Professional-Cloud-Architect Google Cloud Certified - Professional Cloud Architect exam Questions and Answers

Verify that Dedicated Interconnect can replicate files to GCP. Verify that direct peering can establish a

secure connection between your networks if Dedicated Interconnect fails.

Verify that Dedicated Interconnect can replicate files to GCP. Verify that Cloud VPN can establish a secure connection between your networks if Dedicated Interconnect fails.

Verify that the Transfer Appliance can replicate files to GCP. Verify that direct peering can establish a

secure connection between your networks if the Transfer Appliance fails.

Verify that the Transfer Appliance can replicate files to GCP. Verify that Cloud VPN can establish a secure connection between your networks if the Transfer Appliance fails.

The new approach will be significantly less costly, make it easier to manage the underlying infrastructure, and automatically manage the CI/CD pipelines.

The monolithic solution can be converted to a container with Docker. The generated container can then be deployed into a Kubernetes cluster.

The new approach will make it easier to decouple infrastructure from application, develop and release new features, manage the underlying infrastructure, manage CI/CD pipelines and perform A/B testing, and scale the solution if necessary.

The process can be automated with Migrate for Compute Engine.

All admin and VM system logs are automatically collected by Stackdriver.

Stackdriver automatically collects admin activity logs for most services. The Stackdriver Logging agent

must be installed on each instance to collect system logs.

Launch a custom syslogd compute instance and configure your GCP project and VMs to forward all logs to it.

Install the Stackdriver Logging agent on a single compute instance and let it collect all audit and access logs for your environment.

Use the Service Mesh visualization in the Cloud Console to inspect the telemetry between the microservices.

Use Anthos Config Management to create a ClusterSelector selecting the relevant cluster. On the Google Cloud Console page for Google Kubernetes Engine, view the Workloads and filter on the cluster. Inspect the configurations of the filtered workloads.

Use Anthos Config Management to create a namespaceSelector selecting the relevant cluster namespace. On the Google Cloud Console page for Google Kubernetes Engine, visit the workloads and filter on the namespace. Inspect the configurations of the filtered workloads.

Reinstall istio using the default istio profile in order to collect request latency. Evaluate the telemetry between the microservices in the Cloud Console.

Remove the default route on all VPCs. Move all approved instances into a new subnet that has a default route to an internet gateway.

Create a new VPC in custom mode. Create a new subnet for the approved instances, and set a default route to the internet gateway on this new subnet.

Implement a Cloud NAT solution to remove the need for external IP addresses entirely.

Set an Organization Policy with a constraint on constraints/compute.vmExternalIpAccess. List the approved instances in the allowedValues list.

Search for Create VM entry in the Stackdriver alerting console.

Navigate to the Activity page in the Home section. Set category to Data Access and search for Create VM entry.

In the logging section of the console, specify GCE Network as the logging section. Search for the Create Insert entry.

Connect to the GCE instance using project SSH Keys. Identify previous logins in system logs, and match these with the project owners list.

Use the --no-auto-delete flag on all persistent disks and stop the VM.

Use the -auto-delete flag on all persistent disks and terminate the VM.

Apply VM CPU utilization label and include it in the BigQuery billing export.

Use Google BigQuery billing export and labels to associate cost to groups.

Store all state into local SSD, snapshot the persistent disks, and terminate the VM.

Store all state in Google Cloud Storage, snapshot the persistent disks, and terminate the VM.

Create CPU Utilization and Request Latency as service level indicators.

Create GKE CPU Utilization and Memory Utilization as service level indicators.

Create Request Latency and Error Rate as service level indicators.

Create Server Uptime and Error Rate as service level indicators.

Configure Workload Identity and service accounts to be used by the application platform.

Use Kubernetes Secrets, which are obfuscated by default. Configure these Secrets to be used by the

application platform.

Configure Kubernetes Secrets to store the secret, enable Application-Layer Secrets Encryption, and use

Cloud Key Management Service (Cloud KMS) to manage the encryption keys. Configure these Secrets to

be used by the application platform.

Configure HashiCorp Vault on Compute Engine, and use customer managed encryption keys and Cloud

Key Management Service (Cloud KMS) to manage the encryption keys. Configure these Secrets to be used

by the application platform.

Cloud Bigtable

Cloud Spanner

BigQuery

Cloud Datastore

Deploy failure injection software to the game analytics platform that can inject additional latency to mobile client analytics traffic.

Build a test client that can be run from a mobile phone emulator on a Compute Engine virtual machine, and run multiple copies in Google Cloud Platform regions all over the world to generate realistic traffic.

Add the ability to introduce a random amount of delay before beginning to process analytics files uploaded from mobile devices.

Create an opt-in beta of the game that runs on players' mobile devices and collects response times from analytics endpoints running in Google Cloud Platform regions all over the world.

Upload your mobile app to the Firebase Test Lab, and test the mobile app on Android and iOS devices.

Create Android and iOS VMs on Google Cloud, install the mobile app on the VMs, and test the mobile app.

Create Android and iOS containers on Google Kubernetes Engine (GKE), install the mobile app on the

containers, and test the mobile app.

Upload your mobile app with different configurations to Firebase Hosting and test each configuration.

Create a service account (SA) in the legacy game's Google Cloud project, add this SA in the new game's IAM page, and then give it the Firebase Admin role in both projects

Create a service account (SA) in the legacy game's Google Cloud project, add a second SA in the new game's IAM page, and then give the Organization Admin role to both SAs

Create a service account (SA) in the legacy game's Google Cloud project, give it the Firebase Admin role, and then migrate the new game to the legacy game's project.

Create a service account (SA) in the lgacy game's Google Cloud project, give the SA the Organization Admin rule and then give it the Firebase Admin role in both projects

Use gsutil to batch move files in sequence.

Use gsutil to batch copy the files in parallel.

Use gsutil to extract the files as the first part of ETL.

Use gsutil to load the files as the last part of ETL.

Use Cloud SQL for time series data, and use Cloud Bigtable for historical data queries.

Use Cloud SQL to replace MySQL, and use Cloud Spanner for historical data queries.

Use Cloud Bigtable to replace MySQL, and use BigQuery for historical data queries.

Use Cloud Bigtable for time series data, use Cloud Spanner for transactional data, and use BigQuery for historical data queries.

Create an instance template for the backend. For every region, deploy it on a multi-zone managed instance group. Use an L4 load balancer.

Create an instance template for the backend. For every region, deploy it on a single-zone managed instance group. Use an L4 load balancer.

Create an instance template for the backend. For every region, deploy it on a multi-zone managed instance group. Use an L7 load balancer.

Create an instance template for the backend. For every region, deploy it on a single-zone managed instance group. Use an L7 load balancer.

Use regional managed instance groups and a global load balancer to increase performance because the

regional managed instance group can grow instances in each region separately based on traffic.

Use a global load balancer with a set of virtual machines that forward the requests to a closer group of

virtual machines managed by your operations team.

Use regional managed instance groups and a global load balancer to increase reliability by providing

automatic failover between zones in different regions.

Use a global load balancer with a set of virtual machines that forward the requests to a closer group of

virtual machines as part of a separate managed instance groups.

Create a dump of the on-premises MySQL master server, and then shut it down, upload it to the cloud environment, and load into a new MySQL cluster.

Setup a MySQL replica server/slave in the cloud environment, and configure it for asynchronous replication from the MySQL master server on-premises until cutover.

Create a new MySQL cluster in the cloud, configure applications to begin writing to both on-premises and cloud MySQL masters, and destroy the original cluster at cutover.

Create a dump of the MySQL replica server into the cloud environment, load it into: Google Cloud Datastore, and configure applications to read/write to Cloud Datastore at cutover.

Grant the operations engineers access to use Google Cloud Shell.

Configure a VPN connection to GCP to allow SSH access to the cloud VMs.

Develop a new access request process that grants temporary SSH access to cloud VMs when an operations engineer needs to perform a task.

Have the development team build an API service that allows the operations team to execute specific remote procedure calls to accomplish their tasks.

Perform a mapping of the on-premises physical hardware cores and RAM to the nearest machine types in the cloud.

Recommend that Dress4Win deploy application servers to machine types that offer the highest RAM to CPU ratio available.

Recommend that Dress4Win deploy into production with the smallest instances available, monitor them over time, and scale the machine type up until the desired performance is reached.

Identify the number of virtual cores and RAM associated with the application server virtual machines align them to a custom machine type in the cloud, monitor performance, and scale the machine types up until the desired performance is reached.

They should run the end to end tests in the cloud staging environment to determine if the code is working as

intended.

They should enable google stack driver debugger on the application code to show errors in the code

They should add additional unit tests and production scale load tests on their cloud staging environment.

They should add canary tests so developers can measure how much of an impact the new release causes to latency

Store image files in a Google Cloud Storage bucket. Use Google Cloud Datastore to maintain metadata that maps each customer's ID and their image files.

Store image files in a Google Cloud Storage bucket. Add custom metadata to the uploaded images in Cloud Storage that contains the customer's unique ID.

Use a distributed file system to store customers' images. As storage needs increase, add more persistent disks and/or nodes. Assign each customer a unique ID, which sets each file's owner attribute, ensuring privacy of images.

Use a distributed file system to store customers' images. As storage needs increase, add more persistent disks and/or nodes. Use a Google Cloud SQL database to maintain metadata that maps each customer's ID to their image files.

Install the Stackdriver agent on all of the legacy web servers.

In the Cloud Platform Console download the list of the uptime servers' IP addresses and create an inbound firewall rule

Configure their load balancer to pass through the User-Agent HTTP header when the value matches GoogleStackdriverMonitoring-UptimeChecks (https://cloud.google.com/monitoring)

Configure their legacy web servers to allow requests that contain user-Agent HTTP header when the value matches GoogleStackdriverMonitoring— UptimeChecks (https://cloud.google.com/monitoring)

Logging, Alerts, Insights, Debug

Monitoring, Trace, Debug, Logging

Monitoring, Logging, Alerts, Error Reporting

Monitoring, Logging, Debug, Error Report

They should enable Google Stackdriver Debugger on the application code to show errors in the code.

They should add additional unit tests and production scale load tests on their cloud staging environment.

They should run the end-to-end tests in the cloud staging environment to determine if the code is working as intended.

They should add canary tests so developers can measure how much of an impact the new release causes to latency.

Migrate from CSV to binary format, migrate from FTP to SFTP transport, and develop machine learning analysis of metrics.

Migrate from FTP to streaming transport, migrate from CSV to binary format, and develop machine learning analysis of metrics.

Increase fleet cellular connectivity to 80%, migrate from FTP to streaming transport, and develop machine learning analysis of metrics.

Migrate from FTP to SFTP transport, develop machine learning analysis of metrics, and increase dealer local inventory by a fixed factor.

Use one Google Container Engine cluster of FTP servers. Save the data to a Multi-Regional bucket. Run the ETL process using data in the bucket.

Use multiple Google Container Engine clusters running FTP servers located in different regions. Save the data to Multi-Regional buckets in us, eu, and asia. Run the ETL process using the data in the bucket.

Directly transfer the files to different Google Cloud Multi-Regional Storage bucket locations in us, eu, and asia using Google APIs over HTTP(S). Run the ETL process using the data in the bucket.

Directly transfer the files to a different Google Cloud Regional Storage bucket location in us, eu, and asia using Google APIs over HTTP(S). Run the ETL process to retrieve the data from each Regional bucket.

Have the vehicle’ computer compress the data in hourly snapshots, and store it in a Google Cloud storage (GCS) Nearline bucket.

Push the telemetry data in Real-time to a streaming dataflow job that compresses the data, and store it in Google BigQuery.

Push the telemetry data in real-time to a streaming dataflow job that compresses the data, and store it in Cloud Bigtable.

Have the vehicle's computer compress the data in hourly snapshots, a Store it in a GCS Coldline bucket.

Option A

Option B

Option C

Option D

A single VPN tunnel, which limits throughput

A tier of Google Cloud Storage that is not suited for this task

A copy command that is not suited to operate over long distances

Fewer virtual machines (VMs) in GCP than on-premises machines

A separate storage layer outside the VMs, which is not suited for this task

Complicated internet connectivity between the on-premises infrastructure and GCP

Set up Cloud Tasks and a Cloud Storage bucket that triggers a Cloud Function.

Set up a Cloud Logging sink and a Cloud Storage bucket that triggers a Cloud Function.

Configure the deployment job to notify a Pub/Sub queue that triggers a Cloud Function.

Set up Identity and Access Management (IAM) and Confidential Computing to trigger a Cloud Function.

glouc compute firewall rules update hlr-policy \

--priority 1000 \

target tags-sourceiplist fastly \

--allow tcp:443

gcloud compute security policies rules update 1000 \

--security-policy hlr-policy \

--expression "evaluatePreconfiguredExpr('sourceiplist-fastly')" \

--action " allow"

gcloud compute firewall rules update

sourceiplist-fastly \

priority 1000 \

allow tcp: 443

gcloud compute priority-policies rules update

1000 \

security policy from fastly

--src- ip-ranges"

-- action " allow"

Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs).

Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs.

Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs

Deploy a custom authentication service on GCE/Google Container Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the VMs.

Error rates for requests from Asia

Latency difference between US and Asia

Total visits, error rates, and latency from Asia

Total visits and average latency for users in Asia

The number of character sets present in the database

Treat every micro service call between modules on the vehicle as untrusted.

Require IPv6 for connectivity to ensure a secure address space.

Use a trusted platform module (TPM) and verify firmware and binaries on boot.

Use a functional programming language to isolate code execution cycles.

Use multiple connectivity subsystems for redundancy.

Enclose the vehicle's drive electronics in a Faraday cage to isolate chips.

Cloud Spanner

Google BigQuery

Google Cloud SQL

Google Cloud Datastore

Delete the virtual machine (VM) and disks and create a new one.

Delete the instance, attach the disk to a new VM, and investigate.

Take a snapshot of the disk and connect to a new machine to investigate.

Check inbound firewall rules for the network the machine is connected to.

Connect the machine to another network with very simple firewall rules and investigate.

Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate.

Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application.

Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications.

Create a single G Suite account to manage users with each stage of each application in its own project.

Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment.

Opex/capex allocation, LAN changes, capacity planning

Capacity planning, TCO calculations, opex/capex allocation

Capacity planning, utilization measurement, data center expansion

Data Center expansion, TCO calculations, utilization measurement

Use Google App Engine with Google Cloud Endpoints. Focus on an API for dealers and partners.

Use Google App Engine with a JAX-RS Jersey Java-based framework. Focus on an API for the public.

Use Google App Engine with the Swagger (open API Specification) framework. Focus on an API for the public.

Use Google Container Engine with a Django Python container. Focus on an API for the public.

Use Google Container Engine with a Tomcat container with the Swagger (Open API Specification) framework. Focus on an API for dealers and partners.

Move all the data into 1 zone, then launch a Cloud Dataproc cluster to run the job.

Move all the data into 1 region, then launch a Google Cloud Dataproc cluster to run the job.

Launch a cluster in each region to preprocess and compress the raw data, then move the data into a multi region bucket and use a Dataproc cluster to finish the job.

Launch a cluster in each region to preprocess and compress the raw data, then move the data into a region bucket and use a Cloud Dataproc cluster to finish the jo

Vehicles write data directly to GCS.

Vehicles write data directly to Google Cloud Pub/Sub.

Vehicles stream data directly to Google BigQuery.

Vehicles continue to write data using the existing system (FTP).

Use BigQuery as the data warehouse. Connect all vehicles to the network and stream data into BigQuery using Cloud Pub/Sub and Cloud Dataflow. Use Google Data Studio for analysis and reporting.

Use BigQuery as the data warehouse. Connect all vehicles to the network and upload gzip files to a Multi-Regional Cloud Storage bucket using gcloud. Use Google Data Studio for analysis and reporting.

Use Cloud Dataproc Hive as the data warehouse. Upload gzip files to a MultiRegional Cloud Storage

bucket. Upload this data into BigQuery using gcloud. Use Google data Studio for analysis and reporting.

Use Cloud Dataproc Hive as the data warehouse. Directly stream data into prtitioned Hive tables. Use Pig scripts to analyze data.

Request Transfer Appliances from Google Cloud, export the data to appliances, and return the appliances to Google Cloud.

Configure the Storage Transfer service from Google Cloud to send the data from your data center to Cloud Storage

Make sure there are no other users consuming the 1 Gbps link, and use multi-thread transfer to upload the data to Cloud Storage.

Export files to an encrypted USB device, send the device to Google Cloud, and request an import of the data to Cloud Storage

Deploy Cloud Run services to multiple availability zones. Create Cloud Endpoints that point to the services. Create a global HTIP(S) Load Balancing instance and attach the Cloud Endpoints to its backend.

Deploy Cloud Run services to multiple regions Create serverless network endpoint groups pointing to the services. Add the serverless NE Gs to a backend service that is used by a global HTIP(S) Load Balancing instance.

Cloud Run services to multiple regions. In Cloud DNS, create a latency-based DNS name that points to the services.

Deploy Cloud Run services to multiple availability zones. Create a TCP/IP global load balancer. Add the Cloud Run Endpoints to its backend service.

Create a Cloud Storage lifecycle rule with Age: “30”, Storage Class: “Standard”, and Action: “Set to Coldline”, and create a second GCS life-cycle rule with Age: “365”, Storage Class: “Coldline”, and Action: “Delete”.

Create a Cloud Storage lifecycle rule with Age: “30”, Storage Class: “Coldline”, and Action: “Set to Nearline”, and create a second GCS life-cycle rule with Age: “91”, Storage Class: “Coldline”, and Action: “Set to Nearline”.

Create a Cloud Storage lifecycle rule with Age: “90”, Storage Class: “Standard”, and Action: “Set to Nearline”, and create a second GCS life-cycle rule with Age: “91”, Storage Class: “Nearline”, and Action: “Set to Coldline”.

Create a Cloud Storage lifecycle rule with Age: “30”, Storage Class: “Standard”, and Action: “Set to Coldline”, and create a second GCS life-cycle rule with Age: “365”, Storage Class: “Nearline”, and Action: “Delete”.

Google Kubernetes Engine with an SSL Ingress

Cloud IoT Core with public/private key pairs

Compute Engine with project-wide SSH keys

Compute Engine with specific SSH keys

Create a scheduled job in Cloud Run to invoke a container every minute. The container will check the application URL If the application is down, switch the URL to the "Site is unavailable" page, and notify the Ops team.

Create a cron job on a Compute Engine VM that runs every minute. The cron job invokes a Python program to check the application URL If the application is down, switch the URL to the "Site is unavailable" page, and notify the Ops team.

Create a Cloud Monitoring uptime check to validate the application URL If it fails, put a message in a Pub/Sub queue that triggers a Cloud Function to switch the URL to the "Site is unavailable" page, and notify the Ops team.

Use Cloud Error Reporting to check the application URL If the application is down, switch the URL to the "Site is unavailable" page, and notify the Ops team.

Create a token and pass it in as an environment variable to func_display. When invoking func_query, include the token in the request Pass the same token to func _query and reject the invocation if the tokens are different.

Make func_query 'Require authentication.' Create a unique service account and associate it to func_display. Grant the service account invoker role for func_query. Create an id token in func_display and include the token to the request when invoking func_query.

Make func _query 'Require authentication' and only accept internal traffic. Create those two functions in the same VPC. Create an ingress firewall rule for func_query to only allow traffic from func_display.

Create those two functions in the same project and VPC. Make func_query only accept internal traffic. Create an ingress firewall for func_query to only allow traffic from func_display. Also, make sure both functions use the same service account.

Replace the existing data warehouse with BigQuery. Use table partitioning.

Replace the existing data warehouse with a Compute Engine instance with 96 CPUs.

Replace the existing data warehouse with BigQuery. Use federated data sources.

Replace the existing data warehouse with a Compute Engine instance with 96 CPUs. Add an additional Compute Engine pre-emptible instance with 32 CPUs.

Set up a streaming Cloud Dataflow job, receiving data by the ingestion process. Clean the data in a Cloud Dataflow pipeline.

Create a Cloud Function that reads data from BigQuery and cleans it. Trigger it. Trigger the Cloud Function from a Compute Engine instance.

Create a SQL statement on the data in BigQuery, and save it as a view. Run the view daily, and save the result to a new table.

Use Cloud Dataprep and configure the BigQuery tables as the source. Schedule a daily job to clean the data.

Create a project for development and test and another for staging and production.

Create a network for development and test and another for staging and production.

Create one subnetwork for development and another for staging and production.

Create one project for development, a second for staging and a third for production.

Verify that the database is online.

Verify that the project quota hasn't been exceeded.

Verify that the new feature code did not introduce any performance bugs.

Verify that the load-testing team is not running their tool against production.

Container Engine, Cloud Pub/Sub, and Cloud SQL

Cloud Dataflow, Cloud Storage, Cloud Pub/Sub, and BigQuery

Cloud SQL, Cloud Storage, Cloud Pub/Sub, and Cloud Dataflow

Cloud Dataproc, Cloud Pub/Sub, Cloud SQL, and Cloud Dataflow

Cloud Pub/Sub, Compute Engine, Cloud Storage, and Cloud Dataproc

Create a scalable environment in GCP for simulating production load.

Use the existing infrastructure to test the GCP-based backend at scale.

Build stress tests into each component of your application using resources internal to GCP to simulate load.

Create a set of static environments in GCP to test different levels of load — for example, high, medium, and low.

Tests should scale well beyond the prior approaches.

Unit tests are no longer required, only end-to-end tests.

Tests should be applied after the release is in the production environment.

Tests should include directly testing the Google Cloud Platform (GCP) infrastructure.

Google Cloud Storage, Google Cloud Dataflow, Google Compute Engine

Google Cloud Storage, Google App Engine, Google Network Load Balancer

Google Kubernetes Registry, Google Container Engine, Google HTTP(S) Load Balancer

Google Cloud Functions, Google Cloud Pub/Sub, Google Cloud Deployment Manager

Increase the Pub/Sub Total Timeout retry value.

Move from a Pub/Sub subscriber pull model to a push model.

Turn off Pub/Sub message batching.

Create a backup Pub/Sub message queue.

Configure two Partner Interconnect connections in one metro (City), and make sure the Interconnect connections are placed in different metro zones.

Configure two VPN connections from on-premises to Google Cloud, and make sure the VPN devices on-premises are in separate racks.

Configure Direct Peering between EHR Healthcare and Google Cloud, and make sure you are peering at least two Google locations.

Configure two Dedicated Interconnect connections in one metro (City) and two connections in another metro, and make sure the Interconnect connections are placed in different metro zones.

Use a private cluster with a private endpoint with master authorized networks configured.

Use a public cluster with firewall rules and Virtual Private Cloud (VPC) routes.

Use a private cluster with a public endpoint with master authorized networks configured.

Use a public cluster with master authorized networks enabled and firewall rules.

Migrate the web application layer to App Engine, and MySQL to Cloud Datastore, and NAS to Cloud Storage. Deploy RabbitMQ, and deploy Hadoop servers using Deployment Manager.

Migrate RabbitMQ to Cloud Pub/Sub, Hadoop to BigQuery, and NAS to Compute Engine with Persistent Disk storage. Deploy Tomcat, and deploy Nginx using Deployment Manager.

Implement managed instance groups for Tomcat and Nginx. Migrate MySQL to Cloud SQL, RabbitMQ to Cloud Pub/Sub, Hadoop to Cloud Dataproc, and NAS to Compute Engine with Persistent Disk storage.

Implement managed instance groups for the Tomcat and Nginx. Migrate MySQL to Cloud SQL, RabbitMQ to Cloud Pub/Sub, Hadoop to Cloud Dataproc, and NAS to Cloud Storage.

Replace RabbitMQ with Google Pub/Sub.

Downgrade MySQL to v5.7, which is supported by Cloud SQL for MySQL.

Resize compute resources to match predefined Compute Engine machine types.

Containerize the micro services and host them in Google Kubernetes Engine.

Deploy Nginx and Tomcat using Cloud Deployment Manager to Compute Engine. Deploy a Cloud SQL server to replace MySQL. Deploy Jenkins using Cloud Deployment Manager.

Deploy Nginx and Tomcat using Cloud Launcher. Deploy a MySQL server using Cloud Launcher. Deploy Jenkins to Compute Engine using Cloud Deployment Manager scripts.

Migrate Nginx and Tomcat to App Engine. Deploy a Cloud Datastore server to replace the MySQL server in a high-availability configuration. Deploy Jenkins to Compute Engine using Cloud Launcher.

Migrate Nginx and Tomcat to App Engine. Deploy a MySQL server using Cloud Launcher. Deploy Jenkins to Compute Engine using Cloud Launcher.

Assign custom IAM roles to the Google Groups you created in order to enforce security requirements.

Encrypt data with a customer-supplied encryption key when storing files in Cloud Storage.

Assign custom IAM roles to the Google Groups you created in order to enforce security requirements.

Enable default storage encryption before storing files in Cloud Storage.

Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements.

Utilize Google’s default encryption at rest when storing files in Cloud Storage.

Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Ensure that the default Cloud KMS key is set before storing files in Cloud Storage.

Web applications deployed using App Engine standard environment

RabbitMQ deployed using an unmanaged instance group

Hadoop/Spark deployed using Cloud Dataproc Regional in High Availability mode

Jenkins, monitoring, bastion hosts, security scanners services deployed on custom machine types

Use Stackdriver Trace to create a trace list analysis.

Use Stackdriver Monitoring to create a dashboard on the project’s activity.

Enable Cloud Identity-Aware Proxy in all projects, and add the group of Administrators as a member.

Use the Activity page in the GCP Console and Stackdriver Logging to provide the required insight.