You want to use the gcloud command-line tool to authenticate using a third-party single sign-on (SSO) SAML identity provider. Which options are necessary to ensure that authentication is supported by the third-party identity provider (IdP)? (Choose two.)

• A.SSO SAML as a third-party IdP
• B.OpenID Connect
• C.Identity-Aware Proxy
• D.Identity Platform
• E.Cloud Identity

Comment: *

Name: *

Email: *

Verification: *

Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your team has configured the firewall rules, subnets, and VPN gateway on the host project. They need to enable Engineering Group A to attach a Compute Engine instance to only the 10.1.1.0/24 subnet.
What should your team grant to Engineering Group A to meet this requirement?

• A.Compute Shared VPC Admin Role at the service project level.
• B.Compute Network User Role at the host project level.
• C.Compute Shared VPC Admin Role at the host project level.
• D.Compute Network User Role at the subnet level.

Comment: *

Name: *

Email: *

Verification: *

Your team uses a service account to authenticate data transfers from a given Compute Engine virtual machine instance of to a specified Cloud Storage bucket. An engineer accidentally deletes the service account, which breaks application functionality. You want to recover the application as quickly as possible without compromising security.
What should you do?

• A.Temporarily disable authentication on the Cloud Storage bucket.
• B.Use the undelete command to recover the deleted service account.
• C.Create a new service account with the same name as the deleted service account.
• D.Update the permissions of another existing service account and supply those credentials to the applications.

Comment: *

Name: *

Email: *

Verification: *

A customer wants to deploy a large number of 3-tier web applications on Compute Engine.
How should the customer ensure authenticated network separation between the different tiers of the application?

• A.Run each tier with a different Service Account (SA), and use SA-based firewall rules.
• B.Run each tier in its own subnet, and use subnet-based firewall rules.
• C.Run each tier in its own Project, and segregate using Project labels.
• D.Run each tier with its own VM tags, and use tag-based firewall rules.

Comment: *

Name: *

Email: *

Verification: *

Your team needs to make sure that their backend database can only be accessed by the frontend application and no other instances on the network.
How should your team design this network?

• A.Create two VPC networks, and connect the two networks using Cloud VPN gateways to ensure network isolation.
• B.Create a different subnet for the frontend application and database to ensure network isolation.
• C.Create two VPC networks, and connect the two networks using VPC peering to ensure network isolation.
• D.Create an ingress firewall rule to allow access only from the application to the database using firewall tags.

Comment: *

Name: *

Email: *

Verification: *