You need to set up two network segments: one with an untrusted subnet and the other with a trusted subnet.
You want to configure a virtual appliance such as a next-generation firewall (NGFW) to inspect all traffic between the two network segments. How should you design the network to inspect the traffic?

• A.1. Set up one VPC with two subnets: one trusted and the other untrusted.
  2. Configure a custom route for all traffic (0.0.0.0/0) pointed to the virtual appliance.
• B.1. Set up one VPC with two subnets: one trusted and the other untrusted.
  2. Configure a custom route for all RFC1918 subnets pointed to the virtual appliance.
• C.1. Set up two VPC networks: one trusted and the other untrusted, and peer them together.
  2. Configure a custom route on each network pointed to the virtual appliance.
• D.1. Set up two VPC networks: one trusted and the other untrusted.
  2. Configure a virtual appliance using multiple network interfaces, with each interface connected to one of the VPC networks.

Comment: *

Name: *

Email: *

Verification: *

A customer's data science group wants to use Google Cloud Platform (GCP) for their analytics workloads. Company policy dictates that all data must be company-owned and all user authentications must go through their own Security Assertion Markup Language (SAML) 2.0 Identity Provider (IdP). The Infrastructure Operations Systems Engineer was trying to set up Cloud Identity for the customer and realized that their domain was already being used by G Suite.
How should you best advise the Systems Engineer to proceed with the least disruption?

• A.Register a new domain name, and use that for the new Cloud Identity domain.
• B.Ask customer's management to discover any other uses of Google managed services, and work with the existing Super Administrator.
• C.Contact Google Support and initiate the Domain Contestation Process to use the domain name in your new Cloud Identity domain.
• D.Ask Google to provision the data science manager's account as a Super Administrator in the existing domain.

Comment: *

Name: *

Email: *

Verification: *

You are asked to recommend a solution to store and retrieve sensitive configuration data from an application that runs on Compute Engine. Which option should you recommend?

• A.Cloud Key Management Service
• B.Compute Engine guest attributes
• C.Compute Engine custom metadata
• D.Secret Manager

Comment: *

Name: *

Email: *

Verification: *

Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer.
What type of Load Balancing should you use?

• A.Network Load Balancing
• B.HTTP(S) Load Balancing
• C.TCP Proxy Load Balancing
• D.SSL Proxy Load Balancing

Comment: *

Name: *

Email: *

Verification: *

You need to create a VPC that enables your security team to control network resources such as firewall rules. How should you configure the network to allow for separation of duties for network resources?

• A.Set up a Shared VPC where the security team manages the firewall rules, and share the network with developers via service projects.
• B.Set up a VPC in a project. Assign the Compute Network Admin role to the security team, and assign the Compute Admin role to the developers.
• C.Set up VPC Network Peering, and allow developers to peer their network with a Shared VPC.
• D.Set up multiple VPC networks, and set up multi-NIC virtual appliances to connect the networks.

Comment: *

Name: *

Email: *

Verification: *