You have created a firewall with rules that only allow traffic over HTTP, HTTPS, and SSH ports. While testing, you specifically try to reach the server over multiple ports and protocols; however, you do not see any denied connections in the firewall logs. You want to resolve the issue.
What should you do?

• A.Create an explicit Deny Any rule and enable logging on the new rule.
• B.Enable logging on the VM Instances that receive traffic.
• C.Create a logging sink forwarding all firewall logs with no filters.
• D.Enable logging on the default Deny Any Firewall Rule.

Comment: *

Name: *

Email: *

Verification: *

You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible.
What should you do?

• A.Grant the compute.instanceAdmin to your user account.
• B.Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.
• C.Grant the iam.serviceAccountUser to your user account.
• D.Grant the read-only privilege to the service account for the Cloud Storage bucket.

Comment: *

Name: *

Email: *

Verification: *

You created a VPC network named Retail in auto mode. You want to create a VPC network named Distribution and peer it with the Retail VPC.
How should you configure the Distribution VPC?

• A.Create the Distribution VPC in custom mode. Use the CIDR range 10.128.0.0/9. Create the necessary subnets, and then peer them via network peering.
• B.Create the Distribution VPC in custom mode. Use the CIDR range 10.0.0.0/9. Create the necessary subnets, and then peer them via network peering.
• C.Create the Distribution VPC in auto mode. Peer both the VPCs via network peering.
• D.Rename the default VPC as "Distribution" and peer it via network peering.

Comment: *

Name: *

Email: *

Verification: *

You have created a firewall with rules that only allow traffic over HTTP, HTTPS, and SSH ports. While testing, you specifically try to reach the server over multiple ports and protocols; however, you do not see any denied connections in the firewall logs. You want to resolve the issue.
What should you do?

• A.Enable logging on the default Deny Any Firewall Rule.
• B.Enable logging on the VM Instances that receive traffic.
• C.Create a logging sink forwarding all firewall logs with no filters.
• D.Create an explicit Deny Any rule and enable logging on the new rule.

Comment: *

Name: *

Email: *

Verification: *

Your company has just launched a new critical revenue-generating web application. You deployed the application for scalability using managed instance groups, autoscaling, and a network load balancer as frontend. One day, you notice severe bursty traffic that the caused autoscaling to reach the maximum number of instances, and users of your application cannot complete transactions. After an investigation, you think it as a DDOS attack. You want to quickly restore user access to your application and allow successful transactions while minimizing cost.
Which two steps should you take? (Choose two.)

• A.Increase the maximum autoscaling backend to accommodate the severe bursty traffic.
• B.Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline.
• C.Create a global HTTP(s) load balancer and move your application backend to this load balancer.
• D.SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.
• E.Use Cloud Armor to blacklist the attacker's IP addresses.

Comment: *

Name: *

Email: *

Verification: *