNS view to find the employee_ssn column.

Write a Cloud Dataflow job that loops through all the projects in your organization and runs a query on INFORMATION_SCHEMA.COLUMNS view to find employee_ssn column.

Assign appropriate access for Google services to the service account used by the Compute Engine VM.

Create a service account with appropriate access for Google services, and configure the application to use this account.

Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.

Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 45% If you exceed this threshold, add nodes lo your instance.

Create an alert in Cloud Monitoring to alert when the percentage to high priority CPU utilization reaches 45% Use database query statistics to identify queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65% If you exceed this threshold, add nodes to your instance

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%. Use database query statistics to identity queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage.

Using the Cloud SDK, create a new project, enable the Compute Engine API in that project, and then create the instance specifying your new project.

Enable the Compute Engine API in the Cloud Console, use the Cloud SDK to create the instance, and then use the ––project flag to specify a new project.

Using the Cloud SDK, create the new instance, and use the ––project flag to specify the new project.

Answer yes when prompted by Cloud SDK to enable the Compute Engine API.

Enable the Compute Engine API in the Cloud Console. Go to the Compute Engine section of the Console to create a new instance, and look for the Create In A New Project option in the creation form.

Cloud SQL

Cloud Spanner

Cloud Firestore

Cloud Datastore

Search errors in Cloud Audit Logs to analyze the issue.

Configure Cloud Trace to analyze the issue.

View errors in Cloud Monitoring to analyze the issue.

Use the information schema views to analyze the underlying issue.

Use BigQuery Bl Engine to analyze the issue.

Use Deployment Manager templates to describe the proposed changes and store them in a Cloud Storage bucket.

Use Deployment Manager templates to describe the proposed changes and store them in Cloud Source Repositories.

Apply the change in a development environment, run gcloud compute instances list, and then save the output in a shared Storage bucket.

Apply the change in a development environment, run gcloud compute instances list, and then save the output in Cloud Source Repositories.

* Create service accounts sa-app and sa-db.

• Associate service account: sa-app with the application servers and the service account sa-db with the database servers.

• Create an ingress firewall rule to allow network traffic from source service account sa-app to target service account sa-db.

• Create network tags app-server and db-server.

• Add the app-server lag lo the application servers and the db-server lag to the database servers.

• Create an egress firewall rule to allow network traffic from source network tag app-server to target network tag db-server.

* Create a service account sa-app and a network tag db-server.

* Associate the service account sa-app with the application servers and the network tag db-server with

the database servers.

• Create an ingress firewall rule to allow network traffic from source VPC IP addresses and target the subnet-a IP addresses.

• Create a network lag app-server and service account sa-db.

• Add the tag to the application servers and associate the service account with the database servers.

• Create an egress firewall rule to allow network traffic from source network tag app-server to target service account sa-db.

Run gcloud configurations list followed by gcloud configurations activate .

Run gcloud config list followed by gcloud config activate.

Run gcloud config configurations list followed by gcloud config configurations activate.

Re-authenticate with the gcloud auth login command and select the correct configurations on login.

Review the Compute Engine activity logs Select and review the Admin Event logs

Review the Compute Engine activity logs Select and review the System Event logs

Install the Cloud Logging Agent In Cloud Logging review the Compute Engine syslog logs

Install the Cloud Logging Agent In Cloud Logging, review the Compute Engine operation logs

Create a Cloud Monitoring Workspace.

Create a VPC network in the project.

Enable the compute googleapis.com API.

Grant yourself the IAM role of Compute Admin.

Download the private key from the service account, and add it to each VMs custom metadata.

Download the private key from the service account, and add the private key to each VM’s SSH keys.

Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.

When creating the VMs, set the service account’s API scope for Compute Engine to read/write.

Meet with the cloud enablement team to discuss load balancer options.

Redesign the application to use a distributed user session service that does not rely on WebSockets and HTTP sessions.

Review the encryption requirements for WebSocket connections with the security team.

Convert the WebSocket code to use HTTP streaming.

Deploy the container on Cloud Run.

Deploy the container on Cloud Run on GKE.

Deploy the container on App Engine Flexible.

Deploy the container on Google Kubernetes Engine, with cluster autoscaling and horizontal pod autoscaling enabled.

Enable Cloud Identity in the GCP Console for your domain.

Grant them the required IAM roles using their G Suite email address.

Create a CSV sheet with all users’ email addresses. Use the gcloud command line tool to convert them into Google Cloud Platform accounts.

In the G Suite console, add the users to a special group called cloud-console-users@yourdomain.com. Rely on the default behavior of the Cloud Platform to grant users access if they are members of this group.

1. Verify that you are assigned the Project Owners IAM role for this project.

2. Locate the project in the GCP console, click Shut down and then enter the project ID.

1. Verify that you are assigned the Project Owners IAM role for this project.

2. Switch to the project in the GCP console, locate the resources and delete them.

1. Verify that you are assigned the Organizational Administrator IAM role for this project.

2. Locate the project in the GCP console, enter the project ID and then click Shut down.

1. Verify that you are assigned the Organizational Administrators IAM role for this project.

2. Switch to the project in the GCP console, locate the resources and delete them.

Use the BigQuery interface to review the nightly Job and look for any errors

Review the Error Reporting page in the Cloud Console to find any errors.

In Cloud Logging create a filter for your Data Studio report

Use the open source CLI tool. Snapshot Debugger, to find out why the data was not refreshed correctly.

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Set the service's externalTrafficPolicy to Cluster.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

1. In GKE, create a Service of type NodePort that uses the application's Pods as backend.2. Create a Compute Engine instance called proxy with 2 network interfaces, one in each VPC.3. Use iptables on this instance to forward traffic from gce-network to the GKE nodes.4. Configure the Compute Engine instance to use the address of proxy in gce-network as endpoint.

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add an annotation to this service: cloud.google.com/load-balancer-type: Internal3. Peer the two VPCs together.4. Configure the Compute Engine instance to use the address of the load balancer that has been created.

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add a Cloud Armor Security Policy to the load balancer that whitelists the internal IPs of the MIG's instances.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

After the VM has been created, use your Google Account credentials to log in into the VM.

After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM.

When creating the VM, add metadata to the instance using ‘windows-password’ as the key and a password as the value.

After the VM has been created, download the JSON private key for the default Compute Engine service account. Use the credentials in the JSON file to log in to the VM.

Enable Cloud CDN on the website frontend.

Enable ‘Share publicly’ on the PDF file objects.

Set Content-Type metadata to application/pdf on the PDF file objects.

Add a label to the storage bucket with a key of Content-Type and value of application/pdf.

Fill in local SSD. Fill in persistent disk storage and snapshot storage.

Fill in local SSD. Add estimated cost for cluster management.

Select Add GPUs. Fill in persistent disk storage and snapshot storage.

Select Add GPUs. Add estimated cost for cluster management.

Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists.

Install a RDP client in your desktop. Set a Windows username and password in the GCP Console. Use the credentials to log in to the instance.

Set a Windows password in the GCP Console. Verify that a firewall rule for port 22 exists. Click the RDP button in the GCP Console and supply the credentials to log in.

Set a Windows username and password in the GCP Console. Verify that a firewall rule for port 3389 exists. Click the RDP button in the GCP Console, and supply the credentials to log in.

Add the network tag allow-udp-636 to the VM instance running the LDAP server.

Create a route called allow-udp-636 and set the next hop to be the VM instance running the LDAP server.

Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP port 636 for that network tag.

Add a network tag of your choice to the instance running the LDAP server. Create a firewall rule to allow egress on UDP port 636 for that network tag.

Add the user to roles/iam.roleAdmin role.

Add the user to roles/iam.securityAdmin role.

Add the user to roles/iam.serviceAccountUser role.

Add the user to roles/iam.serviceAccountAdmin role.

Create a new subnet in the same region as the subnet being used.

Add an alias IP range to the subnet used by the GKE clusters.

Create a new VPC, and set up VPC peering with the existing VPC.

Expand the CIDR range of the relevant subnet for the cluster.

Check the app.yaml file for your application and check project settings.

Check the web-application.xml file for your application and check project settings.

Go to Deployment Manager and review settings for deployment of applications.

Go to Cloud Shell and run gcloud config list to review the Google Cloud configuration used for deployment.

Deploy me application on App Engine For each update, create a new version of the same service Configure traffic splitting to send a small percentage of traffic to the new version

Deploy the application on App Engine For each update, create a new service Configure traffic splitting to send a small percentage of traffic to the new service.

Deploy the application on Kubernetes Engine For a new release, update the deployment to use the new version

Deploy the application on Kubernetes Engine For a now release, create a new deployment for the new version Update the service e to use the now deployment.

Create two configurations using gcloud config. Write a script that sets configurations as active, individually. For each configuration, use gcloud compute instances list to get a list of compute resources.

Create two configurations using gsutil config. Write a script that sets configurations as active, individually. For each configuration, use gsutil compute instances list to get a list of compute resources.

Go to Cloud Shell and export this information to Cloud Storage on a daily basis.

Go to GCP Console and export this information to Cloud SQL on a daily basis.

Modify the minimum number of Cloud Run instances.

Set a minimum concurrent requests environment variable for the application.

Modify the maximum number of Cloud Run instances.

Use traffic splitting.

Deploy Jenkins through the Google Cloud Marketplace.

Create a new Compute Engine instance. Run the Jenkins executable.

Create a new Kubernetes Engine cluster. Create a deployment for the Jenkins image.

Create an instance template with the Jenkins executable. Create a managed instance group with this template.

View System Event Logs in Stackdriver. Search for the user’s email as the principal.

View System Event Logs in Stackdriver. Search for the service account associated with the user.

View Data Access audit logs in Stackdriver. Search for the user’s email as the principal.

View the Admin Activity log in Stackdriver. Search for the service account associated with the user.