You have an autoscaled managed instance group that is set to scale based on CPU utilization of 60%. There are currently 3 instances in the instance group. You're connected to one of the instances and notice that the CPU usage is a 70%.

However, the instance group isn't starting up another instance.

What's the most likely reason?

A. The autoscaler is disabled.

B. The autoscaler takes 60 seconds before creating a new instance.

C. The load balancer doesn't recognize the instance as healthy.

D. The average CPU for the entire instance group is below 60%.

You're working on creating a script that can extract the IP address of a Kubernetes Service. Your coworker sent you a code snippet that they had saved. Which one is the best starting point for your code?

A. kubectl get svc -o filtered- json='{.items[*].status.loadBalancer.ingress[0].ip}'

B. kubectl get svc -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}'

C. kubectl get svc -o html

D. kubectl get svc

You need to connect to one of your Compute Engine instances using SSH. You've already authenticated gcloud, however, you don't have an SSH key deployed yet. In the fewest steps possible, what's the easiest way to connect to the app?

A. Create a key with the ssh-keygen command. Upload the key to the instance. Run gcloud compute instances list to get the IP address of the instance, then use the ssh command.

B. Use the gcloud compute ssh command.

C. Create a key with the ssh-keygen command. Then use the gcloud compute ssh command.

D. Run gcloud compute instances list to get the IP address of the instance, then use the ssh command.

Regarding audit logs, which of the following is a Google recommended best practice?

A. Export your audit logs to App Engine

B. Export your audit logs to Pub/Sub.

C. Flush your audit logs monthly so you can more easily notice security events.

D. Export your audit logs to Cloud Storage and store them for a long period of time.

Your team has been working towards using desired state configuration for your entire infrastructure, which is why they're excited to store the Kubernetes Deployments in YAML. You created a Kubernetes Deployment with the kubectl apply command and passed on a YAML file. You need to edit the number of replicas. What steps should you take to update the Deployment?

A. Edit the number of replicas in the YAML file and rerun the kubectl apply.

B. Edit the YAML and push it to Github so that the git triggers deploy the change.

C. Disregard the YAML file. Use the kubectl scale command.

D. Edit the number of replicas in the YAML file and run the kubectl set image command.

Your company requires all developers to have the same permissions, regardless of the Google Cloud project they are working on. Your company's security policy also restricts developer permissions to Compute Engine, Cloud Functions, and Cloud SQL. You want to implement the security policy with minimal effort. What should you do?

A. Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions in one project within the Google Cloud organization. Copy the role across all projects created within the organization with the gcloud iam roles copy command. Assign the role to developers in those projects.

B. Add all developers to a Google group in Google Groups for Workspace. Assign the predefined role of Compute Admin to the Google group at the Google Cloud organization level.

C. Add all developers to a Google group in Cloud Identity. Assign predefined roles for Compute Engine, Cloud Functions, and Cloud SQL permissions to the Google group for each project in the Google Cloud organization.

D. Add all developers to a Google group in Cloud Identity. Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level. Assign the custom role to the Google group.

You recently discovered that your developers are using many service account keys during their development process. While you work on a long term improvement, you need to quickly implement a process to enforce short-lived service account credentials in your company. You have the following requirements:

1.

All service accounts that require a key should be created in a centralized project called pj-sa.

2.

Service account keys should only be valid for one day.

You need a Google-recommended solution that minimizes cost. What should you do?

A. Implement a Cloud Run job to rotate all service account keys periodically in pj-sa. Enforce an org policy to deny service account key creation with an exception to pj-sa.

B. Implement a Kubernetes CronJob to rotate all service account keys periodically. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

C. Enforce an org policy constraint allowing the lifetime of service account keys to be 24 hours. Enforce an org policy constraint denying service account key creation with an exception on pj-sa.

D. Enforce a DENY org policy constraint over the lifetime of service account keys for 24 hours. Disable attachment of service accounts to resources in all projects with an exception to pj-sa.

You want to set up a Google Kubernetes Engine cluster. Verifiable node identity and integrity are required for the cluster, and nodes cannot be accessed from the internet. You want to reduce the operational cost of managing your cluster, and you want to follow Google-recommended practices. What should you do?

A. Deploy a private autopilot cluster.

B. Deploy a public autopilot cluster.

C. Deploy a standard public cluster and enable shielded nodes.

D. Deploy a standard private cluster and enable shielded nodes.

You need to create a custom VPC with a single subnet. The subnet's range must be as large as possible. Which range should you use?

A. 0.0.0.0/0

B. 10.0.0.0/8

C. 172.16.0.0/12

D. 192.168.0.0/16

You need to configure IAM access audit logging in BigQuery for external auditors. You want to follow Google-recommended practices. What should you do?

A. Add the auditors group to the `logging.viewer' and `bigQuery.dataViewer' predefined IAM roles.

B. Add the auditors group to two new custom IAM roles.

C. Add the auditor user accounts to the `logging.viewer' and `bigQuery.dataViewer' predefined IAM roles.

D. Add the auditor user accounts to two new custom IAM roles.

You need to produce a list of the enabled Google Cloud Platform APIs for a GCP project using the gcloud command line in the Cloud Shell. The project name is my-project. What should you do?

A. Run gcloud projects list to get the project ID, and then run gcloud services list --project .

B. Run gcloud init to set the current project to my-project, and then run gcloud services list --available.

C. Run gcloud info to view the account value, and then run gcloud services list --account .

D. Run gcloud projects describe to verify the project value, and then run gcloud services list --available.

Your finance team wants to view the billing report for your projects. You want to make sure that the finance team does not get additional permissions to the project. What should you do?

A. Add the group for the finance team to roles/billing user role.

B. Add the group for the finance team to roles/billing admin role.

C. Add the group for the finance team to roles/billing viewer role.

D. Add the group for the finance team to roles/billing project/Manager role.

You are creating an application that will run on Google Kubernetes Engine. You have identified MongoDB as the most suitable database system for your application and want to deploy a managed MongoDB environment that provides a support SLA. What should you do?

A. Create a Cloud Bigtable cluster, and use the HBase API.

B. Deploy MongoDB Atlas from the Google Cloud Marketplace.

C. Download a MongoDB installation package, and run it on Compute Engine instances.

D. Download a MongoDB installation package, and run it on a Managed Instance Group.

Your team is building a website that handles votes from a large user population. The incoming votes will arrive at various rates. You want to optimize the storage and processing of the votes. What should you do?

A. Save the incoming votes to Firestore. Use Cloud Scheduler to trigger a Cloud Functions instance to periodically process the votes.

B. Use a dedicated instance to process the incoming votes. Send the votes directly to this instance.

C. Save the incoming votes to a JSON file on Cloud Storage. Process the votes in a batch at the end of the day.

D. Save the incoming votes to Pub/Sub. Use the Pub/Sub topic to trigger a Cloud Functions instance to process the votes.

Your manager asks you to deploy a workload to a Kubernetes cluster. You are not sure of the workloads resource requirements or how the requirements might vary depending on usage patterns, external dependencies, or other factors. You need a solution that makes cost-effective recommendations regarding CPU and memory requirements, and allows the workload to function consistently in any situation. You want to follow Google-recommended practices. What should you do?

A. Configure the Horizontal Pod Autoscaler for availability, and configure the cluster autoscaler for suggestions.

B. Configure the Horizontal Pod Autoscaler for availability, and configure the Vertical Pod Autoscaler recommendations for suggestions.

C. Configure the Vertical Pod Autoscaler recommendations for availability, and configure the Cluster autoscaler for suggestions.

D. Configure the Vertical Pod Autoscaler recommendations for availability, and configure the Horizontal Pod Autoscaler for suggestions.