Google Associate-Cloud-Engineer Google Cloud Certified - Associate Cloud Engineer Exam Practice Test

Change the subnet IP range from 10.0.0.0/20 to 10.0.0.0/22.

Change the subnet IP range from 10.0 0.0/20 to 10.0.0.0718.

Add a secondary IP range 10.1.0.0/20 to the subnet.

Convert the subnet IP range from IPv4 to IPv6

Add the user to roles/iam.roleAdmin role.

Add the user to roles/iam.securityAdmin role.

Add the user to roles/iam.serviceAccountUser role.

Add the user to roles/iam.serviceAccountAdmin role.

Create an instance template for the instances. Set the ‘Automatic Restart’ to on. Set the ‘On-host maintenance’ to Migrate VM instance. Add the instance template to an instance group.

Create an instance template for the instances. Set ‘Automatic Restart’ to off. Set ‘On-host maintenance’ to Terminate VM instances. Add the instance template to an instance group.

Create an instance group for the instances. Set the ‘Autohealing’ health check to healthy (HTTP).

Create an instance group for the instance. Verify that the ‘Advanced creation options’ setting for ‘do not retry machine creation’ is set to off.

Use kubectl app deploy .

Use gcloud app deploy .

Create a docker image from the Dockerfile and upload it to Container Registry. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.

Create a docker image from the Dockerfile and upload it to Cloud Storage. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.

Run a Kubernetes job to scan the bucket regularly for incoming files, and call the Speech-to-Text API for each unprocessed file.

Create an App Engine standard environment triggered by Cloud Storage bucket events to submit the file URI to the Google Speech-to-Text API.

Run a Python script by using a Linux cron job in Compute Engine to scan the bucket regularly for incoming files, and call the Speech-to-Text API for each unprocessed file.

Create a Cloud Function triggered by Cloud Storage bucket events to submit the file URI to the Google Speech-to-Text API.

Develop SQL queries by using Gemini for Google Cloud.

Enable Log Analytics for the log bucket and create a linked dataset in BigQuery.

Create a schema for the storage bucket and run SQL queries for the data in the bucket.

Export logs to a storage bucket and create an external view in BigQuery.

Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range.

Create a single custom VPC with 2 subnets. Create each subnet in the same region and with the same CIDR range.

Create 2 custom VPCs, each with a single subnet. Create each subnet is a different region and with a different CIDR range.

Create 2 custom VPCs, each with a single subnet. Create each subnet in the same region and with the same CIDR range.

Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.

Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Set the service's externalTrafficPolicy to Cluster.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

1. In GKE, create a Service of type NodePort that uses the application's Pods as backend.2. Create a Compute Engine instance called proxy with 2 network interfaces, one in each VPC.3. Use iptables on this instance to forward traffic from gce-network to the GKE nodes.4. Configure the Compute Engine instance to use the address of proxy in gce-network as endpoint.

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add an annotation to this service: cloud.google.com/load-balancer-type: Internal3. Peer the two VPCs together.4. Configure the Compute Engine instance to use the address of the load balancer that has been created.

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add a Cloud Armor Security Policy to the load balancer that whitelists the internal IPs of the MIG's instances.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 45% If you exceed this threshold, add nodes lo your instance.

Create an alert in Cloud Monitoring to alert when the percentage to high priority CPU utilization reaches 45% Use database query statistics to identify queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65% If you exceed this threshold, add nodes to your instance

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%. Use database query statistics to identity queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage.

Deploy a Cloud SQL database with the SSL mode set to encrypted only, configure SSL/TLS client certificates, and configure a database user and password.

Deploy a Cloud SOL database and configure IAM database authentication. Access the database through the Cloud SQL Auth Proxy.

Deploy a Cloud SQL database with the SSL mode set to encrypted only, configure SSL/TLS client certificates, and configure IAM database authentication.

Deploy a Cloud SQL database and configure a database user and password. Access the database through the Cloud SQL Auth Proxy.

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Coldline Storage.

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage.

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Coldline Storage.

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Nearline Storage.

Create a folder to contain all the dev projects Create an organization policy to limit resources in US locations.

Create an organization to contain all the dev projects. Create an Identity and Access Management (IAM) policy to limit the resources in US regions.

Create an Identity and Access Management

Create an Identity and Access Management (IAM)policy to restrict the resources locations in all dev projects. Apply the policy to all dev roles.

Use gcloud to expand the IP range of the current subnet.

Delete the subnet, and recreate it using a wider range of IP addresses.

Create a new project. Use Shared VPC to share the current network with the new project.

Create a new subnet with the same starting IP but a wider range to overwrite the current subnet.

Search errors in Cloud Audit Logs to analyze the issue.

Configure Cloud Trace to analyze the issue.

View errors in Cloud Monitoring to analyze the issue.

Use the information schema views to analyze the underlying issue.

Use BigQuery Bl Engine to analyze the issue.

Create a health check on port 443 and use that when creating the Managed Instance Group.

Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.

In the Instance Template, add the label ‘health-check’.

In the Instance Template, add a startup script that sends a heartbeat to the metadata server.

In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ‘Access scopes’.

Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.

Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

Navigate to Stackdriver Logging and select resource.labels.project_id="*"

Create a Stackdriver Logging Export with a Sink destination to a BigQuery dataset. Configure the table expiration to 60 days.

Create a Stackdriver Logging Export with a Sink destination to Cloud Storage. Create a lifecycle rule to delete objects after 60 days.

Configure a Cloud Scheduler job to read from Stackdriver and store the logs in BigQuery. Configure the table expiration to 60 days.

Create the GKE cluster and deploy the application. Request a security exception to create a Google service account key. Set the constraints/iam.serviceAccountKeyExpiryHours organization policy to 8 hours.

Create the GKE cluster and deploy the application. Request a security exception to create a Google service account key. Set the constraints/iam.serviceAccountKeyExpiryHours organization policy to 24 hours.

Create the GKE cluster with Workload Identity Federation. Configure the default node service account to access the bucket. Deploy the application into the cluster so the application can use the node service account permissions. Use Identity and Access Management (IAM) to grant the service account access to the bucket.

Create the GKE cluster with Workload Identity Federation. Create a Google service account and a Kubernetes ServiceAccount, and configure both service accounts to use Workload Identity Federation. Attach the Kubernetes ServiceAccount to the application Pods and configure the Google service account to access the bucket with Identity and Access Management (IAM).

Run a test using simulated maintenance events. If the test is successful, use preemptible N1 Standard VMs when running future jobs.

Run a test using simulated maintenance events. If the test is successful, use N1 Standard VMs when running future jobs.

Run a test using a managed instance group. If the test is successful, use N1 Standard VMs in the managed instance group when running future jobs.

Run a test using N1 standard VMs instead of N2. If the test is successful, use N1 Standard VMs when running future jobs.

Use granular logging statements within a Deployment Manager template authored in Python.

Monitor activity of the Deployment Manager execution on the Stackdriver Logging page of the GCP Console.

Execute the Deployment Manager template against a separate project with the same configuration, and monitor for failures.

Execute the Deployment Manager template using the –-preview option in the same project, and observe the state of interdependent resources.

Use the BigQuery interface to review the nightly Job and look for any errors

Review the Error Reporting page in the Cloud Console to find any errors.

In Cloud Logging create a filter for your Data Studio report

Use the open source CLI tool. Snapshot Debugger, to find out why the data was not refreshed correctly.

Arrange to switch to Flat-Rate pricing for this query, then move back to on-demand.

Use the command line to run a dry run query to estimate the number of bytes read. Then convert that bytes estimate to dollars using the Pricing Calculator.

Use the command line to run a dry run query to estimate the number of bytes returned. Then convert that bytes estimate to dollars using the Pricing Calculator.

Run a select count (*) to get an idea of how many records your query will look through. Then convert that number of rows to dollars using the Pricing Calculator.

• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions in one project within the Google Cloud organization.

• Copy the role across all projects created within the organization with the gcloud iam roles copy command.

• Assign the role to developers in those projects.

• Add all developers to a Google group in Google Groups for Workspace.

• Assign the predefined role of Compute Admin to the Google group at the Google Cloud organization level.

• Add all developers to a Google group in Cloud Identity.

• Assign predefined roles for Compute Engine, Cloud Functions, and Cloud SQL permissions to the Google group for each project in the Google Cloud organization.

• Add all developers to a Google group in Cloud Identity.

• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level.

• Assign the custom role to the Google group.

Sync Identities with Cloud Directory Sync, and then enable SAML for single sign-on

Sync Identities in the Google Admin console, and then enable Oauth for single sign-on

Sync identities with 3rd party LDAP sync, and then copy passwords to allow simplified login with (he same credentials

Sync identities with Cloud Directory Sync, and then copy passwords to allow simplified login with the same credentials.

Deploy me application on App Engine For each update, create a new version of the same service Configure traffic splitting to send a small percentage of traffic to the new version

Deploy the application on App Engine For each update, create a new service Configure traffic splitting to send a small percentage of traffic to the new service.

Deploy the application on Kubernetes Engine For a new release, update the deployment to use the new version

Deploy the application on Kubernetes Engine For a now release, create a new deployment for the new version Update the service e to use the now deployment.

• Ensure that the Ops Agent Is Installed on the Compute Engine instance.

• Create a custom metric in the Cloud Monitoring dashboard.

• Provide the security team member with access to this dashboard.

• Ensure that the Ops Agent is installed on tie Compute Engine instance.

• Provide the security team member roles/configure.inventoryViewer permission.

• Ensure that the OS Config agent Is Installed on the Compute Engine instance.

• Provide the security team member roles/configure.vulnerabilityViewer permission.

• Ensure that the OS Config agent is installed on the Compute Engine instance

• Create a log sink Co a BigQuery dataset.

• Provide the security team member with access to this dataset.

Deploy the application on a managed instance group and configure autoscaling.

Deploy the application on a Kubernetes Engine cluster and configure node pool autoscaling.

Deploy the application on Cloud Functions and configure the maximum number instances.

Deploy the application on Cloud Run and configure autoscaling.

1. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)• Protocols: allow all

1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow TCP: 8080

1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow all

1. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)• Protocols: allow TCP: 8080

Download the private key from the service account, and add it to each VMs custom metadata.

Download the private key from the service account, and add the private key to each VM’s SSH keys.

Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.

When creating the VMs, set the service account’s API scope for Compute Engine to read/write.

1. Create a Cloud Monitoring Dashboard

2. Collect metrics and publish them into the Pub/Sub topics 3. Add CPU and network Charts (or each of (he three projects

1. Create a Cloud Monitoring Dashboard.

2. Select the CPU and Network metrics from the three projects.

3. Add CPU and network Charts lot each of the three protects.

1 Create a Service Account and apply roles/viewer on the three projects

2. Collect metrics and publish them lo the Cloud Monitoring API

3. Add CPU and network Charts for each of the three projects.

1. Create a fourth Google Cloud project

2 Create a Cloud Workspace from the fourth project and add the other three projects

Use a proxy Network Load Balancer for the MIG and an A record in your DNS private zone with the load balancer's IP address.

Use a proxy Network Load Balancer for the MIG and a CNAME record in your DNS public zone with the load balancer's IP address.

Use an Application Load Balancer for the MIG and a CNAME record in your DNS private zone with the load balancer's IP address.

Use an Application Load Balancer for the MIG and an A record in your DNS public zone with the load balancer's IP address.

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource.

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource.

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Logging.

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Monitoring.

Change the default region property setting in the existing GCP project to asia-northeast1.

Change the region property setting in the existing App Engine application from us-central to asia-northeast1.

Create a second App Engine application in the existing GCP project and specify asia-northeast1 as the region to serve your application.

Create a new GCP project and create an App Engine application inside this new project. Specify asia-northeast1 as the region to serve your application.

An internal HTTP(S) load balancer together with Identity-Aware Proxy to allow only HTTPS traffic.

An external HTTP(S) load balancer to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend. Install the HTTPS certificates on the instance.

An external HTTP(S) load balancer with a managed SSL certificate to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend.

An external network load balancer pointing to the backend instances to distribute the load evenly. The web servers will forward the request to the Cloud Storage as needed.

Select the MIG from the Compute Engine console and, in the menu, select Replace VMs.

Use the gcloud compute instance-groups managed recreate-instances command to recreate theVM.

Use the gcloud compute instances update command with a REFRESH action for the VM.

Update and apply the instance template of the MIG.

1. Create a subnetwork in the same VPC, in europe-west1.2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

1. Create a VPC and a subnetwork in europe-west1.2. Expose the application with an internal load balancer.3. Create the new instance in the new subnetwork and use the load balancer's address as the endpoint.

1. Create a subnetwork in the same VPC, in europe-west1.2. Use Cloud VPN to connect the two subnetworks.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

1. Create a VPC and a subnetwork in europe-west1.2. Peer the 2 VPCs.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

Rely on live migration to move the workload to a machine with more memory.

Use gcloud to add metadata to the VM. Set the key to required-memory-size and the value to 8 GB.

Stop the VM, change the machine type to n1-standard-8, and start the VM.

Stop the VM, increase the memory to 8 GB, and start the VM.

Build a lifecycle policy to delete Cloud Storage objects after 45 days.

Use signed URLs to allow suppliers limited time access to store their objects.

Set up an SFTP server for your application, and create a separate user for each supplier.

Build a Cloud function that triggers a timer of 45 days to delete objects that have expired.

Develop a script that loops through all Cloud Storage buckets and deletes any buckets that are older than 45 days.

Select Google Kubernetes Engine. Use a single-node cluster with a small instance type.

Select Google Kubernetes Engine. Use a three-node cluster with micro instance types.

Select Compute Engine. Use preemptible VM instances of the appropriate standard machine type.

Select Compute Engine. Use VM instance types that support micro bursting.

In Cloud Identity, set up SSO with Google as an identity provider to access custom SAML apps.

In Cloud Identity, set up SSO with a third-party identity provider with Google as a service provider.

Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Mobile & Desktop Apps.

Obtain OAuth 2.0 credentials, configure the user consent screen, and set up OAuth 2.0 for Web Server Applications.

Ensure the checkbox "Serve this revision immediately" is unchecked when deploying the new revision. Before changing the traffic rules, use a traffic simulation tool to send load to the new revision.

Configure service autoscaling and set the minimum number of instances to 2.

Configure revision autoscaling for the new revision and set the minimum number of instances to 2.

Configure revision autoscaling for the existing revision and set the minimum number of instances to 2.

Upload the image to Cloud Storage and create a Kubernetes Service referencing the image.

Upload the image to Cloud Storage and create a Kubernetes Deployment referencing the image.

Upload the image to Container Registry and create a Kubernetes Service referencing the image.

Upload the image to Container Registry and create a Kubernetes Deployment referencing the image.

Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.

Create a private zone on Cloud DNS, and configure the applications with the DNS name.

Configure the IP of the database as custom metadata for each instance, and query the metadata server.

Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.

Review the Compute Engine activity logs Select and review the Admin Event logs

Review the Compute Engine activity logs Select and review the System Event logs

Install the Cloud Logging Agent In Cloud Logging review the Compute Engine syslog logs

Install the Cloud Logging Agent In Cloud Logging, review the Compute Engine operation logs

Reserve a new static external IP address and assign the new IP address to the VM.

Promote the existing IP address of the VM to become a static external IP address.

Reserve a new static external IPv6 address and assign the new IP address to the VM.

Promote the existing IP address of the VM to become a static internal IP address.

Grant all members of the DevOps team the role of Project Editor on the organization level.

Grant all members of the DevOps team the role of Project Editor on the production project.

Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the production project.

Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the organization level.

– Create Compute Engine resources in us–central1–b.

–Balance the load across both us–central1–a and us–central1–b.

– Create a Managed Instance Group and specify us–central1–a as the zone.

–Configure the Health Check with a short Health Interval.

– Create an HTTP(S) Load Balancer.

–Create one or more global forwarding rules to direct traffic to your VMs.

– Perform regular backups of your application.

–Create a Cloud Monitoring Alert and be notified if your application becomes unavailable.

–Restore from backups when notified.

View System Event Logs in Stackdriver. Search for the user’s email as the principal.

View System Event Logs in Stackdriver. Search for the service account associated with the user.

View Data Access audit logs in Stackdriver. Search for the user’s email as the principal.

View the Admin Activity log in Stackdriver. Search for the service account associated with the user.

Use kubect1 to delete the topic resource.

Use gcloud CLI to delete the topic.

Use kubect1 to create the label deleted-by-cnrm and to change its value to true for the topic resource.

Use gcloud CLI to update the topic label managed-by-cnrm to false.

Set up a budget alert on the project with an amount of 100 dollars, a threshold of 100%, and notification type of “email.”

Set up a budget alert on the billing account with an amount of 100 dollars, a threshold of 100%, and notification type of “email.”

Export the billing data to BigQuery. Create a Cloud Function that uses BigQuery to sum the egress network costs of the exported billing data for the Apache web server for the current month and sends an email if it is over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

Use the Stackdriver Logging Agent to export the Apache web server logs to Stackdriver Logging. Create a Cloud Function that uses BigQuery to parse the HTTP response log data in Stackdriver for the current month and sends an email if the size of all HTTP responses, multiplied by current GCP egress prices, totals over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

Filter the Activity log to view the Configuration category. Filter the Resource type to Service Account.

Filter the Activity log to view the Configuration category. Filter the Resource type to Google Project.

Filter the Activity log to view the Data Access category. Filter the Resource type to Service Account.

Filter the Activity log to view the Data Access category. Filter the Resource type to Google Project.

kubectl delete deployment nginx

kubectl delete –deployment=nginx

kubectl delete pod nginx-84748895c4-k6bzl –no-restart 2

kubectl delete inginx

Assign the finance team only the Billing Account User role on the billing account.

Assign the engineering team only the Billing Account User role on the billing account.

Assign the finance team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.

Assign the engineering team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.

Add your SREs to roles/iam.roleAdmin role.

Add your SREs to roles/accessapproval approver role.

Add your SREs to a group and then add this group to roles/iam roleAdmin role.

Add your SREs to a group and then add this group to roles/accessapproval approver role.

Add the auditors group to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles.

Add the auditors group to two new custom IAM roles.

Add the auditor user accounts to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles.

Add the auditor user accounts to two new custom IAM roles.

1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.2. Call your application on Cloud Run from the Cloud Function for every message.

1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.2. Create a Cloud Pub/Sub subscription for that topic.3. Make your application pull messages from that subscription.

1. Create a service account.2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.

1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.2. Create a Cloud Pub/Sub subscription for that topic.3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application.

Enable retention policies on the bucket, and use Cloud Scheduler to invoke a Cloud Function to move or delete your documents based on their metadata.

Enable retention policies on the bucket, use lifecycle rules to change the storage classes of the objects, set the number of versions, and delete old files.

Enable object versioning on the bucket, and use Cloud Scheduler to invoke a Cloud Functions instance to move or delete your documents based on their metadata.

Enable object versioning on the bucket, use lifecycle conditions to change the storage class of the objects, set the number of versions, and delete old files.

1. Give the BigQuery Data Editor role on the platform-logs dataset to the service accounts used by your instances.2. Update your instances’ metadata to add the following value: logs-destination: bq://platform-logs.

1. In Stackdriver Logging, create a logs export with a Cloud Pub/Sub topic called logs as a sink.2. Create a Cloud Function that is triggered by messages in the logs topic.3. Configure that Cloud Function to drop logs that are not from Compute Engine and to insert Compute Engine logs in the platform-logs dataset.

1. In Stackdriver Logging, create a filter to view only Compute Engine logs.2. Click Create Export.3. Choose BigQuery as Sink Service, and the platform-logs dataset as Sink Destination.

1. Create a Cloud Function that has the BigQuery User role on the platform-logs dataset.2. Configure this Cloud Function to create a BigQuery Job that executes this query:INSERT INTO dataset.platform-logs (timestamp, log)SELECT timestamp, log FROM compute.logsWHERE timestamp > DATE_SUB(CURRENT_DATE(), INTERVAL 1 DAY)3. Use Cloud Scheduler to trigger this Cloud Function once a day.

Create a cron job that runs on a scheduled basis to review stackdriver monitoring metrics, and then resize the Spanner instance accordingly.

Create a Stackdriver alerting policy to send an alert to oncall SRE emails when Cloud Spanner CPU exceeds the threshold. SREs would scale resources up or down accordingly.

Create a Stackdriver alerting policy to send an alert to Google Cloud Support email when Cloud Spanner CPU exceeds your threshold. Google support would scale resources up or down accordingly.

Create a Stackdriver alerting policy to send an alert to webhook when Cloud Spanner CPU is over or under your threshold. Create a Cloud Function that listens to HTTP and resizes Spanner resources accordingly.

Use Deployment Manager templates to describe the proposed changes and store them in a Cloud Storage bucket.

Use Deployment Manager templates to describe the proposed changes and store them in Cloud Source Repositories.

Apply the change in a development environment, run gcloud compute instances list, and then save the output in a shared Storage bucket.

Apply the change in a development environment, run gcloud compute instances list, and then save the output in Cloud Source Repositories.

Create a custom role, and add all the required compute.disks.list and compute, images.list permissions as includedPermissions. Grant the custom role to the user at the project level.

Create a custom role based on the Compute Image User role Add the compute.disks, list to the

includedPermissions field Grant the custom role to the user at the project level

Grant the Compute Storage Admin role at the project level.

Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.

Fill in local SSD. Fill in persistent disk storage and snapshot storage.

Fill in local SSD. Add estimated cost for cluster management.

Select Add GPUs. Fill in persistent disk storage and snapshot storage.

Select Add GPUs. Add estimated cost for cluster management.

Create a Cloud Monitoring Workspace.

Create a VPC network in the project.

Enable the compute googleapis.com API.

Grant yourself the IAM role of Compute Admin.

Set metadata to enable-oslogin=true for the instance. Grant the dev1 group the compute.osLogin role. Direct them to use the Cloud Shell to ssh to that instance.

Set metadata to enable-oslogin=true for the instance. Set the service account to no service account for that instance. Direct them to use the Cloud Shell to ssh to that instance.

Enable block project wide keys for the instance. Generate an SSH key for each user in the dev1 group. Distribute the keys to dev1 users and direct them to use their third-party tools to connect.

Enable block project wide keys for the instance. Generate an SSH key and associate the key with that instance. Distribute the key to dev1 users and direct them to use their third-party tools to connect.

Create a Cloud Scheduler task to regularly scan your projects and delete mismatched users.

Create a Cloud Scheduler task to regularly scan your resources and delete mismatched users.

Set an organizational policy constraint to limit identities by domain to automatically remove mismatched users.

Set an organizational policy constraint to limit identities by domain, and then retroactively remove the existing mismatched users.

Create a signed URL with a four-hour expiration and share the URL with the company.

Set object access to ‘public’ and use object lifecycle management to remove the object after four hours.

Configure the storage bucket as a static website and furnish the object’s URL to the company. Delete the object from the storage bucket after four hours.

Create a new Cloud Storage bucket specifically for the external company to access. Copy the object to that bucket. Delete the bucket after four hours have passed.

Create an instance template that contains valid syntax which will be used by the instance group. Delete any persistent disks with the same name as instance names.

Create an instance template that contains valid syntax that will be used by the instance group. Verify that the instance name and persistent disk name values are not the same in the template.

Verify that the instance template being used by the instance group contains valid syntax. Delete any persistent disks with the same name as instance names. Set the disks.autoDelete property to true in the instance template.

Delete the current instance template and replace it with a new instance template. Verify that the instance name and persistent disk name values are not the same in the template. Set the disks.autoDelete property to true in the instance template.

Create a Cloud Memorystore for Redis instance with 32-GB capacity.

Run it on Compute Engine, and choose a custom instance type with 6 vCPUs and 32 GB of memory.

Package it in a container image, and run it on Kubernetes Engine, using n1-standard-32 instances as nodes.

Run it on Compute Engine, choose the instance type n1-standard-1, and add an SSD persistent disk of 32 GB.

Use Google Cloud Directory Sync (GCDS) to synchronize users into Cloud Identity.

Use the cloud Identity APIs and write a script to synchronize users to Cloud Identity.

Export users from Active Directory as a CSV and import them to Cloud Identity via the Admin Console.

Ask each employee to create a Google account using self signup. Require that each employee use their company email address and password.

Ask your ML team to add the “accelerator: gpu” annotation to their pod specification.

Recreate all the nodes of the GKE cluster to enable GPUs on all of them.

Create your own Kubernetes cluster on top of Compute Engine with nodes that have GPUs. Dedicate this cluster to your ML team.

Add a new, GPU-enabled, node pool to the GKE cluster. Ask your ML team to add the cloud.google.com/gke -accelerator: nvidia-tesla-p100 nodeSelector to their pod specification.

Use Cloud Bigtable for data storage.

Use Cloud SQL for data storage.

Use Cloud Spanner for data storage.

Use Firestore for data storage.

Configure the Horizontal Pod Autoscaler for availability, and configure the cluster autoscaler for suggestions.

Configure the Horizontal Pod Autoscaler for availability, and configure the Vertical Pod Autoscaler recommendations for suggestions.

Configure the Vertical Pod Autoscaler recommendations for availability, and configure the Cluster autoscaler for suggestions.

Configure the Vertical Pod Autoscaler recommendations for availability, and configure the Horizontal Pod Autoscaler for suggestions.

Create an Instance template with the container image, and deploy a Managed Instance Group withAutoscaling.

Upload Docker images to Artifact Registry, and deploy the application on Google Kubernetes Engine usingStandard mode.

Upload Docker images to the Cloud Storage, and deploy the application on Google Kubernetes Engine usingStandard mode.

Upload Docker images to Artifact Registry, and deploy the application on Cloud Run.

• Add a step for human approval to the CI/CD pipeline before the execution of the infrastructure

provisioning.

• Use the human approvals IAM account for the provisioning.

• Attach a single service account to the compute instances.

• Add minimal rights to the service account.

• Allow the service account to impersonate a Cloud Identity user with elevated permissions to create, update, or delete resources.

• Attach a single service account to the compute instances.

• Add all required Identity and Access Management (IAM) permissions to this service account to create, update, or delete resources

• Create multiple service accounts, one for each pipeline with the appropriate minimal Identity and

Access Management (IAM) permissions.

• Use a secret manager service to store the key files of the service accounts.

• Allow the CI/CD pipeline to request the appropriate secrets during the execution of the pipeline.

Create a Compute Engine snapshot of your base VM. Create your images from that snapshot.

Create a Compute Engine snapshot of your base VM. Create your instances from that snapshot.

Create a custom Compute Engine image from a snapshot. Create your images from that image.

Create a custom Compute Engine image from a snapshot. Create your instances from that image.

Create an export to the sink that saves logs from Cloud Audit to BigQuery.

Create an export to the sink that saves logs from Cloud Audit to a Coldline Storage bucket.

Write a custom script that uses logging API to copy the logs from Stackdriver logs to BigQuery.

Export these logs to Cloud Pub/Sub and write a Cloud Dataflow pipeline to store logs to Cloud SQL.

Implement a Cloud Run job to rotate all service account keys periodically in pj-sa. Enforce an org policy to deny service account key creation with an exception to pj-sa.

Implement a Kubernetes Cronjob to rotate all service account keys periodically. Disable attachment of

service accounts to resources in all projects with an exception to pj-sa.

Enforce an org policy constraint allowing the lifetime of service account keys to be 24 hours. Enforce an org policy constraint denying service account key creation with an exception on pj-sa.

Enforce a DENY org policy constraint over the lifetime of service account keys for 24 hours. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

Assign the appropriate permissions, and then use Cloud Monitoring to review metrics

Use the export logs API to provide the Admin Activity Audit Logs in the format they want

Turn on Data Access Logs for the buckets they want to audit, and Then build a query in the log viewer that filters on Cloud Storage

Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs

Grant each individual external consultant the role of BigQuery Editor

Grant each individual external consultant the role of BigQuery Viewer

Create a Google Group that contains the consultants and grant the group the role of BigQuery Editor

Create a Google Group that contains the consultants, and grant the group the role of BigQuery Viewer

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -m 1h gs:///*.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -d 1h gs:///.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -p 60m gs:///.

Create a JSON key for the Default Compute Engine Service Account. Execute the command gsutil signurl -t 60m gs:///*

Deploy the application on GKE Autopilot.

Deploy the application on GKE Standard.

Deploy the application on Cloud Functions.

Deploy the application on Cloud Run.

Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and the Delete action to 275 days (365 – 90)

Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and the Delete action to 365 days.

Use gsutil rewrite and set the Delete action to 275 days (365-90).

Use gsutil rewrite and set the Delete action to 365 days.

Deploy the monitoring pod in a StatefulSet object.

Deploy the monitoring pod in a DaemonSet object.

Reference the monitoring pod in a Deployment object.

Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.

Configure an SSL Proxy load balancer in front of the application servers.

Configure an Internal UDP load balancer in front of the application servers.

Configure an External HTTP(s) load balancer in front of the application servers.

Configure an External Network load balancer in front of the application servers.

Create a Service Account in your own project, and grant this Service Account access to BigGuery in your project

Create a Service Account in your own project, and ask the partner to grant this Service Account access to BigQuery in their project

Ask the partner to create a Service Account in their project, and have them give the Service Account access to BigQuery in their project

Ask the partner to create a Service Account in their project, and grant their Service Account access to the BigQuery dataset in your project

When creating the VM, use machine type n1-standard-96.

When creating the VM, use Intel Skylake as the CPU platform.

Create the VM using Compute Engine default settings. Use gcloud to modify the running instance to have 96 vCPUs.

Start the VM using Compute Engine default settings, and adjust as you go based on Rightsizing Recommendations.

Create an alert policy to send a notification when the HTTP response latency exceeds the specified threshold.

Implement an App Engine service which invokes the Cloud Monitoring API and sends a notification in case of anomalies.

Use the Cloud Monitoring dashboard to observe latency and take the necessary actions when the response latency exceeds the specified threshold.

Export Cloud Monitoring metrics to BigQuery and use a Looker Studio dashboard to monitor your web applications latency.

Deploy the application lo Cloud. Run. Use gradual rollouts for traffic spelling.

Deploy the application lo Google Kubemetes Engine. Use Anthos Service Mesh for traffic splitting.

Deploy the application to Cloud functions. Saucily the version number in the functions name.

Deploy the application to App Engine. For each new version, create a new service.

Disable the flag “Delete boot disk when instance is deleted.”

Enable delete protection on the instance.

Disable Automatic restart on the instance.

Enable Preemptibility on the instance.

Store the application data on a zonal persistent disk. Create a snapshot schedule for the disk. If an outage occurs, create a new disk from the most recent snapshot and attach it to a new VM in another zone.

Store the application data on a zonal persistent disk. If an outage occurs, create an instance in another zone with this disk attached.

Store the application data on a regional persistent disk. Create a snapshot schedule for the disk. If an outage occurs, create a new disk from the most recent snapshot and attach it to a new VM in another zone.

Store the application data on a regional persistent disk If an outage occurs, create an instance in another zone with this disk attached.

Create a bash script that contains all requirement steps as gcloud commands

Develop templates for the environment using Cloud Deployment Manager

Use curl in a terminal to send a REST request to the relevant Google API for each individual resource.

Use the Cloud Console interface to provision and manage all related resources