Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren't certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users.
What should you do?

• A.Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to enabled, and review necessary logs.
• B.Create a Cloud Armor Policy rule that denies traffic and review necessary logs.
• C.Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to disabled, and review necessary logs.
• D.Create a Cloud Armor Policy rule that denies traffic, enable preview mode, and review necessary logs.

Comment: *

Name: *

Email: *

Verification: *

Your company's security team wants to limit the type of inbound traffic that can reach your web servers to protect against security threats. You need to configure the firewall rules on the web servers within your Virtual Private Cloud (VPC) to handle HTTP and HTTPS web traffic for TCP only. What should you do?

• A.Create an allow on match ingress firewall rule with the target tag "web-server" to allow all IP addresses for TCP port 80.
• B.Create an allow on match ingress firewall rule with the target tag "web-server" to allow all IP addresses for TCP ports 80 and 443.
• C.Create an allow on match egress firewall rule with the target tag "web-server" to allow all IP addresses for TCP port 80.
• D.Create an allow on match egress firewall rule with the target tag "web-server" to allow web server IP addresses for TCP ports 60 and 443.

Comment: *

Name: *

Email: *

Verification: *

You need to create the network infrastructure to deploy a highly available web application in the us-east1 and us-west1 regions.
The application runs on Compute Engine instances, and it does not require the use of a database. You want to follow Google-recommended practices. What should you do?

• A.Create one VPC with one subnet in each region.
  Create a global load balancer with a static IP address.
  Enable Cloud CDN and Google Cloud Armor on the load balancer.
  Create an A record using the IP address of the load balancer in Cloud DNS.
• B.Create one VPC with one subnet in each region.
  Create an HTTP(S) load balancer with a static IP address.
  Choose the standard tier for the network.
  Enable Cloud CDN on the load balancer.
  Create a CNAME record using the load balancer's IP address in Cloud DNS.
• C.Create one VPC in each region, and peer both VPCs.
  Create a global load balancer.
  Enable Cloud CDN on the load balancer.
  Create a CNAME for the load balancer in Cloud DNS.
• D.Create one VPC with one subnet in each region.
  Create a regional network load balancer in each region with a static IP address.
  Enable Cloud CDN on the load balancers.
  Create an A record in Cloud DNS with both IP addresses for the load balancers.

Comment: *

Name: *

Email: *

Verification: *

You are creating an instance group and need to create a new health check for HTTP(s) load balancing.
Which two methods can you use to accomplish this? (Choose two.)

• A.Create a new health check using the gcloud command line tool.
• B.Create a new health check using the VPC Network section in the GCP Console.
• C.Create a new health check, or select an existing one, when you complete the load balancer's backend configuration in the GCP Console.
• D.Create a new legacy health check using the gcloud command line tool.
• E.Create a new legacy health check using the Health checks section in the GCP Console.

Comment: *

Name: *

Email: *

Verification: *

You have the following firewall ruleset applied to all instances in your Virtual Private Cloud (VPC):

You need to update the firewall rule to add the following rule to the ruleset:

You are using a new user account. You must assign the appropriate identity and Access Management (IAM) user roles to this new user account before updating the firewall rule. The new user account must be able to apply the update and view firewall logs. What should you do?

• A.Assign the compute.orgSecurityPolicyAdmin and logging.viewer role to the new user account. Apply the new firewall rule with a priority of 50.
• B.Assign the compute.securityAdmin and logging.bucketWriter role to the new user account. Apply the new firewall rule with a priority of 150.
• C.Assign the compute.orgSecurityPolicyAdmin and logging.bucketWriter role to the new user account. Apply the new firewall rule with a priority of 150.
• D.Assign the compute.securityAdmin and logging.viewer rule to the new user account. Apply the new firewall rule with a priority of 50.

Comment: *

Name: *

Email: *

Verification: *