In your company, two departments with separate GCP projects (code-dev and data-dev) in the same organization need to allow full cross-communication between all of their virtual machines in GCP. Each department has one VPC in its project and wants full control over their network. Neither department intends to recreate its existing computing resources. You want to implement a solution that minimizes cost.
Which two steps should you take? (Choose two.)

• A.Connect the VPCs in project code-dev and data-dev using VPC Network Peering.
• B.Enable firewall rules to allow all ingress traffic from all subnets of project code-dev to all instances in project data-dev, and vice versa.
• C.Connect both projects using Cloud VPN.
• D.Create a route in the code-dev project to the destination prefixes in project data-dev and use nexthop as the default gateway, and vice versa.
• E.Enable Shared VPC in one project (e. g., code-dev), and make the second project (e. g., data-dev) a service project.

Comment: *

Name: *

Email: *

Verification: *

You need to define an address plan for a future new GKE cluster in your VPC. This will be a VPC-native cluster, and the default Pod IP range allocation will be used. You must pre-provision all the needed VPC subnets and their respective IP address ranges before cluster creation. The cluster will initially have a single node, but it will be scaled to a maximum of three nodes if necessary. You want to allocate the minimum number of Pod IP addresses.
Which subnet mask should you use for the Pod IP address range?

• A./21
• B./22
• C./23
• D./25

Comment: *

Name: *

Email: *

Verification: *

You created a new VPC for your development team. You want to allow access to the resources in this VPC via SSH only.
How should you configure your firewall rules?

• A.Create two firewall rules: one to block all traffic with priority 0, and another to allow port 22 with priority 1000.
• B.Create two firewall rules: one to block all traffic with priority 65536, and another to allow port 3389 with priority 1000.
• C.Create a single firewall rule to allow port 22 with priority 1000.
• D.Create a single firewall rule to allow port 3389 with priority 1000.

Comment: *

Name: *

Email: *

Verification: *

You need to give each member of your network operations team least-privilege access to create, modify, and delete Cloud Interconnect VLAN attachments.
What should you do?

• A.Assign each user the editor role.
• B.Assign each user the compute.networkAdmin role.
• C.Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get.
• D.Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get, compute.routers.create, compute.routers.get, compute.routers.update.

Comment: *

Name: *

Email: *

Verification: *

Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren't certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users.
What should you do?

• A.Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to disabled, and review necessary logs.
• B.Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to enabled, and review necessary logs.
• C.Create a Cloud Armor Policy rule that denies traffic, enable preview mode, and review necessary logs.
• D.Create a Cloud Armor Policy rule that denies traffic and review necessary logs.

Comment: *

Name: *

Email: *

Verification: *