A company allows every employee to use Google Cloud Platform. Each department has a Google Group, with all department
members as group members. If a department member creates a new project, all members of that department should
automatically have read-only access to all new project resources. Members of any other department should not have access
to the project. You need to configure this behavior.
What should you do to meet these requirements?
Your organization has had a few recent DDoS attacks. You need to authenticate responses to domain name lookups. Which
Google Cloud service should you use?
Which type of load balancer should you use to maintain client IP by default while using the standard network tier?
Applications often require access to secrets - small pieces of sensitive data at build or run time. The administrator
managing these secrets on GCP wants to keep a track of who did what, where, and when? within their GCP projects.
Which two log streams would provide the information that the administrator is looking for? (Choose two.)
You are asked to recommend a solution to store and retrieve sensitive configuration data from an application that runs on
Compute Engine. Which option should you recommend?
You work for a large organization where each business unit has thousands of users. You need to delegate management of
access control permissions to each business unit. You have the following requirements:
Each business unit manages access controls for their own projects.
Each business unit manages access control permissions at scale.
Business units cannot access other business units' projects.
Users lose their access if they move to a different business unit or leave the company.
Users and access control permissions are managed by the on-premises directory service.
What should you do? (Choose two.)
You are part of a security team investigating a compromised service account key. You need to audit which new resources
were created by the service account.
What should you do?
Which two implied firewall rules are defined on a VPC network? (Choose two.)
A company migrated their entire data/center to Google Cloud Platform. It is running thousands of instances across multiple
projects managed by different departments. You want to have a historical record of what was running in Google Cloud
Platform at any point in time.
What should you do?
A customer deployed an application on Compute Engine that takes advantage of the elastic nature of cloud computing.
How can you work with Infrastructure Operations Engineers to best ensure that Windows Compute Engine VMs are up to
date with all the latest OS patches?
A customer wants to run a batch processing system on VMs and store the output files in a Cloud Storage bucket. The
networking and security teams have decided that no VMs may reach the public internet.
How should this be accomplished?
A companys application is deployed with a user-managed Service Account key. You want to use Google-recommended
practices to rotate the key.
What should you do?
Your team needs to configure their Google Cloud Platform (GCP) environment so they can centralize the control over
networking resources like firewall rules, subnets, and routes. They also have an onpremises environment where resources
need access back to the GCP resources through a private VPN connection. The networking resources will need to be
controlled by the network security team.
Which type of networking design should your team use to meet these requirements?
Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your team has configured the
firewall rules, subnets, and VPN gateway on the host project. They need to enable Engineering Group A to attach a
Compute Engine instance to only the 10.1.1.0/24 subnet.
What should your team grant to Engineering Group A to meet this requirement?
An office manager at your small startup company is responsible for matching payments to invoices and creating billing alerts.
For compliance reasons, the office manager is only permitted to have the
Identity and Access Management (IAM) permissions necessary for these tasks. Which two IAM roles should the office
manager have? (Choose two.)