A customer is running an analytics workload on Google Cloud Platform (GCP) where Compute Engine instances are accessing data stored on Cloud Storage. Your team wants to make sure that this workload will not be able to access, or be accessed from, the internet.
Which two strategies should your team use to meet these requirements? (Choose two.)

• A.Avoid assigning public IP addresses to the Compute Engine cluster.
• B.Make sure that the Compute Engine cluster is running on a separate subnet.
• C.Turn off IP forwarding on the Compute Engine instances in the cluster.
• D.Configure a Cloud NAT gateway.
• E.Configure Private Google Access on the Compute Engine subnet

Comment: *

Name: *

Email: *

Verification: *

You are deploying a web application hosted on Compute Engine. A business requirement mandates that application logs are preserved for 12 years and data is kept within European boundaries. You want to implement a storage solution that minimizes overhead and is cost-effective. What should you do?

• A.Configure a custom retention policy of 12 years on your Google Cloud's operations suite log bucket in the EUROPE-WEST1 region.
• B.Use a Pub/Sub topic to forward your application logs to a Cloud Storage bucket in the EUROPE-WEST1 region.
• C.Configure your Compute Engine instances to use the Google Cloud's operations suite Cloud Logging agent to send application logs to a custom log bucket in the EUROPE-WEST1 region with a custom retention of 12 years.
• D.Create a Cloud Storage bucket to store your logs in the EUROPE-WEST1 region. Modify your application code to ship logs directly to your bucket for increased efficiency.

Comment: *

Name: *

Email: *

Verification: *

You want to limit the images that can be used as the source for boot disks. These images will be stored in a dedicated project.
What should you do?

• A.Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted projects as the exceptions in a deny operation.
• B.In Resource Manager, edit the organization permissions. Add the project ID as member with the role: Compute Image User.
• C.In Resource Manager, edit the project permissions for the trusted project. Add the organization as member with the role: Compute Image User.
• D.Use the Organization Policy Service to create a compute.trustedimageProjects constraint on the organization level. List the trusted project as the whitelist in an allow operation.

Comment: *

Name: *

Email: *

Verification: *

A company is running workloads in a dedicated server room. They must only be accessed from within the private company network. You need to connect to these workloads from Compute Engine instances within a Google Cloud Platform project.
Which two approaches can you take to meet the requirements? (Choose two.)

• A.Configure the project with Cloud VPN.
• B.Configure the project with Shared VPC.
• C.Configure the project with Cloud Interconnect.
• D.Configure the project with VPC peering.
• E.Configure all Compute Engine instances with Private Access.

Comment: *

Name: *

Email: *

Verification: *

Your team sets up a Shared VPC Network where project co-vpc-prod is the host project. Your team has configured the firewall rules, subnets, and VPN gateway on the host project. They need to enable Engineering Group A to attach a Compute Engine instance to only the 10.1.1.0/24 subnet.
What should your team grant to Engineering Group A to meet this requirement?

• A.Compute Network User Role at the host project level.
• B.Compute Network User Role at the subnet level.
• C.Compute Shared VPC Admin Role at the host project level.
• D.Compute Shared VPC Admin Role at the service project level.

Comment: *

Name: *

Email: *

Verification: *