Google Associate-Cloud-Engineer Google Cloud Certified - Associate Cloud Engineer Exam Practice Test

Use the projects. move method to move the project to your organization. Update the billing account of the project to that of your organization.

Ensure that you have an Organization Administrator Identity and Access Management (IAM) role assigned to you in both organizations. Navigate to the Resource Manager in the startup's Google Cloud organization, and drag the project to your company's organization.

Create a Private Catalog tor the Google Cloud Marketplace, and upload the resources of the startup’s production project to the Catalog. Share the Catalog with your organization, and deploy the resources in your company’s project.

Create an infrastructure-as-code template tor all resources in the project by using Terraform. and deploy that template to a new project in your organization. Delete the protect from the startup's Google Cloud organization.

Deploy the new version in the same application and use the --migrate option.

Deploy the new version in the same application and use the --splits option to give a weight of 99 to the current version and a weight of 1 to the new version.

Create a new App Engine application in the same project. Deploy the new version in that application. Use the App Engine library to proxy 1% of the requests to the new version.

Create a new App Engine application in the same project. Deploy the new version in that application. Configure your network load balancer to send 1% of the traffic to that new application.

For each GCP product in the solution, review the pricing details on the products pricing page. Use the pricing calculator to total the monthly costs for each GCP product.

For each GCP product in the solution, review the pricing details on the products pricing page. Create a Google Sheet that summarizes the expected monthly costs for each product.

Provision the solution on GCP. Leave the solution provisioned for 1 week. Navigate to the Billing Report page in the Google Cloud Platform Console. Multiply the 1 week cost to determine the monthly costs.

Provision the solution on GCP. Leave the solution provisioned for 1 week. Use Stackdriver to determine the provisioned and used resource amounts. Multiply the 1 week cost to determine the monthly costs.

Arrange to switch to Flat-Rate pricing for this query, then move back to on-demand.

Use the command line to run a dry run query to estimate the number of bytes read. Then convert that bytes estimate to dollars using the Pricing Calculator.

Use the command line to run a dry run query to estimate the number of bytes returned. Then convert that bytes estimate to dollars using the Pricing Calculator.

Run a select count (*) to get an idea of how many records your query will look through. Then convert that number of rows to dollars using the Pricing Calculator.

Configure Cloud Identity-Aware Proxy (or HTTPS resources

Configure Cloud Identity-Aware Proxy for SSH and TCP resources.

Create an SSH keypair and store the public key as a project-wide SSH Key

Create an SSH keypair and store the private key as a project-wide SSH Key

Migrate the web application to App Engine and the backend API to Cloud Run Use Cloud Tasks to run your background job on Compute Engine

Migrate the web application to App Engine and the backend API to Cloud Run. Use Cloud Tasks to run your background job on Cloud Run.

Run the web application on a Cloud Storage bucket and the backend API on Cloud Run Use Cloud Tasks to run your background job on Cloud Run.

Run the web application on a Cloud Storage bucket and the backend API on Cloud Run. Use Cloud Tasks to run your background job on Compute Engine

Enable Cloud Identity in the GCP Console for your domain.

Grant them the required IAM roles using their G Suite email address.

Create a CSV sheet with all users’ email addresses. Use the gcloud command line tool to convert them into Google Cloud Platform accounts.

In the G Suite console, add the users to a special group called cloud-console-users@yourdomain.com. Rely on the default behavior of the Cloud Platform to grant users access if they are members of this group.

In the Log Viewer, filter the logs on severity 'Error' and the name of the Service Account.

Create a sink to BigQuery to export all the logs. Create a Data Studio dashboard on the exported logs.

Create a custom log-based metric for the specific error to be used in an Alerting Policy.

Grant Project Owner access to the Service Account.

Fill in local SSD. Fill in persistent disk storage and snapshot storage.

Fill in local SSD. Add estimated cost for cluster management.

Select Add GPUs. Fill in persistent disk storage and snapshot storage.

Select Add GPUs. Add estimated cost for cluster management.

Use Cloud Logging filters to create log-based metrics for firewall and instance actions. Monitor the changes and set up reasonable alerts.

Install Kibana on a compute Instance. Create a log sink to forward Cloud Audit Logs filtered for firewalls and

compute instances to Pub/Sub. Target the Pub/Sub topic to push messages to the Kibana instance. Analyze the logs on Kibana in real time.

Turn on Google Cloud firewall rules logging, and set up alerts for any insert, update, or delete events.

Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Cloud Storage.

Use BigQuery to periodically analyze log events in the storage bucket.

When creating the VM, use machine type n1-standard-96.

When creating the VM, use Intel Skylake as the CPU platform.

Create the VM using Compute Engine default settings. Use gcloud to modify the running instance to have 96 vCPUs.

Start the VM using Compute Engine default settings, and adjust as you go based on Rightsizing Recommendations.

Configure regional storage for the region closest to the users Configure a Nearline storage class

Configure regional storage for the region closest to the users Configure a Standard storage class

Configure dual-regional storage for the dual region closest to the users Configure a Nearline storage class

Configure dual-regional storage for the dual region closest to the users Configure a Standard storage class

Use a Deployment Manager script to automate creating storage buckets in an appropriate region

Use a local SSD to improve performance of the VM for the targeted workload

Use the gsutii command to create a storage bucket in the same region as the VM

Use a Persistent Disk SSD in the same zone as the VM to improve performance of the VM

Deploy a Dataflow job from the batch template "Datastore lo Cloud Storage" Schedule the batch job on the desired interval

In the Cloud Console, go to Cloud Storage Upload the relevant images to the appropriate bucket

Create a script that uses the gsutil command line interface to synchronize the on-premises storage with Cloud Storage Schedule the script as a cron job

Create a Pub/Sub topic, and enable a Cloud Storage trigger for the Pub/Sub topic. Create an application that sends all medical images to the Pub/Sub lope

Search errors in Cloud Audit Logs to analyze the issue.

Configure Cloud Trace to analyze the issue.

View errors in Cloud Monitoring to analyze the issue.

Use the information schema views to analyze the underlying issue.

Use BigQuery Bl Engine to analyze the issue.

Create a Cloud Scheduler task to regularly scan your projects and delete mismatched users.

Create a Cloud Scheduler task to regularly scan your resources and delete mismatched users.

Set an organizational policy constraint to limit identities by domain to automatically remove mismatched users.

Set an organizational policy constraint to limit identities by domain, and then retroactively remove the existing mismatched users.

Perform a rolling-action start-update with maxSurge set to 0 and maxUnavailable set to 1.

Perform a rolling-action start-update with maxSurge set to 1 and maxUnavailable set to 0.

Create a new managed instance group with an updated instance template. Add the group to the backend service for the load balancer. When all instances in the new managed instance group are healthy, delete the old managed instance group.

Create a new instance template with the new application version. Update the existing managed instance group with the new instance template. Delete the instances in the managed instance group to allow the managed instance group to recreate the instance using the new instance template.

Create a multi-region Cloud Spanner instance with an optimized schema.

Create a multi-region Firestore database with aggregation query enabled.

Create a multi-region Cloud SQL for PostgreSQL database with optimized indexes.

Create a multi-region BigQuery dataset with optimized tables.

Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected.

Select Cloud SQL (MySQL). Select the create failover replicas option.

Select Cloud Spanner. Set up your instance with 2 nodes.

Select Cloud Spanner. Set up your instance as multi-regional.

Manual Scaling with 3 instances.

Basic Scaling with min_instances set to 3.

Basic Scaling with max_instances set to 3.

Automatic Scaling with min_idle_instances set to 3.

Migrate from MySQL to Cloud SQL, from Kafka to Memorystore, and from Cloud SQL for PostgreSQL to Cloud SQL

Migrate from MySQL to Cloud Spanner, from Kafka to Memorystore, and from Cloud SOL for PostgreSQL to Cloud SQL

Migrate from MySQL to Cloud SOL, from Kafka to Pub/Sub, and from Cloud SOL for PostgreSQL to BigQuery.

Migrate from MySQL to Cloud Spanner, from Kafka to Pub/Sub. and from Cloud SQL for PostgreSQL to BigQuery

Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.

Grant all engineer’s permission to create their own billing accounts for each new project.

Apply for monthly invoiced billing, and have a single invoice tor the project paid by the finance team.

Create a billing account, associate it with a monthly purchase order (PO), and send the PO to Google Cloud.

Use App Engine and configure Cloud Scheduler to trigger the application using Pub/Sub.

Use Cloud Functions and configure the bucket as a trigger resource.

Use Google Kubernetes Engine and configure a CronJob to trigger the application using Pub/Sub.

Use Dataflow as a batch job, and configure the bucket as a data source.

Develop SQL queries by using Gemini for Google Cloud.

Enable Log Analytics for the log bucket and create a linked dataset in BigQuery.

Create a schema for the storage bucket and run SQL queries for the data in the bucket.

Export logs to a storage bucket and create an external view in BigQuery.

Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.

Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

Stream data to Pub/Sub, and use Dataflow to send data to Cloud Storage

Stream data to Pub/Sub. and use Storage Transfer Service to send data to BigQuery.

Stream data to Dataflow, and use Storage Transfer Service to send data to BigQuery.

Stream data to Dataflow, and use Dataprep by Trifacta to send data to Bigtable.

Option A

Option B

Option C

Option D

1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery jobUser role to the group.

1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery dataViewer user role to the group.

1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery jobUser role to the group.

1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery dataViewer user role to the group.

Use gcloud config configurations describe to review the output.

Use gcloud config configurations activate and gcloud config list to review the output.

Use kubectl config get-contexts to review the output.

Use kubectl config use-context and kubectl config view to review the output.

Deploy the application on GKE, and add a HorizontalPodAutoscaler to the deployment.

Deploy the application on GKE, and add a VerticalPodAutoscaler to the deployment.

Create a GKE cluster with autoscaling enabled on the node pool. Set a minimum and maximum for the size of the node pool.

Create a separate node pool for each application, and deploy each application to its dedicated node pool.

kubectl get deployments –output=pods

gcloud get pods –selector=”app=prod”

kubectl get pods -I “app=prod”

gcloud list gke-deployments -filter={pod }

Create the instance without a public IP address.

Create the instance with Private Google Access enabled.

Create a deny-all egress firewall rule on the VPC network.

Create a route on the VPC to route all traffic to the instance over the VPN tunnel.

Rely on live migration to move the workload to a machine with more memory.

Use gcloud to add metadata to the VM. Set the key to required-memory-size and the value to 8 GB.

Stop the VM, change the machine type to n1-standard-8, and start the VM.

Stop the VM, increase the memory to 8 GB, and start the VM.

Increase the size of the disk to 1 TB.

Increase the allocated CPU to the instance.

Migrate to use a Local SSD on the instance.

Migrate to use a Regional SSD on the instance.

• Add a step for human approval to the CI/CD pipeline before the execution of the infrastructure

provisioning.

• Use the human approvals IAM account for the provisioning.

• Attach a single service account to the compute instances.

• Add minimal rights to the service account.

• Allow the service account to impersonate a Cloud Identity user with elevated permissions to create, update, or delete resources.

• Attach a single service account to the compute instances.

• Add all required Identity and Access Management (IAM) permissions to this service account to create, update, or delete resources

• Create multiple service accounts, one for each pipeline with the appropriate minimal Identity and

Access Management (IAM) permissions.

• Use a secret manager service to store the key files of the service accounts.

• Allow the CI/CD pipeline to request the appropriate secrets during the execution of the pipeline.

In the Google Cloud console, validate which SSH keys have been stored as project-wide keys.

Navigate to Identity-Aware Proxy and check the permissions for these resources.

Enable Audit logs on the 1AM & admin page for all resources, and validate the results.

Use the gcloud projects get-iam-policy command to view the current role assignments.

In Google Cloud, configure the VPC as a host for Shared VPC.

In Google Cloud, configure the VPC for VPC Network Peering.

Create bastion hosts both in your on-premises environment and on Google Cloud. Configure both as proxy servers using their public IP addresses.

Set up Cloud VPN between the infrastructure on-premises and Google Cloud.

Enable node auto-provisioning on the GKE cluster.

Create a VerticalPodAutscaler for those workloads.

Create a node pool with preemptible VMs and GPUs attached to those VMs.

Create a node pool of instances with GPUs, and enable autoscaling on this node pool with a minimum size of 1.

Use Cloud Bigtable for data storage.

Use Cloud SQL for data storage.

Use Cloud Spanner for data storage.

Use Firestore for data storage.

Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists.

Install a RDP client in your desktop. Set a Windows username and password in the GCP Console. Use the credentials to log in to the instance.

Set a Windows password in the GCP Console. Verify that a firewall rule for port 22 exists. Click the RDP button in the GCP Console and supply the credentials to log in.

Set a Windows username and password in the GCP Console. Verify that a firewall rule for port 3389 exists. Click the RDP button in the GCP Console, and supply the credentials to log in.

Go to Data Catalog and search for employee_ssn in the search box.

Write a shell script that uses the bq command line tool to loop through all the projects in your organization.

Write a script that loops through all the projects in your organization and runs a query on INFORMATION_SCHEMA.COLUMNS view to find the employee_ssn column.

Write a Cloud Dataflow job that loops through all the projects in your organization and runs a query on INFORMATION_SCHEMA.COLUMNS view to find employee_ssn column.

Assign the pods of the image rendering microservice a higher pod priority than the older microservices

Create a node pool with compute-optimized machine type nodes for the image rendering microservice Use the node pool with general-purpose

machine type nodes for the other microservices

Use the node pool with general-purpose machine type nodes for lite mage rendering microservice Create a nodepool with compute-optimized machine type nodes for the other microservices

Configure the required amount of CPU and memory in the resource requests specification of the image rendering microservice deployment Keep the resource requests for the other microservices at the default

1. Create a configuration for each project you need to manage.

2. Activate the appropriate configuration when you work with each of your assigned GCP projects.

1. Create a configuration for each project you need to manage.

2. Use gcloud init to update the configuration values when you need to work with a non-default project

1. Use the default configuration for one project you need to manage.

2. Activate the appropriate configuration when you work with each of your assigned GCP projects.

1. Use the default configuration for one project you need to manage.

2. Use gcloud init to update the configuration values when you need to work with a non-default project.

Add the group for the finance team to roles/billing user role.

Add the group for the finance team to roles/billing admin role.

Add the group for the finance team to roles/billing viewer role.

Add the group for the finance team to roles/billing project/Manager role.

Deploy the application on a managed instance group and configure autoscaling.

Deploy the application on a Kubernetes Engine cluster and configure node pool autoscaling.

Deploy the application on Cloud Functions and configure the maximum number instances.

Deploy the application on Cloud Run and configure autoscaling.

Use kubectl app deploy .

Use gcloud app deploy .

Create a docker image from the Dockerfile and upload it to Container Registry. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.

Create a docker image from the Dockerfile and upload it to Cloud Storage. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.

Set up a budget alert on the project with an amount of 100 dollars, a threshold of 100%, and notification type of “email.”

Set up a budget alert on the billing account with an amount of 100 dollars, a threshold of 100%, and notification type of “email.”

Export the billing data to BigQuery. Create a Cloud Function that uses BigQuery to sum the egress network costs of the exported billing data for the Apache web server for the current month and sends an email if it is over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

Use the Stackdriver Logging Agent to export the Apache web server logs to Stackdriver Logging. Create a Cloud Function that uses BigQuery to parse the HTTP response log data in Stackdriver for the current month and sends an email if the size of all HTTP responses, multiplied by current GCP egress prices, totals over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

Deployment Manager

Cloud Composer

Managed Instance Group

Unmanaged Instance Group

Grant each individual external consultant the role of BigQuery Editor

Grant each individual external consultant the role of BigQuery Viewer

Create a Google Group that contains the consultants and grant the group the role of BigQuery Editor

Create a Google Group that contains the consultants, and grant the group the role of BigQuery Viewer

Assign appropriate access for Google services to the service account used by the Compute Engine VM.

Create a service account with appropriate access for Google services, and configure the application to use this account.

Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.

Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.

Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment.

Create a new production subnet in the existing VPC and a new production Cloud SQL instance in your existing project, and deploy your application using those resources.

Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project, in the Shared VPC.

Ask the security team to grant you the Project Editor role in an existing production project used by another division of your company. Once they grant you that role, replicate the setup you have in the development environment in that project.

Upload the code to Cloud Functions. Use Cloud Scheduler to start the application.

Create a container for the set of binaries. Use Cloud Scheduler to start a Cloud Run job for the container.

Create a container for the set of binaries Deploy the container to Google Kubernetes Engine (GKE) and use the Kubernetes scheduler to start the application.

Lift and shift to a VM on Compute Engine. Use an instance schedule to start and stop the instance.

Create a new project and create an App Engine instance in europe-west3

Use the gcloud app region set command and supply the name of the new region.

From the console, under the App Engine page, click edit, and change the region drop-down.

Contact Google Cloud Support and request the change.

Upload the image to Cloud Storage and create a Kubernetes Service referencing the image.

Upload the image to Cloud Storage and create a Kubernetes Deployment referencing the image.

Upload the image to Container Registry and create a Kubernetes Service referencing the image.

Upload the image to Container Registry and create a Kubernetes Deployment referencing the image.

Create a bash script that contains all requirement steps as gcloud commands

Develop templates for the environment using Cloud Deployment Manager

Use curl in a terminal to send a REST request to the relevant Google API for each individual resource.

Use the Cloud Console interface to provision and manage all related resources

Run gcloud builds submit --tag gcr.io/img-278322/acme_track_n_trace

Run gcloud builds submit --tag gcr.io/img-278322/acme_track_n_trace:v1

Run gcloud builds submit --tag gcr.io/prod-278986/acme_track_n_trace

Run gcloud builds submit --tag gcr.io/prod-278986/acme_track_n_trace:v1

1. Give the BigQuery Data Editor role on the platform-logs dataset to the service accounts used by your instances.2. Update your instances’ metadata to add the following value: logs-destination: bq://platform-logs.

1. In Stackdriver Logging, create a logs export with a Cloud Pub/Sub topic called logs as a sink.2. Create a Cloud Function that is triggered by messages in the logs topic.3. Configure that Cloud Function to drop logs that are not from Compute Engine and to insert Compute Engine logs in the platform-logs dataset.

1. In Stackdriver Logging, create a filter to view only Compute Engine logs.2. Click Create Export.3. Choose BigQuery as Sink Service, and the platform-logs dataset as Sink Destination.

1. Create a Cloud Function that has the BigQuery User role on the platform-logs dataset.2. Configure this Cloud Function to create a BigQuery Job that executes this query:INSERT INTO dataset.platform-logs (timestamp, log)SELECT timestamp, log FROM compute.logsWHERE timestamp > DATE_SUB(CURRENT_DATE(), INTERVAL 1 DAY)3. Use Cloud Scheduler to trigger this Cloud Function once a day.

Deploy the web application on Google Kubernetes Engine standard edition with an internal ingress.

Deploy the web application on Cloud Run with Private Google Access configured

Deploy the web application to GKE Autopilot with Private Google Access configured

Deploy the web application on Cloud Run with Private Service Connect configured.

In the console, validate which SSH keys have been stored as project-wide keys.

Navigate to Identity-Aware Proxy and check the permissions for these resources.

Enable Audit Logs on the IAM & admin page for all resources, and validate the results.

Use the command gcloud projects get–iam–policy to view the current role assignments.

Create a Cloud Monitoring Workspace.

Create a VPC network in the project.

Enable the compute googleapis.com API.

Grant yourself the IAM role of Compute Admin.

Run gcloud auth login, enter your login credentials in the dialog window, and paste the received login token to gcloud CLI.

Create a Google Cloud service account, and download the service account key. Place the key file in a folder on your machine where gcloud CLI can find it.

Download your Cloud Identity user account key. Place the key file in a folder on your machine where gcloud CLI can find it.

Run gcloud config set compute/zone $my_zone to set the default zone for gcloud CLI.

Run gcloud config set project $my_project to set the default project for gcloud CLI.

1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.

1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.

1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.

1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.

Create a GKE Autopilot cluster. Enroll the cluster in the rapid release channel.

Create a GKE Autopilot cluster. Enroll the cluster in the stable release channel.

Create a zonal GKE standard cluster. Enroll the cluster in the stable release channel.

Create a regional GKE standard cluster. Enroll the cluster in the rapid release channel.

Add the cluster’s API as a new Type Provider in Deployment Manager, and use the new type to create the DaemonSet.

Use the Deployment Manager Runtime Configurator to create a new Config resource that contains the DaemonSet definition.

With Deployment Manager, create a Compute Engine instance with a startup script that uses kubectl to create the DaemonSet.

In the cluster’s definition in Deployment Manager, add a metadata that has kube-system as key and the DaemonSet manifest as value.

Create a Compute Engine snapshot of your base VM. Create your images from that snapshot.

Create a Compute Engine snapshot of your base VM. Create your instances from that snapshot.

Create a custom Compute Engine image from a snapshot. Create your images from that image.

Create a custom Compute Engine image from a snapshot. Create your instances from that image.

Create a single budget for all projects and configure budget alerts on this budget.

Create a separate billing account per sandbox project and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per billing account.

Create a budget per project and configure budget alerts on all of these budgets.

Create a single billing account for all sandbox projects and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per project.

In Cloud Identity, set up SSO with Google as an identity provider to access custom SAML apps.

In Cloud Identity, set up SSO with a third-party identity provider with Google as a service provider.

Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Mobile & Desktop Apps.

Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Web Server Applications.

Set the maximum number of instances to 1.

Decrease the maximum number of instances to 3.

Use a TCP health check instead of an HTTP health check.

Increase the initial delay of the HTTP health check to 200 seconds.

1. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)• Protocols: allow all

1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow TCP: 8080

1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow all

1. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)• Protocols: allow TCP: 8080

HTTPS Load Balancer

Network Load Balancer

SSL Proxy Load Balancer

Internal TCP/UDP Load Balancer. Add a firewall rule allowing ingress traffic from 0.0.0.0/0 on the target instances.

Provision preemptible Compute Engine instances.

Provision Compute Engine instances with GPUs attached.

Provision Compute Engine instances with local SSDs attached.

Provision Compute Engine instances with M1 machine type.

Use the BigQuery interface to review the nightly Job and look for any errors

Review the Error Reporting page in the Cloud Console to find any errors.

In Cloud Logging create a filter for your Data Studio report

Use the open source CLI tool. Snapshot Debugger, to find out why the data was not refreshed correctly.

Create a cluster with a single node-pool by using standard VMs. Label the fault-tolerant Deployments as spot-true.

Create a cluster with a single node-pool by using Spot VMs. Label the critical Deployments as spot-false.

Create a cluster with both a Spot W node pool and a rode pool by using standard VMs Deploy the critical.

deployments on the Spot VM node pool and the fault; tolerant deployments on the node pool by using standard VMs.

Create a cluster with both a Spot VM node pool and by using standard VMs. Deploy the critical deployments on the mode pool by using standard VMs and the fault-tolerant deployments on the Spot VM node pool.

– Create Compute Engine resources in us–central1–b.

–Balance the load across both us–central1–a and us–central1–b.

– Create a Managed Instance Group and specify us–central1–a as the zone.

–Configure the Health Check with a short Health Interval.

– Create an HTTP(S) Load Balancer.

–Create one or more global forwarding rules to direct traffic to your VMs.

– Perform regular backups of your application.

–Create a Cloud Monitoring Alert and be notified if your application becomes unavailable.

–Restore from backups when notified.

Verify that you are the project billing administrator. Select the associated billing account and create a budget and alert for the appropriate project.

Verify that you are the project billing administrator. Select the associated billing account and create a budget and a custom alert.

Verify that you are the project administrator. Select the associated billing account and create a budget for the appropriate project.

Verify that you are project administrator. Select the associated billing account and create a budget and a custom alert.

Run gcloud iam roles list. Review the output section.

Run gcloud iam service-accounts list. Review the output section.

Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles.

Navigate to the project and then to the Roles section in the GCP Console. Review the roles and status.

Use the gsutil to rewrite the storage class for the bucket Change the default storage class for the bucket

Use the gsutil to rewrite the storage class for the bucket Set up Object Lifecycle management on the bucket

Create a new bucket and change the default storage class for the bucket Set up Object Lifecycle management on lite bucket

Create a new bucket and change the default storage class for the bucket import the files from the previous bucket into the new bucket

Create the instance with the default Compute Engine service account Grant the service account permissions on Cloud Storage.

Create the instance with the default Compute Engine service account Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.

Create a new service account and assig n this service account to the new instance Grant the service account permissions on Cloud Storage.

Create a new service account and assign this service account to the new instance Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.

Store the database password inside the Docker image of the container, not in the YAML file.

Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.

Store the database password inside a ConfigMap object. Modify the YAML file to populate the DB_PASSWORD environment variable from the ConfigMap.

Store the database password in a file inside a Kubernetes persistent volume, and use a persistent volume claim to mount the volume to the container.

Create a new subnet in the same region as the subnet being used.

Add an alias IP range to the subnet used by the GKE clusters.

Create a new VPC, and set up VPC peering with the existing VPC.

Expand the CIDR range of the relevant subnet for the cluster.

Build a lifecycle policy to delete Cloud Storage objects after 45 days.

Use signed URLs to allow suppliers limited time access to store their objects.

Set up an SFTP server for your application, and create a separate user for each supplier.

Build a Cloud function that triggers a timer of 45 days to delete objects that have expired.

Develop a script that loops through all Cloud Storage buckets and deletes any buckets that are older than 45 days.

Coldline Storage

Nearline Storage

Regional Storage

Multi-Regional Storage

1. Create a subnetwork in the same VPC, in europe-west1.2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

1. Create a VPC and a subnetwork in europe-west1.2. Expose the application with an internal load balancer.3. Create the new instance in the new subnetwork and use the load balancer's address as the endpoint.

1. Create a subnetwork in the same VPC, in europe-west1.2. Use Cloud VPN to connect the two subnetworks.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

1. Create a VPC and a subnetwork in europe-west1.2. Peer the 2 VPCs.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

Deploy me application on App Engine For each update, create a new version of the same service Configure traffic splitting to send a small percentage of traffic to the new version

Deploy the application on App Engine For each update, create a new service Configure traffic splitting to send a small percentage of traffic to the new service.

Deploy the application on Kubernetes Engine For a new release, update the deployment to use the new version

Deploy the application on Kubernetes Engine For a now release, create a new deployment for the new version Update the service e to use the now deployment.

Grant yourself the IAM role of Cloud Spanner Admin

Create a new VPC network with subnetworks in all desired regions

Configure your Cloud Spanner instance to be multi-regional

Enable the Cloud Spanner API