Google Associate-Cloud-Engineer Google Cloud Certified - Associate Cloud Engineer Exam Practice Test

Grant all members of the DevOps team the role of Project Editor on the organization level.

Grant all members of the DevOps team the role of Project Editor on the production project.

Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the production project.

Create a custom role that combines the required permissions. Grant the DevOps team the custom role on the organization level.

The pending Pod's resource requests are too large to fit on a single node of the cluster.

Too many Pods are already running in the cluster, and there are not enough resources left to schedule the pending Pod.

The node pool is configured with a service account that does not have permission to pull the container image used by the pending Pod.

The pending Pod was originally scheduled on a node that has been preempted between the creation of the Deployment and your verification of the Pods’ status. It is currently being rescheduled on a new node.

Deploy the application on a managed instance group and configure autoscaling.

Deploy the application on a Kubernetes Engine cluster and configure node pool autoscaling.

Deploy the application on Cloud Functions and configure the maximum number instances.

Deploy the application on Cloud Run and configure autoscaling.

Check the app.yaml file for your application and check project settings.

Check the web-application.xml file for your application and check project settings.

Go to Deployment Manager and review settings for deployment of applications.

Go to Cloud Shell and run gcloud config list to review the Google Cloud configuration used for deployment.

1. Verify that you are assigned the Project Owners IAM role for this project.

2. Locate the project in the GCP console, click Shut down and then enter the project ID.

1. Verify that you are assigned the Project Owners IAM role for this project.

2. Switch to the project in the GCP console, locate the resources and delete them.

1. Verify that you are assigned the Organizational Administrator IAM role for this project.

2. Locate the project in the GCP console, enter the project ID and then click Shut down.

1. Verify that you are assigned the Organizational Administrators IAM role for this project.

2. Switch to the project in the GCP console, locate the resources and delete them.

Run gcloud iam roles list. Review the output section.

Run gcloud iam service-accounts list. Review the output section.

Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles.

Navigate to the project and then to the Roles section in the GCP Console. Review the roles and status.

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

Create a new subnet in the same region as the subnet being used.

Add an alias IP range to the subnet used by the GKE clusters.

Create a new VPC, and set up VPC peering with the existing VPC.

Expand the CIDR range of the relevant subnet for the cluster.

Configure an SSL Proxy load balancer in front of the application servers.

Configure an Internal UDP load balancer in front of the application servers.

Configure an External HTTP(s) load balancer in front of the application servers.

Configure an External Network load balancer in front of the application servers.

Cloud Run for Anthos

Cloud Run

App Engine Standard

Cloud Functions.

Write a script that runs gsutil Is -| – gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Schedule the script with cron.

Write a lifecycle management rule in JSON and push it to the bucket with gsutil lifecycle set config-json-file.

Write a lifecycle management rule in XML and push it to the bucket with gsutil lifecycle set config-xml-file.

Write a script that runs gsutil Is -Ir gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Repeat this process every morning.

Configure Cloud Identity-Aware Proxy (or HTTPS resources

Configure Cloud Identity-Aware Proxy for SSH and TCP resources.

Create an SSH keypair and store the public key as a project-wide SSH Key

Create an SSH keypair and store the private key as a project-wide SSH Key

Run a test using simulated maintenance events. If the test is successful, use preemptible N1 Standard VMs when running future jobs.

Run a test using simulated maintenance events. If the test is successful, use N1 Standard VMs when running future jobs.

Run a test using a managed instance group. If the test is successful, use N1 Standard VMs in the managed instance group when running future jobs.

Run a test using N1 standard VMs instead of N2. If the test is successful, use N1 Standard VMs when running future jobs.

Arrange to switch to Flat-Rate pricing for this query, then move back to on-demand.

Use the command line to run a dry run query to estimate the number of bytes read. Then convert that bytes estimate to dollars using the Pricing Calculator.

Use the command line to run a dry run query to estimate the number of bytes returned. Then convert that bytes estimate to dollars using the Pricing Calculator.

Run a select count (*) to get an idea of how many records your query will look through. Then convert that number of rows to dollars using the Pricing Calculator.

Modify the existing subnet range to 172.16.20.0/24.

Create a new Secondary IP Range in the VPC and configure the VMs to use that range.

Create a new VPC network for the VMs. Enable VPC Peering between the VMs’ VPC network and the Dataproc cluster VPC network.

Create a new VPC network for the VMs with a subnet of 172.32.0.0/16. Enable VPC network Peering between the Dataproc VPC network and the VMs VPC network. Configure a custom Route exchange.

Ask the other team to grant your default App Engine Service account the role of BigQuery Job User.

Ask the other team to grant your default App Engine Service account the role of BigQuery Data Viewer.

In Cloud IAM of your project, ensure that the default App Engine service account has the role of BigQuery Data Viewer.

In Cloud IAM of your project, grant a newly created service account from the other team the role of BigQuery Job User in your project.

Save file automatic first-of-the- month backup for three years Store the backup file in an Archive class Cloud Storage bucket

Convert the automatic first-of-the-month backup to an export file Write the export file to a Coldline class Cloud Storage bucket

Set up an export job for the first of the month Write the export file to an Archive class Cloud Storage bucket

Set up an on-demand backup tor the first of the month Write the backup to an Archive class Cloud Storage bucket

Use the projects. move method to move the project to your organization. Update the billing account of the project to that of your organization.

Ensure that you have an Organization Administrator Identity and Access Management (IAM) role assigned to you in both organizations. Navigate to the Resource Manager in the startup's Google Cloud organization, and drag the project to your company's organization.

Create a Private Catalog tor the Google Cloud Marketplace, and upload the resources of the startup’s production project to the Catalog. Share the Catalog with your organization, and deploy the resources in your company’s project.

Create an infrastructure-as-code template tor all resources in the project by using Terraform. and deploy that template to a new project in your organization. Delete the protect from the startup's Google Cloud organization.

kubectl get deployments –output=pods

gcloud get pods –selector=”app=prod”

kubectl get pods -I “app=prod”

gcloud list gke-deployments -filter={pod }

Create a folder to contain all the dev projects Create an organization policy to limit resources in US locations.

Create an organization to contain all the dev projects. Create an Identity and Access Management (IAM) policy to limit the resources in US regions.

Create an Identity and Access Management

Create an Identity and Access Management (IAM)policy to restrict the resources locations in all dev projects. Apply the policy to all dev roles.

Use Cloud Bigtable for data storage.

Use Cloud SQL for data storage.

Use Cloud Spanner for data storage.

Use Firestore for data storage.

Search for the CMS solution in Google Cloud Marketplace. Use gcloud CLI to deploy the solution.

Search for the CMS solution in Google Cloud Marketplace. Deploy the solution directly from Cloud Marketplace.

Search for the CMS solution in Google Cloud Marketplace. Use Terraform and the Cloud Marketplace ID to deploy the solution with the appropriate parameters.

Use the installation guide of the CMS provider. Perform the installation through your configuration management system.

gcloud deployment-manager deployments create my-gcp-ace-cluster --config cluster.yaml

gcloud deployment-manager deployments create my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml

gcloud deployment-manager deployments apply my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml

gcloud deployment-manager deployments apply my-gcp-ace-cluster --config cluster.yaml

Create a Cloud Monitoring Workspace.

Create a VPC network in the project.

Enable the compute googleapis.com API.

Grant yourself the IAM role of Compute Admin.

Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.

Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service.

Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.

Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application. Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on.

Upload the data to BigQuery using the bq command line tool.

Upload the data to Cloud Storage using the gsutil command line tool.

Upload the data into Cloud SQL using the import function in the console.

Upload the data into Cloud Spanner using the import function in the console.

Create one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively.

Create one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively.

Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.

Create one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively.

Instruct the external consultant to use the gcloud compute ssh command line tool by using Identity-Aware Proxy to access the instance.

Instruct the external consultant to use the gcloud compute ssh command line tool by using the public IP address of the instance to access it.

Instruct the external consultant to generate an SSH key pair, and request the public key from the consultant.

Add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key.

Instruct the external consultant to generate an SSH key pair, and request the private key from the consultant.

Add the private key to the instance yourself, and have the consultant access the instance through SSH with their public key.

Enable Cloud Identity in the GCP Console for your domain.

Grant them the required IAM roles using their G Suite email address.

Create a CSV sheet with all users’ email addresses. Use the gcloud command line tool to convert them into Google Cloud Platform accounts.

In the G Suite console, add the users to a special group called cloud-console-users@yourdomain.com. Rely on the default behavior of the Cloud Platform to grant users access if they are members of this group.

Use gcloud iam roles copy and specify the production project as the destination project.

Use gcloud iam roles copy and specify your organization as the destination organization.

In the Google Cloud Platform Console, use the ‘create role from role’ functionality.

In the Google Cloud Platform Console, use the ‘create role’ functionality and select all applicable permissions.

Provision preemptible Compute Engine instances.

Provision Compute Engine instances with GPUs attached.

Provision Compute Engine instances with local SSDs attached.

Provision Compute Engine instances with M1 machine type.

Migrate the workload to a Compute Engine Preemptible VM.

Migrate the workload to a Google Kubernetes Engine cluster with Preemptible nodes.

Migrate the workload to a Compute Engine VM. Start and stop the instance as needed.

Create an Instance Template with Preemptible VMs On. Create a Managed Instance Group from the template and adjust Target CPU Utilization. Migrate the workload.

1. Update your instances’ metadata to add the following value: snapshot–schedule: 0 1 * * *

2. Update your instances’ metadata to add the following value: snapshot–retention: 30

1. In the Cloud Console, go to the Compute Engine Disks page and select your instance’s disk.

2. In the Snapshot Schedule section, select Create Schedule and configure the following parameters:

–Schedule frequency: Daily

–Start time: 1:00 AM – 2:00 AM

–Autodelete snapshots after 30 days

1. Create a Cloud Function that creates a snapshot of your instance’s disk.

2.Create a Cloud Function that deletes snapshots that are older than 30 days.

3.Use Cloud Scheduler to trigger both Cloud Functions daily at 1:00 AM.

1. Create a bash script in the instance that copies the content of the disk to Cloud Storage.

2.Create a bash script in the instance that deletes data older than 30 days in the backup Cloud Storage bucket.

3.Configure the instance’s crontab to execute these scripts daily at 1:00 AM.

Create a new project and create an App Engine instance in europe-west3

Use the gcloud app region set command and supply the name of the new region.

From the console, under the App Engine page, click edit, and change the region drop-down.

Contact Google Cloud Support and request the change.

Use kubect1 to delete the topic resource.

Use gcloud CLI to delete the topic.

Use kubect1 to create the label deleted-by-cnrm and to change its value to true for the topic resource.

Use gcloud CLI to update the topic label managed-by-cnrm to false.

In the Google Cloud console, visualize the costs related to the projects in the Reports section.

In the Google Cloud console, visualize the costs related to the projects in the Cost breakdown section.

In the Google Cloud console, use the export functionality of the Cost table. Create a Looker Studiodashboard on top of the CSV export.

Configure Cloud Billing data export to BigOuery for the billing account. Create a Looker Studio dashboard on top of the BigOuery export.

After the VM has been created, use your Google Account credentials to log in into the VM.

After the VM has been created, use gcloud compute reset-windows-password to retrieve the login credentials for the VM.

When creating the VM, add metadata to the instance using ‘windows-password’ as the key and a password as the value.

After the VM has been created, download the JSON private key for the default Compute Engine service account. Use the credentials in the JSON file to log in to the VM.

Store the database password inside the Docker image of the container, not in the YAML file.

Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.

Store the database password inside a ConfigMap object. Modify the YAML file to populate the DB_PASSWORD environment variable from the ConfigMap.

Store the database password in a file inside a Kubernetes persistent volume, and use a persistent volume claim to mount the volume to the container.

Create a file in Cloud Storage per device and append new data to that file.

Create a file in Cloud Filestore per device and append new data to that file.

Ingest the data into Datastore. Store data in an entity group based on the device.

Ingest the data into Cloud Bigtable. Create a row key based on the event timestamp.

Sync Identities with Cloud Directory Sync, and then enable SAML for single sign-on

Sync Identities in the Google Admin console, and then enable Oauth for single sign-on

Sync identities with 3rd party LDAP sync, and then copy passwords to allow simplified login with (he same credentials

Sync identities with Cloud Directory Sync, and then copy passwords to allow simplified login with the same credentials.

Create the instance with the default Compute Engine service account Grant the service account permissions on Cloud Storage.

Create the instance with the default Compute Engine service account Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.

Create a new service account and assig n this service account to the new instance Grant the service account permissions on Cloud Storage.

Create a new service account and assign this service account to the new instance Add metadata to the objects on Cloud Storage that matches the metadata on the new instance.

Deploy me application on App Engine For each update, create a new version of the same service Configure traffic splitting to send a small percentage of traffic to the new version

Deploy the application on App Engine For each update, create a new service Configure traffic splitting to send a small percentage of traffic to the new service.

Deploy the application on Kubernetes Engine For a new release, update the deployment to use the new version

Deploy the application on Kubernetes Engine For a now release, create a new deployment for the new version Update the service e to use the now deployment.

Migrate the users to Active Directory. Connect the Human Resources system to Active Directory. Turn on Google Cloud Directory Sync (GCDS) for Cloud Identity. Turn on Identity Federation from Cloud Identity to Active Directory.

Organize the users in Cloud Identity into groups. Enforce multi-factor authentication in Cloud Identity.

Turn on identity federation between Cloud Identity and Google Workspace. Enforce multi-factor authentication for domain wide delegation.

Use a third-party identity provider service through federation. Synchronize the users from Google Workplace to the third-party provider in real time.

* Create service accounts sa-app and sa-db.

• Associate service account: sa-app with the application servers and the service account sa-db with the database servers.

• Create an ingress firewall rule to allow network traffic from source service account sa-app to target service account sa-db.

• Create network tags app-server and db-server.

• Add the app-server lag lo the application servers and the db-server lag to the database servers.

• Create an egress firewall rule to allow network traffic from source network tag app-server to target network tag db-server.

* Create a service account sa-app and a network tag db-server.

* Associate the service account sa-app with the application servers and the network tag db-server with

the database servers.

• Create an ingress firewall rule to allow network traffic from source VPC IP addresses and target the subnet-a IP addresses.

• Create a network lag app-server and service account sa-db.

• Add the tag to the application servers and associate the service account with the database servers.

• Create an egress firewall rule to allow network traffic from source network tag app-server to target service account sa-db.

Create a Cloud Memorystore for Redis instance with 32-GB capacity.

Run it on Compute Engine, and choose a custom instance type with 6 vCPUs and 32 GB of memory.

Package it in a container image, and run it on Kubernetes Engine, using n1-standard-32 instances as nodes.

Run it on Compute Engine, choose the instance type n1-standard-1, and add an SSD persistent disk of 32 GB.

Deploy Jenkins through the Google Cloud Marketplace.

Create a new Compute Engine instance. Run the Jenkins executable.

Create a new Kubernetes Engine cluster. Create a deployment for the Jenkins image.

Create an instance template with the Jenkins executable. Create a managed instance group with this template.

1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.2. Call your application on Cloud Run from the Cloud Function for every message.

1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.2. Create a Cloud Pub/Sub subscription for that topic.3. Make your application pull messages from that subscription.

1. Create a service account.2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.

1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.2. Create a Cloud Pub/Sub subscription for that topic.3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application.

Deploy the container on Cloud Run for Anthos, and set the minimum number of instances to zero

Deploy the container on Cloud Run (fully managed), and set the minimum number of instances to zero.

Deploy the container on App Engine flexible environment with autoscaling. and set the value min_instances to zero in the app yaml

Deploy the container on App Engine flexible environment with manual scaling, and set the value instances to zero in the app yaml

Deployment Manager

Cloud Composer

Managed Instance Group

Unmanaged Instance Group

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Coldline Storage.

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage.

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Coldline Storage.

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Nearline Storage.

Use Shared VPC to connect all projects, and link Stackdriver to one of the projects.

For each project, create a Stackdriver account. In each project, create a service account for that project and grant it the role of Stackdriver Account Editor in all other projects.

Configure a single Stackdriver account, and link all projects to the same account.

Configure a single Stackdriver account for one of the projects. In Stackdriver, create a Group and add the other project names as criteria for that Group.

Download and deploy the Jenkins Java WAR to App Engine Standard.

Create a new Compute Engine instance and install Jenkins through the command line interface.

Create a Kubernetes cluster on Compute Engine and create a deployment with the Jenkins Docker image.

Use GCP Marketplace to launch the Jenkins solution.

Use Binary Authorization and whitelist only the container images used by your customers’ Pods.

Use the Container Analysis API to detect vulnerabilities in the containers used by your customers’ Pods.

Create a GKE node pool with a sandbox type configured to gvisor. Add the parameter runtimeClassName: gvisor to the specification of your customers’ Pods.

Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers’ Pods.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -m 1h gs:///*.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -d 1h gs:///**.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -p 60m gs:///.

Create a JSON key for the Default Compute Engine Service Account. Execute the command gsutil signurl -t 60m gs:///***

Use gcloud storage for the video files. Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.

Use Transfer Appliance for the videos. BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.

Use Storage Transfer Service for the video files, BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.

Use Cloud Data Fusion for the video files, Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.

Review the Compute Engine activity logs Select and review the Admin Event logs

Review the Compute Engine activity logs Select and review the System Event logs

Install the Cloud Logging Agent In Cloud Logging review the Compute Engine syslog logs

Install the Cloud Logging Agent In Cloud Logging, review the Compute Engine operation logs

Build a lifecycle policy to delete Cloud Storage objects after 45 days.

Use signed URLs to allow suppliers limited time access to store their objects.

Set up an SFTP server for your application, and create a separate user for each supplier.

Build a Cloud function that triggers a timer of 45 days to delete objects that have expired.

Develop a script that loops through all Cloud Storage buckets and deletes any buckets that are older than 45 days.

Create a Cloud Scheduler task to regularly scan your projects and delete mismatched users.

Create a Cloud Scheduler task to regularly scan your resources and delete mismatched users.

Set an organizational policy constraint to limit identities by domain to automatically remove mismatched users.

Set an organizational policy constraint to limit identities by domain, and then retroactively remove the existing mismatched users.

• Navigate to Cloud Mentioning in the Google Cloud console, and create a custom monitoring job for the

Bigtable instance to track all changes.

• Create an alert by using webhook endpoints. with the SIEM endpoint as a receiver

■ Navigate to the Audit Logs page in the Google Cloud console, and enable Data Read. Data Write and Admin Read logs for the Bigtable instance

• Create a Pub/Sub topic as a Cloud Logging sink destination, and add your SIEM as a subscriber to the topic.

• Install the Ops Agent on the Bigtable instance during configuration. K

• Create a service account with read permissions for the Bigtable instance.

• Create a custom Dataflow job with this service account to export logs to the company's SIEM system.

• Navigate to the Audit Logs page in the Google Cloud console, and enable Admin Write logs for the

Biglable instance.

• Create a Cloud Functions instance to export logs from Cloud Logging to your SIEM.

Use permissions in your role that use the ‘supported’ support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

Use permissions in your role that use the ‘supported’ support level for role permissions. Set the role stage to BETA while testing the role permissions.

Use permissions in your role that use the ‘testing’ support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

Use permissions in your role that use the ‘testing’ support level for role permissions. Set the role stage to BETA while testing the role permissions.

Select Google Kubernetes Engine. Use a single-node cluster with a small instance type.

Select Google Kubernetes Engine. Use a three-node cluster with micro instance types.

Select Compute Engine. Use preemptible VM instances of the appropriate standard machine type.

Select Compute Engine. Use VM instance types that support micro bursting.

Deploy the new version in the same application and use the --migrate option.

Deploy the new version in the same application and use the --splits option to give a weight of 99 to the current version and a weight of 1 to the new version.

Create a new App Engine application in the same project. Deploy the new version in that application. Use the App Engine library to proxy 1% of the requests to the new version.

Create a new App Engine application in the same project. Deploy the new version in that application. Configure your network load balancer to send 1% of the traffic to that new application.

Create a custom role with view-only project permissions. Add the user's account to the custom role.

Create a custom role with view-only service permissions. Add the user's account to the custom role.

Select the built-in IAM project Viewer role. Add the user's account to this role.

Select the built-in IAM service Viewer role. Add the user's account to this role.

Create a custom role, and add all the required compute.disks.list and compute, images.list permissions as includedPermissions. Grant the custom role to the user at the project level.

Create a custom role based on the Compute Image User role Add the compute.disks, list to the

includedPermissions field Grant the custom role to the user at the project level

Grant the Compute Storage Admin role at the project level.

Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.

Create and deploy a Custom Resource Definition per microservice.

Create and deploy a Docker Compose File.

Create and deploy a Job per microservice.

Create and deploy a Deployment per microservice.

Enable Private Service Access on the Cloud Storage Bucket.

Add slorage.googleapis.com to the list of restricted services in a VPC Service Controls perimeter and add your project to the list to protected projects.

Enable Private Google Access on the subnet within the custom VPC.

Deploy a Cloud NAT instance and route the traffic to the dedicated IP address of the Cloud Storage bucket.

Link the acquired company’s projects to your company's billing account.

Configure the acquired company's billing account and your company's billing account to export the billing data into the same BigQuery dataset.

Migrate the acquired company’s projects into your company’s GCP organization. Link the migrated projects to your company's billing account.

Create a new GCP organization and a new billing account. Migrate the acquired company's projects and your company's projects into the new GCP organization and link the projects to the new billing account.

Assign the appropriate permissions, and then use Cloud Monitoring to review metrics

Use the export logs API to provide the Admin Activity Audit Logs in the format they want

Turn on Data Access Logs for the buckets they want to audit, and Then build a query in the log viewer that filters on Cloud Storage

Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs

Add your SREs to roles/iam.roleAdmin role.

Add your SREs to roles/accessapproval approver role.

Add your SREs to a group and then add this group to roles/iam roleAdmin role.

Add your SREs to a group and then add this group to roles/accessapproval approver role.

Migrate the web application to App Engine and the backend API to Cloud Run Use Cloud Tasks to run your background job on Compute Engine

Migrate the web application to App Engine and the backend API to Cloud Run. Use Cloud Tasks to run your background job on Cloud Run.

Run the web application on a Cloud Storage bucket and the backend API on Cloud Run Use Cloud Tasks to run your background job on Cloud Run.

Run the web application on a Cloud Storage bucket and the backend API on Cloud Run. Use Cloud Tasks to run your background job on Compute Engine

Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.

Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.

Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.

Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

Create a Billing account, associate a payment method with it, and provide all project creators with permission to associate that billing account with their projects.

Grant all engineer’s permission to create their own billing accounts for each new project.

Apply for monthly invoiced billing, and have a single invoice tor the project paid by the finance team.

Create a billing account, associate it with a monthly purchase order (PO), and send the PO to Google Cloud.

Add the network tag allow-udp-636 to the VM instance running the LDAP server.

Create a route called allow-udp-636 and set the next hop to be the VM instance running the LDAP server.

Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP port 636 for that network tag.

Add a network tag of your choice to the instance running the LDAP server. Create a firewall rule to allow egress on UDP port 636 for that network tag.

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Set the service's externalTrafficPolicy to Cluster.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

1. In GKE, create a Service of type NodePort that uses the application's Pods as backend.2. Create a Compute Engine instance called proxy with 2 network interfaces, one in each VPC.3. Use iptables on this instance to forward traffic from gce-network to the GKE nodes.4. Configure the Compute Engine instance to use the address of proxy in gce-network as endpoint.

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add an annotation to this service: cloud.google.com/load-balancer-type: Internal3. Peer the two VPCs together.4. Configure the Compute Engine instance to use the address of the load balancer that has been created.

1. In GKE, create a Service of type LoadBalancer that uses the application's Pods as backend.2. Add a Cloud Armor Security Policy to the load balancer that whitelists the internal IPs of the MIG's instances.3. Configure the Compute Engine instance to use the address of the load balancer that has been created.

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource.

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource.

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Logging.

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Monitoring.

Split the users from business units to multiple projects.

Apply a user- or project-level custom query quota for BigQuery data warehouse.

Create separate copies of your BigQuery data warehouse for each business unit.

Split your BigQuery data warehouse into multiple data warehouses for each business unit.

Change your BigQuery query model from on-demand to flat rate. Apply the appropriate number of slots to each Project.

Manual Scaling with 3 instances.

Basic Scaling with min_instances set to 3.

Basic Scaling with max_instances set to 3.

Automatic Scaling with min_idle_instances set to 3.

Your zonal capacity is limited, causing all preemptible VM's to be shutdown torecover capacity. Try deploying your group to another zone.

You have hit your instance quota for the region.

Your managed instance group's VM's are toggled to only last 1 minute inpreemptible settings.

Your managed instance group's health check is repeatedly failing, either to amisconfigured health check or misconfigured firewall rules not allowing the healthcheck to access the instance

Run gcloud projects list to get the project ID, and then run gcloud services list --project .

Run gcloud init to set the current project to my-project, and then run gcloud services list --available.

Run gcloud info to view the account value, and then run gcloud services list --account .

Run gcloud projects describe to verify the project value, and then run gcloud services list --available.

Enable Cloud CDN on the website frontend.

Enable ‘Share publicly’ on the PDF file objects.

Set Content-Type metadata to application/pdf on the PDF file objects.

Add a label to the storage bucket with a key of Content-Type and value of application/pdf.