A colleague handed over a Google Cloud Platform project for you to maintain. As part of a security checkup, you want to review who has been granted the Project Owner role. What should you do?

• A.In the console, validate which SSH keys have been stored as project-wide keys.
• B.Navigate to Identity-Aware Proxy and check the permissions for these resources.
• C.Enable Audit Logs on the IAM & admin page for all resources, and validate the results.
• D.Use the command gcloud projects get-iam-policy to view the current role assignments.

Comment: *

Name: *

Email: *

Verification: *

You manage an App Engine Service that aggregates and visualizes data from BigQuery. The application is deployed with the default App Engine Service account. The data that needs to be visualized resides in a different project managed by another team. You do not have access to this project, but you want your application to be able to read data from the BigQuery dataset. What should you do?

• A.Ask the other team to grant your default App Engine Service account the role of BigQuery Job User.
• B.Ask the other team to grant your default App Engine Service account the role of BigQuery Data Viewer.
• C.In Cloud IAM of your project, ensure that the default App Engine service account has the role of BigQuery Data Viewer.
• D.In Cloud IAM of your project, grant a newly created service account from the other team the role of BigQuery Job User in your project.

Comment: *

Name: *

Email: *

Verification: *

Your boss has asked you to set up the CFO as a user inside Google Cloud. Before walking away, she said, "And obviously you know which role to assign him."
Which role was she likely talking about, and why is it obvious? (Select one role and one reason)

• A.Reason:: This role will ensure the CFO can perform any billing task that they may need.
• B.Role: Project Owner
• C.Role: Billing Account Admin
• D.Reason: This role will ensure the CFO has access to view the spending data.
• E.Role: Billing Account Viewer
• F.Reason: This role will ensure the CFO has full access to the project.

Comment: *

Name: *

Email: *

Verification: *

You are given a project with a single virtual private cloud (VPC) and a single subnetwork in the us-central1 region. There is a Compute Engine instance hosting an application in this subnetwork. You need to deploy a new instance in the same project in the europe-west1 region. This new instance needs access to the application. You want to follow Google-recommended practices. What should you do?

• A.1. Create a VPC and a subnetwork in europe-west1.
  2. Peer the 2 VPCs.
  3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.
• B.1. Create a subnetwork in the same VPC, in europe-west1.
  2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.
• C.1. Create a subnetwork in the same VPC, in europe-west1.
  2. Use Cloud VPN to connect the two subnetworks.
  3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.
• D.1. Create a VPC and a subnetwork in europe-west1.
  2. Expose the application with an internal load balancer.
  3. Create the new instance in the new subnetwork and use the load balancer's address as the endpoint.

Comment: *

Name: *

Email: *

Verification: *

Your organization has strict requirements to control access to Google Cloud projects. You need to enable your Site Reliability Engineers (SREs) to approve requests from the Google Cloud support team when an SRE opens a support case. You want to follow Google-recommended practices. What should you do?

• A.Add your SREs to a group and then add this group to roles/iam roleAdmin role.
• B.Add your SREs to a group and then add this group to roles/accessapproval approver role.
• C.Add your SREs to roles/accessapproval approver role.
• D.Add your SREs to roles/iam.roleAdmin role.

Comment: *

Name: *

Email: *

Verification: *