Associate-Cloud-Engineer Google Cloud Certified - Associate Cloud Engineer Questions and Answers

Create a Service Account in your own project, and grant this Service Account access to BigGuery in your project

Create a Service Account in your own project, and ask the partner to grant this Service Account access to BigQuery in their project

Ask the partner to create a Service Account in their project, and have them give the Service Account access to BigQuery in their project

Ask the partner to create a Service Account in their project, and grant their Service Account access to the BigQuery dataset in your project

Fill in local SSD. Fill in persistent disk storage and snapshot storage.

Fill in local SSD. Add estimated cost for cluster management.

Select Add GPUs. Fill in persistent disk storage and snapshot storage.

Select Add GPUs. Add estimated cost for cluster management.

Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to the role.

Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to a new group. Add the group to the role.

Run gcloud iam roles describe roles/spanner.viewer --project my-project. Add the users to the role.

Run gcloud iam roles describe roles/spanner.viewer --project my-project. Add the users to a new group. Add the group to the role.

Assign the finance team only the Billing Account User role on the billing account.

Assign the engineering team only the Billing Account User role on the billing account.

Assign the finance team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.

Assign the engineering team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.

• Add a step for human approval to the CI/CD pipeline before the execution of the infrastructure

provisioning.

• Use the human approvals IAM account for the provisioning.

• Attach a single service account to the compute instances.

• Add minimal rights to the service account.

• Allow the service account to impersonate a Cloud Identity user with elevated permissions to create, update, or delete resources.

• Attach a single service account to the compute instances.

• Add all required Identity and Access Management (IAM) permissions to this service account to create, update, or delete resources

• Create multiple service accounts, one for each pipeline with the appropriate minimal Identity and

Access Management (IAM) permissions.

• Use a secret manager service to store the key files of the service accounts.

• Allow the CI/CD pipeline to request the appropriate secrets during the execution of the pipeline.

Run gcloud auth login, enter your login credentials in the dialog window, and paste the received login token to gcloud CLI.

Create a Google Cloud service account, and download the service account key. Place the key file in a folder on your machine where gcloud CLI can find it.

Download your Cloud Identity user account key. Place the key file in a folder on your machine where gcloud CLI can find it.

Run gcloud config set compute/zone $my_zone to set the default zone for gcloud CLI.

Run gcloud config set project $my_project to set the default project for gcloud CLI.

kubectl get deployments –output=pods

gcloud get pods –selector=”app=prod”

kubectl get pods -I “app=prod”

gcloud list gke-deployments -filter={pod }

Open the Cloud Spanner console to review configurations.

Open the IAM & admin console to review IAM policies for Cloud Spanner roles.

Go to the Stackdriver Monitoring console and review information for Cloud Spanner.

Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles.

Create a GKE Autopilot cluster. Enroll the cluster in the rapid release channel.

Create a GKE Autopilot cluster. Enroll the cluster in the stable release channel.

Create a zonal GKE standard cluster. Enroll the cluster in the stable release channel.

Create a regional GKE standard cluster. Enroll the cluster in the rapid release channel.

Select Google Kubernetes Engine. Use a single-node cluster with a small instance type.

Select Google Kubernetes Engine. Use a three-node cluster with micro instance types.

Select Compute Engine. Use preemptible VM instances of the appropriate standard machine type.

Select Compute Engine. Use VM instance types that support micro bursting.

gcloud deployment-manager deployments create my-gcp-ace-cluster --config cluster.yaml

gcloud deployment-manager deployments create my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml

gcloud deployment-manager deployments apply my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml

gcloud deployment-manager deployments apply my-gcp-ace-cluster --config cluster.yaml

Create a Cloud Scheduler task to regularly scan your projects and delete mismatched users.

Create a Cloud Scheduler task to regularly scan your resources and delete mismatched users.

Set an organizational policy constraint to limit identities by domain to automatically remove mismatched users.

Set an organizational policy constraint to limit identities by domain, and then retroactively remove the existing mismatched users.

Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.

Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.

Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the “compute.osAdminLogin” role to the Google group corresponding to this team.

Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.

Attach a public IP to the instances and allow incoming connections from the internet on port 22 for SSH.

Use a third party tool to provide remote access to the instances.

Use the gcloud compute ssh command with the --tunnel-through-iap flag. Allow ingress traffic from the IP range 35.235.240.0/20 on port 22.

Create a bastion host with public internet access. Create the SSH tunnel to the instance through the bastion host.

Stream data to Pub/Sub, and use Dataflow to send data to Cloud Storage

Stream data to Pub/Sub. and use Storage Transfer Service to send data to BigQuery.

Stream data to Dataflow, and use Storage Transfer Service to send data to BigQuery.

Stream data to Dataflow, and use Dataprep by Trifacta to send data to Bigtable.

Run gcloud configurations list followed by gcloud configurations activate .

Run gcloud config list followed by gcloud config activate.

Run gcloud config configurations list followed by gcloud config configurations activate.

Re-authenticate with the gcloud auth login command and select the correct configurations on login.

Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner.

Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner.

Create a custom role by removing delete permissions, and add users to that role only.

Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 45% If you exceed this threshold, add nodes lo your instance.

Create an alert in Cloud Monitoring to alert when the percentage to high priority CPU utilization reaches 45% Use database query statistics to identify queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65% If you exceed this threshold, add nodes to your instance

Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU utilization reaches 65%. Use database query statistics to identity queries that result in high CPU usage, and then rewrite those queries to optimize their resource usage.

Create a Google Kubernetes Engine cluster, and use horizontal pod autoscaling to scale the application.

Create an instance template, and use the template in a managed instance group with autoscaling configured.

Create an instance template, and use the template in a managed instance group that scales up and down based on the time of day.

Use a set of third-party tools to build automation around scaling the application up and down, based on Stackdriver CPU usage monitoring.

Use the command gcloud auth login and point it to the private key

Use the command gcloud auth activate-service-account and point it to the private key

Place the private key file in the installation directory of the Cloud SDK and rename it to "credentials ison"

Place the private key file in your home directory and rename it to ‘’GOOGLE_APPUCATION_CREDENTiALS".

Use the projects. move method to move the project to your organization. Update the billing account of the project to that of your organization.

Ensure that you have an Organization Administrator Identity and Access Management (IAM) role assigned to you in both organizations. Navigate to the Resource Manager in the startup's Google Cloud organization, and drag the project to your company's organization.

Create a Private Catalog tor the Google Cloud Marketplace, and upload the resources of the startup’s production project to the Catalog. Share the Catalog with your organization, and deploy the resources in your company’s project.

Create an infrastructure-as-code template tor all resources in the project by using Terraform. and deploy that template to a new project in your organization. Delete the protect from the startup's Google Cloud organization.

Create a Compute Engine snapshot of your base VM. Create your images from that snapshot.

Create a Compute Engine snapshot of your base VM. Create your instances from that snapshot.

Create a custom Compute Engine image from a snapshot. Create your images from that image.

Create a custom Compute Engine image from a snapshot. Create your instances from that image.

Load data in Cloud Datastore and run a SQL query against it.

Create a BigQuery table and load data in BigQuery. Run a SQL query on this table and drop this table after you complete your request.

Create external tables in BigQuery that point to Cloud Storage buckets and run a SQL query on these external tables to complete your request.

Create a Hadoop cluster and copy the AVRO file to NDFS by compressing it. Load the file in a hive table and provide access to your analysts so that they can run SQL queries.

Use a Deployment Manager script to automate creating storage buckets in an appropriate region

Use a local SSD to improve performance of the VM for the targeted workload

Use the gsutii command to create a storage bucket in the same region as the VM

Use a Persistent Disk SSD in the same zone as the VM to improve performance of the VM

Go to Data Catalog and search for employee_ssn in the search box.

Write a shell script that uses the bq command line tool to loop through all the projects in your organization.

Write a script that loops through all the projects in your organization and runs a query on INFORMATION_SCHEMA.COLUMNS view to find the employee_ssn column.

Write a Cloud Dataflow job that loops through all the projects in your organization and runs a query on INFORMATION_SCHEMA.COLUMNS view to find employee_ssn column.

Migrate the workload to a Compute Engine Preemptible VM.

Migrate the workload to a Google Kubernetes Engine cluster with Preemptible nodes.

Migrate the workload to a Compute Engine VM. Start and stop the instance as needed.

Create an Instance Template with Preemptible VMs On. Create a Managed Instance Group from the template and adjust Target CPU Utilization. Migrate the workload.

Deploy a private autopilot cluster

Deploy a public autopilot cluster.

Deploy a standard public cluster and enable shielded nodes.

Deploy a standard private cluster and enable shielded nodes.

Ask the other team to grant your default App Engine Service account the role of BigQuery Job User.

Ask the other team to grant your default App Engine Service account the role of BigQuery Data Viewer.

In Cloud IAM of your project, ensure that the default App Engine service account has the role of BigQuery Data Viewer.

In Cloud IAM of your project, grant a newly created service account from the other team the role of BigQuery Job User in your project.

Use gcloud storage for the video files. Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.

Use Transfer Appliance for the videos. BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.

Use Storage Transfer Service for the video files, BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.

Use Cloud Data Fusion for the video files, Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.

Upload the image to Cloud Storage and create a Kubernetes Service referencing the image.

Upload the image to Cloud Storage and create a Kubernetes Deployment referencing the image.

Upload the image to Container Registry and create a Kubernetes Service referencing the image.

Upload the image to Container Registry and create a Kubernetes Deployment referencing the image.

Create a dataflow job that copies data from Cloud Bigtable and Cloud Storage for specific users.

Create a dataflow job that copies data from Cloud Bigtable and Cloud Spanner for specific users.

Create a Cloud Dataproc cluster that runs a Spark job to extract data from Cloud Bigtable and Cloud Storage for specific users.

Create two separate BigQuery external tables on Cloud Storage and Cloud Bigtable. Use the BigQuery console to join these tables through user fields, and apply appropriate filters.

• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions in one project within the Google Cloud organization.

• Copy the role across all projects created within the organization with the gcloud iam roles copy command.

• Assign the role to developers in those projects.

• Add all developers to a Google group in Google Groups for Workspace.

• Assign the predefined role of Compute Admin to the Google group at the Google Cloud organization level.

• Add all developers to a Google group in Cloud Identity.

• Assign predefined roles for Compute Engine, Cloud Functions, and Cloud SQL permissions to the Google group for each project in the Google Cloud organization.

• Add all developers to a Google group in Cloud Identity.

• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level.

• Assign the custom role to the Google group.

Use Shared VPC to connect all projects, and link Stackdriver to one of the projects.

For each project, create a Stackdriver account. In each project, create a service account for that project and grant it the role of Stackdriver Account Editor in all other projects.

Configure a single Stackdriver account, and link all projects to the same account.

Configure a single Stackdriver account for one of the projects. In Stackdriver, create a Group and add the other project names as criteria for that Group.

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Set the service's externalTrafficPolicy to Cluster.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

1. In GKE, create a Service of type NodePort that uses the application's Pods as backend.2. Create a Compute Engine instance called proxy with 2 network interfaces, one in each VPC.3. Use iptables on this instance to forward traffic from gce-network to the GKE nodes.4. Configure the Compute Engine instance to use the address of proxy in gce-network as endpoint.

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add an annotation to this service: cloud.google.com/load-balancer-type: Internal3. Peer the two VPCs together.4. Configure the Compute Engine instance to use the address of the load balancer that has been created.

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add a Cloud Armor Security Policy to the load balancer that whitelists the internal IPs of the MIG's instances.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

Create a cluster with a single node-pool by using standard VMs. Label the fault-tolerant Deployments as spot-true.

Create a cluster with a single node-pool by using Spot VMs. Label the critical Deployments as spot-false.

Create a cluster with both a Spot W node pool and a rode pool by using standard VMs Deploy the critical.

deployments on the Spot VM node pool and the fault; tolerant deployments on the node pool by using standard VMs.

Create a cluster with both a Spot VM node pool and by using standard VMs. Deploy the critical deployments on the mode pool by using standard VMs and the fault-tolerant deployments on the Spot VM node pool.

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

Give “project owner” for web-applications appropriate roles to crm-databases- proj

Give “project owner” role to crm-databases-proj and the web-applications project.

Give “project owner” role to crm-databases-proj and bigquery.dataViewer role to web-applications.

Give bigquery.dataViewer role to crm-databases-proj and appropriate roles to web-applications.

In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ‘Access scopes’.

Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.

Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

Enable Cloud CDN on the website frontend.

Enable ‘Share publicly’ on the PDF file objects.

Set Content-Type metadata to application/pdf on the PDF file objects.

Add a label to the storage bucket with a key of Content-Type and value of application/pdf.

1. Create a Cloud Monitoring Dashboard

2. Collect metrics and publish them into the Pub/Sub topics 3. Add CPU and network Charts (or each of (he three projects

1. Create a Cloud Monitoring Dashboard.

2. Select the CPU and Network metrics from the three projects.

3. Add CPU and network Charts lot each of the three protects.

1 Create a Service Account and apply roles/viewer on the three projects

2. Collect metrics and publish them lo the Cloud Monitoring API

3. Add CPU and network Charts for each of the three projects.

1. Create a fourth Google Cloud project

2 Create a Cloud Workspace from the fourth project and add the other three projects

When creating the VM via the web console, specify the service account under the ‘Identity and API Access’ section.

Download a JSON Private Key for the service account. On the Project Metadata, add that JSON as the value for the key compute-engine-service-account.

Download a JSON Private Key for the service account. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine-service-account.

Download a JSON Private Key for the service account. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service-account.json.

Create an Instance template with the container image, and deploy a Managed Instance Group with Autoscaling.

Upload Docker images to Artifact Registry, and deploy the application on Google Kubernetes Engine using Standard mode.

Upload Docker images to the Cloud Storage, and deploy the application on Google Kubernetes Engine using Standard mode.

Upload Docker images to Artifact Registry, and deploy the application on Cloud Run.

Use kubect1 to delete the topic resource.

Use gcloud CLI to delete the topic.

Use kubect1 to create the label deleted-by-cnrm and to change its value to true for the topic resource.

Use gcloud CLI to update the topic label managed-by-cnrm to false.

Ask your ML team to add the “accelerator: gpu” annotation to their pod specification.

Recreate all the nodes of the GKE cluster to enable GPUs on all of them.

Create your own Kubernetes cluster on top of Compute Engine with nodes that have GPUs. Dedicate this cluster to your ML team.

Add a new, GPU-enabled, node pool to the GKE cluster. Ask your ML team to add the cloud.google.com/gke -accelerator: nvidia-tesla-p100 nodeSelector to their pod specification.

Download and deploy the Jenkins Java WAR to App Engine Standard.

Create a new Compute Engine instance and install Jenkins through the command line interface.

Create a Kubernetes cluster on Compute Engine and create a deployment with the Jenkins Docker image.

Use GCP Marketplace to launch the Jenkins solution.

1. Build an instruction guide to install Cassandra on GCP.

2. Make the instruction guide accessible to your developers.

1. Advise your developers to go to Cloud Marketplace.

2. Ask the developers to launch a Cassandra image for their development work.

1. Build a Cassandra Compute Engine instance and take a snapshot of it.

2. Use the snapshot to create instances for your developers.

1. Build a Cassandra Compute Engine instance and take a snapshot of it.

2.Upload the snapshot to Cloud Storage and make it accessible to your developers.

3.Build instructions to create a Compute Engine instance from the snapshot so that developers can do it themselves.

Create an instance template for the instances. Set the ‘Automatic Restart’ to on. Set the ‘On-host maintenance’ to Migrate VM instance. Add the instance template to an instance group.

Create an instance template for the instances. Set ‘Automatic Restart’ to off. Set ‘On-host maintenance’ to Terminate VM instances. Add the instance template to an instance group.

Create an instance group for the instances. Set the ‘Autohealing’ health check to healthy (HTTP).

Create an instance group for the instance. Verify that the ‘Advanced creation options’ setting for ‘do not retry machine creation’ is set to off.

Cloud Run for Anthos

Cloud Run

App Engine Standard

Cloud Functions.

Open the Google Cloud console, and run a query to determine which resources this service account can access.

Open the Google Cloud console, and run a query of the audit logs to find permission denied errors for this service account.

Open the Google Cloud console, and check the organization policies.

Open the Google Cloud console, and check the Identity and Access Management (IAM) roles assigned to the service account at the project or inherited from the folder or organization levels.

Run gcloud projects list to get the project ID, and then run gcloud services list --project .

Run gcloud init to set the current project to my-project, and then run gcloud services list --available.

Run gcloud info to view the account value, and then run gcloud services list --account .

Run gcloud projects describe to verify the project value, and then run gcloud services list --available.

Navigate to Cloud Logging and view the application logs.

Connect to the instance’s serial console and read the application logs.

Configure a Health Check on the instance and set a Low Healthy Threshold value.

Install and configure the Cloud Logging Agent and view the logs from Cloud Logging.

Grant the Project Editor role to the Marketing learn for acme data digest

Create a Project Lien on acme-data digest and then grant the Project Editor role to the Marketing team

Create another protect with the ID acme-marketing-data-digest for the Marketing team and deploy the resources there

Create a new protect named Meeting Data Digest and use the ID acme-data-digest Grant the Project Editor role to the Marketing team.

– Create Compute Engine resources in us–central1–b.

–Balance the load across both us–central1–a and us–central1–b.

– Create a Managed Instance Group and specify us–central1–a as the zone.

–Configure the Health Check with a short Health Interval.

– Create an HTTP(S) Load Balancer.

–Create one or more global forwarding rules to direct traffic to your VMs.

– Perform regular backups of your application.

–Create a Cloud Monitoring Alert and be notified if your application becomes unavailable.

–Restore from backups when notified.

Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery

Firebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery

Cloud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable

Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery

Ask the auditor for their Google account, and give them the Viewer role on the project.

Ask the auditor for their Google account, and give them the Security Reviewer role on the project.

Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.

Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project.

Use kubectl app deploy .

Use gcloud app deploy .

Create a docker image from the Dockerfile and upload it to Container Registry. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.

Create a docker image from the Dockerfile and upload it to Cloud Storage. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.

Save the incoming votes to Firestore. Use Cloud Scheduler to trigger a Cloud Functions instance to periodically process the votes.

Use a dedicated instance to process the incoming votes. Send the votes directly to this instance.

Save the incoming votes to a JSON file on Cloud Storage. Process the votes in a batch at the end of the day.

Save the incoming votes to Pub/Sub. Use the Pub/Sub topic to trigger a Cloud Functions instance to process the votes.

Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists.

Install a RDP client in your desktop. Set a Windows username and password in the GCP Console. Use the credentials to log in to the instance.

Set a Windows password in the GCP Console. Verify that a firewall rule for port 22 exists. Click the RDP button in the GCP Console and supply the credentials to log in.

Set a Windows username and password in the GCP Console. Verify that a firewall rule for port 3389 exists. Click the RDP button in the GCP Console, and supply the credentials to log in.

gcloud deployment-manager deployments create --config

gcloud deployment-manager deployments update --config

gcloud deployment-manager resources create --config

gcloud deployment-manager resources update --config

Check the app.yaml file for your application and check project settings.

Check the web-application.xml file for your application and check project settings.

Go to Deployment Manager and review settings for deployment of applications.

Go to Cloud Shell and run gcloud config list to review the Google Cloud configuration used for deployment.

Use your existing CI/CD pipeline Use the generated Docker images and deploy them to Cloud Run. Update the configurations and the required endpoints.

Use your existing continuous integration and delivery (CI/CD) pipeline. Use the generated Docker images and deploy them to Cloud Function. Use the same configuration as on-premises.

Use the existing codebase and deploy each service as a separate Cloud Function Update the configurations and the required endpoints.

Use your existing codebase and deploy each service as a separate Cloud Run Use the same configurations as on-premises.

An internal HTTP(S) load balancer together with Identity-Aware Proxy to allow only HTTPS traffic.

An external HTTP(S) load balancer to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend. Install the HTTPS certificates on the instance.

An external HTTP(S) load balancer with a managed SSL certificate to distribute the load and a URL map to target the requests for the static content to the Cloud Storage backend.

An external network load balancer pointing to the backend instances to distribute the load evenly. The web servers will forward the request to the Cloud Storage as needed.

Configure regional storage for the region closest to the users Configure a Nearline storage class

Configure regional storage for the region closest to the users Configure a Standard storage class

Configure dual-regional storage for the dual region closest to the users Configure a Nearline storage class

Configure dual-regional storage for the dual region closest to the users Configure a Standard storage class

Configure an HTTP(S) load balancer.

Configure an internal TCP load balancer.

Configure an external SSL proxy load balancer.

Configure an external TCP proxy load balancer.

Create a new service with the new version of the application. Split traffic between this version and the version that is currently running.

Create a new revision with the new version of the application. Split traffic between this version and the version that is currently running.

Create a new service with the new version of the application. Add an HTTP Load Balancer in front of both services.

Create a new revision with the new version of the application. Add an HTTP Load Balancer in front of both revisions.

Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.

Create a private zone on Cloud DNS, and configure the applications with the DNS name.

Configure the IP of the database as custom metadata for each instance, and query the metadata server.

Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.

For each GCP product in the solution, review the pricing details on the products pricing page. Use the pricing calculator to total the monthly costs for each GCP product.

For each GCP product in the solution, review the pricing details on the products pricing page. Create a Google Sheet that summarizes the expected monthly costs for each product.

Provision the solution on GCP. Leave the solution provisioned for 1 week. Navigate to the Billing Report page in the Google Cloud Platform Console. Multiply the 1 week cost to determine the monthly costs.

Provision the solution on GCP. Leave the solution provisioned for 1 week. Use Stackdriver to determine the provisioned and used resource amounts. Multiply the 1 week cost to determine the monthly costs.

Create an alert policy to send a notification when the HTTP response latency exceeds the specified threshold.

Implement an App Engine service which invokes the Cloud Monitoring API and sends a notification in case of anomalies.

Use the Cloud Monitoring dashboard to observe latency and take the necessary actions when the response latency exceeds the specified threshold.

Export Cloud Monitoring metrics to BigQuery and use a Looker Studio dashboard to monitor your web applications latency.

Deploy the new version in the same application and use the --migrate option.

Deploy the new version in the same application and use the --splits option to give a weight of 99 to the current version and a weight of 1 to the new version.

Create a new App Engine application in the same project. Deploy the new version in that application. Use the App Engine library to proxy 1% of the requests to the new version.

Create a new App Engine application in the same project. Deploy the new version in that application. Configure your network load balancer to send 1% of the traffic to that new application.

• Navigate to Cloud Mentioning in the Google Cloud console, and create a custom monitoring job for the

Bigtable instance to track all changes.

• Create an alert by using webhook endpoints. with the SIEM endpoint as a receiver

■ Navigate to the Audit Logs page in the Google Cloud console, and enable Data Read. Data Write and Admin Read logs for the Bigtable instance

• Create a Pub/Sub topic as a Cloud Logging sink destination, and add your SIEM as a subscriber to the topic.

• Install the Ops Agent on the Bigtable instance during configuration. K

• Create a service account with read permissions for the Bigtable instance.

• Create a custom Dataflow job with this service account to export logs to the company's SIEM system.

• Navigate to the Audit Logs page in the Google Cloud console, and enable Admin Write logs for the

Biglable instance.

• Create a Cloud Functions instance to export logs from Cloud Logging to your SIEM.

Download the private key from the service account, and add it to each VMs custom metadata.

Download the private key from the service account, and add the private key to each VM’s SSH keys.

Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.

When creating the VMs, set the service account’s API scope for Compute Engine to read/write.

Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.

Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.

Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

Use gcloud container clusters upgrade. Deploy the new services.

Create a new Node Pool and specify machine type n2–highmem–16. Deploy the new pods.

Create a new cluster with n2–highmem–16 nodes. Redeploy the pods and delete the old cluster.

Create a new cluster with both n1–standard–2 and n2–highmem–16 nodes. Redeploy the pods and delete the old cluster.

• Ensure that the Ops Agent Is Installed on the Compute Engine instance.

• Create a custom metric in the Cloud Monitoring dashboard.

• Provide the security team member with access to this dashboard.

• Ensure that the Ops Agent is installed on tie Compute Engine instance.

• Provide the security team member roles/configure.inventoryViewer permission.

• Ensure that the OS Config agent Is Installed on the Compute Engine instance.

• Provide the security team member roles/configure.vulnerabilityViewer permission.

• Ensure that the OS Config agent is installed on the Compute Engine instance

• Create a log sink Co a BigQuery dataset.

• Provide the security team member with access to this dataset.

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource.

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource.

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Logging.

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Monitoring.

Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and the Delete action to 275 days (365 – 90)

Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and the Delete action to 365 days.

Use gsutil rewrite and set the Delete action to 275 days (365-90).

Use gsutil rewrite and set the Delete action to 365 days.