You are in charge of migrating a legacy application from your company datacenters to GCP before the current maintenance contract expires. You do not know what ports the application is using and no documentation is available for you to check. You want to complete the migration without putting your environment at risk.
What should you do?

• A.Migrate the application into an isolated project using a "Lift & Shift" approach. Enable all internal TCP traffic using VPC Firewall rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
• B.Migrate the application into an isolated project using a "Lift & Shift" approach in a custom network. Disable all traffic within the VPC and look at the Firewall logs to determine what traffic should be allowed for the application to work properly.
• C.Refactor the application into a micro-services architecture in a GKE cluster. Disable all traffic from outside the cluster using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.
• D.Refactor the application into a micro-services architecture hosted in Cloud Functions in an isolated project.
  Disable all traffic from outside your project using Firewall Rules. Use VPC Flow logs to determine what traffic should be allowed for the application to work properly.

Comment: *

Name: *

Email: *

Verification: *

Which type of load balancer should you use to maintain client IP by default while using the standard network tier?

• A.SSL Proxy
• B.TCP Proxy
• C.Internal TCP/UDP
• D.TCP/UDP Network

Comment: *

Name: *

Email: *

Verification: *

How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?

• A.Send all logs to the SIEM system via an existing protocol such as syslog.
• B.Configure every project to export all their logs to a common BigQuery DataSet, which will be queried by the SIEM system.
• C.Configure Organizational Log Sinks to export logs to a Cloud Pub/Sub Topic, which will be sent to the SIEM via Dataflow.
• D.Build a connector for the SIEM to query for all logs in real time from the GCP RESTful JSON APIs.

Comment: *

Name: *

Email: *

Verification: *

Which Google Cloud service should you use to enforce access control policies for applications and resources?

• A.Identity-Aware Proxy
• B.Cloud NAT
• C.Google Cloud Armor
• D.Shielded VMs

Comment: *

Name: *

Email: *

Verification: *

You plan to use a Google Cloud Armor policy to prevent common attacks such as cross-site scripting (XSS) and SQL injection (SQLi) from reaching your web application's backend. What are two requirements for using Google Cloud Armor security policies? (Choose two.)

• A.The load balancer must be an external SSL proxy load balancer.
• B.Google Cloud Armor Policy rules can only match on Layer 7 (L7) attributes.
• C.The load balancer must use the Premium Network Service Tier.
• D.The backend service's load balancing scheme must be EXTERNAL.
• E.The load balancer must be an external HTTP(S) load balancer.

Comment: *

Name: *

Email: *

Verification: *