Associate-Cloud-Engineer Questions and Answers

Attach a public IP to the instances and allow incoming connections from the internet on port 22 for SSH.

Use a third party tool to provide remote access to the instances.

Use the gcloud compute ssh command with the --tunnel-through-iap flag. Allow ingress traffic from the IP range 35.235.240.0/20 on port 22.

Create a bastion host with public internet access. Create the SSH tunnel to the instance through the bastion host.

Assign the appropriate permissions, and then use Cloud Monitoring to review metrics

Use the export logs API to provide the Admin Activity Audit Logs in the format they want

Turn on Data Access Logs for the buckets they want to audit, and Then build a query in the log viewer that filters on Cloud Storage

Assign the appropriate permissions, and then create a Data Studio report on Admin Activity Audit Logs

Option A

Option B

Option C

Option D

Update your web application to use the protocol HTTP/2 instead of HTTP/1.1

Set the concurrency number to 1 for your Cloud Run service.

Set the maximum number of instances for your Cloud Run service to 100.

Set the minimum number of instances for your Cloud Run service to 3.

Deployment Manager

Cloud Composer

Managed Instance Group

Unmanaged Instance Group

Run gcloud iam roles list. Review the output section.

Run gcloud iam service-accounts list. Review the output section.

Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles.

Navigate to the project and then to the Roles section in the GCP Console. Review the roles and status.

Use Cloud Logging filters to create log-based metrics for firewall and instance actions. Monitor the changes and set up reasonable alerts.

Install Kibana on a compute Instance. Create a log sink to forward Cloud Audit Logs filtered for firewalls and

compute instances to Pub/Sub. Target the Pub/Sub topic to push messages to the Kibana instance. Analyze the logs on Kibana in real time.

Turn on Google Cloud firewall rules logging, and set up alerts for any insert, update, or delete events.

Create a log sink to forward Cloud Audit Logs filtered for firewalls and compute instances to Cloud Storage.

Use BigQuery to periodically analyze log events in the storage bucket.

In the console, validate which SSH keys have been stored as project-wide keys.

Navigate to Identity-Aware Proxy and check the permissions for these resources.

Enable Audit Logs on the IAM & admin page for all resources, and validate the results.

Use the command gcloud projects get–iam–policy to view the current role assignments.

In Google Cloud, configure the VPC as a host for Shared VPC.

In Google Cloud, configure the VPC for VPC Network Peering.

Create bastion hosts both in your on-premises environment and on Google Cloud. Configure both as proxy servers using their public IP addresses.

Set up Cloud VPN between the infrastructure on-premises and Google Cloud.

Add the auditors group to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles.

Add the auditors group to two new custom IAM roles.

Add the auditor user accounts to the ‘logging.viewer’ and ‘bigQuery.dataViewer’ predefined IAM roles.

Add the auditor user accounts to two new custom IAM roles.

Create a service account with an access scope. Use the access scope ‘https://www.googleapis.com/auth/devstorage.write_only’.

Create a service account with an access scope. Use the access scope ‘https://www.googleapis.com/auth/cloud-platform’.

Create a service account and add it to the IAM role ‘storage.objectCreator’ for that bucket.

Create a service account and add it to the IAM role ‘storage.objectAdmin’ for that bucket.

Grant yourself the IAM role of Cloud Spanner Admin

Create a new VPC network with subnetworks in all desired regions

Configure your Cloud Spanner instance to be multi-regional

Enable the Cloud Spanner API

Enable Cloud CDN on the website frontend.

Enable ‘Share publicly’ on the PDF file objects.

Set Content-Type metadata to application/pdf on the PDF file objects.

Add a label to the storage bucket with a key of Content-Type and value of application/pdf.

In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ‘Access scopes’.

Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.

Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

Run gcloud auth login, enter your login credentials in the dialog window, and paste the received login token to gcloud CLI.

Create a Google Cloud service account, and download the service account key. Place the key file in a folder on your machine where gcloud CLI can find it.

Download your Cloud Identity user account key. Place the key file in a folder on your machine where gcloud CLI can find it.

Run gcloud config set compute/zone $my_zone to set the default zone for gcloud CLI.

Run gcloud config set project $my_project to set the default project for gcloud CLI.

Assign the pods of the image rendering microservice a higher pod priority than the older microservices

Create a node pool with compute-optimized machine type nodes for the image rendering microservice Use the node pool with general-purpose

machine type nodes for the other microservices

Use the node pool with general-purpose machine type nodes for lite mage rendering microservice Create a nodepool with compute-optimized machine type nodes for the other microservices

Configure the required amount of CPU and memory in the resource requests specification of the image rendering microservice deployment Keep the resource requests for the other microservices at the default

Configure the Horizontal Pod Autoscaler for availability, and configure the cluster autoscaler for suggestions.

Configure the Horizontal Pod Autoscaler for availability, and configure the Vertical Pod Autoscaler recommendations for suggestions.

Configure the Vertical Pod Autoscaler recommendations for availability, and configure the Cluster autoscaler for suggestions.

Configure the Vertical Pod Autoscaler recommendations for availability, and configure the Horizontal Pod Autoscaler for suggestions.

Cloud SQL

Cloud Spanner

Cloud Firestore

Cloud Datastore

Create a new project, enable the Compute Engine and Cloud SQL APIs in that project, and replicate the setup you have created in the development environment.

Create a new production subnet in the existing VPC and a new production Cloud SQL instance in your existing project, and deploy your application using those resources.

Create a new project, modify your existing VPC to be a Shared VPC, share that VPC with your new project, and replicate the setup you have in the development environment in that new project, in the Shared VPC.

Ask the security team to grant you the Project Editor role in an existing production project used by another division of your company. Once they grant you that role, replicate the setup you have in the development environment in that project.

1. Use nslookup to get the IP address for storage.googleapis.com.2. Negotiate with the security team to be able to give a public IP address to the servers.3. Only allow egress traffic from those servers to the IP addresses for storage.googleapis.com.

1. Using Cloud VPN, create a VPN tunnel to a Virtual Private Cloud (VPC) in Google Cloud Platform (GCP).2. In this VPC, create a Compute Engine instance and install the Squid proxy server on this instance.3. Configure your servers to use that instance as a proxy to access Cloud Storage.

1. Use Migrate for Compute Engine (formerly known as Velostrata) to migrate those servers to Compute Engine.2. Create an internal load balancer (ILB) that uses storage.googleapis.com as backend.3. Configure your new instances to use this ILB as proxy.

1. Using Cloud VPN or Interconnect, create a tunnel to a VPC in GCP.2. Use Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that network to your on-premises network through the VPN tunnel.3. In your on-premises network, configure your DNS server to resolve *.googleapis.com as a CNAME to restricted.googleapis.com.

Upload the image to Cloud Storage and create a Kubernetes Service referencing the image.

Upload the image to Cloud Storage and create a Kubernetes Deployment referencing the image.

Upload the image to Container Registry and create a Kubernetes Service referencing the image.

Upload the image to Container Registry and create a Kubernetes Deployment referencing the image.

Enable Audit Logs for all APIs that are related to data storage.

Review the IAM permissions for any role that allows for data access.

Review the Identity-Aware Proxy settings for each resource.

Create a Data Loss Prevention job.

Download and deploy the Jenkins Java WAR to App Engine Standard.

Create a new Compute Engine instance and install Jenkins through the command line interface.

Create a Kubernetes cluster on Compute Engine and create a deployment with the Jenkins Docker image.

Use GCP Marketplace to launch the Jenkins solution.

• Add a step for human approval to the CI/CD pipeline before the execution of the infrastructure

provisioning.

• Use the human approvals IAM account for the provisioning.

• Attach a single service account to the compute instances.

• Add minimal rights to the service account.

• Allow the service account to impersonate a Cloud Identity user with elevated permissions to create, update, or delete resources.

• Attach a single service account to the compute instances.

• Add all required Identity and Access Management (IAM) permissions to this service account to create, update, or delete resources

• Create multiple service accounts, one for each pipeline with the appropriate minimal Identity and

Access Management (IAM) permissions.

• Use a secret manager service to store the key files of the service accounts.

• Allow the CI/CD pipeline to request the appropriate secrets during the execution of the pipeline.

Enable the Cloud Pub/Sub API in the API Library on the GCP Console.

Rely on the automatic enablement of the Cloud Pub/Sub API when the Service Account accesses it.

Use Deployment Manager to deploy your application. Rely on the automatic enablement of all APIs used by the application being deployed.

Grant the App Engine Default service account the role of Cloud Pub/Sub Admin. Have your application enable the API on the first connection to Cloud Pub/Sub.

Check the app.yaml file for your application and check project settings.

Check the web-application.xml file for your application and check project settings.

Go to Deployment Manager and review settings for deployment of applications.

Go to Cloud Shell and run gcloud config list to review the Google Cloud configuration used for deployment.

Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.

Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.

Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the “compute.osAdminLogin” role to the Google group corresponding to this team.

Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.

Grant each individual external consultant the role of BigQuery Editor

Grant each individual external consultant the role of BigQuery Viewer

Create a Google Group that contains the consultants and grant the group the role of BigQuery Editor

Create a Google Group that contains the consultants, and grant the group the role of BigQuery Viewer

Create a Service Account in your own project, and grant this Service Account access to BigGuery in your project

Create a Service Account in your own project, and ask the partner to grant this Service Account access to BigQuery in their project

Ask the partner to create a Service Account in their project, and have them give the Service Account access to BigQuery in their project

Ask the partner to create a Service Account in their project, and grant their Service Account access to the BigQuery dataset in your project

Create a retention policy on the storage bucket of 30 days, and lock the bucket by using a retention policy lock.

Enable object versioning on the storage bucket and add lifecycle rules to expire non-current versions after 30 days

Create an object lifecycle on the storage bucket to change the storage class to Archive Storage for objects with an age over 30 days.

Create a cron job in Cloud Scheduler to call a Cloud Functions instance every day to delete files older than 30 days.

Using the Cloud SDK, create a new project, enable the Compute Engine API in that project, and then create the instance specifying your new project.

Enable the Compute Engine API in the Cloud Console, use the Cloud SDK to create the instance, and then use the ––project flag to specify a new project.

Using the Cloud SDK, create the new instance, and use the ––project flag to specify the new project.

Answer yes when prompted by Cloud SDK to enable the Compute Engine API.

Enable the Compute Engine API in the Cloud Console. Go to the Compute Engine section of the Console to create a new instance, and look for the Create In A New Project option in the creation form.

Set the europe-west1-d zone as the default zone using the gcloud config subcommand.

In the Settings page for Compute Engine under Default location, set the zone to europe–west1-d.

In the CLI installation directory, create a file called default.conf containing zone=europe–west1–d.

Create a Metadata entry on the Compute Engine page with key compute/zone and value europe–west1–d.

In the Google Cloud console, visualize the costs related to the projects in the Reports section.

In the Google Cloud console, visualize the costs related to the projects in the Cost breakdown section.

In the Google Cloud console, use the export functionality of the Cost table. Create a Looker Studiodashboard on top of the CSV export.

Configure Cloud Billing data export to BigOuery for the billing account. Create a Looker Studio dashboard on top of the BigOuery export.

Navigate to Cloud Logging and view the application logs.

Connect to the instance’s serial console and read the application logs.

Configure a Health Check on the instance and set a Low Healthy Threshold value.

Install and configure the Cloud Logging Agent and view the logs from Cloud Logging.

Add the cluster’s API as a new Type Provider in Deployment Manager, and use the new type to create the DaemonSet.

Use the Deployment Manager Runtime Configurator to create a new Config resource that contains the DaemonSet definition.

With Deployment Manager, create a Compute Engine instance with a startup script that uses kubectl to create the DaemonSet.

In the cluster’s definition in Deployment Manager, add a metadata that has kube-system as key and the DaemonSet manifest as value.

Add the support team group to the roles/monitoring.viewer role

Add the support team group to the roles/spanner.databaseUser role.

Add the support team group to the roles/spanner.databaseReader role.

Add the support team group to the roles/stackdriver.accounts.viewer role.

Use Cloud SQL database with cross-region replication to store game statistics in the EU, US, and APAC regions.

Use Cloud Spanner to store user data mapped to the game statistics.

Use BigQuery to store game statistics with a Redis on Memorystore instance in the front to provide global consistency.

Store game statistics in a Bigtable database partitioned by username.

View System Event Logs in Stackdriver. Search for the user’s email as the principal.

View System Event Logs in Stackdriver. Search for the service account associated with the user.

View Data Access audit logs in Stackdriver. Search for the user’s email as the principal.

View the Admin Activity log in Stackdriver. Search for the service account associated with the user.

1. Verify that you are assigned the Project Owners IAM role for this project.

2. Locate the project in the GCP console, click Shut down and then enter the project ID.

1. Verify that you are assigned the Project Owners IAM role for this project.

2. Switch to the project in the GCP console, locate the resources and delete them.

1. Verify that you are assigned the Organizational Administrator IAM role for this project.

2. Locate the project in the GCP console, enter the project ID and then click Shut down.

1. Verify that you are assigned the Organizational Administrators IAM role for this project.

2. Switch to the project in the GCP console, locate the resources and delete them.

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

Create a Cloud Memorystore for Redis instance with 32-GB capacity.

Run it on Compute Engine, and choose a custom instance type with 6 vCPUs and 32 GB of memory.

Package it in a container image, and run it on Kubernetes Engine, using n1-standard-32 instances as nodes.

Run it on Compute Engine, choose the instance type n1-standard-1, and add an SSD persistent disk of 32 GB.

Go to Data Catalog and search for employee_ssn in the search box.

Write a shell script that uses the bq command line tool to loop through all the projects in your organization.

Write a script that loops through all the projects in your organization and runs a query on INFORMATION_SCHEMA.COLUMNS view to find the employee_ssn column.

Write a Cloud Dataflow job that loops through all the projects in your organization and runs a query on INFORMATION_SCHEMA.COLUMNS view to find employee_ssn column.

Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists.

Install a RDP client in your desktop. Set a Windows username and password in the GCP Console. Use the credentials to log in to the instance.

Set a Windows password in the GCP Console. Verify that a firewall rule for port 22 exists. Click the RDP button in the GCP Console and supply the credentials to log in.

Set a Windows username and password in the GCP Console. Verify that a firewall rule for port 3389 exists. Click the RDP button in the GCP Console, and supply the credentials to log in.

Review the Compute Engine activity logs Select and review the Admin Event logs

Review the Compute Engine activity logs Select and review the System Event logs

Install the Cloud Logging Agent In Cloud Logging review the Compute Engine syslog logs

Install the Cloud Logging Agent In Cloud Logging, review the Compute Engine operation logs

Use a custom mode VPC network, configure static routes, and use active/passive routing

Use an automatic mode VPC network, configure static routes, and use active/active routing

Use a custom mode VPC network use Cloud Router border gateway protocol (86P) routes, and use active/passive routing

Use an automatic mode VPC network, use Cloud Router border gateway protocol (BGP) routes and configure policy-based routing

Create one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively.

Create one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively.

Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.

Create one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively.

Verify that both projects are in a GCP Organization. Create a new VPC and add all instances.

Verify that both projects are in a GCP Organization. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC.

Verify that you are the Project Administrator of both projects. Create two new VPCs and add all instances.

Verify that you are the Project Administrator of both projects. Create a new VPC and add all instances.

Use gcloud iam roles copy and specify the production project as the destination project.

Use gcloud iam roles copy and specify your organization as the destination organization.

In the Google Cloud Platform Console, use the ‘create role from role’ functionality.

In the Google Cloud Platform Console, use the ‘create role’ functionality and select all applicable permissions.

Configure an HTTP(S) load balancer.

Configure an internal TCP load balancer.

Configure an external SSL proxy load balancer.

Configure an external TCP proxy load balancer.

Use the BigQuery interface to review the nightly Job and look for any errors

Review the Error Reporting page in the Cloud Console to find any errors.

In Cloud Logging create a filter for your Data Studio report

Use the open source CLI tool. Snapshot Debugger, to find out why the data was not refreshed correctly.

Run gcloud projects list to get the project ID, and then run gcloud services list --project .

Run gcloud init to set the current project to my-project, and then run gcloud services list --available.

Run gcloud info to view the account value, and then run gcloud services list --account .

Run gcloud projects describe to verify the project value, and then run gcloud services list --available.

Disable the flag “Delete boot disk when instance is deleted.”

Enable delete protection on the instance.

Disable Automatic restart on the instance.

Enable Preemptibility on the instance.

Enable Cloud Identity in the GCP Console for your domain.

Grant them the required IAM roles using their G Suite email address.

Create a CSV sheet with all users’ email addresses. Use the gcloud command line tool to convert them into Google Cloud Platform accounts.

In the G Suite console, add the users to a special group called cloud-console-users@yourdomain.com. Rely on the default behavior of the Cloud Platform to grant users access if they are members of this group.

1. Create a subnetwork in the same VPC, in europe-west1.2. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

1. Create a VPC and a subnetwork in europe-west1.2. Expose the application with an internal load balancer.3. Create the new instance in the new subnetwork and use the load balancer's address as the endpoint.

1. Create a subnetwork in the same VPC, in europe-west1.2. Use Cloud VPN to connect the two subnetworks.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

1. Create a VPC and a subnetwork in europe-west1.2. Peer the 2 VPCs.3. Create the new instance in the new subnetwork and use the first instance's private address as the endpoint.

Open the Google Cloud console, and run a query to determine which resources this service account can access.

Open the Google Cloud console, and run a query of the audit logs to find permission denied errors for this service account.

Open the Google Cloud console, and check the organization policies.

Open the Google Cloud console, and check the Identity and Access Management (IAM) roles assigned to the service account at the project or inherited from the folder or organization levels.

• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions in one project within the Google Cloud organization.

• Copy the role across all projects created within the organization with the gcloud iam roles copy command.

• Assign the role to developers in those projects.

• Add all developers to a Google group in Google Groups for Workspace.

• Assign the predefined role of Compute Admin to the Google group at the Google Cloud organization level.

• Add all developers to a Google group in Cloud Identity.

• Assign predefined roles for Compute Engine, Cloud Functions, and Cloud SQL permissions to the Google group for each project in the Google Cloud organization.

• Add all developers to a Google group in Cloud Identity.

• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level.

• Assign the custom role to the Google group.

Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.

Set up a high-priority (1000) rule that pairs both ingress and egress ports.

Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.

Set up a high-priority (1000) rule to allow the appropriate ports.

Save file automatic first-of-the- month backup for three years Store the backup file in an Archive class Cloud Storage bucket

Convert the automatic first-of-the-month backup to an export file Write the export file to a Coldline class Cloud Storage bucket

Set up an export job for the first of the month Write the export file to an Archive class Cloud Storage bucket

Set up an on-demand backup tor the first of the month Write the backup to an Archive class Cloud Storage bucket

Use permissions in your role that use the ‘supported’ support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

Use permissions in your role that use the ‘supported’ support level for role permissions. Set the role stage to BETA while testing the role permissions.

Use permissions in your role that use the ‘testing’ support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

Use permissions in your role that use the ‘testing’ support level for role permissions. Set the role stage to BETA while testing the role permissions.

Implement a Cloud Run job to rotate all service account keys periodically in pj-sa. Enforce an org policy to deny service account key creation with an exception to pj-sa.

Implement a Kubernetes Cronjob to rotate all service account keys periodically. Disable attachment of

service accounts to resources in all projects with an exception to pj-sa.

Enforce an org policy constraint allowing the lifetime of service account keys to be 24 hours. Enforce an org policy constraint denying service account key creation with an exception on pj-sa.

Enforce a DENY org policy constraint over the lifetime of service account keys for 24 hours. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

Create a folder to contain all the dev projects Create an organization policy to limit resources in US locations.

Create an organization to contain all the dev projects. Create an Identity and Access Management (IAM) policy to limit the resources in US regions.

Create an Identity and Access Management

Create an Identity and Access Management (IAM)policy to restrict the resources locations in all dev projects. Apply the policy to all dev roles.

gcloud deployment-manager deployments create my-gcp-ace-cluster --config cluster.yaml

gcloud deployment-manager deployments create my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml

gcloud deployment-manager deployments apply my-gcp-ace-cluster --type container.v1.cluster --config cluster.yaml

gcloud deployment-manager deployments apply my-gcp-ace-cluster --config cluster.yaml

Create a Google Kubernetes Engine cluster, and use horizontal pod autoscaling to scale the application.

Create an instance template, and use the template in a managed instance group with autoscaling configured.

Create an instance template, and use the template in a managed instance group that scales up and down based on the time of day.

Use a set of third-party tools to build automation around scaling the application up and down, based on Stackdriver CPU usage monitoring.

Split the users from business units to multiple projects.

Apply a user- or project-level custom query quota for BigQuery data warehouse.

Create separate copies of your BigQuery data warehouse for each business unit.

Split your BigQuery data warehouse into multiple data warehouses for each business unit.

Change your BigQuery query model from on-demand to flat rate. Apply the appropriate number of slots to each Project.

Expose the application by using an external TCP Network Load Balancer.

Expose the application by using a TCP Proxy Load Balancer.

Expose the application by using an SSL Proxy Load Balancer.

Expose the application by using an internal TCP Network Load Balancer.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -m 1h gs:///*.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -d 1h gs:///**.

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -p 60m gs:///.

Create a JSON key for the Default Compute Engine Service Account. Execute the command gsutil signurl -t 60m gs:///***

Persistent SSD on VM instances.

Cloud Filestore.

Multiregional Cloud Storage bucket.

Cloud Datastore database.

Create a Cloud Bigtable cluster and use the HBase API

Deploy MongoDB Alias from the Google Cloud Marketplace

Download a MongoDB installation package and run it on Compute Engine instances

Download a MongoDB installation package, and run it on a Managed Instance Group

Multi-Regional Storage

Regional Storage

Nearline Storage

Coldline Storage

Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and the Delete action to 275 days (365 – 90)

Use Cloud Storage Object Lifecycle Management using Age conditions with SetStorageClass and Delete actions. Set the SetStorageClass action to 90 days and the Delete action to 365 days.

Use gsutil rewrite and set the Delete action to 275 days (365-90).

Use gsutil rewrite and set the Delete action to 365 days.

Manual Scaling with 3 instances.

Basic Scaling with min_instances set to 3.

Basic Scaling with max_instances set to 3.

Automatic Scaling with min_idle_instances set to 3.

Configure an SSL Proxy load balancer in front of the application servers.

Configure an Internal UDP load balancer in front of the application servers.

Configure an External HTTP(s) load balancer in front of the application servers.

Configure an External Network load balancer in front of the application servers.

Filter the Activity log to view the Configuration category. Filter the Resource type to Service Account.

Filter the Activity log to view the Configuration category. Filter the Resource type to Google Project.

Filter the Activity log to view the Data Access category. Filter the Resource type to Service Account.

Filter the Activity log to view the Data Access category. Filter the Resource type to Google Project.

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Coldline Storage.

Add a bucket lifecycle rule that archives data with newer versions after 30 days to Nearline Storage.

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Coldline Storage.

Add a bucket lifecycle rule that archives data from regional storage after 30 days to Nearline Storage.

Migrate the workload to a Compute Engine Preemptible VM.

Migrate the workload to a Google Kubernetes Engine cluster with Preemptible nodes.

Migrate the workload to a Compute Engine VM. Start and stop the instance as needed.

Create an Instance Template with Preemptible VMs On. Create a Managed Instance Group from the template and adjust Target CPU Utilization. Migrate the workload.

Use the projects. move method to move the project to your organization. Update the billing account of the project to that of your organization.

Ensure that you have an Organization Administrator Identity and Access Management (IAM) role assigned to you in both organizations. Navigate to the Resource Manager in the startup's Google Cloud organization, and drag the project to your company's organization.

Create a Private Catalog tor the Google Cloud Marketplace, and upload the resources of the startup’s production project to the Catalog. Share the Catalog with your organization, and deploy the resources in your company’s project.

Create an infrastructure-as-code template tor all resources in the project by using Terraform. and deploy that template to a new project in your organization. Delete the protect from the startup's Google Cloud organization.

Create a health check on port 443 and use that when creating the Managed Instance Group.

Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.

In the Instance Template, add the label ‘health-check’.

In the Instance Template, add a startup script that sends a heartbeat to the metadata server.

Create a Data Studio dashboard that uses the related BigQuery tables as a source and give the BI team view access to the Data Studio dashboard.

Create a Service Account for the BI team and distribute a new private key to each member of the BI team.

Use Cloud Scheduler to schedule a batch Dataflow job to copy the data from BigQuery to the BI team's internal data warehouse.

Assign the IAM role of BigQuery User to a Google Group that contains the members of the BI team.

Meet with the cloud enablement team to discuss load balancer options.

Redesign the application to use a distributed user session service that does not rely on WebSockets and HTTP sessions.

Review the encryption requirements for WebSocket connections with the security team.

Convert the WebSocket code to use HTTP streaming.

Store the database password inside the Docker image of the container, not in the YAML file.

Store the database password inside a Secret object. Modify the YAML file to populate the DB_PASSWORD environment variable from the Secret.

Store the database password inside a ConfigMap object. Modify the YAML file to populate the DB_PASSWORD environment variable from the ConfigMap.

Store the database password in a file inside a Kubernetes persistent volume, and use a persistent volume claim to mount the volume to the container.