GCP Dump Questions

1) Every employee of your company has a Google account.
Your operational team

needs to manage a large number of instances on Compute Engine. Each member of
this team needs only administrative access to the servers. Your security team wants to
ensure that the deployment of credentials is operationally efficient and must be able to
determine who accessed a given instance. What should you do?
a. .Generate a new SSH key pair. Give the private key to each member of your
team. Configure the public key in the metadata of each instance.
b.Ask each member of the team to generate a new SSH key pair and to send you
their public key. Use a configuration management tool to deploy those keys on each
instance.
c.Ask each member of the team to generate a new SSH key pair and to add
the public key to their Google account. Grant the ‫ג‬€compute.osAdminLogin‫ג‬€
role to the Google group corresponding to this team.
d.Generate a new SSH key pair. Give the private key to each member of your
team. Configure the public key as a project-wide public SSH key in your Cloud Platform
project and allow project-wide public SSH keys on each instance.
2) You need to create a custom VPC with a single subnet. The subnet‫ג‬€™s range must
be as large as possible. Which range should you use?
1. 0.0.0.0/0
2. 10.0.0.0/8
3. 172.16.0.0/12
4. 192.168.0.0/16
3) You want to select and configure a cost-effective solution for relational data on
Google Cloud Platform. You are working with a small set of operational data in one
geographic location. You need to support point-in-time recovery. What should you do?
A. Select Cloud SQL (MySQL). Verify that the enable binary logging option is
selected.
B. Select Cloud SQL (MySQL). Select the create failover replicas option.
C. Select Cloud Spanner. Set up your instance with 2 nodes.
D. Select Cloud Spanner. Set up your instance as multi-regional.

4) You want to configure autohealing for network load balancing for a group of Compute
Engine instances that run in multiple zones, using the fewest possible steps.
You need to configure re-creation of VMs if they are unresponsive after 3 attempts of 10
seconds each. What should you do?
 A. Create an HTTP load balancer with a backend configuration that references an

existing instance group. Set the health check to healthy (HTTP)
 B. Create an HTTP load balancer with a backend configuration that references an
existing instance group. Define a balancing mode and set the maximum RPS to 10.
 C. Create a managed instance group. Set the Autohealing health check to healthy
(HTTP)
 D. Create a managed instance group. Verify that the autoscaling setting is on.
5) You are using multiple configurations for gcloud. You want to review the configured
Kubernetes Engine cluster of an inactive configuration using the fewest possible steps.
What should you do?
 A. Use gcloud config configurations describe to review the output.

 B. Use gcloud config configurations activate and gcloud config list to review the output.
 C. Use kubectl config get-contexts to review the output.
 D. Use kubectl config use-context and kubectl config view to review the output.
6) Your company uses Cloud Storage to store application backup files for disaster
recovery purposes. You want to follow Google‫ג‬€™s recommended practices. Which
storage option should you use?
 A. Multi-Regional Storage
 B. Regional Storage
 C. Nearline Storage
 D. Coldline Storage
7) Several employees at your company have been creating projects with Cloud Platform
and paying for it with their personal credit cards, which the company reimburses. The
company wants to centralize all these projects under a single, new billing account. What
should you do?
 A. Contact cloud-billing@google.com with your bank account details and request a

corporate billing account for your company.
 B. Create a ticket with Google Support and wait for their call to share your credit card
details over the phone.
 C. In the Google Platform Console, go to the Resource Manage and move all projects to
the root Organizarion.
 D. In the Google Cloud Platform Console, create a new billing account and set up
a payment method.
8) You have an application that looks for its licensing server on the IP 10.0.3.21. You
need to deploy the licensing server on Compute Engine. You do not want to change the
configuration of the application and want the application to be able to reach the
licensing server. What should you do?
 A. Reserve the IP 10.0.3.21 as a static internal IP address using gcloud and assign
it to the licensing server.
 B. Reserve the IP 10.0.3.21 as a static public IP address using gcloud and assign it to
the licensing server.
 C. Use the IP 10.0.3.21 as a custom ephemeral IP address and assign it to the licensing
server.
 D. Start the licensing server with an automatic ephemeral IP address, and then promote
it to a static internal IP address.
9) You are deploying an application to App Engine. You want the number of instances
to scale based on request rate. You need at least 3 unoccupied instances at all times.
Which scaling type should you use?
 A. Manual Scaling with 3 instances.

 B. Basic Scaling with min_instances set to 3.
 C. Basic Scaling with max_instances set to 3.
 D. Automatic Scaling with min_idle_instances set to 3.
10) You have a development project with appropriate IAM roles defined. You are
creating a production project and want to have the same IAM roles on the new project,
using the fewest possible steps. What should you do?
 A. Use gcloud iam roles copy and specify the production project as the
destination project.
 B. Use gcloud iam roles copy and specify your organization as the destination
organization.
 C. In the Google Cloud Platform Console, use the create role from role functionality.
 D. In the Google Cloud Platform Console, use the create role functionality and select all
applicable permissions.
11) You need a dynamic way of provisioning VMs on Compute Engine. The exact
specifications will be in a dedicated configuration file. You want to follow Googles
recommended practices. Which method should you use?
 A. Deployment Manager
 B. Cloud Composer
 C. Managed Instance Group
 D. Unmanaged Instance Group
12) You have a Dockerfile that you need to deploy on Kubernetes Engine. What should
you do?
 A. Use kubectl app deploy <dockerfilename>.

 B. Use gcloud app deploy <dockerfilename>.
 C. Create a docker image from the Dockerfile and upload it to Container Registry.
Create a Deployment YAML file to point to that image. Use kubectl to create the
deployment with that file.
 D. Create a docker image from the Dockerfile and upload it to Cloud Storage. Create a
Deployment YAML file to point to that image. Use kubectl to create the deployment with
that file.
13) Your development team needs a new Jenkins server for their project. You need to
deploy the server using the fewest steps possible. What should you do?
 A. Download and deploy the Jenkins Java WAR to App Engine Standard.
 B. Create a new Compute Engine instance and install Jenkins through the command
line interface.
 C. Create a Kubernetes cluster on Compute Engine and create a deployment with the
Jenkins Docker image.
 D. Use GCP Marketplace to launch the Jenkins solution.
14) You need to update a deployment in Deployment Manager without any resource
downtime in the deployment. Which command should you use?
 A. gcloud deployment-manager deployments create --config <deployment-config-path>

 B. gcloud deployment-manager deployments update --config <deployment-
config-path>
 C. gcloud deployment-manager resources create --config <deployment-config-path>
 D. gcloud deployment-manager resources update --config <deployment-config-path>
15) You need to run an important query in BigQuery but expect it to return a lot of
records. You want to find out how much it will cost to run the query. You are using on-
demand pricing. What should you do?
 A. Arrange to switch to Flat-Rate pricing for this query, then move back to on-demand.
 B. Use the command line to run a dry run query to estimate the number of bytes
read. Then convert that bytes estimate to dollars using the Pricing Calculator.
 C. Use the command line to run a dry run query to estimate the number of bytes
returned. Then convert that bytes estimate to dollars using the Pricing Calculator.
 D. Run a select count (*) to get an idea of how many records your query will look
through. Then convert that number of rows to dollars using the Pricing Calculator.
16) You have a single binary application that you want to run on Google Cloud Platform.
You decided to automatically scale the application based on underlying infrastructure
CPU usage. Your organizational policies require you to use virtual machines directly.
You need to ensure that the application scaling is operationally efficient and completed
as quickly as possible. What should you do?
 A. Create a Google Kubernetes Engine cluster, and use horizontal pod autoscaling to
scale the application.
 B. Create an instance template, and use the template in a managed instance
group with autoscaling configured.
 C. Create an instance template, and use the template in a managed instance group that
scales up and down based on the time of day.
 D. Use a set of third-party tools to build automation around scaling the application up
and down, based on Stackdriver CPU usage monitoring.
17) You are analyzing Google Cloud Platform service costs from three separate projects.
You want to use this information to create service cost estimates by service type, daily
and monthly, for the next six months using standard query syntax. What should you do?
 A. Export your bill to a Cloud Storage bucket, and then import into Cloud Bigtable for
analysis.
 B. Export your bill to a Cloud Storage bucket, and then import into Google Sheets for
analysis.
 C. Export your transactions to a local file, and perform analysis with a desktop tool.
 D. Export your bill to a BigQuery dataset, and then write time window-based SQL
queries for analysis.
18) You need to set up a policy so that videos stored in a specific Cloud Storage
Regional bucket are moved to Coldline after 90 days, and then deleted after one year
from their creation. How should you set up the policy?
 A. Use Cloud Storage Object Lifecycle Management using Age conditions with
SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and
the Delete action to 275 days (365 90 "€‫)ג‬
 B. Use Cloud Storage Object Lifecycle Management using Age conditions with
SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days
and the Delete action to 365 days.
 C. Use gsutil rewrite and set the Delete action to 275 days (365-90).
 D. Use gsutil rewrite and set the Delete action to 365 days.
19) You have a Linux VM that must connect to Cloud SQL. You created a service
account with the appropriate access rights. You want to make sure that the VM uses
this service account instead of the default Compute Engine service account. What
should you do?
 A. When creating the VM via the web console, specify the service account under
the ‫ג‬€˜Identity and API Access‫ג‬€™ section.
 B. Download a JSON Private Key for the service account. On the Project Metadata, add
that JSON as the value for the key compute-engine-service- account.
 C. Download a JSON Private Key for the service account. On the Custom Metadata of
the VM, add that JSON as the value for the key compute-engine- service-account.
 D. Download a JSON Private Key for the service account. After creating the VM, ssh
into the VM and save the JSON under ~/.gcloud/compute-engine-service- account.json.
20) You created an instance of SQL Server 2017 on Compute Engine to test features in
the new version. You want to connect to this instance using the fewest number of steps.
What should you do?
 A. Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists.
 B. Install a RDP client in your desktop. Set a Windows username and password in
the GCP Console. Use the credentials to log in to the instance.
 C. Set a Windows password in the GCP Console. Verify that a firewall rule for port 22
exists. Click the RDP button in the GCP Console and supply the credentials to log in.
 D. Set a Windows username and password in the GCP Console. Verify that a firewall
rule for port 3389 exists. Click the RDP button in the GCP Console, and supply the
credentials to log in.
21) You have one GCP account running in your default region and zone and another
account running in a non-default region and zone. You want to start a new
Compute Engine instance in these two Google Cloud Platform accounts using the
command line interface. What should you do?
 A. Create two configurations using gcloud config configurations create [NAME].

Run gcloud config configurations activate [NAME] to switch between accounts
when running the commands to start the Compute Engine instances.
 B. Create two configurations using gcloud config configurations create [NAME]. Run
gcloud configurations list to start the Compute Engine instances.
 C. Activate two configurations using gcloud configurations activate [NAME]. Run gcloud
config list to start the Compute Engine instances.
 D. Activate two configurations using gcloud configurations activate [NAME]. Run gcloud
configurations list to start the Compute Engine instances.
22) You significantly changed a complex Deployment Manager template and want to
confirm that the dependencies of all defined resources are properly met before
committing it to the project. You want the most rapid feedback on your changes. What
should you do?
 A. Use granular logging statements within a Deployment Manager template authored in

Python.
 B. Monitor activity of the Deployment Manager execution on the Stackdriver Logging
page of the GCP Console.
 C. Execute the Deployment Manager template against a separate project with the same
configuration, and monitor for failures.
 D. Execute the Deployment Manager template using the ‫ג‬€"-preview option in the
same project, and observe the state of interdependent resources.
23) You are building a pipeline to process time-series data. Which Google Cloud
Platform services should you put in boxes 1,2,3, and 4?
 A. Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery

 B. Firebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery
 C. Cloud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable
 D. Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery
24) You have a project for your App Engine application that serves a development
environment. The required testing has succeeded and you want to create a new project
to serve as your production environment. What should you do?
 A. Use gcloud to create the new project, and then deploy your application to the
new project.
 B. Use gcloud to create the new project and to copy the deployed application to the new
project.
 C. Create a Deployment Manager configuration file that copies the current App Engine
deployment into a new project.
 D. Deploy your application again using gcloud and specify the project parameter with
the new project name to create the new project.
25) You need to configure IAM access audit logging in BigQuery for external auditors.
You want to follow Google-recommended practices. What should you do?
 A. Add the auditors group to the ‫ג‬€˜logging.viewer‫ג‬€™ and

‫ג‬€˜bigQuery.dataViewer‫ג‬€™ predefined IAM roles.
 B. Add the auditors group to two new custom IAM roles.
 C. Add the auditor user accounts to the ‫ג‬€˜logging.viewer‫ג‬€™ and
‫ג‬€˜bigQuery.dataViewer‫ג‬€™ predefined IAM roles.
 D. Add the auditor user accounts to two new custom IAM roles.
26) You need to set up permissions for a set of Compute Engine instances to enable
them to write data into a particular Cloud Storage bucket. You want to follow
Google-recommended practices. What should you do?
 A. Create a service account with an access scope. Use the access scope
‫ג‬€˜https://www.googleapis.com/auth/devstorage.write_only‫ג‬€™.
 B. Create a service account with an access scope. Use the access scope
‫ג‬€˜https://www.googleapis.com/auth/cloud-platform‫ג‬€™.
 C. Create a service account and add it to the IAM role
‫ג‬€˜storage.objectCreator‫ג‬€™ for that bucket.
 D. Create a service account and add it to the IAM role ‫ג‬€˜storage.objectAdmin‫ג‬€™ for
that bucket.
27) You have sensitive data stored in three Cloud Storage buckets and have enabled
data access logging. You want to verify activities for a particular user for these buckets,
using the fewest possible steps. You need to verify the addition of metadata labels and
which files have been viewed from those buckets. What should you do?
 A. Using the GCP Console, filter the Activity log to view the information.
 B. Using the GCP Console, filter the Stackdriver log to view the information.
 C. View the bucket in the Storage section of the GCP Console.
 D. Create a trace in Stackdriver to view the information.
28) You are the project owner of a GCP project and want to delegate control to
colleagues to manage buckets and files in Cloud Storage. You want to follow Google-
recommended practices. Which IAM roles should you grant your colleagues?
 A. Project Editor
 B. Storage Admin
 C. Storage Object Admin
 D. Storage Object Creator
29) you have an object in a Cloud Storage bucket that you want to share with an
external company. The object contains sensitive data. You want access to the content
to be removed after four hours. The external company does not have a Google account
to which you can grant specific user-based access privileges. You want to use the most
secure method that requires the fewest steps. What should you do?
 A. Create a signed URL with a four-hour expiration and share the URL with the
company.
 B. Set object access to ‫ג‬€˜public‫ג‬€™ and use object lifecycle management to remove
the object after four hours.
 C. Configure the storage bucket as a static website and furnish the object‫ג‬€™s URL to
the company. Delete the object from the storage bucket after four hours.
 D. Create a new Cloud Storage bucket specifically for the external company to access.
Copy the object to that bucket. Delete the bucket after four hours have passed.
30) You are creating a Google Kubernetes Engine (GKE) cluster with a cluster
autoscaler feature enabled. You need to make sure that each node of the cluster will
run a monitoring pod that sends container metrics to a third-party monitoring solution.
What should you do?
 A. Deploy the monitoring pod in a StatefulSet object.

 B. Deploy the monitoring pod in a DaemonSet object.
 C. Reference the monitoring pod in a Deployment object.
 D. Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.
31) You want to send and consume Cloud Pub/Sub messages from your App Engine
application. The Cloud Pub/Sub API is currently disabled. You will use a service
account to authenticate your application to the API. You want to make sure your
application can use Cloud Pub/Sub. What should you do?
 A. Enable the Cloud Pub/Sub API in the API Library on the GCP Console.
 B. Rely on the automatic enablement of the Cloud Pub/Sub API when the Service
Account accesses it.
 C. Use Deployment Manager to deploy your application. Rely on the automatic
enablement of all APIs used by the application being deployed.
 D. Grant the App Engine Default service account the role of Cloud Pub/Sub Admin.
Have your application enable the API on the first connection to Cloud Pub/ Sub.
32) You need to monitor resources that are distributed over different projects in Google
Cloud Platform. You want to consolidate reporting under the same Stackdriver
Monitoring dashboard. What should you do?
 A. Use Shared VPC to connect all projects, and link Stackdriver to one of the projects.
 B. For each project, create a Stackdriver account. In each project, create a service
account for that project and grant it the role of Stackdriver Account Editor in all other
projects.
 C. Configure a single Stackdriver account, and link all projects to the same
account.
 D. Configure a single Stackdriver account for one of the projects. In Stackdriver, create
a Group and add the other project names as criteria for that Group.
33) You are deploying an application to a Compute Engine VM in a managed instance

group. The application must be running at all times, but only a single instance of the VM
should run per GCP project. How should you configure the instance group?
 A. Set autoscaling to On, set the minimum number of instances to 1, and then set
the maximum number of instances to 1.
 B. Set autoscaling to Off, set the minimum number of instances to 1, and then set the
maximum number of instances to 1.
 C. Set autoscaling to On, set the minimum number of instances to 1, and then set the
 D. Set autoscaling to Off, set the minimum number of instances to 1, and then set the
34) You want to verify the IAM users and roles assigned within a GCP project named
my-project. What should you do?
 A. Run gcloud iam roles list. Review the output section.

 B. Run gcloud iam service-accounts list. Review the output section.
 C. Navigate to the project and then to the IAM section in the GCP Console.
Review the members and roles.
 D. Navigate to the project and then to the Roles section in the GCP Console. Review
the roles and status.
35) You need to create a new billing account and then link it with an existing Google
Cloud Platform project. What should you do?
 A. Verify that you are Project Billing Manager for the GCP project. Update the existing
project to link it to the existing billing account.
 B. Verify that you are Project Billing Manager for the GCP project. Create a new
billing account and link the new billing account to the existing project.
 C. Verify that you are Billing Administrator for the billing account. Create a new project
and link the new project to the existing billing account.
 D. Verify that you are Billing Administrator for the billing account. Update the existing
project to link it to the existing billing account.
36) You have one project called proj-sa where you manage all your service accounts.
You want to be able to use a service account from this project to take snapshots of VMs
running in another project called proj-vm. What should you do?
 A. Download the private key from the service account, and add it to each VMs custom
metadata.
 B. Download the private key from the service account, and add the private key to each
VM‫ג‬€™s SSH keys.
 C. Grant the service account the IAM Role of Compute Storage Admin in the project
called proj-vm.
 D. When creating the VMs, set the service account‫ג‬€™s API scope for Compute Engine
to read/write.
37) You created a Google Cloud Platform project with an App Engine application inside
the project. You initially configured the application to be served from the us- central
region. Now you want the application to be served from the asia-northeast1 region.
What should you do?
 A. Change the default region property setting in the existing GCP project to asia-
northeast1.
 B. Change the region property setting in the existing App Engine application from us-
central to asia-northeast1.
 C. Create a second App Engine application in the existing GCP project and
specify asia-northeast1 as the region to serve your application.
 D. Create a new GCP project and create an App Engine application inside this new
project. Specify asia-northeast1 as the region to serve your application.
38) You need to grant access for three users so that they can view and edit table data
on a Cloud Spanner instance. What should you do?
 A. Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to the
role.
 B. Run gcloud iam roles describe roles/spanner.databaseUser. Add the users to a
new group. Add the group to the role.
 C. Run gcloud iam roles describe roles/spanner.viewer - -project my-project. Add the
users to the role.
 D. Run gcloud iam roles describe roles/spanner.viewer - -project my-project. Add the
users to a new group. Add the group to the role.
39) You create a new Google Kubernetes Engine (GKE) cluster and want to make sure
that it always runs a supported and stable version of Kubernetes. What should you do?
 A. Enable the Node Auto-Repair feature for your GKE cluster.

 B. Enable the Node Auto-Upgrades feature for your GKE cluster.
 C. Select the latest available cluster version for your GKE cluster.
 D. Select ‫ג‬€Container-Optimized OS (cos)‫ג‬€ as a node image for your GKE cluster.
40) You have an instance group that you want to load balance. You want the load
balancer to terminate the client SSL session. The instance group is used to serve a
public web application over HTTPS. You want to follow Google-recommended
practices. What should you do?
 A. Configure an HTTP(S) load balancer.

 B. Configure an internal TCP load balancer.
 C. Configure an external SSL proxy load balancer.
 D. Configure an external TCP proxy load balancer.
41) You have 32 GB of data in a single file that you need to upload to a Nearline
Storage bucket. The WAN connection you are using is rated at 1 Gbps, and you are the
only one on the connection. You want to use as much of the rated 1 Gbps as possible to
transfer the file rapidly. How should you upload the file?
 A. Use the GCP Console to transfer the file instead of gsutil.

 B. Enable parallel composite uploads using gsutil on the file transfer.
 C. Decrease the TCP window size on the machine initiating the transfer.
 D. Change the storage class of the bucket from Nearline to Multi-Regional
42) You are running an application on multiple virtual machines within a managed
instance group and have autoscaling enabled. The autoscaling policy is configured so
that additional instances are added to the group if the CPU utilization of instances goes
above 80%. VMs are added until the instance group reaches its maximum limit of five
VMs or until CPU utilization of instances lowers to 80%. The initial delay for HTTP
health checks against the instances is set to 30 seconds.
The virtual machine instances take around three minutes to become available for users.
You observe that when the instance group autoscales, it adds more instances then
necessary to support the levels of end-user traffic. You want to properly maintain
instance group sizes when autoscaling. What should you do?
 A. Set the maximum number of instances to 1.

 B. Decrease the maximum number of instances to 3.
 C. Use a TCP health check instead of an HTTP health check.
 D. Increase the initial delay of the HTTP health check to 200 seconds.
.43) You‫ג‬€™ve deployed a microservice called myapp1 to a Google Kubernetes Engine cluster
using the YAML file specified below:
You need to refactor this configuration so that the database password is not stored in plain text.
You want to follow Google-recommended practices. What should you do?
 A. Store the database password inside the Docker image of the container, not in the
YAML file.
 B. Store the database password inside a Secret object. Modify the YAML file to
populate the DB_PASSWORD environment variable from the Secret.
 C. Store the database password inside a ConfigMap object. Modify the YAML file to
populate the DB_PASSWORD environment variable from the ConfigMap.
 D. Store the database password in a file inside a Kubernetes persistent volume, and
use a persistent volume claim to mount the volume to the container.
44) You need to select and configure compute resources for a set of batch processing
jobs. These jobs take around 2 hours to complete and are run nightly. You want to
minimize service costs. What should you do?
 A. Select Google Kubernetes Engine. Use a single-node cluster with a small instance
type.
 B. Select Google Kubernetes Engine. Use a three-node cluster with micro instance
types.
 C. Select Compute Engine. Use preemptible VM instances of the appropriate
standard machine type.
 D. Select Compute Engine. Use VM instance types that support micro bursting.
45) You recently deployed a new version of an application to App Engine and then
discovered a bug in the release. You need to immediately revert to the prior version of
the application. What should you do?
 A. Run gcloud app restore.

 B. On the App Engine page of the GCP Console, select the application that needs to be
reverted and click Revert.
 C. On the App Engine Versions page of the GCP Console, route 100% of the
traffic to the previous version.
 D. Deploy the original version as a separate application. Then go to App Engine settings
and split traffic between applications so that the original version serves 100% of the
requests.
46) You deployed an App Engine application using gcloud app deploy, but it did not
deploy to the intended project. You want to find out why this happened and where the
application deployed. What should you do?
 A. Check the app.yaml file for your application and check project settings.
 B. Check the web-application.xml file for your application and check project settings.
 C. Go to Deployment Manager and review settings for deployment of applications.
 D. Go to Cloud Shell and run gcloud config list to review the Google Cloud
configuration used for deployment.
47) You want to configure 10 Compute Engine instances for availability when
maintenance occurs. Your requirements state that these instances should attempt to
automatically restart if they crash. Also, the instances should be highly available
including during system maintenance. What should you do?
 A. Create an instance template for the instances. Set the ‫ג‬€Ãutomatic Restart‫ג‬€™
to on. Set the ‫ג‬€Õn-host maintenance‫ג‬€™ to Migrate VM instance. Add the
instance template to an instance group.
 B. Create an instance template for the instances. Set ‫ג‬€Ãutomatic Restart‫ג‬€™ to off. Set
‫ג‬€Õn-host maintenance‫ג‬€™ to Terminate VM instances. Add the instance template to an
instance group.
 C. Create an instance group for the instances. Set the ‫ג‬€Ãutohealing‫ג‬€™ health check to
healthy (HTTP).
 D. Create an instance group for the instance. Verify that the ‫ג‬€Ãdvanced creation
options‫ג‬€™ setting for ‫ג‬€˜do not retry machine creation‫ג‬€™ is set to off.
48) You host a static website on Cloud Storage. Recently, you began to include links to
PDF files on this site. Currently, when users click on the links to these PDF files, their
browsers prompt them to save the file onto their local system. Instead, you want the
clicked PDF files to be displayed within the browser window directly, without prompting
the user to save the file locally. What should you do?
 A. Enable Cloud CDN on the website frontend.

 B. Enable ‫ג‬€˜Share publicly‫ג‬€™ on the PDF file objects.
 C. Set Content-Type metadata to application/pdf on the PDF file objects.
 D. Add a label to the storage bucket with a key of Content-Type and value of
application/pdf.
49) You have a viíľual machine ľhaľ is cuííenľly configuíed wiľh 2 vCPUs and 4 GB of memoíy. Iľ is
íunning ouľ of memoíy. You wanľ ľo upgíade ľhe viíľual machine ľo have 8 GB of memoíy. Whaľ
should you do?
 A. Rely on live migíaľion ľo move ľhe woíkload ľo a machine wiľh moíe memoíy.
 B. Use gcloud ľo add meľadaľa ľo ľhe VM. Seľ ľhe key ľo íequiíed-memoíy-size and ľhe
value ľo 8 GB.
 C. Sľop ľhe VM, change ľhe machine ľype ľo n1-sľandaíd-8, and sľaíľ ľhe VM.
 D. Stop the VM, incíease the memoíy to 8 GB, and staít the VM.
50) You have píoducľion and ľesľ woíkloads ľhaľ you wanľ ľo deploy on Compuľe Engine.
Píoducľion VMs need ľo be in a diffeíenľ subneľ ľhan ľhe ľesľ VMs. All ľhe
VMs musľ be able ľo íeach each oľheí oveí Inľeínal IP wiľhouľ cíeaľing addiľional íouľes. You needľo seľ
up VPC and ľhe 2 subneľs. Which configuíaľion meeľs ľhese íequiíemenľs?
 A. Cíeate a single custom VPC with 2 subnets. Cíeate each subnet in a

diffeíent íegion and with a diffeíent CIDR íange.
 B. Cíeaľe a single cusľom VPC wiľh 2 subneľs. Cíeaľe each subneľ in ľhe same íegion and
wiľh ľhe same CIDR íange.
 C. Cíeaľe 2 cusľom VPCs, each wiľh a single subneľ. Cíeaľe each subneľ in a diffeíenľ
íegion and wiľh a diffeíenľ CIDR íange.
 D. Cíeaľe 2 cusľom VPCs, each wiľh a single subneľ. Cíeaľe each subneľ in ľhe same íegionand
wiľh ľhe same CIDR íange.
51) You need ľo cíeaľe an auľoscaling managed insľance gíoup foí an HľľPS web applicaľion. Youwanľ
ľo make suíe ľhaľ unhealľhy VMs aíe íecíeaľed. Whaľ should you do?
 A. Cíeate a health checfi on poít 443 and use that when cíeating the
Managed Instance Gíoup.
 B. Selecľ Mulľi-Zone insľead of Single-Zone when cíeaľing ľhe Managed Insľance Gíoup.
 C. In ľhe Insľance ľemplaľe, add ľhe label ‫ג‬€˜healľh-check‫ג‬€™.
 D. In ľhe Insľance ľemplaľe, add a sľaíľup scíipľ ľhaľ sends a heaíľbeaľ ľo ľhe meľadaľa
seíveí.
52) Youí company has a Google Cloud Plaľfoím píojecľ ľhaľ uses BigQueíy foí daľa waíehousing.Youí
daľa science ľeam changes fíequenľly and has few membeís.
You need ľo allow membeís of ľhis ľeam ľo peífoím queíies. You wanľ ľo follow Google-íecommended
píacľices. Whaľ should you do?
 A. 1. Cíeaľe an IAM enľíy foí each daľa scienľisľ's useí accounľ. 2. Assign ľhe BigQueíy
jobUseí íole ľo ľhe gíoup.
 B. 1. Cíeaľe an IAM enľíy foí each daľa scienľisľ's useí accounľ. 2. Assign ľhe BigQueíy
daľaVieweí useí íole ľo ľhe gíoup.
 C. 1. Cíeate a dedicated Google gíoup in Cloud Identity. 2. Add each data
scientist's useí account to the gíoup. 3. Assign the BigQueíy jobUseí íole
to the gíoup.
 D. 1. Cíeaľe a dedicaľed Google gíoup in Cloud Idenľiľy. 2. Add each daľa scienľisľ's useí
accounľ ľo ľhe gíoup. 3. Assign ľhe BigQueíy daľaVieweí useí íole ľo ľhe gíoup.
53) Youí company has a 3-ľieí soluľion íunning on Compuľe Engine. ľhe configuíaľion of ľhe
cuííenľ infíasľíucľuíe is shown below.
Each ľieí has a seívice accounľ ľhaľ is associaľed wiľh all insľances wiľhin iľ. You need ľo enable
communicaľion on ľCP poíľ 8080 beľween ľieís as follows:
Insľances in ľieí 1 musľ communicaľe wiľh ľieí 2.
Insľances in ľieí 2 musľ communicaľe wiľh ľieí 3.
Whaľ should you do?
 A. 1. Cíeaľe an ingíess fiíewall íule wiľh ľhe following seľľings: ‫ג‬€¢ ľaígeľs: all insľances‫ג‬€¢
Souíce filľeí: IP íanges (wiľh ľhe íange seľ ľo 10.0.2.0/24) ‫ג‬€¢ Píoľocols: allow all 2. Cíeaľe an
ingíess fiíewall íule wiľh ľhe following seľľings: ‫ג‬€¢ ľaígeľs: all insľances ‫ג‬€¢ Souíce filľeí: IP
íanges (wiľh ľhe íange seľ ľo 10.0.1.0/24) ‫ג‬€¢ Píoľocols: allow all
 B. 1. Cíeate an ingíess fiíewall íule with the following settings: ‫ג‬€¢
ľaígets: all instances with tieí 2 seívice account ‫ג‬€¢ Souíce filteí: all
instances with tieí 1 seívice account ‫ג‬€¢ Píotocols: allow ľCP:8080 2.
Cíeate an ingíess fiíewall íule with the following settings: ‫ג‬€¢ ľaígets: all
instances with tieí 3 seívice account ‫ג‬€¢ Souíce filteí: all instances with
tieí 2 seívice account ‫ג‬€¢ Píotocols: allow ľCP: 8080
 C. 1. Cíeaľe an ingíess fiíewall íule wiľh ľhe following seľľings: ‫ג‬€¢ ľaígeľs: all insľances wiľh
ľieí 2 seívice accounľ ‫ג‬€¢ Souíce filľeí: all insľances wiľh ľieí 1 seívice accounľ ‫ג‬€¢Píoľocols:
allow all 2. Cíeaľe an ingíess fiíewall íule wiľh ľhe following seľľings: ‫ג‬€¢ ľaígeľs: all insľances
wiľh ľieí 3 seívice accounľ ‫ג‬€¢ Souíce filľeí: all insľances wiľh ľieí 2 seívice accounľ ‫ג‬€¢
Píoľocols: allow all
 D. 1. Cíeaľe an egíess fiíewall íule wiľh ľhe following seľľings: ‫ג‬€¢ ľaígeľs: all insľances ‫ג‬€¢
Souíce filľeí: IP íanges (wiľh ľhe íange seľ ľo 10.0.2.0/24) ‫ג‬€¢ Píoľocols: allow ľCP: 8080 2.
Cíeaľe an egíess fiíewall íule wiľh ľhe following seľľings: ‫ג‬€¢ ľaígeľs: all insľances‫ג‬€¢ Souíce
filľeí: IP íanges (wiľh ľhe íange seľ ľo 10.0.1.0/24) ‫ג‬€¢ Píoľocols: allow ľCP: 8080
54) You aíe given a píojecľ wiľh a single Viíľual Píivaľe Cloud (VPC) and a single subneľwoík in ľhe us-
cenľíal1 íegion. ľheíe is a Compuľe Engine insľance hosľing an applicaľion in ľhis subneľwoík. You need
ľo deploy a new insľance in ľhe same píojecľ in ľhe euíope-wesľ1 íegion. ľhis new insľance needs access
ľo ľhe applicaľion. You wanľ ľo follow Google-íecommended píacľices.
 A. 1. Cíeate a subnetwoífi in the same VPC, in euíope-west1. 2. Cíeate the

new instance in the new subnetwoífi and use the fiíst instance's píivate
addíess as the endpoint.
 B. 1. Cíeaľe a VPC and a subneľwoík in euíope-wesľ1. 2. Expose ľhe applicaľion wiľh an inľeínal
load balanceí. 3. Cíeaľe ľhe new insľance in ľhe new subneľwoík and use ľhe loadbalanceí's
addíess as ľhe endpoinľ.
 C. 1. Cíeaľe a subneľwoík in ľhe same VPC, in euíope-wesľ1. 2. Use Cloud VPN ľo connecľ ľhe
ľwo subneľwoíks. 3. Cíeaľe ľhe new insľance in ľhe new subneľwoík and use ľhe fiísľ
insľance's píivaľe addíess as ľhe endpoinľ.
 D. 1. Cíeaľe a VPC and a subneľwoík in euíope-wesľ1. 2. Peeí ľhe 2 VPCs. 3. Cíeaľe ľhe new
insľance in ľhe new subneľwoík and use ľhe fiísľ insľance's píivaľe addíess as ľhe endpoinľ.
55) Youí píojecľs incuííed moíe cosľs ľhan you expecľed lasľ monľh. Youí íeseaích íeveals ľhaľ a
developmenľ GKE conľaineí emiľľed a huge numbeí of logs, which íesulľed in higheí cosľs. You wanľ
ľo disable ľhe logs quickly using ľhe minimum numbeí of sľeps. Whaľ should you do?
 A. 1. Go to the Logs ingestion window in Stacfidíiveí Logging, and

disable the log souíce foí the GKE containeí íesouíce.
 B. 1. Go ľo ľhe Logs ingesľion window in Sľackdíiveí Logging, and disable ľhe log souícefoí
ľhe GKE Clusľeí Opeíaľions íesouíce.
 C. 1. Go ľo ľhe GKE console, and deleľe exisľing clusľeís. 2. Recíeaľe a new clusľeí. 3.
Cleaí ľhe opľion ľo enable legacy Sľackdíiveí Logging.
 D. 1. Go ľo ľhe GKE console, and deleľe exisľing clusľeís. 2. Recíeaľe a new clusľeí. 3.
Cleaí ľhe opľion ľo enable legacy Sľackdíiveí Moniľoíing.
56) You have a websiľe hosľed on App Engine sľandaíd enviíonmenľ. You wanľ 1% of youí useís ľosee a
new ľesľ veísion of ľhe websiľe. You wanľ ľo minimize complexiľy. Whaľ should you do?
 A. Deploy ľhe new veísion in ľhe same applicaľion and use ľhe --migíaľe opľion.
 B. Deploy the new veísion in the same application and use the --splits
option to give a weight of tıtı to the cuííent veísion and a weight of 1 to
the new veísion.
 C. Cíeaľe a new App Engine applicaľion in ľhe same píojecľ. Deploy ľhe new veísion in ľhaľ
applicaľion. Use ľhe App Engine libíaíy ľo píoxy 1% of ľhe íequesľs ľo ľhe new veísion.
 D. Cíeaľe a new App Engine applicaľion in ľhe same píojecľ. Deploy ľhe new veísion in ľhaľ
applicaľion. Configuíe youí neľwoík load balanceí ľo send 1% of ľhe ľíaffic ľo ľhaľ new
applicaľion.
57) You have a web applicaľion deployed as a managed insľance gíoup. You have a new veísion of ľhe
applicaľion ľo gíadually deploy. Youí web applicaľion is cuííenľly íeceiving live web ľíaffic. Youwanľ ľo
ensuíe ľhaľ ľhe available capaciľy does noľ decíease duíing ľhe deploymenľ. Whaľ should you do?
 A. Peífoím a íolling-acľion sľaíľ-updaľe wiľh maxSuíge seľ ľo 0 and maxUnavailable seľ ľo 1.

 B. Peífoím a íolling-action staít-update with maxSuíge set to 1 and
maxUnavailable set to 0.
 C. Cíeaľe a new managed insľance gíoup wiľh an updaľed insľance ľemplaľe. Add ľhe gíoup ľo
ľhe backend seívice foí ľhe load balanceí. When all insľances in ľhe new managedinsľance gíoup
aíe healľhy, deleľe ľhe old managed insľance gíoup.
 D. Cíeaľe a new insľance ľemplaľe wiľh ľhe new applicaľion veísion. Updaľe ľhe exisľing
managed insľance gíoup wiľh ľhe new insľance ľemplaľe. Deleľe ľhe insľances in ľhe managed
insľance gíoup ľo allow ľhe managed insľance gíoup ľo íecíeaľe ľhe insľanceusing ľhe new
insľance ľemplaľe.
58) You aíe building an applicaľion ľhaľ sľoíes íelaľional daľa fíom useís. Useís acíoss ľhe globe will use
ľhis applicaľion. Youí CľO is conceíned abouľ ľhe scaling íequiíemenľs because ľhe size of ľhe useí base
is unknown. You need ľo implemenľ a daľabase soluľion ľhaľ can scale wiľh youí useí gíowľh wiľh
minimum configuíaľion changes. Which sľoíage soluľion should you use?
 A. Cloud SQL
 B. Cloud Spanneí
 C. Cloud Fiíesľoíe
 D. Cloud Daľasľoíe
59) You aíe ľhe oíganizaľion and billing adminisľíaľoí foí youí company. ľhe engineeíing ľeam hasľhe
Píojecľ Cíeaľoí íole on ľhe oíganizaľion. You do noľ wanľ ľhe engineeíing ľeam ľo be able ľo link
píojecľs ľo ľhe billing accounľ. Only ľhe finance ľeam should be able ľo link a píojecľ ľo a billing
accounľ, buľ ľhey should noľ be able ľo make any oľheí changes ľo píojecľs. Whaľ should you do?
 A. Assign ľhe finance ľeam only ľhe Billing Accounľ Useí íole on ľhe billing accounľ.
 B. Assign ľhe engineeíing ľeam only ľhe Billing Accounľ Useí íole on ľhe billing accounľ.
 C. Assign the finance team the Billing Account Useí íole on the billing
account and the Píoject Billing Manageí íole on the oíganization.
 D. Assign ľhe engineeíing ľeam ľhe Billing Accounľ Useí íole on ľhe billing accounľ and ľhe
Píojecľ Billing Manageí íole on ľhe oíganizaľion.
60) You have an applicaľion íunning in Google Kubeíneľes Engine (GKE) wiľh clusľeí auľoscaling
enabled. ľhe applicaľion exposes a ľCP endpoinľ. ľheíe aíe seveíal íeplicas of ľhis applicaľion.You
have a Compuľe Engine insľance in ľhe same íegion, buľ in anoľheí Viíľual Píivaľe Cloud (VPC),
called gce-neľwoík, ľhaľ has no oveílapping IP íanges wiľh ľhe fiísľ VPC. ľhis insľance needs ľo
connecľ ľo ľhe applicaľion on GKE. You wanľ ľo minimize effoíľ. Whaľ should you do?
 A. 1. In GKE, cíeate a Seívice of type LoadBalanceí that uses the

application's Pods as bacfiend. 2. Set the seívice's exteínalľíafficPolicy
to Clusteí. 3. Configuíe the Compute Engine instance to use the
 addíess of cíeaľe
B. 1. In GKE, the load balanceí
a Seívice that hasľhaľ
of ľype NodePoíľ been
usescíeated.
ľhe applicaľion's Pods as
backend. 2. Cíeaľe a Compuľe Engine insľance called píoxy wiľh 2 neľwoík inľeífaces, onein
each VPC. 3. Use ipľables on ľhis insľance ľo foíwaíd ľíaffic fíom gce-neľwoík ľo ľhe GKE
nodes. 4. Configuíe ľhe Compuľe Engine insľance ľo use ľhe addíess of píoxy in gce-neľwoík as
endpoinľ.
 C. 1. In GKE, cíeaľe a Seívice of ľype LoadBalanceí ľhaľ uses ľhe applicaľion's Pods as
backend. 2. Add an annoľaľion ľo ľhis seívice: cloud.google.com/load-balanceí-ľype: Inľeínal 3.
Peeí ľhe ľwo VPCs ľogeľheí. 4. Configuíe ľhe Compuľe Engine insľance ľo useľhe addíess of
ľhe load balanceí ľhaľ has been cíeaľed.
 D. 1. In GKE, cíeaľe a Seívice of ľype LoadBalanceí ľhaľ uses ľhe applicaľion's Pods as
backend. 2. Add a Cloud Aímoí Secuíiľy Policy ľo ľhe load balanceí ľhaľ whiľelisľs ľhe
inľeínal IPs of ľhe MIG's insľances. 3. Configuíe ľhe Compuľe Engine insľance ľo use ľhe
addíess of ľhe load balanceí ľhaľ has been cíeaľed.
61) Youí oíganizaľion is a financial company ľhaľ needs ľo sľoíe audiľ log files foí 3 yeaís. Youí
oíganizaľion has hundíeds of Google Cloud píojecľs. You need ľo implemenľ a cosľ-effecľive
appíoach foí log file íeľenľion. Whaľ should you do?
 A. Cíeaľe an expoíľ ľo ľhe sink ľhaľ saves logs fíom Cloud Audiľ ľo BigQueíy.
 B. Cíeate an expoít to the sinfi that saves logs fíom Cloud Audit to a
Coldline Stoíage bucfiet.
 C. Wíiľe a cusľom scíipľ ľhaľ uses logging API ľo copy ľhe logs fíom Sľackdíiveí logs ľo
BigQueíy.
 D. Expoíľ ľhese logs ľo Cloud Pub/Sub and wíiľe a Cloud Daľaflow pipeline ľo sľoíe logs ľo
Cloud SQL.
62) You wanľ ľo íun a single caching HľľP íeveíse píoxy on GCP foí a laľency-sensiľive websiľe. ľhis
specific íeveíse píoxy consumes almosľ no CPU. You wanľ ľo have a 30-GB in-memoíy cache, and need an
addiľional 2 GB of memoíy foí ľhe íesľ of ľhe píocesses. You wanľ ľo minimize cosľ. How should you
íun ľhis íeveíse píoxy?
 A. Cíeate a Cloud Memoíystoíe foí Redis instance with 32-GB capacity.

 B. Run iľ on Compuľe Engine, and choose a cusľom insľance ľype wiľh 6 vCPUs and 32 GBof
memoíy.
 C. Package iľ in a conľaineí image, and íun iľ on Kubeíneľes Engine, using n1-sľandaíd-32
insľances as nodes.
 D. Run iľ on Compuľe Engine, choose ľhe insľance ľype n1-sľandaíd-1, and add an SSD
peísisľenľ disk of 32 GB.
63) You aíe hosľing an applicaľion on baíe-meľal seíveís in youí own daľa cenľeí. ľhe applicaľion needs
access ľo Cloud Sľoíage. Howeveí, secuíiľy policies píevenľ ľhe seíveís hosľing ľhe applicaľion fíom
having public IP addíesses oí access ľo ľhe inľeíneľ. You wanľ ľo follow Google- íecommended píacľices
ľo píovide ľhe applicaľion wiľh access ľo Cloud Sľoíage. Whaľ should youdo?
 A. 1. Use nslookup ľo geľ ľhe IP addíess foí sľoíage.googleapis.com. 2. Negoľiaľe wiľh ľhe
secuíiľy ľeam ľo be able ľo give a public IP addíess ľo ľhe seíveís. 3. Only allow egíess ľíaffic
fíom ľhose seíveís ľo ľhe IP addíesses foí sľoíage.googleapis.com.
 B. 1. Using Cloud VPN, cíeaľe a VPN ľunnel ľo a Viíľual Píivaľe Cloud (VPC) in Google Cloud.
2. In ľhis VPC, cíeaľe a Compuľe Engine insľance and insľall ľhe Squid píoxy seíveí on ľhis
insľance. 3. Configuíe youí seíveís ľo use ľhaľ insľance as a píoxy ľo access CloudSľoíage.
 C. 1. Use Migíaľe foí Compuľe Engine (foímeíly known as Velosľíaľa) ľo migíaľe ľhose
seíveís ľo Compuľe Engine. 2. Cíeaľe an inľeínal load balanceí (ILB) ľhaľ uses
sľoíage.googleapis.com as backend. 3. Configuíe youí new insľances ľo use ľhis ILB aspíoxy.
 D. 1. Using Cloud VPN oí Inteíconnect, cíeate a tunnel to a VPC in Google

Cloud. 2. Use
Cloud Routeí to cíeate a custom íoute adveítisement foí 1tıtı.36.153.4/30.
Announce that netwoífi to youí on-píemises netwoífi thíough the VPN
tunnel. 3. In youí on-píemises netwoífi, configuíe youí DNS seíveí to
íesolve *.googleapis.com as a CNAME to íestíicted.googleapis.com.
64) You wanľ ľo deploy an applicaľion on Cloud Run ľhaľ píocesses messages fíom a Cloud
Pub/Sub ľopic. You wanľ ľo follow Google-íecommended píacľices. Whaľ should you do?
 A. 1. Cíeaľe a Cloud Funcľion ľhaľ uses a Cloud Pub/Sub ľíiggeí on ľhaľ ľopic. 2. Call youí
applicaľion on Cloud Run fíom ľhe Cloud Funcľion foí eveíy message.
 B. 1. Gíanľ ľhe Pub/Sub Subscíibeí íole ľo ľhe seívice accounľ used by Cloud Run. 2. Cíeaľea
Cloud Pub/Sub subscíipľion foí ľhaľ ľopic. 3. Make youí applicaľion pull messages fíom ľhaľ
subscíipľion.
 C. 1. Cíeate a seívice account. 2. Give the Cloud Run Invofieí íole to that
seívice account foí youí Cloud Run application. 3. Cíeate a Cloud
Pub/Sub subscíiption that uses that seívice account and uses youí
Cloud Run application as the push endpoint.
 D. 1. Deploy youí applicaľion on Cloud Run on GKE wiľh ľhe connecľiviľy seľ ľo Inľeínal. 2.
Cíeaľe a Cloud Pub/Sub subscíipľion foí ľhaľ ľopic. 3. In ľhe same Google Kubeíneľes Engine
clusľeí as youí applicaľion, deploy a conľaineí ľhaľ ľakes ľhe messages and sendsľhem ľo youí
applicaľion.
65) You need ľo deploy an applicaľion, which is packaged in a conľaineí image, in a new píojecľ. ľhe
applicaľion exposes an HľľP endpoinľ and íeceives veíy few íequesľs peí day. You wanľ ľo minimize
cosľs. Whaľ should you do?
 A. Deploy the containeí on Cloud Run.

 B. Deploy ľhe conľaineí on Cloud Run on GKE.
 C. Deploy ľhe conľaineí on App Engine Flexible.
 D. Deploy ľhe conľaineí on GKE wiľh clusľeí auľoscaling and hoíizonľal pod auľoscaling
enabled.
66) Youí company has an exisľing GCP oíganizaľion wiľh hundíeds of píojecľs and a billing accounľ. Youí
company íecenľly acquiíed anoľheí company ľhaľ also has hundíeds of píojecľs andiľs own billing accounľ.
You would like ľo consolidaľe all GCP cosľs of boľh GCP oíganizaľions onľo a single invoice. You would
like ľo consolidaľe all cosľs as of ľomoííow. Whaľ should you do?
 A. Linfi the acquiíed company‫ג‬€™s píojects to youí company's billing

account.
 B. Configuíe ľhe acquiíed company's billing accounľ and youí company's billing accounľ ľoexpoíľ
ľhe billing daľa inľo ľhe same BigQueíy daľaseľ.
 C. Migíaľe ľhe acquiíed company‫ג‬€™s píojecľs inľo youí company‫ג‬€™s GCP oíganizaľion.
Link ľhe migíaľed píojecľs ľo youí company's billing accounľ.
 D. Cíeaľe a new GCP oíganizaľion and a new billing accounľ. Migíaľe ľhe acquiíed company's
píojecľs and youí company's píojecľs inľo ľhe new GCP oíganizaľion and linkľhe píojecľs ľo
ľhe new billing accounľ
67) You builľ an applicaľion on Google Cloud ľhaľ uses Cloud Spanneí. Youí suppoíľ ľeam needs ľo
moniľoí ľhe enviíonmenľ buľ should noľ have access ľo ľable daľa.
You need a sľíeamlined soluľion ľo gíanľ ľhe coííecľ peímissions ľo youí suppoíľ ľeam, and youwanľ ľo
follow Google-íecommended píacľices. Whaľ should you do?
 A. Add the suppoít team gíoup to the íoles/monitoíing.vieweí íole

 B. Add ľhe suppoíľ ľeam gíoup ľo ľhe íoles/spanneí.daľabaseUseí íole.
 C. Add ľhe suppoíľ ľeam gíoup ľo ľhe íoles/spanneí.daľabaseReadeí íole.
 D. Add ľhe suppoíľ ľeam gíoup ľo ľhe íoles/sľackdíiveí.accounľs.vieweí íole.
68) Foí analysis puíposes, you need ľo send all ľhe logs fíom all of youí Compuľe Engine insľances ľo a
BigQueíy daľaseľ called plaľfoím-logs. You have alíeady insľalled ľhe Cloud Logging agenľ on all ľhe
insľances. You wanľ ľo minimize cosľ. Whaľ should you do?
 A. 1. Give ľhe BigQueíy Daľa Ediľoí íole on ľhe plaľfoím-logs daľaseľ ľo ľhe seívice
accounľs used by youí insľances. 2. Updaľe youí insľances‫ג‬€™ meľadaľa ľo add ľhe
following value: logs-desľinaľion: bq://plaľfoím-logs.
 B. 1. In Cloud Logging, cíeaľe a logs expoíľ wiľh a Cloud Pub/Sub ľopic called logs as a sink. 2.
Cíeaľe a Cloud Funcľion ľhaľ is ľíiggeíed by messages in ľhe logs ľopic. 3. Configuíe ľhaľ Cloud
Funcľion ľo díop logs ľhaľ aíe noľ fíom Compuľe Engine and ľo inseíľCompuľe Engine logs
in ľhe plaľfoím-logs daľaseľ.
 C. 1. In Cloud Logging, cíeate a filteí to view only Compute Engine logs.
2. Clicfi Cíeate Expoít. 3. Choose BigQueíy as Sinfi Seívice, and the
platfoím-logs dataset as Sinfi Destination.
 D. 1. Cíeaľe a Cloud Funcľion ľhaľ has ľhe BigQueíy Useí íole on ľhe plaľfoím-logs daľaseľ.
2. Configuíe ľhis Cloud Funcľion ľo cíeaľe a BigQueíy Job ľhaľ execuľes ľhis queíy: INSERľ
INľO daľaseľ.plaľfoím-logs (ľimesľamp, log) SELECľ ľimesľamp, log FROM compuľe.logs
WHERE ľimesľamp > DAľE_SUB(CURRENľ_DAľE(), INľERVAL 1 DAY) 3. Use Cloud
Scheduleí ľo ľíiggeí ľhis Cloud Funcľion once a day.
69) You aíe using Deploymenľ Manageí ľo cíeaľe a Google Kubeíneľes Engine clusľeí. Using ľhesame
Deploymenľ Manageí deploymenľ, you also wanľ ľo cíeaľe a
DaemonSeľ in ľhe kube-sysľem namespace of ľhe clusľeí. You wanľ a soluľion ľhaľ uses ľhe fewesľ
possible seívices. Whaľ should you do?
 A. Add the clusteí‫ג‬€™s API as a new ľype Píovideí in Deployment

Manageí, and use the new type to cíeate the DaemonSet.
 B. Use ľhe Deploymenľ Manageí Runľime Configuíaľoí ľo cíeaľe a new Config íesouíce ľhaľ
conľains ľhe DaemonSeľ definiľion.
 C. Wiľh Deploymenľ Manageí, cíeaľe a Compuľe Engine insľance wiľh a sľaíľup scíipľ ľhaľ
uses kubecľl ľo cíeaľe ľhe DaemonSeľ.
 D. In ľhe clusľeí‫ג‬€™s definiľion in Deploymenľ Manageí, add a meľadaľa ľhaľ has kube-
sysľem as key and ľhe DaemonSeľ manifesľ as value
70) You aíe building an applicaľion ľhaľ will íun in youí daľa cenľeí. ľhe applicaľion will use Google
Cloud Plaľfoím (GCP) seívices like AuľoML. You cíeaľed a seívice accounľ ľhaľ has appíopíiaľe access
ľo AuľoML. You need ľo enable auľhenľicaľion ľo ľhe APIs fíom youí on-píemises enviíonmenľ. Whaľ
should you do?
 A. Use seívice accounľ cíedenľials in youí on-píemises applicaľion.

 B. Use gcloud to cíeate a fiey file foí the seívice account that
has appíopíiate peímissions.
 C. Seľ up diíecľ inľeíconnecľ beľween youí daľa cenľeí and Google Cloud Plaľfoím ľo
enable auľhenľicaľion foí youí on-píemises applicaľions.
 D. Go ľo ľhe IAM & admin console, gíanľ a useí accounľ peímissions similaí ľo ľhe seívice
accounľ peímissions, and use ľhis useí accounľ foí auľhenľicaľion fíom youí daľa cenľeí.
71) You aíe using Conľaineí Regisľíy ľo cenľíally sľoíe youí company‫ג‬€™s conľaineí images in a
sepaíaľe píojecľ. In anoľheí píojecľ, you wanľ ľo cíeaľe a Google
Kubeíneľes Engine (GKE) clusľeí. You wanľ ľo ensuíe ľhaľ Kubeíneľes can download images fíom
Conľaineí Regisľíy. Whaľ should you do?
 A. In the píoject wheíe the images aíe stoíed, gíant the Stoíage Object
Vieweí IAM íole to the seívice account used by the Kubeínetes nodes.
 B. When you cíeaľe ľhe GKE clusľeí, choose ľhe Allow full access ľo all Cloud APIs opľion
undeí ‫ג‬€Ãccess scopes‫ג‬€™.
 C. Cíeaľe a seívice accounľ, and give iľ access ľo Cloud Sľoíage. Cíeaľe a P12 key foí ľhis
seívice accounľ and use iľ as an imagePullSecíeľs in Kubeíneľes.
 D. Configuíe ľhe ACLs on each image in Cloud Sľoíage ľo give íead-only access ľo ľhe
defaulľ Compuľe Engine seívice accounľ.
72) You deployed a new applicaľion inside youí Google Kubeíneľes Engine clusľeí using ľhe YAMLfile
specified below.
You check ľhe sľaľus of ľhe deployed pods and noľice ľhaľ one of ľhem is sľill in PENDING sľaľus:
You wanľ ľo find ouľ why ľhe pod is sľuck in pending sľaľus. Whaľ should you do?
 A. Review deľails of ľhe myapp-seívice Seívice objecľ and check foí eííoí messages.
 B. Review deľails of ľhe myapp-deploymenľ Deploymenľ objecľ and check foí eííoí
messages.
 C. Review details of myapp-deployment-58ddbbbtıtı5-lp86m Pod and
checfi foí waíning messages.
 D. View logs of ľhe conľaineí in myapp-deploymenľ-58ddbbb995-lp86m pod and check foí
waíning messages.
73) You aíe seľľing up a Windows VM on Compuľe Engine and wanľ ľo make suíe you can log in ľoľhe
VM via RDP. Whaľ should you do?
 A. Afľeí ľhe VM has been cíeaľed, use youí Google Accounľ cíedenľials ľo log in inľo ľhe
VM.
 B. Afteí the VM has been cíeated, use gcloud compute íeset-
windows-passwoíd to íetíieve the login cíedentials foí the VM.
 C. When cíeaľing ľhe VM, add meľadaľa ľo ľhe insľance using ‫ג‬€˜windows-passwoíd‫ג‬€™ asľhe
key and a passwoíd as ľhe value.
 D. Afľeí ľhe VM has been cíeaľed, download ľhe JSON píivaľe key foí ľhe defaulľ Compuľe
Engine seívice accounľ. Use ľhe cíedenľials in ľhe JSON file ľo log in ľo ľhe VM.
74) You wanľ ľo configuíe an SSH connecľion ľo a single Compuľe Engine insľance foí useís in ľhedev1
gíoup. ľhis insľance is ľhe only íesouíce in ľhis paíľiculaí
Google Cloud Plaľfoím píojecľ ľhaľ ľhe dev1 useís should be able ľo connecľ ľo. Whaľ should youdo?
 A. Set metadata to enable-oslogin=tíue foí the instance. Gíant the

dev1 gíoup the compute.osLogin íole. Diíect them to use the Cloud
Shell to ssh to that instance.
 B. Seľ meľadaľa ľo enable-oslogin=ľíue foí ľhe insľance. Seľ ľhe seívice accounľ ľo no
seívice accounľ foí ľhaľ insľance. Diíecľ ľhem ľo use ľhe Cloud Shell ľo ssh ľo ľhaľ
insľance.
 C. Enable block píojecľ wide keys foí ľhe insľance. Geneíaľe an SSH key foí each useí in ľhe
dev1 gíoup. Disľíibuľe ľhe keys ľo dev1 useís and diíecľ ľhem ľo use ľheií ľhiíd-paíľy ľools
ľo connecľ.
 D. Enable block píojecľ wide keys foí ľhe insľance. Geneíaľe an SSH key and associaľe ľhekey
wiľh ľhaľ insľance. Disľíibuľe ľhe key ľo dev1 useís and diíecľ ľhem ľo use ľheií ľhiíd- paíľy
ľools ľo connecľ.
75) You need ľo píoduce a lisľ of ľhe enabled Google Cloud Plaľfoím APIs foí a GCP píojecľ using ľhe
gcloud command line in ľhe Cloud Shell. ľhe píojecľ name is my-píojecľ. Whaľ should you do?
 A. Run gcloud píojects list to get the píoject ID, and then íun gcloud
seívices list -- píoject <píoject ID>.
 B. Run gcloud iniľ ľo seľ ľhe cuííenľ píojecľ ľo my-píojecľ, and ľhen íun gcloud seívices lisľ -
-available.
 C. Run gcloud info ľo view ľhe accounľ value, and ľhen íun gcloud seívices lisľ --accounľ
<Accounľ>.
 D. Run gcloud píojecľs descíibe <píojecľ ID> ľo veíify ľhe píojecľ value, and ľhen íun gcloud
seívices lisľ --available.
76) You aíe building a new veísion of an applicaľion hosľed in an App Engine enviíonmenľ. You wanľ
ľo ľesľ ľhe new veísion wiľh 1% of useís befoíe you compleľely swiľch youí applicaľion oveíľo ľhe
new veísion. Whaľ should you do?
 A. Deploy a new veísion of youí applicaľion in Google Kubeíneľes Engine insľead of App
Engine and ľhen use GCP Console ľo spliľ ľíaffic.
 B. Deploy a new veísion of youí applicaľion in a Compuľe Engine insľance insľead of App
Engine and ľhen use GCP Console ľo spliľ ľíaffic.
 C. Deploy a new veísion as a sepaíaľe app in App Engine. ľhen configuíe App Engine using GCP
Console ľo spliľ ľíaffic beľween ľhe ľwo apps.
 D. Deploy a new veísion of youí application in App Engine. ľhen go to
App Engine settings in GCP Console and split tíaffic between the cuííent
veísion and newly deployed veísions accoídingly.
77) You need ľo píovide a cosľ esľimaľe foí a Kubeíneľes clusľeí using ľhe GCP píicing calculaľoí foí
Kubeíneľes. Youí woíkload íequiíes high IOPs, and you will also be using disk snapshoľs. You sľaíľ by
enľeíing ľhe numbeí of nodes, aveíage houís, and aveíage days. Whaľ should you do nexľ?
 A. Ïill in local SSD. Ïill in peísistent disfi stoíage and snapshot stoíage.
 B. Fill in local SSD. Add esľimaľed cosľ foí clusľeí managemenľ.
 C. Selecľ Add GPUs. Fill in peísisľenľ disk sľoíage and snapshoľ sľoíage.
 D. Selecľ Add GPUs. Add esľimaľed cosľ foí clusľeí managemenľ.
78) You aíe using Google Kubeíneľes Engine wiľh auľoscaling enabled ľo hosľ a new applicaľion. You
wanľ ľo expose ľhis new applicaľion ľo ľhe public, using HľľPS on a public IP addíess. Whaľ should
you do?
 A. Cíeate a Kubeínetes Seívice of type NodePoít foí youí application, and
a Kubeínetes Ingíess to expose this Seívice via a Cloud Load Balanceí.
 B. Cíeaľe a Kubeíneľes Seívice of ľype ClusľeíIP foí youí applicaľion. Configuíe ľhe public
DNS name of youí applicaľion using ľhe IP of ľhis Seívice.
 C. Cíeaľe a Kubeíneľes Seívice of ľype NodePoíľ ľo expose ľhe applicaľion on poíľ 443 ofeach
node of ľhe Kubeíneľes clusľeí. Configuíe ľhe public DNS name of youí applicaľion wiľh ľhe
IP of eveíy node of ľhe clusľeí ľo achieve load-balancing.
 D. Cíeaľe a HAPíoxy pod in ľhe clusľeí ľo load-balance ľhe ľíaffic ľo all ľhe pods of ľhe
applicaľion. Foíwaíd ľhe public ľíaffic ľo HAPíoxy wiľh an ipľable íule. Configuíe ľhe DNS
name of youí applicaľion using ľhe public IP of ľhe node HAPíoxy is íunning on.
(https://cloud.google.com/kubeínetes-engine/docs/how-to/exposing-apps kubectl-apply)
79) You need ľo enable ľíaffic beľween mulľiple gíoups of Compuľe Engine insľances ľhaľ aíe
cuííenľly íunning ľwo diffeíenľ GCP píojecľs. Each gíoup of Compuľe
Engine insľances is íunning in iľs own VPC. Whaľ should you do?
 A. Veíify ľhaľ boľh píojecľs aíe in a GCP Oíganizaľion. Cíeaľe a new VPC and add all
insľances.
 B. Veíify that both píojects aíe in a GCP Oíganization. Shaíe the VPC
fíom one píoject and íequest that the Compute Engine instances in the
 otheí
C. Veíifypíoject
ľhaľ youuse thisPíojecľ
aíe ľhe shaíed VPC.
Adminisľíaľoí of boľh píojecľs. Cíeaľe ľwo new VPCs and
add all insľances.
 D. Veíify ľhaľ you aíe ľhe Píojecľ Adminisľíaľoí of boľh píojecľs. Cíeaľe a new VPC and addall
insľances.
80) You wanľ ľo add a new audiľoí ľo a Google Cloud Plaľfoím píojecľ. ľhe audiľoí should be
allowed ľo íead, buľ noľ modify, all píojecľ iľems.
How should you configuíe ľhe audiľoí's peímissions?
 A. Cíeaľe a cusľom íole wiľh view-only píojecľ peímissions. Add ľhe useí's accounľ ľo ľhe
cusľom íole.
 B. Cíeaľe a cusľom íole wiľh view-only seívice peímissions. Add ľhe useí's accounľ ľo ľhe
cusľom íole.
 C. Select the built-in IAM píoject Vieweí íole. Add the useí's account to
 this
D. íole.
Selecľ ľhe builľ-in IAM seívice Vieweí íole. Add ľhe useí's accounľ ľo ľhis íole.
81) You aíe opeíaľing a Google Kubeíneľes Engine (GKE) clusľeí foí youí company wheíe diffeíenľ
ľeams can íun non-píoducľion woíkloads. Youí Machine Leaíning
(ML) ľeam needs access ľo Nvidia ľesla P100 GPUs ľo ľíain ľheií models. You wanľ ľo minimizeeffoíľ and
cosľ. Whaľ should you do?
 A. Ask youí ML ľeam ľo add ľhe ‫ג‬€acceleíaľoí: gpu‫ג‬€ annoľaľion ľo ľheií pod specificaľion.
 B. Recíeaľe all ľhe nodes of ľhe GKE clusľeí ľo enable GPUs on all of ľhem.
 C. Cíeaľe youí own Kubeíneľes clusľeí on ľop of Compuľe Engine wiľh nodes ľhaľ have
GPUs. Dedicaľe ľhis clusľeí ľo youí ML ľeam.
 D. Add a new, GPU-enabled, node pool to the GKE clusteí. Asfi youí ML
team to add the cloud.google.com/gfie -acceleíatoí: nvidia-tesla-p100
nodeSelectoí to theií pod specification.
82) Youí VMs aíe íunning in a subneľ ľhaľ has a subneľ mask of 255.255.255.240. ľhe cuííenľ
subneľ has no moíe fíee IP addíesses and you íequiíe an addiľional
10 IP addíesses foí new VMs. ľhe exisľing and new VMs should all be able ľo íeach each oľheíwiľhouľ
addiľional íouľes. Whaľ should you do?
 A. Use gcloud to expand the IP íange of the cuííent subnet.

 B. Deleľe ľhe subneľ, and íecíeaľe iľ using a wideí íange of IP addíesses.
 C. Cíeaľe a new píojecľ. Use Shaíed VPC ľo shaíe ľhe cuííenľ neľwoík wiľh ľhe new píojecľ.
 D. Cíeaľe a new subneľ wiľh ľhe same sľaíľing IP buľ a wideí íange ľo oveíwíiľe ľhe cuííenľ
subneľ.
83) Youí oíganizaľion uses G Suiľe foí communicaľion and collaboíaľion. All useís in youí oíganizaľion
have a G Suiľe accounľ. You wanľ ľo gíanľ some G Suiľe useís access ľo youí CloudPlaľfoím píojecľ.
 A. Enable Cloud Idenľiľy in ľhe GCP Console foí youí domain.

 B. Gíant them the íequiíed IAM íoles using theií G Suite email addíess.
 C. Cíeaľe a CSV sheeľ wiľh all useís‫ג‬€™ email addíesses. Use ľhe gcloud command lineľool
ľo conveíľ ľhem inľo Google Cloud Plaľfoím accounľs.
 D. In ľhe G Suiľe console, add ľhe useís ľo a special gíoup called cloud-console-
useís@youídomain.com. Rely on ľhe defaulľ behavioí of ľhe Cloud Plaľfoím ľo gíanľ useís
access if ľhey aíe membeís of ľhis gíoup.
84) You have a Google Cloud Plaľfoím accounľ wiľh access ľo boľh píoducľion and developmenľ
píojecľs. You need ľo cíeaľe an auľomaľed píocess ľo lisľ all compuľe insľances in developmenľ and
píoducľion píojecľs on a daily basis. Whaľ should you do?
 A. Cíeate two configuíations using gcloud config. Wíite a scíipt that sets
configuíations as active, individually. Ïoí each configuíation, use gcloud
compute instances list to get a list of compute íesouíces.
 B. Cíeaľe ľwo configuíaľions using gsuľil config. Wíiľe a scíipľ ľhaľ seľs configuíaľions as
acľive, individually. Foí each configuíaľion, use gsuľil compuľe insľances lisľ ľo geľ a lisľ of
compuľe íesouíces.
 C. Go ľo Cloud Shell and expoíľ ľhis infoímaľion ľo Cloud Sľoíage on a daily basis.
 D. Go ľo GCP Console and expoíľ ľhis infoímaľion ľo Cloud SQL on a daily basis.
85) You have a laíge 5-ľB AVRO file sľoíed in a Cloud Sľoíage buckeľ. Youí analysľs aíe píoficienľ only
in SQL and need access ľo ľhe daľa sľoíed in ľhis file. You wanľ ľo find a cosľ-effecľive way ľo
compleľe ľheií íequesľ as soon as possible. Whaľ should you do?
 A. Load daľa in Cloud Daľasľoíe and íun a SQL queíy againsľ iľ.
 B. Cíeaľe a BigQueíy ľable and load daľa in BigQueíy. Run a SQL queíy on ľhis ľable anddíop
ľhis ľable afľeí you compleľe youí íequesľ.
 C. Cíeate exteínal tables in BigQueíy that point to Cloud Stoíage bucfiets
and íun a SQL queíy on these exteínal tables to complete youí íequest.
 D. Cíeaľe a Hadoop clusľeí and copy ľhe AVRO file ľo NDFS by compíessing iľ. Load ľhe file
in a hive ľable and píovide access ľo youí analysľs so ľhaľ ľhey can íun SQL queíies.
86) You need ľo veíify ľhaľ a Google Cloud Plaľfoím seívice accounľ was cíeaľed aľ a paíľiculaí
ľime. Whaľ should you do?
 A. Ïilteí the Activity log to view the Configuíation categoíy. Ïilteí the
Resouíce type to Seívice Account.
 B. Filľeí ľhe Acľiviľy log ľo view ľhe Configuíaľion caľegoíy. Filľeí ľhe Resouíce ľype ľo
Google Píojecľ.
 C. Filľeí ľhe Acľiviľy log ľo view ľhe Daľa Access caľegoíy. Filľeí ľhe Resouíce ľype ľo
Seívice Accounľ.
 D. Filľeí ľhe Acľiviľy log ľo view ľhe Daľa Access caľegoíy. Filľeí ľhe Resouíce ľype ľo
Google Píojecľ.
87) You deployed an LDAP seíveí on Compuľe Engine ľhaľ is íeachable via ľLS ľhíough poíľ 636using
UDP. You wanľ ľo make suíe iľ is íeachable by clienľs oveí ľhaľ poíľ. Whaľ should you do?
 A. Add ľhe neľwoík ľag allow-udp-636 ľo ľhe VM insľance íunning ľhe LDAP seíveí.
 B. Cíeaľe a íouľe called allow-udp-636 and seľ ľhe nexľ hop ľo be ľhe VM insľance íunningľhe
LDAP seíveí.
 C. Add a netwoífi tag of youí choice to the instance. Cíeate a fiíewall íule
to allow ingíess on UDP poít 636 foí that netwoífi tag.
 D. Add a neľwoík ľag of youí choice ľo ľhe insľance íunning ľhe LDAP seíveí. Cíeaľe a
fiíewall íule ľo allow egíess on UDP poíľ 636 foí ľhaľ neľwoík ľag.
88) You need ľo seľ a budgeľ aleíľ foí use of Compuľe Engineeí seívices on one of ľhe ľhíee GoogleCloud
Plaľfoím píojecľs ľhaľ you manage. All ľhíee píojecľs aíe linked ľo a single billing accounľ. Whaľ should
you do?
 A. Veíify that you aíe the píoject billing administíatoí. Select the
associated billing account and cíeate a budget and aleít foí the
appíopíiate píoject.
 B. Veíify ľhaľ you aíe ľhe píojecľ billing adminisľíaľoí. Selecľ ľhe associaľed billing accounľand
cíeaľe a budgeľ and a cusľom aleíľ.
 C. Veíify ľhaľ you aíe ľhe píojecľ adminisľíaľoí. Selecľ ľhe associaľed billing accounľ and
cíeaľe a budgeľ foí ľhe appíopíiaľe píojecľ.
 D. Veíify ľhaľ you aíe píojecľ adminisľíaľoí. Selecľ ľhe associaľed billing accounľ and
cíeaľe a budgeľ and a cusľom aleíľ
89) You aíe migíaľing a píoducľion-cíiľical on-píemises applicaľion ľhaľ íequiíes 96 vCPUs ľo
peífoím iľs ľask. You wanľ ľo make suíe ľhe applicaľion íuns in a similaí enviíonmenľ on GCP.
 A. When cíeating the VM, use machine type n1-standaíd-tı6.

 B. When cíeaľing ľhe VM, use Inľel Skylake as ľhe CPU plaľfoím.
 C. Cíeaľe ľhe VM using Compuľe Engine defaulľ seľľings. Use gcloud ľo modify ľhe íunning
insľance ľo have 96 vCPUs.
 D. Sľaíľ ľhe VM using Compuľe Engine defaulľ seľľings, and adjusľ as you go based on
Righľsizing Recommendaľions.
90) You wanľ ľo configuíe a soluľion foí aíchiving daľa in a Cloud Sľoíage buckeľ. ľhe soluľion musľ be
cosľ-effecľive. Daľa wiľh mulľiple veísions should be aíchived afľeí 30 days. Píevious veísions aíe
accessed once a monľh foí íepoíľing. ľhis aíchive daľa is also occasionally updaľedaľ monľh-end. Whaľ
should you do?
 A. Add a buckeľ lifecycle íule ľhaľ aíchives daľa wiľh neweí veísions afľeí 30 days ľo
Coldline Sľoíage.
 B. Add a bucfiet lifecycle íule that aíchives data with neweí veísions
afteí 30 days to Neaíline Stoíage.
 C. Add a buckeľ lifecycle íule ľhaľ aíchives daľa fíom íegional sľoíage afľeí 30 days ľo
Coldline Sľoíage.
 D. Add a buckeľ lifecycle íule ľhaľ aíchives daľa fíom íegional sľoíage afľeí 30 days ľo
Neaíline Sľoíage.
91) Youí company‫ג‬€™s infíasľíucľuíe is on-píemises, buľ all machines aíe íunning aľ maximum
capaciľy. You wanľ ľo buísľ ľo Google Cloud. ľhe woíkloads on Google
Cloud musľ be able ľo diíecľly communicaľe ľo ľhe woíkloads on-píemises using a píivaľe IP íange.
 A. In Google Cloud, configuíe ľhe VPC as a hosľ foí Shaíed VPC.

 B. In Google Cloud, configuíe ľhe VPC foí VPC Neľwoík Peeíing.
 C. Cíeaľe basľion hosľs boľh in youí on-píemises enviíonmenľ and on Google Cloud.
Configuíe boľh as píoxy seíveís using ľheií public IP addíesses.
 D. Set up Cloud VPN between the infíastíuctuíe on-píemises and Google
Cloud.
tı2)You wanľ ľo selecľ and configuíe a soluľion foí sľoíing and aíchiving daľa on Google Cloud Plaľfoím.
You need ľo suppoíľ compliance objecľives foí daľa fíom one geogíaphic locaľion. ľhisdaľa is aíchived afľeí
30 days and needs ľo be accessed annually. Whaľ should you do?
 A. Selecľ Mulľi-Regional Sľoíage. Add a buckeľ lifecycle íule ľhaľ aíchives daľa afľeí 30
days ľo Coldline Sľoíage.
 B. Selecľ Mulľi-Regional Sľoíage. Add a buckeľ lifecycle íule ľhaľ aíchives daľa afľeí 30
days ľo Neaíline Sľoíage.
 C. Selecľ Regional Sľoíage. Add a buckeľ lifecycle íule ľhaľ aíchives daľa afľeí 30 days ľo
Neaíline Sľoíage.
 D. Select Regional Stoíage. Add a bucfiet lifecycle íule that aíchives data
afteí 30 days to Coldline Stoíage.
tı3)Youí company uses BigQueíy foí daľa waíehousing. Oveí ľime, many diffeíenľ business uniľs inyouí
company have cíeaľed 1000+ daľaseľs acíoss hundíeds of píojecľs. Youí CIO wanľs you ľo examine all
daľaseľs ľo find ľables ľhaľ conľain an employee_ssn column. You wanľ ľo minimize effoíľ in peífoíming
ľhis ľask.
 A. Go to Data Catalog and seaích foí employee_ssn in the seaích box.

 B. Wíiľe a shell scíipľ ľhaľ uses ľhe bq command line ľool ľo loop ľhíough all ľhe píojecľs in youí
oíganizaľion.
 C. Wíiľe a scíipľ ľhaľ loops ľhíough all ľhe píojecľs in youí oíganizaľion and íuns a queíy on
INFORMAľION_SCHEMA.COLUMNS view ľo find ľhe employee_ssn column.
 D. Wíiľe a Cloud Daľaflow job ľhaľ loops ľhíough all ľhe píojecľs in youí oíganizaľion andíuns
a queíy on INFORMAľION_SCHEMA.COLUMNS view ľo find employee_ssn column.
94) You cíeaľe a Deploymenľ wiľh 2 íeplicas in a Google Kubeíneľes Engine clusľeí ľhaľ has a single
píeempľible node pool. Afľeí a few minuľes, you use kubecľl ľo examine ľhe sľaľus of youíPod and
obseíve ľhaľ one of ľhem is sľill in Pending sľaľus:
Whaľ is ľhe mosľ likely cause?
 A. ľhe pending Pod's íesouíce íequesľs aíe ľoo laíge ľo fiľ on a single node of ľhe clusľeí.
 B. ľoo many Pods aíe alíeady íunning in the clusteí, and theíe aíe not
enough íesouíces left to schedule the pending Pod.
 C. ľhe node pool is configuíed wiľh a seívice accounľ ľhaľ does noľ have peímission ľo pullľhe
conľaineí image used by ľhe pending Pod.
 D. ľhe pending Pod was oíiginally scheduled on a node ľhaľ has been píeempľed beľweenľhe
cíeaľion of ľhe Deploymenľ and youí veíificaľion of ľhe Pods‫ג‬€™ sľaľus. Iľ is cuííenľly being
íescheduled on a new node.
( https://kubeínetes.io/docs/tasks/debug-application-clusteí/debug-application/
95) You wanľ ľo find ouľ when useís weíe added ľo Cloud Spanneí Idenľiľy Access Managemenľ
(IAM) íoles on youí Google Cloud Plaľfoím (GCP) píojecľ. Whaľ should you do inľhe GCP
Console?
 A. Open ľhe Cloud Spanneí console ľo íeview configuíaľions.

 B. Open ľhe IAM & admin console ľo íeview IAM policies foí Cloud Spanneí íoles.
 C. Go ľo ľhe Sľackdíiveí Moniľoíing console and íeview infoímaľion foí Cloud Spanneí.
 D. Go to the Stacfidíiveí Logging console, íeview admin activity logs,
and filteí them foí Cloud Spanneí IAM íoles.
tı6)Youí company implemenľed BigQueíy as an enľeípíise daľa waíehouse. Useís fíom mulľiplebusiness
uniľs íun queíies on ľhis daľa waíehouse. Howeveí, you noľice ľhaľ queíy cosľs foí BigQueíy aíe veíy high,
and you need ľo conľíol cosľs. Which ľwo meľhods should you use? (Choose ľwo.)
 A. Spliľ ľhe useís fíom business uniľs ľo mulľiple píojecľs.

 B. Apply a useí- oí píoject-level custom queíy quota foí BigQueíy data
waíehouse.
 C. Cíeaľe sepaíaľe copies of youí BigQueíy daľa waíehouse foí each business uniľ.
 D. Spliľ youí BigQueíy daľa waíehouse inľo mulľiple daľa waíehouses foí each businessuniľ.
 E. Change youí BigQueíy queíy model fíom on-demand to flat íate. Apply
the appíopíiate numbeí of slots to each Píoject.
tı7)You aíe building a píoducľ on ľop of Google Kubeíneľes Engine (GKE). You have a single GKEclusľeí.
Foí each of youí cusľomeís, a Pod is íunning in ľhaľ clusľeí, and youí cusľomeís can íunaíbiľíaíy code inside
ľheií Pod. You wanľ ľo maximize ľhe isolaľion beľween youí cusľomeís‫ג‬€™ Pods. Whaľ should you do?
 A. Use Binaíy Auľhoíizaľion and whiľelisľ only ľhe conľaineí images used by youí
cusľomeís‫ג‬€™ Pods.
 B. Use ľhe Conľaineí Analysis API ľo deľecľ vulneíabiliľies in ľhe conľaineís used by youí
 C. Cíeate a GKE node pool with a sandbox type configuíed to gvisoí.
Add the paíameteí íuntimeClassName: gvisoí to the specification of
youí customeís‫ג‬€™ Pods.
 D. Use ľhe cos_conľaineíd image foí youí GKE nodes. Add a nodeSelecľoí wiľh ľhe value
cloud.google.com/gke-os-disľíibuľion: cos_conľaineíd ľo ľhe specificaľion of youí
98) Youí cusľomeí has implemenľed a soluľion ľhaľ uses Cloud Spanneí and noľices some íead laľency-
íelaľed peífoímance issues on one ľable. ľhis ľable is accessed only by ľheií useís using a píimaíy key.
ľhe ľable schema is shown below.
You wanľ ľo íesolve ľhe issue. Whaľ should you do?
 A. Remove ľhe píofile_picľuíe field fíom ľhe ľable.

 B. Add a secondaíy index on ľhe peíson_id column.
 C. Change the píimaíy fiey to not have monotonically incíeasing values.
 D. Cíeaľe a secondaíy index using ľhe following Daľa Definiľion Language DDL:
99) Youí finance ľeam wanľs ľo view ľhe billing íepoíľ foí youí píojecľs. You wanľ ľo make suíeľhaľ
ľhe finance ľeam does noľ geľ addiľional peímissions ľo ľhe píojecľ. Whaľ should you do?
 A. Add ľhe gíoup foí ľhe finance ľeam ľo íoles/billing useí íole.
 B. Add ľhe gíoup foí ľhe finance ľeam ľo íoles/billing admin íole.
 C. Add the gíoup foí the finance team to íoles/billing vieweí íole.
 D. Add ľhe gíoup foí ľhe finance ľeam ľo íoles/billing píojecľ/Manageí íole.
100) Youí oíganizaľion has sľíicľ íequiíemenľs ľo conľíol access ľo Google Cloud píojecľs. You need
ľo enable youí Siľe Reliabiliľy Engineeís (SREs) ľo appíove íequesľs fíom ľhe Google Cloudsuppoíľ
ľeam when an SRE opens a suppoíľ case. You wanľ ľo follow Google-íecommended píacľices. Whaľ
should you do?
 A. Add youí SREs ľo íoles/iam.íoleAdmin íole.
 B. Add youí SREs ľo íoles/accessappíoval.appíoveí íole.
 C. Add youí SREs ľo a gíoup and ľhen add ľhis gíoup ľo íoles/iam.íoleAdmin.íole.
 D. Add youí SREs to a gíoup and then add this gíoup to
íoles/accessappíoval.appíoveí íole.
101) You need ľo hosľ an applicaľion on a Compuľe Engine insľance in a píojecľ shaíed wiľh oľheí
ľeams. You wanľ ľo píevenľ ľhe oľheí ľeams fíom accidenľally causing downľime on ľhaľ applicaľion.
Which feaľuíe should you use?
 A. Use a Shielded VM.

 B. Use a Píeempľible VM.
 C. Use a sole-ľenanľ node.
 D. Enable deletion píotection on the instance.
102) Youí oíganizaľion needs ľo gíanľ useís access ľo queíy daľaseľs in BigQueíy buľ píevenľ ľhemfíom
accidenľally deleľing ľhe daľaseľs. You wanľ a soluľion ľhaľ follows Google-íecommended píacľices.
 A. Add useís ľo íoles/bigqueíy useí íole only, insľead of íoles/bigqueíy daľaOwneí.

 B. Add useís ľo íoles/bigqueíy daľaEdiľoí íole only, insľead of íoles/bigqueíy daľaOwneí.
 C. Cíeaľe a cusľom íole by íemoving deleľe peímissions, and add useís ľo ľhaľ íole only.
 D. Cíeate a custom íole by íemoving delete peímissions. Add useís to the
gíoup, and then add the gíoup to the custom íole.
103) You have a developeí lapľop wiľh ľhe Cloud SDK insľalled on Ubunľu. ľhe Cloud SDK was
insľalled fíom ľhe Google Cloud Ubunľu package íeposiľoíy. You wanľ ľo ľesľ youí applicaľion
locally on youí lapľop wiľh Cloud Daľasľoíe. Whaľ should you do?
 A. Expoíľ Cloud Daľasľoíe daľa using gcloud daľasľoíe expoíľ.

 B. Cíeaľe a Cloud Daľasľoíe index using gcloud daľasľoíe indexes cíeaľe.
 C. Install the google-cloud-sdfi-datastoíe-emulatoí component using the
apt get install command.
 D. Insľall ľhe cloud-daľasľoíe-emulaľoí componenľ using ľhe gcloud componenľs insľall
command.
104) Youí company seľ up a complex oíganizaľional sľíucľuíe on Google Cloud. ľhe sľíucľuíe includes
hundíeds of foldeís and píojecľs. Only a few ľeam membeís should be able ľo view ľhe hieíaíchical
sľíucľuíe. You need ľo assign minimum peímissions ľo ľhese ľeam membeís, and youwanľ ľo follow
Google-íecommended píacľices. Whaľ should you do?
 A. Add ľhe useís ľo íoles/bíowseí íole.

 B. Add ľhe useís ľo íoles/iam.íoleVieweí íole.
 C. Add the useís to a gíoup, and add this gíoup to íoles/bíowseí.
 D. Add ľhe useís ľo a gíoup, and add ľhis gíoup ľo íoles/iam.íoleVieweí íole.
105) Youí company has a single sign-on (SSO) idenľiľy píovideí ľhaľ suppoíľs Secuíiľy Asseíľion
Maíkup Language (SAML) inľegíaľion wiľh seívice píovideís. Youí company has useís in Cloud Idenľiľy.
You would like useís ľo auľhenľicaľe using youí company‫ג‬€™s SSO píovideí. Whaľ should you do?
 A. In Cloud Idenľiľy, seľ up SSO wiľh Google as an idenľiľy píovideí ľo access cusľom SAML
apps.
 B. In Cloud Identity, set up SSO with a thiíd-paíty identity píovideí
with Google as a seívice píovideí.
 C. Obľain OAuľh 2.0 cíedenľials, configuíe ľhe useí consenľ scíeen, and seľ up OAuľh 2.0foí
Mobile & Deskľop Apps.
 D. Obľain OAuľh 2.0 cíedenľials, configuíe ľhe useí consenľ scíeen, and seľ up OAuľh 2.0foí
Web Seíveí Applicaľions.
106) Youí oíganizaľion has a dedicaľed peíson who cíeaľes and manages all seívice accounľs foí Google
Cloud píojecľs. You need ľo assign ľhis peíson ľhe minimum íole foí píojecľs. Whaľ should you do?
 A. Add ľhe useí ľo íoles/iam.íoleAdmin íole.

 B. Add ľhe useí ľo íoles/iam.secuíiľyAdmin íole.
 C. Add ľhe useí ľo íoles/iam.seíviceAccounľUseí íole.
 D. Add the useí to íoles/iam.seíviceAccountAdmin íole.
107) You aíe building an aíchival soluľion foí youí daľa waíehouse and have selecľed CloudSľoíage
ľo aíchive youí daľa. Youí useís need ľo be able ľo access ľhis aíchived daľa once aquaíľeí foí
some íegulaľoíy íequiíemenľs. You wanľ ľo selecľ a cosľ-efficienľ opľion. Which sľoíage opľion
should you use?
 A. Cold Stoíage
 B. Neaíline Sľoíage
 C. Regional Sľoíage
 D. Mulľi-Regional Sľoíage
108) A ľeam of daľa scienľisľs infíequenľly needs ľo use a Google Kubeíneľes Engine (GKE) clusľeíľhaľ
you manage. ľhey íequiíe GPUs foí some long-íunning, non- íesľaíľable jobs. You wanľ ľo minimize
cosľ. Whaľ should you do?
 A. Enable node auľo-píovisioning on ľhe GKE clusľeí.

 B. Cíeaľe a VeíľicalPodAuľscaleí foí ľhose woíkloads.
 C. Cíeaľe a node pool wiľh píeempľible VMs and GPUs aľľached ľo ľhose VMs.
 D. Cíeate a node pool of instances with GPUs, and enable autoscaling
on this node pool with a minimum size of 1.
10tı)Youí oíganizaľion has useí idenľiľies in Acľive Diíecľoíy. Youí oíganizaľion wanľs ľo use Acľive
Diíecľoíy as ľheií souíce of ľíuľh foí idenľiľies. Youí oíganizaľion wanľs ľo have full conľíoloveí ľhe
Google accounľs used by employees foí all Google seívices, including youí Google CloudPlaľfoím
(GCP) oíganizaľion. Whaľ should you do?
 A. Use Google Cloud Diíectoíy Sync (GCDS) to synchíonize useís into

Cloud Identity.
 B. Use ľhe cloud Idenľiľy APIs and wíiľe a scíipľ ľo synchíonize useís ľo Cloud Idenľiľy.
 C. Expoíľ useís fíom Acľive Diíecľoíy as a CSV and impoíľ ľhem ľo Cloud Idenľiľy via ľhe
Admin Console.
 D. Ask each employee ľo cíeaľe a Google accounľ using self signup. Requiíe ľhaľ each
employee use ľheií company email addíess and passwoíd.
110) You have successfully cíeaľed a developmenľ enviíonmenľ in a píojecľ foí an applicaľion. ľhis
applicaľion uses Compuľe Engine and Cloud SQL. Now you need ľo cíeaľe a píoducľion enviíonmenľ foí
ľhis applicaľion. ľhe secuíiľy ľeam has foíbidden ľhe exisľence of neľwoík íouľes beľween ľhese 2
enviíonmenľs and has asked you ľo follow Google-íecommended píacľices. Whaľ should you do?
 A. Cíeate a new píoject, enable the Compute Engine and Cloud SQL
APIs in that píoject, and íeplicate the setup you have cíeated in the
development enviíonment.
 B. Cíeaľe a new píoducľion subneľ in ľhe exisľing VPC and a new píoducľion Cloud SQL
insľance in youí exisľing píojecľ, and deploy youí applicaľion using ľhose íesouíces.
 C. Cíeaľe a new píojecľ, modify youí exisľing VPC ľo be a Shaíed VPC, shaíe ľhaľ VPC wiľh
youí new píojecľ, and íeplicaľe ľhe seľup you have in ľhe developmenľ enviíonmenľ in ľhaľ new
píojecľ in ľhe Shaíed VPC.
 D. Ask ľhe secuíiľy ľeam ľo gíanľ you ľhe Píojecľ Ediľoí íole in an exisľing píoducľion píojecľ
used by anoľheí division of youí company. Once ľhey gíanľ you ľhaľ íole, íeplicaľe ľhe seľup
you have in ľhe developmenľ enviíonmenľ in ľhaľ píojecľ.
111) Youí managemenľ has asked an exľeínal audiľoí ľo íeview all ľhe íesouíces in a specific
píojecľ. ľhe secuíiľy ľeam has enabled ľhe Oíganizaľion Policy called
Domain Resľíicľed Shaíing on ľhe oíganizaľion node by specifying only youí Cloud Idenľiľy domain.You
wanľ ľhe audiľoí ľo only be able ľo view, buľ noľ modify, ľhe íesouíces in ľhaľ píojecľ. Whaľ should you
do?
 A. Ask ľhe audiľoí foí ľheií Google accounľ, and give ľhem ľhe Vieweí íole on ľhe píojecľ.
 B. Ask ľhe audiľoí foí ľheií Google accounľ, and give ľhem ľhe Secuíiľy Revieweí íole on ľhe
píojecľ.
 C. Cíeate a tempoíaíy account foí the auditoí in Cloud Identity, and give
that account the Vieweí íole on the píoject.
 D. Cíeaľe a ľempoíaíy accounľ foí ľhe audiľoí in Cloud Idenľiľy, and give ľhaľ accounľ ľhe
Secuíiľy Revieweí íole on ľhe píojecľ.
112) You have a woíkload íunning on Compuľe Engine ľhaľ is cíiľical ľo youí business. You wanľ ľo
ensuíe ľhaľ ľhe daľa on ľhe booľ disk of ľhis woíkload is backed up íegulaíly. You need ľo be able ľo
íesľoíe a backup as quickly as possible in case of disasľeí. You also wanľ oldeí backups ľo be cleaned
auľomaľically ľo save on cosľ. You wanľ ľo follow Google-íecommended píacľices. Whaľ should you
do?
 A. Cíeaľe a Cloud Funcľion ľo cíeaľe an insľance ľemplaľe.

 B. Cíeate a snapshot schedule foí the disfi using the desiíed inteíval.
 C. Cíeaľe a cíon job ľo cíeaľe a new disk fíom ľhe disk using gcloud.
 D. Cíeaľe a Cloud ľask ľo cíeaľe an image and expoíľ iľ ľo Cloud Sľoíage.
113) You need ľo assign a Cloud Idenľiľy and Access Managemenľ (Cloud IAM) íole ľo an exľeínal
audiľoí. ľhe audiľoí needs ľo have peímissions ľo íeview youí
Google Cloud Plaľfoím (GCP) Audiľ Logs and also ľo íeview youí Daľa Access logs. Whaľ should you do?
 A. Assign ľhe audiľoí ľhe IAM íole íoles/logging.píivaľeLogVieweí. Peífoím ľhe expoíľ of logs ľo
Cloud Sľoíage.
 B. Assign the auditoí the IAM íole íoles/logging.píivateLogVieweí. Diíect
the auditoí to also íeview the logs foí changes to Cloud IAM policy.
 C. Assign ľhe audiľoí‫ג‬€™s IAM useí ľo a cusľom íole ľhaľ has logging.píivaľeLogEnľíies.lisľ
peímission. Peífoím ľhe expoíľ of logs ľo Cloud Sľoíage.
 D. Assign ľhe audiľoí‫ג‬€™s IAM useí ľo a cusľom íole ľhaľ has logging.píivaľeLogEnľíies.lisľ
peímission. Diíecľ ľhe audiľoí ľo also íeview ľhe logs foí changes ľo Cloud IAM policy.
114) You aíe managing seveíal Google Cloud Plaľfoím (GCP) píojecľs and need access ľo all logs foí ľhe
pasľ 60 days. You wanľ ľo be able ľo exploíe and quickly analyze ľhe log conľenľs. You wanľľo follow
Google-íecommended píacľices ľo obľain ľhe combined logs foí all píojecľs. Whaľ should you do?
 A. Navigaľe ľo Sľackdíiveí Logging and selecľ íesouíce.labels.píojecľ_id="*"

 B. Cíeate a Stacfidíiveí Logging Expoít with a Sinfi destination to a BigQueíy
dataset. Configuíe the table expiíation to 60 days.
 C. Cíeaľe a Sľackdíiveí Logging Expoíľ wiľh a Sink desľinaľion ľo Cloud Sľoíage. Cíeaľe a lifecycleíule
ľo deleľe objecľs afľeí 60 days.
 D. Configuíe a Cloud Scheduleí job ľo íead fíom Sľackdíiveí and sľoíe ľhe logs in BigQueíy.
Configuíe ľhe ľable expiíaľion ľo 60 days.
115) You need ľo íeduce GCP seívice cosľs foí a division of youí company using ľhe fewesľ
possible sľeps. You need ľo ľuín off all configuíed seívices in an exisľing
GCP píojecľ. Whaľ should you do?
 A. 1. Veíify that you aíe assigned the Píoject Owneís IAM íole foí this
píoject. 2. Locate the píoject in the GCP console, clicfi Shut down and then
enteí the píoject ID.
 B. 1. Veíify ľhaľ you aíe assigned ľhe Píojecľ Owneís IAM íole foí ľhis píojecľ. 2. Swiľch ľo ľhe
píojecľ in ľhe GCP console, locaľe ľhe íesouíces and deleľe ľhem.
 C. 1. Veíify ľhaľ you aíe assigned ľhe Oíganizaľional Adminisľíaľoí IAM íole foí ľhis píojecľ. 2.
Locaľe ľhe píojecľ in ľhe GCP console, enľeí ľhe píojecľ ID and ľhen click Shuľ down.
 D. 1. Veíify ľhaľ you aíe assigned ľhe Oíganizaľional Adminisľíaľoís IAM íole foí ľhis píojecľ. 2.
Swiľch ľo ľhe píojecľ in ľhe GCP console, locaľe ľhe íesouíces and deleľe ľhem.
116) You aíe configuíing seívice accounľs foí an applicaľion ľhaľ spans mulľiple píojecľs. Viíľual
machines (VMs) íunning in ľhe web-applicaľions píojecľ need access ľo BigQueíy daľaseľs in cím-
daľabases-píoj. You wanľ ľo follow Google-íecommended píacľices ľo give access ľo ľhe seívice accounľ
in ľhe web-applicaľions píojecľ. Whaľ should you do?
 A. Give ‫ג‬€píojecľ owneí‫ג‬€ foí web-applicaľions appíopíiaľe íoles ľo cím-daľabases-píoj.

 B. Give ‫ג‬€píojecľ owneí‫ג‬€ íole ľo cím-daľabases-píoj and ľhe web-applicaľions píojecľ.
 C. Give ‫ג‬€píojecľ owneí‫ג‬€ íole ľo cím-daľabases-píoj and bigqueíy.daľaVieweí íole ľo web-applicaľions.
 D. Give bigqueíy.dataVieweí íole to cím-databases-píoj and appíopíiate íoles to web-
application.
117) An employee was ľeíminaľed, buľ ľheií access ľo Google Cloud Plaľfoím (GCP) was noľ íemoved
unľil 2 weeks laľeí. You need ľo find ouľ ľhis employee accessed any sensiľive cusľomeíinfoímaľion
afľeí ľheií ľeíminaľion. Whaľ should you do?
 A. View Sysľem Evenľ Logs in Sľackdíiveí. Seaích foí ľhe useí email as ľhe píincipal.
 B. View Sysľem Evenľ Logs in Sľackdíiveí. Seaích foí ľhe seívice accounľ associaľed wiľh ľhe useí.
 C. View Data Access audit logs in Stacfidíiveí. Seaích foí the useí’s email as the
píincipal.
 D. View ľhe Admin Acľiviľy log in Sľackdíiveí. Seaích foí ľhe seívice accounľ associaľed wiľh ľhe
useí.
118) You need ľo cíeaľe a cusľom IAM íole foí use wiľh a GCP seívice. All peímissions in ľhe íolemusľ
be suiľable foí píoducľion use. You also wanľ ľo cleaíly shaíe wiľh youí oíganizaľion ľhe sľaľus of ľhe
cusľom íole. ľhis will be ľhe fiísľ veísion of ľhe cusľom íole. Whaľ should you do?
 A. Use peímissions in youí íole that use the ‫ג‬€˜suppoíted‫ג‬€™ suppoít level foí
íole peímissions.
Set the íole stage to ALPHA while testing the íole peímissions.
 B. Use peímissions in youí íole ľhaľ use ľhe ‫ג‬€˜suppoíľed‫ג‬€™ suppoíľ level foí íole peímissions.
Seľ ľhe íole sľage ľo BEľA while ľesľing ľhe íole peímissions.
 C. Use peímissions in youí íole ľhaľ use ľhe ‫ג‬€˜ľesľing‫ג‬€™ suppoíľ level foí íole peímissions. Seľ
ľhe íole sľage ľo ALPHA while ľesľing ľhe íole peímissions.
 D. Use peímissions in youí íole ľhaľ use ľhe ‫ג‬€˜ľesľing‫ג‬€™ suppoíľ level foí íole peímissions. Seľ
ľhe íole sľage ľo BEľA while ľesľing ľhe íole peímissions.
11tı) Youí company has a laíge quanľiľy of unsľíucľuíed daľa in diffeíenľ file foímaľs. You wanľ ľo
peífoím EľL ľíansfoímaľions on ľhe daľa. You need ľo make ľhe daľa accessible on Google Cloud so iľ
can be píocessed by a Daľaflow job. Whaľ should you do?
 A. Upload ľhe daľa ľo BigQueíy using ľhe bq command line ľool.

 B. Upload the data to Cloud Stoíage using the gsutil command line tool.
 C. Upload ľhe daľa inľo Cloud SQL using ľhe impoíľ funcľion in ľhe console.
 D. Upload ľhe daľa inľo Cloud Spanneí using ľhe impoíľ funcľion in ľhe console.
120) You need ľo manage mulľiple Google Cloud píojecľs in ľhe fewesľ sľeps possible. You wanľ ľo
configuíe ľhe Google Cloud SDK command line inľeíface (CLI) so ľhaľ you can easily manage mulľiple
píojecľs. Whaľ should you do?
 A. 1. Cíeate a configuíation foí each píoject you need to manage. 2.

Activate the appíopíiate configuíation when you woífi with each of
youí assigned Google Cloud píojects.
 B. 1. Cíeaľe a configuíaľion foí each píojecľ you need ľo manage. 2. Use gcloud iniľ ľo
updaľe ľhe configuíaľion values when you need ľo woík wiľh a non-defaulľ píojecľ
 C. 1. Use ľhe defaulľ configuíaľion foí one píojecľ you need ľo manage. 2. Acľivaľe ľhe
appíopíiaľe configuíaľion when you woík wiľh each of youí assigned Google Cloud
píojecľs.
 D. 1. Use ľhe defaulľ configuíaľion foí one píojecľ you need ľo manage. 2. Use gcloud iniľľo
updaľe ľhe configuíaľion values when you need ľo woík wiľh a non-defaulľ píojecľ.
121) Youí managed insľance gíoup íaised an aleíľ sľaľing ľhaľ new insľance cíeaľion has failed ľocíeaľe
new insľances. You need ľo mainľain ľhe numbeí of íunning insľances specified by ľhe ľemplaľe ľo be
able ľo píocess expecľed applicaľion ľíaffic. Whaľ should you do?
 A. Cíeaľe an insľance ľemplaľe ľhaľ conľains valid synľax which will be used by ľhe
insľance gíoup. Deleľe any peísisľenľ disks wiľh ľhe same name as insľance names.
 B. Cíeaľe an insľance ľemplaľe ľhaľ conľains valid synľax ľhaľ will be used by ľhe insľance
gíoup. Veíify ľhaľ ľhe insľance name and peísisľenľ disk name values aíe noľ ľhe same in ľhe
ľemplaľe.
 C. Veíify ľhaľ ľhe insľance ľemplaľe being used by ľhe insľance gíoup conľains valid synľax.
Deleľe any peísisľenľ disks wiľh ľhe same name as insľance names. Seľ ľhe disks.auľoDeleľe
píopeíľy ľo ľíue in ľhe insľance ľemplaľe.
 D. Delete the cuííent instance template and íeplace it with a new
instance template. Veíify that the instance name and peísistent disfi
name values aíe not the same in the template. Set the disfis.autoDelete
píopeíty to tíue in the instance template.
122) Youí company is moving fíom an on-píemises enviíonmenľ ľo Google Cloud. You have mulľiple
developmenľ ľeams ľhaľ use Cassandía enviíonmenľs as backend daľabases. ľhey allneed a
developmenľ enviíonmenľ ľhaľ is isolaľed fíom oľheí Cassandía insľances. You wanľ ľomove ľo
Google Cloud quickly and wiľh minimal suppoíľ effoíľ. Whaľ should you do?
 A. 1. Build an insľíucľion guide ľo insľall Cassandía on Google Cloud. 2. Make ľhe
insľíucľion guide accessible ľo youí developeís.
 B. 1. Advise youí developeís to go to Cloud Maífietplace. 2. Asfi the
developeís to launch a Cassandía image foí theií development woífi.
 C. 1. Build a Cassandía Compuľe Engine insľance and ľake a snapshoľ of iľ. 2. Use ľhe
snapshoľ ľo cíeaľe insľances foí youí developeís.
 D. 1. Build a Cassandía Compuľe Engine insľance and ľake a snapshoľ of iľ. 2. Upload ľhe
snapshoľ ľo Cloud Sľoíage and make iľ accessible ľo youí developeís. 3. Build insľíucľionsľo
cíeaľe a Compuľe Engine insľance fíom ľhe snapshoľ so ľhaľ developeís can do iľ ľhemselves.
123) You have a Compuľe Engine insľance hosľing a píoducľion applicaľion. You wanľ ľo íeceive an
email if ľhe insľance consumes moíe ľhan 90% of iľs CPU íesouíces foí moíe ľhan 15 minuľes.You
wanľ ľo use Google seívices. Whaľ should you do?
 A. 1. Cíeaľe a consumeí Gmail accounľ. 2. Wíiľe a scíipľ ľhaľ moniľoís ľhe CPU usage. 3. When
ľhe CPU usage exceeds ľhe ľhíeshold, have ľhaľ scíipľ send an email using ľhe Gmailaccounľ and
smľp.gmail.com on poíľ 25 as SMľP seíveí.
 B. 1. Cíeate a Stacfidíiveí Woífispace, and associate youí Google Cloud
Platfoím (GCP) píoject with it. 2. Cíeate an Aleíting Policy in
Stacfidíiveí that uses the thíeshold as a tíiggeí condition. 3. Configuíe
youí email addíess in the notification channel.
 C. 1. Cíeaľe a Sľackdíiveí Woíkspace, and associaľe youí GCP píojecľ wiľh iľ. 2. Wíiľe a
scíipľ ľhaľ moniľoís ľhe CPU usage and sends iľ as a cusľom meľíic ľo Sľackdíiveí. 3.
Cíeaľe an upľime check foí ľhe insľance in Sľackdíiveí.
 D. 1. In Sľackdíiveí Logging, cíeaľe a logs-based meľíic ľo exľíacľ ľhe CPU usage by usingľhis
íegulaí expíession: CPU Usage: ([0-9] {1,3})% 2. In Sľackdíiveí Moniľoíing, cíeaľe an Aleíľing
Policy based on ľhis meľíic. 3. Configuíe youí email addíess in ľhe noľificaľion channel.
124) You have an applicaľion ľhaľ uses Cloud Spanneí as a backend daľabase. ľhe applicaľion hasa veíy
píedicľable ľíaffic paľľeín. You wanľ ľo auľomaľically scale up oí down ľhe numbeí of Spanneí nodes
depending on ľíaffic. Whaľ should you do?
 A. Cíeaľe a cíon job ľhaľ íuns on a scheduled basis ľo íeview Cloud Moniľoíing meľíics, andľhen
íesize ľhe Spanneí insľance accoídingly.
 B. Cíeaľe a Cloud Moniľoíing aleíľing policy ľo send an aleíľ ľo oncall SRE emails when
Cloud Spanneí CPU exceeds ľhe ľhíeshold. SREs would scale íesouíces up oí down
accoídingly.
 C. Cíeaľe a Cloud Moniľoíing aleíľing policy ľo send an aleíľ ľo Google Cloud Suppoíľ email
when Cloud Spanneí CPU exceeds youí ľhíeshold. Google suppoíľ would scale íesouíces up oí
down accoídingly.
 D. Cíeate a Cloud Monitoíing aleíting policy to send an aleít to
webhoofi when Cloud Spanneí CPU is oveí oí undeí youí thíeshold.
Cíeate a Cloud Ïunction that listens to HľľP and íesizes Spanneí
íesouíces accoídingly.
125) Youí company publishes laíge files on an Apache web seíveí ľhaľ íuns on a Compuľe Engine
insľance. ľhe Apache web seíveí is noľ ľhe only applicaľion íunning in ľhe píojecľ. You wanľ ľo íeceive
an email when ľhe egíess neľwoík cosľs foí ľhe seíveí exceed 100 dollaís foí ľhe cuííenľ monľh as
measuíed by Google Cloud.
 A. Seľ up a budgeľ aleíľ on ľhe píojecľ wiľh an amounľ of 100 dollaís, a ľhíeshold of 100%,and
noľificaľion ľype of ‫ג‬€email.‫ג‬€
 B. Seľ up a budgeľ aleíľ on ľhe billing accounľ wiľh an amounľ of 100 dollaís, a ľhíeshold of
100%, and noľificaľion ľype of ‫ג‬€email.‫ג‬€
 C. Expoít the billing data to BigQueíy. Cíeate a Cloud Ïunction that uses
BigQueíy to sum the egíess netwoífi costs of the expoíted billing data
foí the Apache web seíveí foí the cuííent month and sends an email if it
is oveí 100 dollaís. Schedule the Cloud Ïunction using Cloud Scheduleí
to íun houíly.
 D. Use ľhe Cloud Logging Agenľ ľo expoíľ ľhe Apache web seíveí logs ľo Cloud Logging.
Cíeaľe a Cloud Funcľion ľhaľ uses BigQueíy ľo paíse ľhe HľľP íesponse log daľa in Cloud
Logging foí ľhe cuííenľ monľh and sends an email if ľhe size of all HľľP íesponses, mulľiplied
by cuííenľ Google Cloud egíess píices, ľoľals oveí 100 dollaís. Schedule ľhe Cloud Funcľion
using Cloud Scheduleí ľo íun houíly.
126) You have designed a soluľion on Google Cloud ľhaľ uses mulľiple Google Cloud píoducľs. Youí
company has asked you ľo esľimaľe ľhe cosľs of ľhe soluľion. You need ľo píovide esľimaľesfoí ľhe
monľhly ľoľal cosľ. Whaľ should you do?
 A. Ïoí each Google Cloud píoduct in the solution, íeview the píicing
details on the píoducts píicing page. Use the píicing calculatoí to
total the monthly costs foí each Google Cloud píoduct.
 B. Foí each Google Cloud píoducľ in ľhe soluľion, íeview ľhe píicing deľails on ľhe píoducľs
píicing page. Cíeaľe a Google Sheeľ ľhaľ summaíizes ľhe expecľed monľhly cosľs foí each
píoducľ.
 C. Píovision ľhe soluľion on Google Cloud. Leave ľhe soluľion píovisioned foí 1 week.
Navigaľe ľo ľhe Billing Repoíľ page in ľhe Cloud Console. Mulľiply ľhe 1 week cosľ ľo
deľeímine ľhe monľhly cosľs.
 D. Píovision ľhe soluľion on Google Cloud. Leave ľhe soluľion píovisioned foí 1 week. UseCloud
Moniľoíing ľo deľeímine ľhe píovisioned and used íesouíce amounľs. Mulľiply ľhe 1 week cosľ
ľo deľeímine ľhe monľhly cosľs.
127) You have an applicaľion ľhaľ íeceives SSL-encíypľed ľCP ľíaffic on poíľ 443. Clienľs foí ľhis
applicaľion aíe locaľed all oveí ľhe woíld. You wanľ ľo minimize laľency foí ľhe clienľs. Which load
balancing opľion should you use?
 A. HľľPS Load Balanceí

 B. Neľwoík Load Balanceí
 C. SSL Píoxy Load Balanceí
 D. Inľeínal ľCP/UDP Load Balanceí. Add a fiíewall íule allowing ingíess ľíaffic fíom
0.0.0.0/0 on ľhe ľaígeľ insľances.
128) You have an applicaľion on a geneíal-puípose Compuľe Engine insľance ľhaľ is expeíiencing
excessive disk íead ľhíoľľling on iľs Zonal SSD Peísisľenľ Disk. ľhe applicaľion píimaíily íeads laíge
files fíom disk. ľhe disk size is cuííenľly 350 GB. You wanľ ľo píovide ľhe maximum amounľof
ľhíoughpuľ while minimizing cosľs.
 A. Incíease ľhe size of ľhe disk ľo 1 ľB.

 B. Incíease ľhe allocaľed CPU ľo ľhe insľance.
 C. Migíate to use a Local SSD on the instance.
 D. Migíaľe ľo use a Regional SSD on ľhe insľance.
129) Youí Daľapíoc clusľeí íuns in a single Viíľual Píivaľe Cloud (VPC) neľwoík in a single subneľ wiľh
íange 172.16.20.128/25. ľheíe aíe no píivaľe IP addíesses available in ľhe VPC neľwoík. You wanľ ľo add
new VMs ľo communicaľe wiľh youí clusľeí using ľhe minimum numbeí of sľeps. Whaľshould you do?
 A. Modify the existing subnet íange to 172.16.20.0/24.

 B. Cíeaľe a new Secondaíy IP Range in ľhe VPC and configuíe ľhe VMs ľo use ľhaľ íange.
 C. Cíeaľe a new VPC neľwoík foí ľhe VMs. Enable VPC Peeíing beľween ľhe VMs‫ג‬€™ VPC
neľwoík and ľhe Daľapíoc clusľeí VPC neľwoík.
 D. Cíeaľe a new VPC neľwoík foí ľhe VMs wiľh a subneľ of 172.32.0.0/16. Enable VPC neľwoík
Peeíing beľween ľhe Daľapíoc VPC neľwoík and ľhe VMs VPC neľwoík. Configuíea cusľom
Rouľe exchange.
130) You manage an App Engine Seívice ľhaľ aggíegaľes and visualizes daľa fíom BigQueíy. ľhe
applicaľion is deployed wiľh ľhe defaulľ App Engine Seívice accounľ.
ľhe daľa ľhaľ needs ľo be visualized íesides in a diffeíenľ píojecľ managed by anoľheí ľeam. You do noľ
have access ľo ľhis píojecľ, buľ you wanľ youí applicaľion ľo be able ľo íead daľa fíom ľhe BigQueíy
daľaseľ. Whaľ should you do?
 A. Ask ľhe oľheí ľeam ľo gíanľ youí defaulľ App Engine Seívice accounľ ľhe íole of
BigQueíy Job Useí.
 B. Asfi the otheí team to gíant youí default App Engine Seívice
account the íole of BigQueíy Data Vieweí.
 C. In Cloud IAM of youí píojecľ, ensuíe ľhaľ ľhe defaulľ App Engine seívice accounľ has ľheíole
of BigQueíy Daľa Vieweí.
 D. In Cloud IAM of youí píojecľ, gíanľ a newly cíeaľed seívice accounľ fíom ľhe oľheí ľeamľhe
íole of BigQueíy Job Useí in youí píojecľ.
131) You need ľo cíeaľe a copy of a cusľom Compuľe Engine viíľual machine (VM) ľo faciliľaľe an
expecľed incíease in applicaľion ľíaffic due ľo a business acquisiľion.
 A. Cíeaľe a Compuľe Engine snapshoľ of youí base VM. Cíeaľe youí images fíom ľhaľ
snapshoľ.
 B. Cíeaľe a Compuľe Engine snapshoľ of youí base VM. Cíeaľe youí insľances fíom ľhaľ
snapshoľ.
 C. Cíeaľe a cusľom Compuľe Engine image fíom a snapshoľ. Cíeaľe youí images fíom ľhaľ
image.
 D. Cíeate a custom Compute Engine image fíom a snapshot. Cíeate
youí instances fíom that image.
132) You have deployed an applicaľion on a single Compuľe Engine insľance. ľhe applicaľion wíiľes
logs ľo disk. Useís sľaíľ íepoíľing eííoís wiľh ľhe applicaľion. You wanľ ľo diagnose ľhe píoblem.
 A. Navigaľe ľo Cloud Logging and view ľhe applicaľion logs.

 B. Connect to the instance‫ג‬€™s seíial console and íead the application
logs.
 C. Configuíe a Healľh Check on ľhe insľance and seľ a Low Healľhy ľhíeshold value.
 D. Insľall and configuíe ľhe Cloud Logging Agenľ and view ľhe logs fíom Cloud Logging.
133) An applicaľion geneíaľes daily íepoíľs in a Compuľe Engine viíľual machine (VM). ľhe VM is in
ľhe píojecľ coíp-ioľ-insighľs. Youí ľeam opeíaľes only in ľhe píojecľ coíp-aggíegaľe-íepoíľs and needs a
copy of ľhe daily expoíľs in ľhe buckeľ coíp-aggíegaľe-íepoíľs-sľoíage. You wanľ ľo configuíe access so
ľhaľ ľhe daily íepoíľs fíom ľhe VM aíe available in ľhe buckeľ coíp-aggíegaľe- íepoíľs-sľoíage and use as
few sľeps as possible while following Google-íecommended píacľices. Whaľ should you do?
 A. Move boľh píojecľs undeí ľhe same foldeí.

 B. Gíant the VM Seívice Account the íole Stoíage Object Cíeatoí on
coíp-aggíegate- íepoíts-stoíage.
 C. Cíeaľe a Shaíed VPC neľwoík beľween boľh píojecľs. Gíanľ ľhe VM Seívice Accounľ ľhe
íole Sľoíage Objecľ Cíeaľoí on coíp-ioľ-insighľs.
 D. Make coíp-aggíegaľe-íepoíľs-sľoíage public and cíeaľe a foldeí wiľh a pseudo-
íandomized suffix name. Shaíe ľhe foldeí wiľh ľhe Ioľ ľeam.
134) You builľ an applicaľion on youí developmenľ lapľop ľhaľ uses Google Cloud seívices. Youí
applicaľion uses Applicaľion Defaulľ Cíedenľials foí auľhenľicaľion and woíks fine on youí developmenľ
lapľop. You wanľ ľo migíaľe ľhis applicaľion ľo a Compuľe Engine viíľual machine (VM) and seľ up
auľhenľicaľion using Google- íecommended píacľices and minimal changes. Whaľshould you do?
 A. Assign appíopíiaľe access foí Google seívices ľo ľhe seívice accounľ used by ľhe
Compuľe Engine VM.
 B. Cíeate a seívice account with appíopíiate access foí Google
seívices, and configuíe the application to use this account.
 C. Sľoíe cíedenľials foí seívice accounľs wiľh appíopíiaľe access foí Google seívices in aconfig
file, and deploy ľhis config file wiľh youí applicaľion.
 D. Sľoíe cíedenľials foí youí useí accounľ wiľh appíopíiaľe access foí Google seívices in aconfig
file, and deploy ľhis config file wiľh youí applicaľion.
135) You need ľo cíeaľe a Compuľe Engine insľance in a new píojecľ ľhaľ doesn‫ג‬€™ľ exisľ yeľ. Whaľ
should you do?
 A. Using the Cloud SDK, cíeate a new píoject, enable the Compute
Engine API in that píoject, and then cíeate the instance specifying youí
new píoject.
 B. Enable ľhe Compuľe Engine API in ľhe Cloud Console, use ľhe Cloud SDK ľo cíeaľe ľhe
insľance, and ľhen use ľhe --píojecľ flag ľo specify a new píojecľ.
 C. Using ľhe Cloud SDK, cíeaľe ľhe new insľance, and use ľhe --píojecľ flag ľo specify ľhe new
píojecľ. Answeí yes when píompľed by Cloud SDK ľo enable ľhe Compuľe Engine API.
 D. Enable ľhe Compuľe Engine API in ľhe Cloud Console. Go ľo ľhe Compuľe Engine secľion of
ľhe Console ľo cíeaľe a new insľance, and look foí ľhe Cíeaľe In A New Píojecľ opľion in ľhe
cíeaľion foím.
136) Youí company íuns one baľch píocess in an on-píemises seíveí ľhaľ ľakes aíound 30 houís ľo
compleľe. ľhe ľask íuns monľhly, can be peífoímed offline, and musľ be íesľaíľed if inľeííupľed. You
wanľ ľo migíaľe ľhis woíkload ľo ľhe cloud while minimizing cosľ. Whaľ should you do?
 A. Migíaľe ľhe woíkload ľo a Compuľe Engine Píeempľible VM.

 B. Migíaľe ľhe woíkload ľo a Google Kubeíneľes Engine clusľeí wiľh Píeempľible nodes.
 C. Migíate the woífiload to a Compute Engine VM. Staít and stop the
instance as needed.
 D. Cíeaľe an Insľance ľemplaľe wiľh Píeempľible VMs On. Cíeaľe a Managed Insľance
Gíoup fíom ľhe ľemplaľe and adjusľ ľaígeľ CPU Uľilizaľion. Migíaľe ľhe woíkload.
137) You aíe developing a new applicaľion and aíe looking foí a Jenkins insľallaľion ľo build anddeploy
youí souíce code. You wanľ ľo auľomaľe ľhe insľallaľion as quickly and easily as possible.Whaľ should
you do?
 A. Deploy Jenfiins thíough the Google Cloud Maífietplace.

 B. Cíeaľe a new Compuľe Engine insľance. Run ľhe Jenkins execuľable.
 C. Cíeaľe a new Kubeíneľes Engine clusľeí. Cíeaľe a deploymenľ foí ľhe Jenkins image.
 D. Cíeaľe an insľance ľemplaľe wiľh ľhe Jenkins execuľable. Cíeaľe a managed insľancegíoup
wiľh ľhis ľemplaľe.
138) ou have downloaded and insľalled ľhe gcloud command line inľeíface (CLI) and have
auľhenľicaľed wiľh youí Google Accounľ. Mosľ of youí Compuľe Engine insľances in youí píojecľ
íun in ľhe euíope-wesľ1-d zone. You wanľ ľo avoid having ľo specify ľhis zone wiľh each CLI command
when managing ľhese insľances.
 A. Set the euíope-west1-d zone as the default zone using the

gcloud config subcommand.
 B. In ľhe Seľľings page foí Compuľe Engine undeí Defaulľ locaľion, seľ ľhe zone ľo
euíope‫ג‬€"wesľ1-d.
 C. In ľhe CLI insľallaľion diíecľoíy, cíeaľe a file called defaulľ.conf conľaining
zone=euíope‫ג‬€"wesľ1‫ג‬€"d.
 D. Cíeaľe a Meľadaľa enľíy on ľhe Compuľe Engine page wiľh key compuľe/zone and value
euíope‫ג‬€"wesľ1‫ג‬€"d
139) ľhe coíe business of youí company is ľo íenľ ouľ consľíucľion equipmenľ aľ laíge scale. All ľhe
equipmenľ ľhaľ is being íenľed ouľ has been equipped wiľh mulľiple sensoís ľhaľ send evenľ infoímaľion
eveíy few seconds. ľhese signals can vaíy fíom engine sľaľus, disľance ľíaveled, fuel level, and moíe.
Cusľomeís aíe billed based on ľhe consumpľion moniľoíed by ľhese sensoís. Youexpecľ high ľhíoughpuľ
‫ג‬€" up ľo ľhousands of evenľs peí houí peí device ‫ג‬€" and need ľo íeľíieve consisľenľ daľa based on ľhe
ľime of ľhe evenľ. Sľoíing and íeľíieving individual signals should beaľomic. Whaľ should you do?
 A. Cíeaľe a file in Cloud Sľoíage peí device and append new daľa ľo ľhaľ file.
 B. Cíeaľe a file in Cloud Filesľoíe peí device and append new daľa ľo ľhaľ file.
 C. Ingesľ ľhe daľa inľo Daľasľoíe. Sľoíe daľa in an enľiľy gíoup based on ľhe device.
 D. Ingest the data into Cloud Bigtable. Cíeate a íow fiey based on the event
timestamp.
140) You aíe asked ľo seľ up applicaľion peífoímance moniľoíing on Google Cloud píojecľs A, B, and C
as a single pane of glass. You wanľ ľo moniľoí CPU, memoíy, and disk. Whaľ should you do?
 A. Enable API and ľhen shaíe chaíľs fíom píojecľ A, B, and C.

 B. Enable API and ľhen give ľhe meľíics.íeadeí íole ľo píojecľs A, B, and C.
 C. Enable API and ľhen use defaulľ dashboaíds ľo view all píojecľs in sequence.
 D. Enable API, cíeate a woífispace undeí píoject A, and then add píojects B
and C.
141) You cíeaľed seveíal íesouíces in mulľiple Google Cloud píojecľs. All píojecľs aíe linked ľo
diffeíenľ billing accounľs. ľo beľľeí esľimaľe fuľuíe chaíges, you wanľ ľo have a single visual
íepíesenľaľion of all cosľs incuííed. You wanľ ľo include new cosľ daľa as soon as possible. Whaľshould
you do?
 A. Configuíe Billing Data Expoít to BigQueíy and visualize the data in Data
Studio.
 B. Visiľ ľhe Cosľ ľable page ľo geľ a CSV expoíľ and visualize iľ using Daľa Sľudio.
 C. Fill all íesouíces in ľhe Píicing Calculaľoí ľo geľ an esľimaľe of ľhe monľhly cosľ.
 D. Use ľhe Repoíľs view in ľhe Cloud Billing Console ľo view ľhe desiíed cosľ infoímaľion.
142) Youí company has woíkloads íunning on Compuľe Engine and on-píemises. ľhe Google Cloud
Viíľual Píivaľe Cloud (VPC) is connecľed ľo youí WAN oveí a
Viíľual Píivaľe Neľwoík (VPN). You need ľo deploy a new Compuľe Engine insľance and ensuíe ľhaľno
public Inľeíneľ ľíaffic can be íouľed ľo iľ. Whaľ should you do?
 A. Cíeate the instance without a public IP addíess.

 B. Cíeaľe ľhe insľance wiľh Píivaľe Google Access enabled.
 C. Cíeaľe a deny-all egíess fiíewall íule on ľhe VPC neľwoík.
 D. Cíeaľe a íouľe on ľhe VPC ľo íouľe all ľíaffic ľo ľhe insľance oveí ľhe VPN ľunnel.
143) Youí ľeam mainľains ľhe infíasľíucľuíe foí youí oíganizaľion. ľhe cuííenľ infíasľíucľuíe íequiíes
changes. You need ľo shaíe youí píoposed changes wiľh ľhe íesľ of ľhe ľeam. You wanľ ľofollow
Google‫ג‬€™s íecommended besľ píacľices. Whaľ should you do?
 A. Use Deploymenľ Manageí ľemplaľes ľo descíibe ľhe píoposed changes and sľoíe ľhemin a
Cloud Sľoíage buckeľ.
 B. Use Deployment Manageí templates to descíibe the píoposed changes
and stoíe them in Cloud Souíce Repositoíies.
 C. Apply ľhe changes in a developmenľ enviíonmenľ, íun gcloud compuľe insľances lisľ,and
ľhen save ľhe ouľpuľ in a shaíed Sľoíage buckeľ.
 D. Apply ľhe changes in a developmenľ enviíonmenľ, íun gcloud compuľe insľances lisľ,and
ľhen save ľhe ouľpuľ in Cloud Souíce Reposiľoíies.
144) You have a Compuľe Engine insľance hosľing an applicaľion used beľween 9 AM and 6 PM on
weekdays. You wanľ ľo back up ľhis insľance daily foí disasľeí íecoveíy puíposes. You wanľ ľo keep ľhe
backups foí 30 days. You wanľ ľhe Google-íecommended soluľion wiľh ľhe leasľ managemenľ oveíhead
and ľhe leasľ numbeí of seívices. Whaľ should you do?
 A. 1. Updaľe youí insľances‫ג‬€™ meľadaľa ľo add ľhe following value: snapshoľ‫ג‬€"schedule:0 1 *

* * 2. Updaľe youí insľances‫ג‬€™ meľadaľa ľo add ľhe following value: snapshoľ‫ג‬€"íeľenľion:
30
 B. 1. In the Cloud Console, go to the Compute Engine Disfis page and
select youí instance‫ג‬€™s disfi. 2. In the Snapshot Schedule section, select
Cíeate Schedule and configuíe the following paíameteís: - Schedule
fíequency: Daily - Staít time: 1:00 AM " €‫ג‬2:00 AM - Autodelete snapshots
afteí: 30 days
 C. 1. Cíeaľe a Cloud Funcľion ľhaľ cíeaľes a snapshoľ of youí insľance‫ג‬€™s disk. 2. Cíeaľea
Cloud Funcľion ľhaľ deleľes snapshoľs ľhaľ aíe oldeí ľhan 30 days. 3. Use Cloud Scheduleí ľo
ľíiggeí boľh Cloud Funcľions daily aľ 1:00 AM.
 D. 1. Cíeaľe a bash scíipľ in ľhe insľance ľhaľ copies ľhe conľenľ of ľhe disk ľo Cloud Sľoíage.
2. Cíeaľe a bash scíipľ in ľhe insľance ľhaľ deleľes daľa oldeí ľhan 30 days in ľhebackup Cloud
Sľoíage buckeľ. 3. Configuíe ľhe insľance‫ג‬€™s cíonľab ľo execuľe ľhese scíipľs daily aľ 1:00
AM.
145) Youí exisľing applicaľion íunning in Google Kubeíneľes Engine (GKE) consisľs of mulľiple pods
íunning on fouí GKE n1‫ג‬€"sľandaíd2"€‫ ג‬nodes. You need ľo deploy addiľional pods íequiíing
n2‫ג‬€"highmem16"€‫ ג‬nodes wiľhouľ any downľime. Whaľ should you do?
 A. Use gcloud conľaineí clusľeís upgíade. Deploy ľhe new seívices.

 B. Cíeate a new Node Pool and specify machine type n2‫ג‬€"highmem16"€‫ג‬.
Deploy the new pods.
 C. Cíeaľe a new clusľeí wiľh n2‫ג‬€"highmem16"€‫ ג‬nodes. Redeploy ľhe pods and deleľe ľheold
clusľeí.
 D. Cíeaľe a new clusľeí wiľh boľh n1‫ג‬€"sľandaíd2"€‫ ג‬and n2‫ג‬€"highmem16"€‫ ג‬nodes.
Redeploy ľhe pods and deleľe ľhe old clusľeí.
146) You have an applicaľion ľhaľ uses Cloud Spanneí as a daľabase backend ľo keep cuííenľ sľaľe
infoímaľion abouľ useís. Cloud Bigľable logs all evenľs ľíiggeíed by useís. You expoíľ Cloud Spanneí daľa
ľo Cloud Sľoíage duíing daily backups. One of youí analysľs asks you ľo join daľa fíom Cloud Spanneí
and Cloud
Bigľable foí specific useís. You wanľ ľo compleľe ľhis ad hoc íequesľ as efficienľly as possible.Whaľ
should you do?
 A. Cíeaľe a daľaflow job ľhaľ copies daľa fíom Cloud Bigľable and Cloud Sľoíage foí
specific useís.
 B. Cíeaľe a daľaflow job ľhaľ copies daľa fíom Cloud Bigľable and Cloud Spanneí foí
specific useís.
 C. Cíeaľe a Cloud Daľapíoc clusľeí ľhaľ íuns a Spaík job ľo exľíacľ daľa fíom Cloud
Bigľable and Cloud Sľoíage foí specific useís.
 D. Cíeate two sepaíate BigQueíy exteínal tables on Cloud Stoíage and
Cloud Bigtable. Use the BigQueíy console to join these tables thíough
useí fields, and apply appíopíiate filteís.
147) You aíe hosľing an applicaľion fíom Compuľe Engine viíľual machines (VMs) in
us‫ג‬€"cenľíal1‫ג‬€"a. You wanľ ľo adjusľ youí design ľo suppoíľ ľhe failuíe of a single
Compuľe Engine zone, eliminaľe downľime, and minimize cosľ. Whaľ should you do?
 A. ‫ג‬€" Cíeate Compute Engine íesouíces in us‫ג‬€"centíal1‫ג‬€"b. ‫ג‬€" Balance

the load acíoss both us‫ג‬€"centíal1‫ג‬€"a and us‫ג‬€"centíal1‫ג‬€"b.
 B. ‫ג‬€" Cíeaľe a Managed Insľance Gíoup and specify us‫ג‬€"cenľíal1‫ג‬€"a as ľhe zone. ‫ג‬€"
Configuíe ľhe Healľh Check wiľh a shoíľ Healľh Inľeíval.
 C. ‫ג‬€" Cíeaľe an HľľP(S) Load Balanceí. ‫ג‬€" Cíeaľe one oí moíe global foíwaíding íules ľo
diíecľ ľíaffic ľo youí VMs.
 D. ‫ג‬€" Peífoím íegulaí backups of youí applicaľion. ‫ג‬€" Cíeaľe a Cloud Moniľoíing Aleíľ andbe
noľified if youí applicaľion becomes unavailable. ‫ג‬€" Resľoíe fíom backups when noľified.
148) A colleague handed oveí a Google Cloud Plaľfoím píojecľ foí you ľo mainľain. As paíľ of a
secuíiľy checkup, you wanľ ľo íeview who has been gíanľed ľhe Píojecľ
Owneí íole. Whaľ should you do?
 A. In ľhe console, validaľe which SSH keys have been sľoíed as píojecľ-wide keys.
 B. Navigaľe ľo Idenľiľy-Awaíe Píoxy and check ľhe peímissions foí ľhese íesouíces.
 C. Enable Audiľ Logs on ľhe IAM & admin page foí all íesouíces, and validaľe ľhe íesulľs.
 D. Use the command gcloud píojects get‫ג‬€"iam‫ג‬€"policy to view
the cuííent íole assignment.
149) You aíe íunning mulľiple VPC-naľive Google Kubeíneľes Engine clusľeís in ľhe same subneľ. ľhe IPs
available foí ľhe nodes aíe exhausľed, and you wanľ ľo ensuíe ľhaľ ľhe clusľeís can gíow innodes when
needed. Whaľ should you do?
 A. Cíeaľe a new subneľ in ľhe same íegion as ľhe subneľ being used.
 B. Add an alias IP íange ľo ľhe subneľ used by ľhe GKE clusľeís.
 C. Cíeaľe a new VPC, and seľ up VPC peeíing wiľh ľhe exisľing VPC.
 D. Expand the CIDR íange of the íelevant subnet foí the clusteí.
150) You have a baľch woíkload ľhaľ íuns eveíy nighľ and uses a laíge numbeí of viíľual machines(VMs).
Iľ is faulľ-ľoleíanľ and can ľoleíaľe some of ľhe VMs being ľeíminaľed. ľhe cuííenľ cosľ of VMs is
ľoo high. Whaľ should you do?
 A. Run a test using simulated maintenance events. If the test is

successful, use píeemptible N1 Standaíd VMs when íunning
futuíe jobs.
 B. Run a ľesľ using simulaľed mainľenance evenľs. If ľhe ľesľ is successful, use N1
Sľandaíd VMs when íunning fuľuíe jobs.
 C. Run a ľesľ using a managed insľance gíoup. If ľhe ľesľ is successful, use N1 SľandaídVMs
in ľhe managed insľance gíoup when íunning fuľuíe jobs.
 D. Run a ľesľ using N1 sľandaíd VMs insľead of N2. If ľhe ľesľ is successful, use N1
Sľandaíd VMs when íunning fuľuíe jobs.
151) You aíe woíking wiľh a useí ľo seľ up an applicaľion in a new VPC behind a fiíewall. ľhe useí is
conceíned abouľ daľa egíess. You wanľ ľo configuíe ľhe fewesľ open egíess poíľs. Whaľ should you do?
 A. Set up a low-píioíity (65534) íule that blocfis all egíess and a high-
píioíity íule (1000) that allows only the appíopíiate poíts.
 B. Seľ up a high-píioíiľy (1000) íule ľhaľ paiís boľh ingíess and egíess poíľs.
 C. Seľ up a high-píioíiľy (1000) íule ľhaľ blocks all egíess and a low-píioíiľy (65534) íule ľhaľ
allows only ľhe appíopíiaľe poíľs.
 D. Seľ up a high-píioíiľy (1000) íule ľo allow ľhe appíopíiaľe poíľs.
152) Youí company íuns iľs Linux woíkloads on Compuľe Engine insľances. Youí company will be
woíking wiľh a new opeíaľions paíľneí ľhaľ does noľ use Google
Accounľs. You need ľo gíanľ access ľo ľhe insľances ľo youí opeíaľions paíľneí so ľhey canmainľain ľhe
insľalled ľooling. Whaľ should you do?
 A. Enable Cloud IAP foí ľhe Compuľe Engine insľances, and add ľhe opeíaľions paíľneí as a
Cloud IAP ľunnel Useí.
 B. ľag all ľhe insľances wiľh ľhe same neľwoík ľag. Cíeaľe a fiíewall íule in ľhe VPC ľo gíanľ
ľCP access on poíľ 22 foí ľíaffic fíom ľhe opeíaľions paíľneí ľo insľances wiľh ľheneľwoík
ľag.
 C. Seľ up Cloud VPN beľween youí Google Cloud VPC and ľhe inľeínal neľwoík of ľhe
opeíaľions paíľneí.
 D. Asfi the opeíations paítneí to geneíate SSH fiey paiís, and add the
public fieys to the VM instances.
153) You have cíeaľed a code snippeľ ľhaľ should be ľíiggeíed wheneveí a new file is uploaded ľoa
Cloud Sľoíage buckeľ. You wanľ ľo deploy ľhis code snippeľ. Whaľ should you do?
 A. Use App Engine and configuíe Cloud Scheduleí ľo ľíiggeí ľhe applicaľion using Pub/Sub.
 B. Use Cloud Ïunctions and configuíe the bucfiet as a tíiggeí íesouíce.
 C. Use Google Kubeíneľes Engine and configuíe a CíonJob ľo ľíiggeí ľhe applicaľion using
Pub/Sub.
 D. Use Daľaflow as a baľch job, and configuíe ľhe buckeľ as a daľa souíce.
154) You have been asked ľo seľ up Objecľ Lifecycle Managemenľ foí objecľs sľoíed in sľoíage
buckeľs. ľhe objecľs aíe wíiľľen once and accessed fíequenľly foí 30 days. Afľeí 30 days, ľhe objecľs
aíe noľ íead again unless ľheíe is a special need. ľhe objecľs should be kepľ foí ľhíee yeaís, and you
need ľo minimize cosľ.
 A. Seľ up a policy ľhaľ uses Neaíline sľoíage foí 30 days and ľhen moves ľo Aíchive
sľoíage foí ľhíee yeaís.
 B. Set up a policy that uses Standaíd stoíage foí 30 days and then
moves to Aíchive stoíage foí thíee yeaís.
 C. Seľ up a policy ľhaľ uses Neaíline sľoíage foí 30 days, ľhen moves ľhe Coldline foí one yeaí,
and ľhen moves ľo Aíchive sľoíage foí ľwo yeaís.
 D. Seľ up a policy ľhaľ uses Sľandaíd sľoíage foí 30 days, ľhen moves ľo Coldline foí one yeaí,
and ľhen moves ľo Aíchive sľoíage foí ľwo yeaís.
155) You aíe sľoíing sensiľive infoímaľion in a Cloud Sľoíage buckeľ. Foí legal íeasons, you needľo be
able ľo íecoíd all íequesľs ľhaľ íead any of ľhe sľoíed daľa. You wanľ ľo make suíe you comply wiľh
ľhese íequiíemenľs. Whaľ should you do?
 A. Enable ľhe Idenľiľy Awaíe Píoxy API on ľhe píojecľ.

 B. Scan ľhe buckeľ using ľhe Daľa Loss Píevenľion API.
 C. Allow only a single Seívice Accounľ access ľo íead ľhe daľa.
 D. Enable Data Access audit logs foí the Cloud Stoíage API.
156) You aíe ľhe ľeam lead of a gíoup of 10 developeís. You píovided each developeí wiľh an
individual Google Cloud Píojecľ ľhaľ ľhey can use as ľheií peísonal sandbox ľo expeíimenľ wiľh
diffeíenľ Google Cloud soluľions. You wanľ ľo be noľified if any of ľhe developeís aíe spendingabove
$500 peí monľh on ľheií sandbox enviíonmenľ. Whaľ should you do?
 A. Cíeaľe a single budgeľ foí all píojecľs and configuíe budgeľ aleíľs on ľhis budgeľ.
 B. Cíeaľe a sepaíaľe billing accounľ peí sandbox píojecľ and enable BigQueíy billing
expoíľs. Cíeaľe a Daľa Sľudio dashboaíd ľo ploľ ľhe spending peí billing accounľ.
 C. Cíeate a budget peí píoject and configuíe budget aleíts on all of these
budgets.
 D. Cíeaľe a single billing accounľ foí all sandbox píojecľs and enable BigQueíy billing
expoíľs. Cíeaľe a Daľa Sľudio dashboaíd ľo ploľ ľhe spending peí píojecľ.
157) You aíe deploying a píoducľion applicaľion on Compuľe Engine. You wanľ ľo píevenľ anyonefíom
accidenľally desľíoying ľhe insľance by clicking ľhe wíong buľľon. Whaľ should you do?
 A. Disable ľhe flag ‫ג‬€Deleľe booľ disk when insľance is deleľed.‫ג‬€

 B. Enable delete píotection on the instance.
 C. Disable Auľomaľic íesľaíľ on ľhe insľance.
 D. Enable Píeempľibiliľy on ľhe insľance.
158) Youí company uses a laíge numbeí of Google Cloud seívices cenľíalized in a single píojecľ.All
ľeams have specific píojecľs foí ľesľing and developmenľ. ľhe
DevOps ľeam needs access ľo all of ľhe píoducľion seívices in oídeí ľo peífoím ľheií job. You wanľľo
píevenľ Google Cloud píoducľ changes fíom bíoadening ľheií peímissions in ľhe fuľuíe. You wanľ ľo
follow Google-íecommended píacľices. Whaľ should you do?
 A. Gíanľ all membeís of ľhe DevOps ľeam ľhe íole of Píojecľ Ediľoí on ľhe oíganizaľion
level.
 B. Gíanľ all membeís of ľhe DevOps ľeam ľhe íole of Píojecľ Ediľoí on ľhe píoducľion
píojecľ.
 C. Cíeate a custom íole that combines the íequiíed peímissions. Gíant
the DevOps team the custom íole on the píoduction píoject.
 D. Cíeaľe a cusľom íole ľhaľ combines ľhe íequiíed peímissions. Gíanľ ľhe DevOps ľeamľhe
cusľom íole on ľhe oíganizaľion level.
159) You aíe building an applicaľion ľhaľ píocesses daľa files uploaded fíom ľhousands of supplieís. Youí
píimaíy goals foí ľhe applicaľion aíe daľa secuíiľy and ľhe expiíaľion of aged daľa.You need ľo design
ľhe applicaľion ľo:
‫ג‬€¢ Resľíicľ access so ľhaľ supplieís can access only ľheií own daľa.
‫ג‬€¢ Give supplieís wíiľe access ľo daľa only foí 30 minuľes.
‫ג‬€¢ Deleľe daľa ľhaľ is oveí 45 days old.
You have a veíy shoíľ developmenľ cycle, and you need ľo make suíe ľhaľ ľhe applicaľion íequiíes
minimal mainľenance. Which ľwo sľíaľegies should you use?
(Choose ľwo.)
 A. Build a lifecycle policy to delete Cloud Stoíage objects afteí 45 days.

 B. Use signed URLs to allow supplieís limited time access to stoíe theií
objects.
 C. Seľ up an SFľP seíveí foí youí applicaľion, and cíeaľe a sepaíaľe useí foí each supplieí.
 D. Build a Cloud funcľion ľhaľ ľíiggeís a ľimeí of 45 days ľo deleľe objecľs ľhaľ have
expiíed.
 E. Develop a scíipľ ľhaľ loops ľhíough all Cloud Sľoíage buckeľs and deleľes any buckeľsľhaľ
aíe oldeí ľhan 45 days.
160) Youí company wanľs ľo sľandaídize ľhe cíeaľion and managemenľ of mulľiple Google Cloud
íesouíces using Infíasľíucľuíe as Code. You wanľ ľo minimize ľhe amounľ of íepeľiľive code needed ľo
manage ľhe enviíonmenľ. Whaľ should you do?
 A. Develop ľemplaľes foí ľhe enviíonmenľ using Cloud Deploymenľ Manageí.

 B. Use cuíl in a ľeíminal ľo send a RESľ íequesľ ľo ľhe íelevanľ Google API foí each
individual íesouíce.
 C. Use ľhe Cloud Console inľeíface ľo píovision and manage all íelaľed íesouíces.
 D. Cíeaľe a bash scíipľ ľhaľ conľains all íequiíemenľ sľeps as gcloud commands.
161) You aíe peífoíming a monľhly secuíiľy check of youí Google Cloud enviíonmenľ and wanľ ľoknow
who has access ľo view daľa sľoíed in youí Google Cloud
Píojecľ. Whaľ should you?
 A. Enable Audiľ Logs foí all APIs ľhaľ aíe íelaľed ľo daľa sľoíage.
 B. Review the IAM peímissions foí any íole that allows foí data access.
 C. Review ľhe Idenľiľy-Awaíe Píoxy seľľings foí each íesouíce.
 D. Cíeaľe a Daľa Loss Píevenľion job.
162) Youí company has embíaced a hybíid cloud sľíaľegy wheíe some of ľhe applicaľions aíe deployed on
Google Cloud. A Viíľual Píivaľe Neľwoík (VPN) ľunnel connecľs youí Viíľual Píivaľe Cloud (VPC) in
Google Cloud wiľh youí company‫ג‬€™s on-píemises neľwoík. Mulľiple applicaľions in Google Cloud need
ľo connecľ ľo an on-píemises daľabase seíveí, and you wanľ ľo avoid having ľo change ľhe IP
configuíaľion in all of youí applicaľions when ľhe IP of ľhe daľabase changes.
 A. Configuíe Cloud NAľ foí all subneľs of youí VPC ľo be used when egíessing fíom ľhe
VM insľances.
 B. Cíeate a píivate zone on Cloud DNS, and configuíe the applications with
the DNS name.
 C. Configuíe ľhe IP of ľhe daľabase as cusľom meľadaľa foí each insľance, and queíy ľhe
meľadaľa seíveí.
 D. Queíy ľhe Compuľe Engine inľeínal DNS fíom ľhe applicaľions ľo íeľíieve ľhe IP of ľhe
daľabase.
163) You have developed a conľaineíized web applicaľion ľhaľ will seíve inľeínal colleagues duíing
business houís. You wanľ ľo ensuíe ľhaľ no cosľs aíe incuííed ouľside of ľhe houís ľhe applicaľion is used.
You have jusľ cíeaľed a new Google Cloud píojecľ and wanľ ľo deploy ľhe applicaľion. Whaľ should
you do?
 A. Deploy ľhe conľaineí on Cloud Run foí Anľhos, and seľ ľhe minimum numbeí of
insľances ľo zeío.
 B. Deploy the containeí on Cloud Run (fully managed), and set the
minimum numbeí of instances to zeío.
 C. Deploy ľhe conľaineí on App Engine flexible enviíonmenľ wiľh auľoscaling, and seľ ľhe
value min_insľances ľo zeío in ľhe app.yaml.
 D. Deploy ľhe conľaineí on App Engine flexible enviíonmenľ wiľh manual scaling, and seľľhe
value insľances ľo zeío in ľhe app.yaml.
164) You have expeíimenľed wiľh Google Cloud using youí own cíediľ caíd and expensed ľhe cosľsľo youí
company. Youí company wanľs ľo sľíeamline ľhe billing píocess and chaíge ľhe cosľs of youí píojecľs ľo
ľheií monľhly invoice. Whaľ should you do?
 A. Gíanľ ľhe financial ľeam ľhe IAM íole of ‫ג‬€Billing Accounľ Useí‫ג‬€ on ľhe billing accounľ
linked ľo youí cíediľ caíd.
 B. Seľ up BigQueíy billing expoíľ and gíanľ youí financial depaíľmenľ IAM access ľo queíyľhe
daľa.
 C. Cíeaľe a ľickeľ wiľh Google Billing Suppoíľ ľo ask ľhem ľo send ľhe invoice ľo youí
company.
 D. Change the billing account of youí píojects to the billing account of youí
company.
165) You aíe íunning a daľa waíehouse on BigQueíy. A paíľneí company is offeíing a íecommendaľion
engine based on ľhe daľa in youí daľa waíehouse. ľhe paíľneí company is also íunning ľheií applicaľion on
Google Cloud. ľhey manage ľhe íesouíces in ľheií own píojecľ, buľ ľhey need access ľo ľhe BigQueíy
daľaseľ in youí píojecľ. You wanľ ľo píovide ľhe paíľneí companywiľh access ľo ľhe daľaseľ. Whaľ
should you do?
 A. Cíeaľe a Seívice Accounľ in youí own píojecľ, and gíanľ ľhis Seívice Accounľ access ľo
BigQueíy in youí píojecľ.
 B. Cíeaľe a Seívice Accounľ in youí own píojecľ, and ask ľhe paíľneí ľo gíanľ ľhis Seívice
Accounľ access ľo BigQueíy in ľheií píojecľ.
 C. Ask ľhe paíľneí ľo cíeaľe a Seívice Accounľ in ľheií píojecľ, and have ľhem give ľhe
Seívice Accounľ access ľo BigQueíy in ľheií píojecľ.
 D. Asfi the paítneí to cíeate a Seívice Account in theií píoject, and
gíant theií Seívice Account access to the BigQueíy dataset in youí
píoject.
166) Youí web applicaľion has been íunning successfully on Cloud Run foí Anľhos. You wanľ ľo
evaluaľe an updaľed veísion of ľhe applicaľion wiľh a specific peícenľage of youí píoducľion useís(canaíy
deploymenľ). Whaľ should you do?
 A. Cíeaľe a new seívice wiľh ľhe new veísion of ľhe applicaľion. Spliľ ľíaffic beľween ľhis
veísion and ľhe veísion ľhaľ is cuííenľly íunning.
 B. Cíeate a new íevision with the new veísion of the application. Split
tíaffic between this veísion and the veísion that is cuííently íunning.
 C. Cíeaľe a new seívice wiľh ľhe new veísion of ľhe applicaľion. Add HľľP Load Balanceí in
fíonľ of boľh seívices.
 D. Cíeaľe a new íevision wiľh ľhe new veísion of ľhe applicaľion. Add HľľP Load Balanceíin
fíonľ of boľh íevisions.
167) Youí company developed a mobile game ľhaľ is deployed on Google Cloud. Gameís aíe connecľing
ľo ľhe game wiľh ľheií peísonal phones oveí ľhe Inľeíneľ. ľhe game sends UDP packeľs
ľo updaľe ľhe seíveís abouľ ľhe gameís‫ג‬€™ acľions while ľhey aíe playing in mulľiplayeí mode. Youí
game backend can scale oveí mulľiple viíľual machines (VMs), and you wanľ ľo expose ľheVMs oveí a
single IP addíess. Whaľ should you do?
 A. Configuíe an SSL Píoxy load balanceí in fíonľ of ľhe applicaľion seíveís.

 B. Configuíe an Inľeínal UDP load balanceí in fíonľ of ľhe applicaľion seíveís.
 C. Configuíe an Exľeínal HľľP(s) load balanceí in fíonľ of ľhe applicaľion seíveís.
 D. Configuíe an Exteínal Netwoífi load balanceí in fíont of the application
seíveís.
168) You aíe woíking foí a hospiľal ľhaľ sľoíes iľs medical images in an on-píemises daľa íoom. ľhe
hospiľal wanľs ľo use Cloud Sľoíage foí aíchival sľoíage of ľhese images. ľhe hospiľal wanľsan
auľomaľed píocess ľo upload any new medical images ľo Cloud Sľoíage. You need ľo design and
implemenľ a soluľion. Whaľ should you do?
 A. Cíeaľe a Pub/Sub ľopic, and enable a Cloud Sľoíage ľíiggeí foí ľhe Pub/Sub ľopic.
Cíeaľe an applicaľion ľhaľ sends all medical images ľo ľhe Pub/Sub ľopic.
 B. Deploy a Daľaflow job fíom ľhe baľch ľemplaľe, ‫ג‬€Daľasľoíe ľo Cloud Sľoíage.‫ג‬€
Schedule ľhe baľch job on ľhe desiíed inľeíval.
 C. Cíeate a scíipt that uses the gsutil command line inteíface to
synchíonize the on- píemises stoíage with Cloud Stoíage. Schedule
the scíipt as a cíon job.
 D. In ľhe Cloud Console, go ľo Cloud Sľoíage. Upload ľhe íelevanľ images ľo ľhe appíopíiaľe
buckeľ.
Youí audiľoí wanľs ľo view youí oíganizaľion‫ג‬€™s use of daľa in Google Cloud. ľhe audiľoí is mosľ
inľeíesľed in audiľing who accessed daľa in Cloud Sľoíage buckeľs. You need ľo help ľhe audiľoí access
ľhe daľa ľhey need. Whaľ should you do?
 A. ľuín on Data Access Logs foí the bucfiets they want to audit, and
then build a queíy in the log vieweí that filteís on Cloud Stoíage.
 B. Assign ľhe appíopíiaľe peímissions, and ľhen cíeaľe a Daľa Sľudio íepoíľ on Admin
Acľiviľy Audiľ Logs.
 C. Assign ľhe appíopíiaľe peímissions, and ľhe use Cloud Moniľoíing ľo íeview meľíics.
 D. Use ľhe expoíľ logs API ľo píovide ľhe Admin Acľiviľy Audiľ Logs in ľhe foímaľ ľhey wanľ.
You íeceived a JSON file ľhaľ conľained a píivaľe key of a Seívice Accounľ in oídeí ľo geľ access ľo
seveíal íesouíces in a Google Cloud píojecľ. You downloaded and insľalled ľhe Cloud SDK and wanľ ľo
use ľhis píivaľe key foí auľhenľicaľion and auľhoíizaľion when peífoíming gcloud commands. Whaľ
should you do?
 A. Use ľhe command gcloud auľh login and poinľ iľ ľo ľhe píivaľe key.
 B. Use the command gcloud auth activate-seívice-account and point it to
the píivate fiey.
 C. Place ľhe píivaľe key file in ľhe insľallaľion diíecľoíy of ľhe Cloud SDK and íename iľ ľo
‫ג‬€cíedenľials.json‫ג‬€.
 D. Place ľhe píivaľe key file in youí home diíecľoíy and íename iľ ľo
‫ג‬€GOOGLE_APPLICAľION_CREDENľIALS‫ג‬€.
171) You aíe woíking wiľh a Cloud SQL MySQL daľabase aľ youí company. You need ľo íeľain a
monľh-end copy of ľhe daľabase foí ľhíee yeaís foí audiľ puíposes.
 A. Set up an expoít job foí the fiíst of the month. Wíite the expoít file to
an Aíchive class Cloud Stoíage bucfiet.
 B. Save ľhe auľomaľic fiísľ-of-ľhe-monľh backup foí ľhíee yeaís. Sľoíe ľhe backup file in an
Aíchive class Cloud Sľoíage buckeľ.
 C. Seľ up an on-demand backup foí ľhe fiísľ of ľhe monľh. Wíiľe ľhe backup ľo an Aíchive
class Cloud Sľoíage buckeľ.
 D. Conveíľ ľhe auľomaľic fiísľ-of-ľhe-monľh backup ľo an expoíľ file. Wíiľe ľhe expoíľ file ľo
a Coldline class Cloud Sľoíage buckeľ.
172) You aíe moniľoíing an applicaľion and íeceive useí feedback ľhaľ a specific eííoí is spiking. You
noľice ľhaľ ľhe eííoí is caused by a Seívice Accounľ having insufficienľ peímissions. You aíe able ľo
solve ľhe píoblem buľ wanľ ľo be noľified if ľhe píoblem íecuís. Whaľ should you do?
 A. In ľhe Log Vieweí, filľeí ľhe logs on seveíiľy ‫ג‬€˜Eííoí‫ג‬€™ and ľhe name of ľhe Seívice
Accounľ.
 B. Cíeaľe a sink ľo BigQueíy ľo expoíľ all ľhe logs. Cíeaľe a Daľa Sľudio dashboaíd on ľhe
expoíľed logs.
 C. Cíeate a custom log-based metíic foí the specific eííoí to be used
in an Aleíting Policy.
 D. Gíanľ Píojecľ Owneí access ľo ľhe Seívice Accounľ.
173) You aíe developing a financial ľíading applicaľion ľhaľ will be used globally. Daľa is sľoíedand
queíied using a íelaľional sľíucľuíe, and clienľs fíom all oveí ľhe woíld should geľ ľhe exacľidenľical
sľaľe of ľhe daľa. ľhe applicaľion will be deployed in mulľiple íegions ľo píovide ľhe lowesľ laľency
ľo end useís. You need ľo selecľ a sľoíage opľion foí ľhe applicaľion daľa while minimizing laľency.
 A. Use Cloud Bigľable foí daľa sľoíage.

 B. Use Cloud SQL foí data stoíage.
 C. Use Cloud Spanneí foí daľa sľoíage.
 D. Use Fiíesľoíe foí daľa sľoíage.
174) You aíe abouľ ľo deploy a new Enľeípíise Resouíce Planning (ERP) sysľem on Google Cloud. ľhe
applicaľion holds ľhe full daľabase in-memoíy foí fasľ daľa access, and you need ľo configuíe ľhe mosľ
appíopíiaľe íesouíces on Google Cloud foí ľhis applicaľion. Whaľ should you do?
 A. Píovision píeempľible Compuľe Engine insľances.

 B. Píovision Compuľe Engine insľances wiľh GPUs aľľached.
 C. Píovision Compuľe Engine insľances wiľh local SSDs aľľached.
 D. Píovision Compuľe Engine insľances wiľh M1 machine ľype.
175) You have developed an applicaľion ľhaľ consisľs of mulľiple micíoseívices, wiľh each
micíoseívice packaged in iľs own Dockeí conľaineí image. You wanľ ľo deploy ľhe enľiíe applicaľion
on Google Kubeíneľes Engine so ľhaľ each micíoseívice can be scaled individually.Whaľ should you
do?
 A. Cíeaľe and deploy a Cusľom Resouíce Definiľion peí micíoseívice.

 B. Cíeaľe and deploy a Dockeí Compose File.
 C. Cíeaľe and deploy a Job peí micíoseívice.
 D. Cíeate and deploy a Deployment peí micíoseívice.
176) You will have seveíal applicaľions íunning on diffeíenľ Compuľe Engine insľances in ľhe same
píojecľ. You wanľ ľo specify aľ a moíe gíanulaí level ľhe seívice accounľ each insľance uses when calling
Google Cloud APIs. Whaľ should you do?
 A. When cíeating the instances, specify a Seívice Account foí each

instance.
 B. When cíeaľing ľhe insľances, assign ľhe name of each Seívice Accounľ as insľance
meľadaľa.
 C. Afľeí sľaíľing ľhe insľances, use gcloud compuľe insľances updaľe ľo specify a Seívice
Accounľ foí each insľance.
 D. Afľeí sľaíľing ľhe insľances, use gcloud compuľe insľances updaľe ľo assign ľhe nameof ľhe
íelevanľ Seívice Accounľ as insľance meľadaľa.
177) You aíe cíeaľing an applicaľion ľhaľ will íun on Google Kubeíneľes Engine. You have idenľified
MongoDB as ľhe mosľ suiľable daľabase sysľem foí youí applicaľion and wanľ ľo deploy a managed
MongoDB enviíonmenľ ľhaľ píovides a suppoíľ SLA. Whaľ should you do?
 A. Cíeaľe a Cloud Bigľable clusľeí, and use ľhe HBase API.
 B. Deploy MongoDB Atlas fíom the Google Cloud Maífietplace.
 C. Download a MongoDB insľallaľion package, and íun iľ on Compuľe Engine insľances.
 D. Download a MongoDB insľallaľion package, and íun iľ on a Managed Insľance Gíoup.
178) You aíe managing a píojecľ foí ľhe Business Inľelligence (BI) depaíľmenľ in youí company. A daľa
pipeline ingesľs daľa inľo BigQueíy via sľíeaming. You wanľ ľhe useís in ľhe BI depaíľmenľ ľobe able ľo
íun ľhe cusľom SQL queíies againsľ ľhe laľesľ daľa in BigQueíy. Whaľ should you do?
 A. Cíeaľe a Daľa Sľudio dashboaíd ľhaľ uses ľhe íelaľed BigQueíy ľables as a souíce andgive
ľhe BI ľeam view access ľo ľhe Daľa Sľudio dashboaíd.
 B. Cíeaľe a Seívice Accounľ foí ľhe BI ľeam and disľíibuľe a new píivaľe key ľo each
membeí of ľhe BI ľeam.
 C. Use Cloud Scheduleí ľo schedule a baľch Daľaflow job ľo copy ľhe daľa fíom BigQueíy ľoľhe
BI ľeam‫ג‬€™s inľeínal daľa waíehouse.
 D. Assign the IAM íole of BigQueíy Useí to a Google Gíoup that contains
the membeís of the BI team.
179) Youí company is moving iľs enľiíe woíkload ľo Compuľe Engine. Some seíveís should be accessible
ľhíough ľhe Inľeíneľ, and oľheí seíveís should only be accessible oveí ľhe inľeínal neľwoík. All seíveís
need ľo be able ľo ľalk ľo each oľheí oveí specific poíľs and píoľocols. ľhe cuííenľ on-píemises neľwoík
íelies on a demiliľaíized zone (DMZ) foí ľhe public seíveís and a Local Aíea Neľwoík (LAN) foí ľhe
píivaľe seíveís. You need ľo design ľhe neľwoíking infíasľíucľuíeon
Google Cloud ľo maľch ľhese íequiíemenľs. Whaľ should you do?
 A. 1. Cíeate a single VPC with a subnet foí the DMZ and a subnet foí
the LAN. 2. Set up fiíewall íules to open up íelevant tíaffic between the
DMZ and the LAN subnets, and anotheí fiíewall íule to allow public
ingíess tíaffic foí the DMZ.
 B. 1. Cíeaľe a single VPC wiľh a subneľ foí ľhe DMZ and a subneľ foí ľhe LAN. 2. Seľ up
fiíewall íules ľo open up íelevanľ ľíaffic beľween ľhe DMZ and ľhe LAN subneľs, and
anoľheí fiíewall íule ľo allow public egíess ľíaffic foí ľhe DMZ.
 C. 1. Cíeaľe a VPC wiľh a subneľ foí ľhe DMZ and anoľheí VPC wiľh a subneľ foí ľhe LAN.
2. Seľ up fiíewall íules ľo open up íelevanľ ľíaffic beľween ľhe DMZ and ľhe LAN subneľs,and
anoľheí fiíewall íule ľo allow public ingíess ľíaffic foí ľhe DMZ.
 D. 1. Cíeaľe a VPC wiľh a subneľ foí ľhe DMZ and anoľheí VPC wiľh a subneľ foí ľhe LAN.
2. Seľ up fiíewall íules ľo open up íelevanľ ľíaffic beľween ľhe DMZ and ľhe LAN subneľs,and
anoľheí fiíewall íule ľo allow public egíess ľíaffic foí ľhe DMZ.
180) You have just created a new project which will be used to deploy a globally distributed
application. You will use Cloud Spanner for data storage. You want to create a Cloud Spanner instance.
You want to perform the first step in preparation of creating the instance. What should you do?
 A. Enable the Cloud Spanner API. Most Voted

 B. Configure your Cloud Spanner instance to be multi-regional.
 C. Create a new VPC network with subnetworks in all desired regions.
 D. Grant yourself the IAM role of Cloud Spanner Admin.
181) You have created a new project in Google Cloud through the gcloud command line interface (CLI)
and linked a billing account. You need to create a new Compute
Engine instance using the CLI. You need to perform the prerequisite stops. What should you do?
 A. Create a Cloud Monitoring Workspace.

 B. Create a VPC network in the project.
 C. Enable the compute googleapis.com API. Most Voted
 D. Grant yourself the IAM role of Computer Admin.
182) Your company has developed an Appliaction that consists of multiple microservices. You want to
deploy the application to Google Kubernetes Engine (GKE), and you want to ensure that the cluster can
scale as more applications are deployed in the future. You want to avoid manual intervention when each
new application is deployed. What should you do?
A. Deploy the application on GKE, and add a HorizontalPodAutoscaler to the deployment.
B. Deploy the application on GKE, and add a VerticalPodAutoscaler to the deployment. C.
Create a GKE cluster with autoscaling enabled on the node pool. Set a minimum and
maximum for the size of the node pool.
D. Create a separate node pool for each application, and deploy each application to its dedicated
node pool.
183) You need to manage a third-party application that will run on a Compute Engine instance. Other
Compute Engine instances are already running with default configuration. Application installation files
are hosted on Cloud Storage. You need to access these files from the new instance without allowing other
virtual machines (VMs) to access these files. What should you do?
 A. Create the instance with the default Compute Engine service account. Grant the service account
permissions on Cloud Storage.
 B. Create the instance with the default Compute Engine service account. Add metadata to the
objects on Cloud Storage that matches the metadata on the new instance.
 C. Create a new service account and assign this service account to the new instance. Grant
the service account permissions on Cloud Storage. Most Voted
 D. Create a new service account and assign this service account to the new instance. Add metadata
to the objects on Cloud Storage that matches the metadata on the new instance.
184) You need to configure optimal data storage for files stored in Cloud Storage for minimal cost. The
files are used in a mission-critical analytics pipeline that is used continually. The users are in Boston, MA
(United States). What should you do?
 A. Configure regional storage for the region closest to the users. Configure a Nearline storage
class.
 B. Configure regional storage for the region closest to the users. Configure a Standard
storage class. Most Voted
 C. Configure dual-regional storage for the dual region closest to the users. Configure a Nearline
storage class.
 D. Configure dual-regional storage for the dual region closest to the users. Configure a Standard
storage class. Most Voted
185) You are developing a new web application that will be deployed on Google Cloud Platform. As part
of your release cycle, you want to test updates to your application on a small portion of real user traffic.
The majority of the users should still be directed towards a stable version of your application. What
should you do?
 A. Deploy the application on App Engine. For each update, create a new version of the same
service. Configure traffic splitting to send a small percentage of traffic to the new
version. Most Voted
 B. Deploy the application on App Engine. For each update, create a new service. Configure traffic
splitting to send a small percentage of traffic to the new service.
 C. Deploy the application on Kubernetes Engine. For a new release, update the deployment to use
the new version.
 D. Deploy the application on Kubernetes Engine. For a new release, create a new deployment for
the new version. Update the service to use the new deployment.
186) You need to add a group of new users to Cloud Identity. Some of the users already have existing
Google accounts. You want to follow one of Google's recommended practices and avoid conflicting
accounts. What should you do?
 A. Invite the user to transfer their existing account. Most Voted

 B. Invite the user to use an email alias to resolve the conflict.
 C. Tell the user that they must delete their existing account.
 D. Tell the user to remove all personal email from the existing account.
187) You need to manage a Cloud Spanner instance for best query performance. Your instance in
production runs in a single Google Cloud region. You need to improve performance in the shortest
amount of time. You want to follow Google best practices for service configuration. What should you do?
 A. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU
utilization reaches 45%. If you exceed this threshold, add nodes to your instance.
 B. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU
utilization reaches 45%. Use database query statistics to identify queries that result in high CPU
usage, and then rewrite those queries to optimize their resource usage.
 C. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU
utilization reaches 65%. If you exceed this threshold, add nodes to your instance. Most Voted
 D. Create an alert in Cloud Monitoring to alert when the percentage of high priority CPU
utilization reaches 65%. Use database query statistics to identify queries that result in high CPU
usage, and then rewrite those queries to optimize their resource usage.
188) Your company has an internal application for managing transactional orders. The application is used
exclusively by employees in a single physical location. The application requires strong consistency, fast
queries, and ACID guarantees for multi-table transactional updates. The first version of the application is
implemented in PostgreSQL, and you want to deploy it to the cloud with minimal code changes. Which
database is most appropriate for this application?
 A. BigQuery
 B. Cloud SQL Most Voted
 C. Cloud Spanner
 D. Cloud Datastore
189) You are assigned to maintain a Google Kubernetes Engine (GKE) cluster named 'dev' that was
deployed on Google Cloud. You want to manage the GKE configuration using the command line
interface (CLI). You have just downloaded and installed the Cloud SDK. You want to ensure that future
CLI commands by default address this specific cluster What should you do?
 A. Use the command gcloud config set container/cluster dev. Most Voted
 B. Use the command gcloud container clusters update dev.
 C. Create a file called gke.default in the ~/.gcloud folder that contains the cluster name.
 D. Create a file called defaults.json in the ~/.gcloud folder that contains the cluster name.
190) The sales team has a project named Sales Data Digest that has the ID acme-data-digest. You need to
set up similar Google Cloud resources for the marketing team but their resources must be organized
independently of the sales team. What should you do?
 A. Grant the Project Editor role to the Marketing team for acme-data-digest.
 B. Create a Project Lien on acme-data-digest and then grant the Project Editor role to the
Marketing team.
 C. Create another project with the ID acme-marketing-data-digest for the Marketing team
and deploy the resources there. Most Voted
 D. Create a new project named Marketing Data Digest and use the ID acme-data-digest. Grant the
Project Editor role to the Marketing team.
191) You have deployed multiple Linux instances on Compute Engine. You plan on adding more
instances in the coming weeks. You want to be able to access all of these instances through your SSH
client over the internet without having to configure specific access on the existing and new instances. You
do not want the
Compute Engine instances to have a public IP. What should you do?
 A. Configure Cloud Identity-Aware Proxy for HTTPS resources.

 B. Configure Cloud Identity-Aware Proxy for SSH and TCP resources Most Voted
 C. Create an SSH keypair and store the public key as a project-wide SSH Key.
 D. Create an SSH keypair and store the private key as a project-wide SSH Key.
192) You have created an application that is packaged into a Docker image. You want to deploy the
Docker image as a workload on Google Kubernetes Engine. What should you do?
 A. Upload the image to Cloud Storage and create a Kubernetes Service referencing the image.
 B. Upload the image to Cloud Storage and create a Kubernetes Deployment referencing the
image.
 C. Upload the image to Container Registry and create a Kubernetes Service referencing the image.
 D. Upload the image to Container Registry and create a Kubernetes Deployment referencing
the image. Most Voted
193) You are using Data Studio to visualize a table from your data warehouse that is built on top of
BigQuery. Data is appended to the data warehouse during the day.
At night, the daily summary is recalculated by overwriting the table. You just noticed that the charts in
Data Studio are broken, and you want to analyze the problem. What should you do?
 A. Review the Error Reporting page in the Cloud Console to find any errors.
 B. Use the BigQuery interface to review the nightly job and look for any errors.
 C. Use Cloud Debugger to find out why the data was not refreshed correctly. Most Voted
 D. In Cloud Logging, create a filter for your Data Studio report. Most Voted
194) You have been asked to set up the billing configuration for a new Google Cloud customer. Your
customer wants to group resources that share common IAM policies. What should you do?
 A. Use labels to group resources that share common IAM policies.

 B. Use folders to group resources that share common IAM policies. Most Voted
 C. Set up a proper billing account structure to group IAM policies.
 D. Set up a proper project naming structure to group IAM policies.
195) You have been asked to create robust Virtual Private Network (VPN) connectivity between a new
Virtual Private Cloud (VPC) and a remote site. Key requirements include dynamic routing, a shared
address space of 10.19.0.1/22, and no overprovisioning of tunnels during a failover event. You want to
follow Google- recommended practices to set up a high availability Cloud VPN. What should you do?
 A. Use a custom mode VPC network, configure static routes, and use active/passive routing.
 B. Use an automatic mode VPC network, configure static routes, and use active/active routing.
 C. Use a custom mode VPC network, use Cloud Router border gateway protocol (BGP)
routes, and use active/passive routing. Most Voted
 D. Use an automatic mode VPC network, use Cloud Router border gateway protocol (BGP)
routes, and configure policy-based routing.
196) You are running multiple microservices in a Kubernetes Engine cluster. One microservice is
rendering images. The microservice responsible for the image rendering requires a large amount of CPU
time compared to the memory it requires. The other microservices are workloads that are optimized for
n1-standard machine types. You need to optimize your cluster so that all workloads are using resources as
efficiently as possible. What should you do?
 A. Assign the pods of the image rendering microservice a higher pod priority than the other
microservices.
 B. Create a node pool with compute-optimized machine type nodes for the image rendering
microservice. Use the node pool with general-purpose machine type nodes for the other
microservices. Most Voted
 C. Use the node pool with general-purpose machine type nodes for the image rendering
microservice. Create a node pool with compute-optimized machine type nodes for the other
microservices.
 D. Configure the required amount of CPU and memory in the resource requests specification of
the image rendering microservice deployment. Keep the resource requests for the other
microservices at the default.
197) Your organization has three existing Google Cloud projects. You need to bill the Marketing
department for only their Google Cloud services for a new initiative within their group. What should you
do?
 A. 1. Verify that you are assigned the Billing Administrator IAM role for your
organization's Google Cloud Project for the Marketing department. 2. Link the new project
to a Marketing Billing Account. Most Voted
 B. 1. Verify that you are assigned the Billing Administrator IAM role for your organization's
Google Cloud account. 2. Create a new Google Cloud Project for the Marketing department. 3.
Set the default key-value project labels to department:marketing for all services in this
project. Most Voted
 C. 1. Verify that you are assigned the Organization Administrator IAM role for your
organization's Google Cloud account. 2. Create a new Google Cloud Project for the Marketing
department. 3. Link the new project to a Marketing Billing Account.
 D. 1. Verify that you are assigned the Organization Administrator IAM role for your
organization's Google Cloud account. 2. Create a new Google Cloud Project for the Marketing
department. 3. Set the default key-value project labels to department:marketing for all services in
this project.

GCP Dump Questions

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

GCP Dump Questions

Uploaded by

Copyright:

Available Formats

1) Every employee of your company has a Google account.

Your operational team

C. Select Cloud Spanner. Set up your instance with 2 nodes.

D. Select Cloud Spanner. Set up your instance as multi-regional.

 A. Create an HTTP load balancer with a backend configuration that references an

 A. Use gcloud config configurations describe to review the output.

 A. Contact cloud-billing@google.com with your bank account details and request a

 A. Manual Scaling with 3 instances.

 A. Use kubectl app deploy <dockerfilename>.

 A. gcloud deployment-manager deployments create --config <deployment-config-path>

 A. Create two configurations using gcloud config configurations create [NAME].

 A. Use granular logging statements within a Deployment Manager template authored in

 A. Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery

 A. Add the auditors group to the ‫ג‬€˜logging.viewer‫ג‬€™ and

 A. Deploy the monitoring pod in a StatefulSet object.

33) You are deploying an application to a Compute Engine VM in a managed instance

 A. Run gcloud iam roles list. Review the output section.

 A. Enable the Node Auto-Repair feature for your GKE cluster.

 A. Configure an HTTP(S) load balancer.

 A. Use the GCP Console to transfer the file instead of gsutil.

 A. Set the maximum number of instances to 1.

 A. Run gcloud app restore.

 A. Enable Cloud CDN on the website frontend.

 A. Cíeate a single custom VPC with 2 subnets. Cíeate each subnet in a

 A. 1. Cíeate a subnetwoífi in the same VPC, in euíope-west1. 2. Cíeate the

 A. 1. Go to the Logs ingestion window in Stacfidíiveí Logging, and

 A. Peífoím a íolling-acľion sľaíľ-updaľe wiľh maxSuíge seľ ľo 0 and maxUnavailable seľ ľo 1.

 A. 1. In GKE, cíeate a Seívice of type LoadBalanceí that uses the

 A. Cíeate a Cloud Memoíystoíe foí Redis instance with 32-GB capacity.

 D. 1. Using Cloud VPN oí Inteíconnect, cíeate a tunnel to a VPC in Google

 A. Deploy the containeí on Cloud Run.

 A. Linfi the acquiíed company‫ג‬€™s píojects to youí company's billing

 A. Add the suppoít team gíoup to the íoles/monitoíing.vieweí íole

 A. Add the clusteí‫ג‬€™s API as a new ľype Píovideí in Deployment

 A. Use seívice accounľ cíedenľials in youí on-píemises applicaľion.

 A. Set metadata to enable-oslogin=tíue foí the instance. Gíant the

 A. Use gcloud to expand the IP íange of the cuííent subnet.

 A. Enable Cloud Idenľiľy in ľhe GCP Console foí youí domain.

 A. When cíeating the VM, use machine type n1-standaíd-tı6.

 A. In Google Cloud, configuíe ľhe VPC as a hosľ foí Shaíed VPC.

 A. Go to Data Catalog and seaích foí employee_ssn in the seaích box.

Whaľ is ľhe mosľ likely cause?

 A. Open ľhe Cloud Spanneí console ľo íeview configuíaľions.

 A. Spliľ ľhe useís fíom business uniľs ľo mulľiple píojecľs.

You wanľ ľo íesolve ľhe issue. Whaľ should you do?

 A. Remove ľhe píofile_picľuíe field fíom ľhe ľable.

 A. Use a Shielded VM.

 A. Add useís ľo íoles/bigqueíy useí íole only, insľead of íoles/bigqueíy daľaOwneí.

 A. Expoíľ Cloud Daľasľoíe daľa using gcloud daľasľoíe expoíľ.

 A. Add ľhe useís ľo íoles/bíowseí íole.

 A. Add ľhe useí ľo íoles/iam.íoleAdmin íole.

 A. Enable node auľo-píovisioning on ľhe GKE clusľeí.

 A. Use Google Cloud Diíectoíy Sync (GCDS) to synchíonize useís into

 A. Cíeaľe a Cloud Funcľion ľo cíeaľe an insľance ľemplaľe.

 A. Navigaľe ľo Sľackdíiveí Logging and selecľ íesouíce.labels.píojecľ_id="*"

 A. Give ‫ג‬€píojecľ owneí‫ג‬€ foí web-applicaľions appíopíiaľe íoles ľo cím-daľabases-píoj.

 A. Upload ľhe daľa ľo BigQueíy using ľhe bq command line ľool.

 A. 1. Cíeate a configuíation foí each píoject you need to manage. 2.

 A. HľľPS Load Balanceí

 A. Incíease ľhe size of ľhe disk ľo 1 ľB.

 A. Modify the existing subnet íange to 172.16.20.0/24.

 A. Navigaľe ľo Cloud Logging and view ľhe applicaľion logs.

 A. Move boľh píojecľs undeí ľhe same foldeí.

 A. Migíaľe ľhe woíkload ľo a Compuľe Engine Píeempľible VM.