You need to manage a third-party application that will run on a Compute Engine instance. Other Compute Engine instances are already running with default configuration. Application installation files are hosted on Cloud Storage. You need to access these files from the new instance without allowing other virtual machines (VMs) to access these files. What should you do?

• A.Create a new service account and assign this service account to the new instance Grant the service account permissions on Cloud Storage.
• B.Create the instance with the default Compute Engine service account Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.
• C.Create a new service account and assign this service account to the new instance Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.
• D.Create the instance with the default Compute Engine service account Grant the service account permissions on Cloud Storage.

Comment: *

Name: *

Email: *

Verification: *

A Solutions Architect is designing a high-performance computing job that runs on Amazon EC2 instances in private subnets. To allow the application to download patches, the infrastructure must be altered to allow the instances to access external endpoints. Any changes to the infrastructure must involve minimal ongoing systems management effort.
What will allow the EC2 instances to access the endpoint while meeting these requirements?

• A.NAT gateway
• B.Elastic IP address
• C.AWS Direct Connect
• D.Virtual private gateway

Comment: *

Name: *

Email: *

Verification: *

You are hosting an application on bare-metal servers in your own data center. The application needs access to Cloud Storage. However, security policies prevent the servers hosting the application from having public IP addresses or access to the internet. You want to follow Google-recommended practices to provide the application with access to Cloud Storage. What should you do?

• A.1. Use nslookupto get the IP address for storage.googleapis.com.
  2. Negotiate with the security team to be able to give a public IP address to the servers.
  3. Only allow egress traffic from those servers to the IP addresses for storage.googleapis.com.
• B.1. Using Cloud VPN or Interconnect, create a tunnel to a VPC in GCP.
  2. Use Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that network to your on-premises network through the VPN tunnel.
  3. In your on-premises network, configure your DNS server to resolve *.googleapis.com as a CNAME to restricted.googleapis.com.
• C.1. Use Migrate for Compute Engine (formerly known as Velostrata) to migrate those servers to Compute Engine.
  2. Create an internal load balancer (ILB) that uses storage.googleapis.com as backend.
  3. Configure your new instances to use this ILB as proxy.
• D.1. Using Cloud VPN, create a VPN tunnel to a Virtual Private Cloud (VPC) in Google Cloud Platform (GCP).
  2. In this VPC, create a Compute Engine instance and install the Squid proxy server on this instance.
  3. Configure your servers to use that instance as a proxy to access Cloud Storage.

Comment: *

Name: *

Email: *

Verification: *

Every employee of your company has a Google account. Your operational team needs to manage a large number of instances on Compute Engine. Each member of this team needs only administrative access to the servers. Your security team wants to ensure that the deployment of credentials is operationally efficient and must be able to determine who accessed a given instance. What should you do?

• A.Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the "compute.osAdminLogin" role to the Google group corresponding to this team.
• B.Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.
• C.Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.
  https://cloud.google.com/compute/docs/instances/managing-instance-access
• D.Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.

Comment: *

Name: *

Email: *

Verification: *

You have production and test workloads that you want to deploy on Compute Engine. Production VMs need to be in a different subnet than the test VMs. All the VMs must be able to reach each other over internal IP without creating additional routes. You need to set up VPC and the 2 subnets. Which configuration meets these requirements?

• A.Create 2 custom VPCs, each with a single subnet. Create each subnet is a different region and with a different CIDR range.
• B.Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range.
• C.Create 2 custom VPCs, each with a single subnet. Create each subnet in the same region and with the same CIDR range.
• D.Create a single custom VPC with 2 subnets. Create each subnet in the same region and with the same CIDR range.

Comment: *

Name: *

Email: *

Verification: *