You need to assign a Cloud Identity and Access Management (Cloud IAM) role to an external auditor. The auditor needs to have permissions to review your Google Cloud Platform (GCP) Audit Logs and also to review your Data Access logs. What should you do?

• A.Assign the auditor the IAM role roles/logging.privateLogViewer.
  Perform the export of logs to Cloud Storage.
• B.Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission.
  Perform the export of logs to Cloud Storage.
• C.Assign the auditor the IAM role roles/logging.privateLogViewer.
  Direct the auditor to also review the logs for changes to Cloud IAM policy.
• D.Assign the auditor's IAM user to a custom role that has logging.privateLogEntries.list permission.
  Direct the auditor to also review the logs for changes to Cloud IAM policy.

Comment: *

Name: *

Email: *

Verification: *

You are building a product on top of Google Kubernetes Engine (GKE). You have a single GKE cluster. For each of your customers, a Pod is running in that cluster, and your customers can run arbitrary code inside their Pod. You want to maximize the isolation between your customers' Pods. What should you do?

• A.Use Binary Authorization and whitelist only the container images used by your customers' Pods.
• B.Use the Container Analysis API to detect vulnerabilities in the containers used by your customers' Pods.
• C.Create a GKE node pool with a sandbox type configured to gvisor. Add the parameter runtimeClassName: gvisor to the specification of your customers' Pods.
• D.Use the cos_containerdimage for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerdto the specification of your customers' Pods.

Comment: *

Name: *

Email: *

Verification: *

You want to run a single caching HTTP reverse proxy on GCP for a latency-sensitive website. This specific reverse proxy consumes almost no CPU. You want to have a 30-GB in-memory cache, and need an additional 2 GB of memory for the rest of the processes. You want to minimize cost. How should you run this reverse proxy?

• A.Package it in a container image, and run it on Kubernetes Engine, using n1-standard-32 instances as nodes.
• B.Run it on Compute Engine, choose the instance type n1-standard-1, and add an SSD persistent disk of 32 GB.
• C.Run it on Compute Engine, and choose a custom instance type with 6 vCPUs and 32 GB of memory.
• D.Create a Cloud Memorystore for Redis instance with 32-GB capacity.

Comment: *

Name: *

Email: *

Verification: *

You are given a project with a single virtual private cloud (VPC) and a single subnetwork in the us-central1 region. There is a Compute Engine instance hosting an application in this subnetwork. You need to deploy a new instance in the same project in the europe-west1 region. This new instance needs access to the application. You want to follow Google-recommended practices. What should you do?

• A.1. Create a VPC and a subnetwork in europe-west1.
  2. Expose the application with an internal load balancer.
  3. Create the new instance in the new subnetwork and use the load balancer's address as the endpoint.
• B.1. Create a VPC and a subnetwork in europe-west1.
  2. Peer the 2 VPCs.
  3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.
• C.1. Create a subnetwork in the same VPC, in europe-west1.
  2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.
• D.1. Create a subnetwork in the same VPC, in europe-west1.
  2. Use Cloud VPN to connect the two subnetworks.
  3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

Comment: *

Name: *

Email: *

Verification: *

You significantly changed a complex Deployment Manager template and want to confirm that the dependencies of all defined resources are properly met before committing it to the project. You want the most rapid feedback on your changes. What should you do?

• A.Execute the Deployment Manager template using the --preview option in the same project, and observe the state of interdependent resources.
• B.Execute the Deployment Manager template against a separate project with the same configuration, and monitor for failures.
• C.Monitor activity of the Deployment Manager execution on the Stackdriver Logging page of the GCP Console.
• D.Use granular logging statements within a Deployment Manager template authored in Python.

Comment: *

Name: *

Email: *

Verification: *