You have an application running in Google Kubernetes Engine (GKE) with cluster autoscaling enabled. The application exposes a TCP endpoint. There are several replicas of this application. You have a Compute Engine instance in the same region, but in another Virtual Private Cloud (VPC), called gce-network, that has no overlapping IP ranges with the first VPC. This instance needs to connect to the application on GKE. You want to minimize effort. What should you do?

• A.1. In GKE, create a Serviceof type LoadBalancerthat uses the application's Pods as backend.
  2. Add a Cloud Armor Security Policy to the load balancer that whitelists the internal IPs of the MIG's instances.
  3. Configure the Compute Engine instance to use the address of the load balancer that has been created.
• B.1. In GKE, create a Serviceof type LoadBalancerthat uses the application's Pods as backend.
  2. Add an annotation to this service: cloud.google.com/load-balancer-type: Internal
  3. Peer the two VPCs together.
  4. Configure the Compute Engine instance to use the address of the load balancer that has been created.
• C.1. In GKE, create a Service of type NodePortthat uses the application's Pods as backend.
  2. Create a Compute Engine instance called proxy with 2 network interfaces, one in each VPC.
  3. Use iptables on this instance to forward traffic from gce-network to the GKE nodes.
  4. Configure the Compute Engine instance to use the address of proxyin gce-networkas endpoint.
• D.1. In GKE, create a Serviceof type LoadBalancer that uses the application's Pods as backend.
  2. Set the service's externalTrafficPolicyto Cluster.
  3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

Comment: *

Name: *

Email: *

Verification: *

You need to select and configure compute resources for a set of batch processing jobs. These jobs take around 2 hours to complete and are run nightly. You want to minimize service costs. What should you do?

• A.Select Google Kubernetes Engine. Use a single-node cluster with a small instance type.
• B.Select Google Kubernetes Engine. Use a three-node cluster with micro instance types.
• C.Select Compute Engine. Use VM instance types that support micro bursting.
• D.Select Compute Engine. Use preemptible VM instances of the appropriate standard machine type.

Comment: *

Name: *

Email: *

Verification: *

You have been asked to create robust Virtual Private Network (VPN) connectivity between a new Virtual Private Cloud (VPC) and a remote site. Key requirements include dynamic routing, a shared address space of 10.19.0.1/22, and no overprovisioning of tunnels during a failover event. You want to follow Google-recommended practices to set up a high availability Cloud VPN. What should you do?

• A.Use a custom mode VPC network use Cloud Router border gateway protocol (86P) routes, and use active/passive routing
• B.Use a custom mode VPC network, configure static routes, and use active/passive routing
• C.Use an automatic mode VPC network, use Cloud Router border gateway protocol (BGP) routes and configure policy-based routing
• D.Use an automatic mode VPC network, configure static routes, and use active/active routing

Comment: *

Name: *

Email: *

Verification: *

Your company set up a complex organizational structure on Google Could Platform. The structure includes hundreds of folders and projects. Only a few team members should be able to view the hierarchical structure.
You need to assign minimum permissions to these team members and you want to follow Google- recommended practices. What should you do?

• A.Add the users to roles/browser role.
• B.Add the users to roles/iam.roleViewer role.
• C.Add the users to a group, and add this group to roles/browser role.
• D.Add the users to a group, and add this group to roles/iam.roleViewer role.

Comment: *

Name: *

Email: *

Verification: *

Your management has asked an external auditor to review all the resources in a specific project.
The security team has enabled the Organization Policy called Domain Restricted Sharing on the organization node by specifying only your Cloud Identity domain. You want the auditor to only be able to view, but not modify, the resources in that project. What should you do?

• A.Ask the auditor for their Google account, and give them the Viewer role on the project.
• B.Ask the auditor for their Google account, and give them the Security Reviewer role on the project.
• C.Create a temporary account for the auditor in Cloud Identity, and give that account the Viewer role on the project.
• D.Create a temporary account for the auditor in Cloud Identity, and give that account the Security Reviewer role on the project.

Comment: *

Name: *

Email: *

Verification: *