Associate-Cloud-Engineer Google Cloud Certified - Associate Cloud Engineer Questions and Answers

An internal HTTP(S) load balancer together with Identity-Aware Proxy to allow only HTTPS traffic.

An external HTTP(S) load balancer to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend. Install the HTTPS certificates on the instance.

An external HTTP(S) load balancer with a managed SSL certificate to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend.

An external network load balancer pointing to the backend instances to distribute the load evenly. The web servers will forward the request to the Cloud Storage as needed.

Use the GCP Console to transfer the file instead of gsutil.

Enable parallel composite uploads using gsutil on the file transfer.

Decrease the TCP window size on the machine initiating the transfer.

Change the storage class of the bucket from Nearline to Multi-Regional.

Provision preemptible Compute Engine instances.

Provision Compute Engine instances with GPUs attached.

Provision Compute Engine instances with local SSDs attached.

Provision Compute Engine instances with M1 machine type.

Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment.

Create a new production subnet in the existing VPC and a new production Cloud SQL instance in your existing project, and deploy your application using those resources.

Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project, in the Shared VPC.

Ask the security team to grant you the Project Editor role in an existing production project used by another division of your company. Once they grant you that role, replicate the setup you have in the development environment in that project.

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

Configure Billing Data Export to BigQuery and visualize the data in Data Studio.

Visit the Cost Table page to get a CSV export and visualize it using Data Studio.

Fill all resources in the Pricing Calculator to get an estimate of the monthly cost.

Use the Reports view in the Cloud Billing Console to view the desired cost information.

Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.

Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

Create a new project and create an App Engine instance in europe-west3

Use the gcloud app region set command and supply the name of the new region.

From the console, under the App Engine page, click edit, and change the region drop-down.

Contact Google Cloud Support and request the change.

Attach a public IP to the instances and allow incoming connections from the internet on port 22 for SSH.

Use a third party tool to provide remote access to the instances.

Use the gcloud compute ssh command with the --tunnel-through-iap flag. Allow ingress traffic from the IP range 35.235.240.0/20 on port 22.

Create a bastion host with public internet access. Create the SSH tunnel to the instance through the bastion host.

Deploy the application lo Cloud. Run. Use gradual rollouts for traffic spelling.

Deploy the application lo Google Kubemetes Engine. Use Anthos Service Mesh for traffic splitting.

Deploy the application to Cloud functions. Saucily the version number in the functions name.

Deploy the application to App Engine. For each new version, create a new service.

Use the projects. move method to move the project to your organization. Update the billing account of the project to that of your organization.

Ensure that you have an Organization Administrator Identity and Access Management (IAM) role assigned to you in both organizations. Navigate to the Resource Manager in the startup's Google Cloud organization, and drag the project to your company's organization.

Create a Private Catalog tor the Google Cloud Marketplace, and upload the resources of the startup’s production project to the Catalog. Share the Catalog with your organization, and deploy the resources in your company’s project.

Create an infrastructure-as-code template tor all resources in the project by using Terraform. and deploy that template to a new project in your organization. Delete the protect from the startup's Google Cloud organization.

Option A

Option B

Option C

Option D

Review the Compute Engine activity logs Select and review the Admin Event logs

Review the Compute Engine activity logs Select and review the System Event logs

Install the Cloud Logging Agent In Cloud Logging review the Compute Engine syslog logs

Install the Cloud Logging Agent In Cloud Logging, review the Compute Engine operation logs

1. Give the BigQuery Data Editor role on the platform-logs dataset to the service accounts used by your instances.2. Update your instances’ metadata to add the following value: logs-destination: bq://platform-logs.

1. In Stackdriver Logging, create a logs export with a Cloud Pub/Sub topic called logs as a sink.2. Create a Cloud Function that is triggered by messages in the logs topic.3. Configure that Cloud Function to drop logs that are not from Compute Engine and to insert Compute Engine logs in the platform-logs dataset.

1. In Stackdriver Logging, create a filter to view only Compute Engine logs.2. Click Create Export.3. Choose BigQuery as Sink Service, and the platform-logs dataset as Sink Destination.

1. Create a Cloud Function that has the BigQuery User role on the platform-logs dataset.2. Configure this Cloud Function to create a BigQuery Job that executes this query:INSERT INTO dataset.platform-logs (timestamp, log)SELECT timestamp, log FROM compute.logsWHERE timestamp > DATE_SUB(CURRENT_DATE(), INTERVAL 1 DAY)3. Use Cloud Scheduler to trigger this Cloud Function once a day.

Use gcloud to expand the IP range of the current subnet.

Delete the subnet, and recreate it using a wider range of IP addresses.

Create a new project. Use Shared VPC to share the current network with the new project.

Create a new subnet with the same starting IP but a wider range to overwrite the current subnet.

Deploy the container on Cloud Run.

Deploy the container on Cloud Run on GKE.

Deploy the container on App Engine Flexible.

Deploy the container on Google Kubernetes Engine, with cluster autoscaling and horizontal pod autoscaling enabled.

1. Create a Cloud Monitoring Dashboard

2. Collect metrics and publish them into the Pub/Sub topics 3. Add CPU and network Charts (or each of (he three projects

1. Create a Cloud Monitoring Dashboard.

2. Select the CPU and Network metrics from the three projects.

3. Add CPU and network Charts lot each of the three protects.

1 Create a Service Account and apply roles/viewer on the three projects

2. Collect metrics and publish them lo the Cloud Monitoring API

3. Add CPU and network Charts for each of the three projects.

1. Create a fourth Google Cloud project

2 Create a Cloud Workspace from the fourth project and add the other three projects

Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range.

Create a single custom VPC with 2 subnets. Create each subnet in the same region and with the same CIDR range.

Create 2 custom VPCs, each with a single subnet. Create each subnet is a different region and with a different CIDR range.

Create 2 custom VPCs, each with a single subnet. Create each subnet in the same region and with the same CIDR range.

Use permissions in your role that use the ‘supported’ support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

Use permissions in your role that use the ‘supported’ support level for role permissions. Set the role stage to BETA while testing the role permissions.

Use permissions in your role that use the ‘testing’ support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

Use permissions in your role that use the ‘testing’ support level for role permissions. Set the role stage to BETA while testing the role permissions.

Ask the other team to grant your default App Engine Service account the role of BigQuery Job User.

Ask the other team to grant your default App Engine Service account the role of BigQuery Data Viewer.

In Cloud IAM of your project, ensure that the default App Engine service account has the role of BigQuery Data Viewer.

In Cloud IAM of your project, grant a newly created service account from the other team the role of BigQuery Job User in your project.

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 45% If you exceed this threshold, add nodes lo your instance.

Create an alert in Cloud Monitoring to alert when the percentage to high priority CPU utilization reaches 45% Use database query statistics to identify queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65% If you exceed this threshold, add nodes to your instance

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%. Use database query statistics to identity queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage.

Coldline Storage

Nearline Storage

Regional Storage

Multi-Regional Storage

Grant all members of the DevOps team the role of Project Editor on the organization level.

Grant all members of the DevOps team the role of Project Editor on the production project.

Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the production project.

Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the organization level.

Deploy the application on a managed instance group and configure autoscaling.

Deploy the application on a Kubernetes Engine cluster and configure node pool autoscaling.

Deploy the application on Cloud Functions and configure the maximum number instances.

Deploy the application on Cloud Run and configure autoscaling.

Increase the size of the disk to 1 TB.

Increase the allocated CPU to the instance.

Migrate to use a Local SSD on the instance.

Migrate to use a Regional SSD on the instance.

Create a Cloud Scheduler task to regularly scan your projects and delete mismatched users.

Create a Cloud Scheduler task to regularly scan your resources and delete mismatched users.

Set an organizational policy constraint to limit identities by domain to automatically remove mismatched users.

Set an organizational policy constraint to limit identities by domain, and then retroactively remove the existing mismatched users.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -m 1h gs:///*.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -d 1h gs:///**.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -p 60m gs:///.

Create a JSON key for the Default Compute Engine Service Account. Execute the command gsutil signurl -t 60m gs:///***

Your zonal capacity is limited, causing all preemptible VM's to be shutdown torecover capacity. Try deploying your group to another zone.

You have hit your instance quota for the region.

Your managed instance group's VM's are toggled to only last 1 minute inpreemptible settings.

Your managed instance group's health check is repeatedly failing, either to amisconfigured health check or misconfigured firewall rules not allowing the healthcheck to access the instance

Deploy the container on Cloud Run for Anthos, and set the minimum number of instances to zero

Deploy the container on Cloud Run (fully managed), and set the minimum number of instances to zero.

Deploy the container on App Engine flexible environment with autoscaling. and set the value min_instances to zero in the app yaml

Deploy the container on App Engine flexible environment with manual scaling, and set the value instances to zero in the app yaml

1. Create a consumer Gmail account.

2.Write a script that monitors the CPU usage.

3.When the CPU usage exceeds the threshold, have that script send an email using the Gmail account and smtp.gmail.com on port 25 as SMTP server.

1. Create a Stackdriver Workspace, and associate your Google Cloud Platform (GCP) project with it.

2.Create an Alerting Policy in Stackdriver that uses the threshold as a trigger condition.

3.Configure your email address in the notification channel.

1. Create a Stackdriver Workspace, and associate your GCP project with it.

2.Write a script that monitors the CPU usage and sends it as a custom metric to Stackdriver.

3.Create an uptime check for the instance in Stackdriver.

1. In Stackdriver Logging, create a logs-based metric to extract the CPU usage by using this regular expression: CPU Usage: ([0-9] {1,3}) %

2.In Stackdriver Monitoring, create an Alerting Policy based on this metric.

3.Configure your email address in the notification channel.

1. Create a configuration for each project you need to manage.

2. Activate the appropriate configuration when you work with each of your assigned GCP projects.

1. Create a configuration for each project you need to manage.

2. Use gcloud init to update the configuration values when you need to work with a non-default project

1. Use the default configuration for one project you need to manage.

2. Activate the appropriate configuration when you work with each of your assigned GCP projects.

1. Use the default configuration for one project you need to manage.

2. Use gcloud init to update the configuration values when you need to work with a non-default project.

Use the gsutil to rewrite the storage class for the bucket Change the default storage class for the bucket

Use the gsutil to rewrite the storage class for the bucket Set up Object Lifecycle management on the bucket

Create a new bucket and change the default storage class for the bucket Set up Object Lifecycle management on lite bucket

Create a new bucket and change the default storage class for the bucket import the files from the previous bucket into the new bucket

Save file automatic first-of-the- month backup for three years Store the backup file in an Archive class Cloud Storage bucket

Convert the automatic first-of-the-month backup to an export file Write the export file to a Coldline class Cloud Storage bucket

Set up an export job for the first of the month Write the export file to an Archive class Cloud Storage bucket

Set up an on-demand backup tor the first of the month Write the backup to an Archive class Cloud Storage bucket

Enable Cloud Identity in the GCP Console for your domain.

Grant them the required IAM roles using their G Suite email address.

Create a CSV sheet with all users’ email addresses. Use the gcloud command line tool to convert them into Google Cloud Platform accounts.

In the G Suite console, add the users to a special group called cloud-console-users@yourdomain.com. Rely on the default behavior of the Cloud Platform to grant users access if they are members of this group.

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

1. Verify that you are assigned the Project Owners IAM role for this project.

2. Locate the project in the GCP console, click Shut down and then enter the project ID.

1. Verify that you are assigned the Project Owners IAM role for this project.

2. Switch to the project in the GCP console, locate the resources and delete them.

1. Verify that you are assigned the Organizational Administrator IAM role for this project.

2. Locate the project in the GCP console, enter the project ID and then click Shut down.

1. Verify that you are assigned the Organizational Administrators IAM role for this project.

2. Switch to the project in the GCP console, locate the resources and delete them.

Create a cron job that runs on a scheduled basis to review stackdriver monitoring metrics, and then resize the Spanner instance accordingly.

Create a Stackdriver alerting policy to send an alert to oncall SRE emails when Cloud Spanner CPU exceeds the threshold. SREs would scale resources up or down accordingly.

Create a Stackdriver alerting policy to send an alert to Google Cloud Support email when Cloud Spanner CPU exceeds your threshold. Google support would scale resources up or down accordingly.

Create a Stackdriver alerting policy to send an alert to webhook when Cloud Spanner CPU is over or under your threshold. Create a Cloud Function that listens to HTTP and resizes Spanner resources accordingly.

Create the instance with the default Compute Engine service account Grant the service account permissions on Cloud Storage.

Create the instance with the default Compute Engine service account Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.

Create a new service account and assig n this service account to the new instance Grant the service account permissions on Cloud Storage.

Create a new service account and assign this service account to the new instance Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.

Enable retention policies on the bucket, and use Cloud Scheduler to invoke a Cloud Function to move or delete your documents based on their metadata.

Enable retention policies on the bucket, use lifecycle rules to change the storage classes of the objects, set the number of versions, and delete old files.

Enable object versioning on the bucket, and use Cloud Scheduler to invoke a Cloud Functions instance to move or delete your documents based on their metadata.

Enable object versioning on the bucket, use lifecycle conditions to change the storage class of the objects, set the number of versions, and delete old files.

Use Cloud SQL database with cross-region replication to store game statistics in the EU, US, and APAC regions.

Use Cloud Spanner to store user data mapped to the game statistics.

Use BigQuery to store game statistics with a Redis on Memorystore instance in the front to provide global consistency.

Store game statistics in a Bigtable database partitioned by username.

1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.2. Call your application on Cloud Run from the Cloud Function for every message.

1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.2. Create a Cloud Pub/Sub subscription for that topic.3. Make your application pull messages from that subscription.

1. Create a service account.2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.

1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.2. Create a Cloud Pub/Sub subscription for that topic.3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application.

Create a folder to contain all the dev projects Create an organization policy to limit resources in US locations.

Create an organization to contain all the dev projects. Create an Identity and Access Management (IAM) policy to limit the resources in US regions.

Create an Identity and Access Management

Create an Identity and Access Management (IAM)policy to restrict the resources locations in all dev projects. Apply the policy to all dev roles.

Configure an SSL Proxy load balancer in front of the application servers.

Configure an Internal UDP load balancer in front of the application servers.

Configure an External HTTP(s) load balancer in front of the application servers.

Configure an External Network load balancer in front of the application servers.

• Add a step for human approval to the CI/CD pipeline before the execution of the infrastructure

provisioning.

• Use the human approvals IAM account for the provisioning.

• Attach a single service account to the compute instances.

• Add minimal rights to the service account.

• Allow the service account to impersonate a Cloud Identity user with elevated permissions to create, update, or delete resources.

• Attach a single service account to the compute instances.

• Add all required Identity and Access Management (IAM) permissions to this service account to create, update, or delete resources

• Create multiple service accounts, one for each pipeline with the appropriate minimal Identity and

Access Management (IAM) permissions.

• Use a secret manager service to store the key files of the service accounts.

• Allow the CI/CD pipeline to request the appropriate secrets during the execution of the pipeline.

Set up a budget alert on the project with an amount of 100 dollars, a threshold of 100%, and notification type of “email.”

Set up a budget alert on the billing account with an amount of 100 dollars, a threshold of 100%, and notification type of “email.”

Export the billing data to BigQuery. Create a Cloud Function that uses BigQuery to sum the egress network costs of the exported billing data for the Apache web server for the current month and sends an email if it is over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

Use the Stackdriver Logging Agent to export the Apache web server logs to Stackdriver Logging. Create a Cloud Function that uses BigQuery to parse the HTTP response log data in Stackdriver for the current month and sends an email if the size of all HTTP responses, multiplied by current GCP egress prices, totals over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

Use gcloud storage for the video files. Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.

Use Transfer Appliance for the videos. BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.

Use Storage Transfer Service for the video files, BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.

Use Cloud Data Fusion for the video files, Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.

Create one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively.

Create one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively.

Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.

Create one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively.

Create a health check on port 443 and use that when creating the Managed Instance Group.

Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.

In the Instance Template, add the label ‘health-check’.

In the Instance Template, add a startup script that sends a heartbeat to the metadata server.

View System Event Logs in Stackdriver. Search for the user’s email as the principal.

View System Event Logs in Stackdriver. Search for the service account associated with the user.

View Data Access audit logs in Stackdriver. Search for the user’s email as the principal.

View the Admin Activity log in Stackdriver. Search for the service account associated with the user.

Deploy the monitoring pod in a StatefulSet object.

Deploy the monitoring pod in a DaemonSet object.

Reference the monitoring pod in a Deployment object.

Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.

Verify that you are Project Billing Manager for the GCP project. Update the existing project to link it to the existing billing account.

Verify that you are Project Billing Manager for the GCP project. Create a new billing account and link the new billing account to the existing project.

Verify that you are Billing Administrator for the billing account. Create a new project and link the new project to the existing billing account.

Verify that you are Billing Administrator for the billing account. Update the existing project to link it to the existing billing account.

Use the command gcloud config set container/cluster dev.

Use the command gcloud container clusters update dev.

Create a file called gke.default in the ~/.gcloud folder that contains the cluster name.

Create a file called defaults.json in the ~/.gcloud folder that contains the cluster name.

Write a script that runs gsutil Is -| – gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Schedule the script with cron.

Write a lifecycle management rule in JSON and push it to the bucket with gsutil lifecycle set config-json-file.

Write a lifecycle management rule in XML and push it to the bucket with gsutil lifecycle set config-xml-file.

Write a script that runs gsutil Is -Ir gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Repeat this process every morning.

Create a dataflow job that copies data from Cloud Bigtable and Cloud Storage for specific users.

Create a dataflow job that copies data from Cloud Bigtable and Cloud Spanner for specific users.

Create a Cloud Dataproc cluster that runs a Spark job to extract data from Cloud Bigtable and Cloud Storage for specific users.

Create two separate BigQuery external tables on Cloud Storage and Cloud Bigtable. Use the BigQuery console to join these tables through user fields, and apply appropriate filters.

Use gcloud container clusters upgrade. Deploy the new services.

Create a new Node Pool and specify machine type n2–highmem–16. Deploy the new pods.

Create a new cluster with n2–highmem–16 nodes. Redeploy the pods and delete the old cluster.

Create a new cluster with both n1–standard–2 and n2–highmem–16 nodes. Redeploy the pods and delete the old cluster.

Create a Data Studio dashboard that uses the related BigQuery tables as a source and give the BI team view access to the Data Studio dashboard.

Create a Service Account for the BI team and distribute a new private key to each member of the BI team.

Use Cloud Scheduler to schedule a batch Dataflow job to copy the data from BigQuery to the BI team's internal data warehouse.

Assign the IAM role of BigQuery User to a Google Group that contains the members of the BI team.

Implement a Cloud Run job to rotate all service account keys periodically in pj-sa. Enforce an org policy to deny service account key creation with an exception to pj-sa.

Implement a Kubernetes Cronjob to rotate all service account keys periodically. Disable attachment of

service accounts to resources in all projects with an exception to pj-sa.

Enforce an org policy constraint allowing the lifetime of service account keys to be 24 hours. Enforce an org policy constraint denying service account key creation with an exception on pj-sa.

Enforce a DENY org policy constraint over the lifetime of service account keys for 24 hours. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

Deploy the application on GKE, and add a HorizontalPodAutoscaler to the deployment.

Deploy the application on GKE, and add a VerticalPodAutoscaler to the deployment.

Create a GKE cluster with autoscaling enabled on the node pool. Set a minimum and maximum for the size of the node pool.

Create a separate node pool for each application, and deploy each application to its dedicated node pool.

Review details of the myapp-service Service object and check for error messages.

Review details of the myapp-deployment Deployment object and check for error messages.

Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.

View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.

Enable node auto-provisioning on the GKE cluster.

Create a VerticalPodAutscaler for those workloads.

Create a node pool with preemptible VMs and GPUs attached to those VMs.

Create a node pool of instances with GPUs, and enable autoscaling on this node pool with a minimum size of 1.

Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and the Delete action to 275 days (365 – 90)

Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and the Delete action to 365 days.

Use gsutil rewrite and set the Delete action to 275 days (365-90).

Use gsutil rewrite and set the Delete action to 365 days.

Grant the Project Editor role to the Marketing learn for acme data digest

Create a Project Lien on acme-data digest and then grant the Project Editor role to the Marketing team

Create another protect with the ID acme-marketing-data-digest for the Marketing team and deploy the resources there

Create a new protect named Meeting Data Digest and use the ID acme-data-digest Grant the Project Editor role to the Marketing team.

Use gcloud to create the new project, and then deploy your application to the new project.

Use gcloud to create the new project and to copy the deployed application to the new project.

Create a Deployment Manager configuration file that copies the current App Engine deployment into a new project.

Deploy your application again using gcloud and specify the project parameter with the new project name to create the new project.

Instruct the external consultant to use the gcloud compute ssh command line tool by using Identity-Aware Proxy to access the instance.

Instruct the external consultant to use the gcloud compute ssh command line tool by using the public IP address of the instance to access it.

Instruct the external consultant to generate an SSH key pair, and request the public key from the consultant.

Add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key.

Instruct the external consultant to generate an SSH key pair, and request the private key from the consultant.

Add the private key to the instance yourself, and have the consultant access the instance through SSH with their public key.

Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.

Grant all engineer’s permission to create their own billing accounts for each new project.

Apply for monthly invoiced billing, and have a single invoice tor the project paid by the finance team.

Create a billing account, associate it with a monthly purchase order (PO), and send the PO to Google Cloud.

Run gcloud compute instances list to get the IP address of the instance, then use the ssh command.

Use the gcloud compute ssh command.

Create a key with the ssh-keygen command. Then use the gcloud compute ssh command.

Create a key with the ssh-keygen command. Upload the key to the instance. Run gcloud compute instances list to get the IP address of the instance, then use the ssh command.

Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.

Set up a high-priority (1000) rule that pairs both ingress and egress ports.

Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.

Set up a high-priority (1000) rule to allow the appropriate ports.

Enable Audit Logs for all APIs that are related to data storage.

Review the IAM permissions for any role that allows for data access.

Review the Identity-Aware Proxy settings for each resource.

Create a Data Loss Prevention job.

Run gcloud builds submit --tag gcr.io/img-278322/acme_track_n_trace

Run gcloud builds submit --tag gcr.io/img-278322/acme_track_n_trace:v1

Run gcloud builds submit --tag gcr.io/prod-278986/acme_track_n_trace

Run gcloud builds submit --tag gcr.io/prod-278986/acme_track_n_trace:v1

Enable the Cloud Pub/Sub API in the API Library on the GCP Console.

Rely on the automatic enablement of the Cloud Pub/Sub API when the Service Account accesses it.

Use Deployment Manager to deploy your application. Rely on the automatic enablement of all APIs used by the application being deployed.

Grant the App Engine Default service account the role of Cloud Pub/Sub Admin. Have your application enable the API on the first connection to Cloud Pub/Sub.

Create a GKE Autopilot cluster. Enroll the cluster in the rapid release channel.

Create a GKE Autopilot cluster. Enroll the cluster in the stable release channel.

Create a zonal GKE standard cluster. Enroll the cluster in the stable release channel.

Create a regional GKE standard cluster. Enroll the cluster in the rapid release channel.

Grant yourself the IAM role of Cloud Spanner Admin

Create a new VPC network with subnetworks in all desired regions

Configure your Cloud Spanner instance to be multi-regional

Enable the Cloud Spanner API

Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.

Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.

Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the “compute.osAdminLogin” role to the Google group corresponding to this team.

Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.

Enable the Identity Aware Proxy API on the project.

Scan the bucker using the Data Loss Prevention API.

Allow only a single Service Account access to read the data.

Enable Data Access audit logs for the Cloud Storage API.

• Navigate to Cloud Mentioning in the Google Cloud console, and create a custom monitoring job for the

Bigtable instance to track all changes.

• Create an alert by using webhook endpoints. with the SIEM endpoint as a receiver

■ Navigate to the Audit Logs page in the Google Cloud console, and enable Data Read. Data Write and Admin Read logs for the Bigtable instance

• Create a Pub/Sub topic as a Cloud Logging sink destination, and add your SIEM as a subscriber to the topic.

• Install the Ops Agent on the Bigtable instance during configuration. K

• Create a service account with read permissions for the Bigtable instance.

• Create a custom Dataflow job with this service account to export logs to the company's SIEM system.

• Navigate to the Audit Logs page in the Google Cloud console, and enable Admin Write logs for the

Biglable instance.

• Create a Cloud Functions instance to export logs from Cloud Logging to your SIEM.

Configure the Horizontal Pod Autoscaler for availability, and configure the cluster autoscaler for suggestions.

Configure the Horizontal Pod Autoscaler for availability, and configure the Vertical Pod Autoscaler recommendations for suggestions.

Configure the Vertical Pod Autoscaler recommendations for availability, and configure the Cluster autoscaler for suggestions.

Configure the Vertical Pod Autoscaler recommendations for availability, and configure the Horizontal Pod Autoscaler for suggestions.

Migrate the web application to App Engine and the backend API to Cloud Run Use Cloud Tasks to run your background job on Compute Engine

Migrate the web application to App Engine and the backend API to Cloud Run. Use Cloud Tasks to run your background job on Cloud Run.

Run the web application on a Cloud Storage bucket and the backend API on Cloud Run Use Cloud Tasks to run your background job on Cloud Run.

Run the web application on a Cloud Storage bucket and the backend API on Cloud Run. Use Cloud Tasks to run your background job on Compute Engine