You need to create an autoscaling managed instance group for an HTTPS web application. You want to make sure that unhealthy VMs are recreated. What should you do?

To ensure that unhealthy VMs are recreated, a health check should be created to monitor the instances in the managed instance group. This health check should be configured to check the appropriate endpoint for the web application, which in this case would be port 443 for HTTPS. If an instance is determined to be unhealthy, the instance group will automatically recreate it.

Correct Answer is (B): Predefined roles The following table describes Identity and Access Management (IAM) roles that are associated with Cloud Storage and lists the permissions that are contained in each role. Unless otherwise noted, these roles can be applied either to entire projects or specific buckets. Storage Object Creator (roles/storage.objectCreator) Allows users to create objects. Does not give permission to view, delete, or overwrite objects. https://cloud.google.com/storage/docs/access-control/iam-roles#standard-roles

Basically, you are giving the permissions to the VM Service Account to create a copy of the daily report on the bucket that the other team has access.

C is the correct answer, Since the problem is resolved, We need to monitor if the error recurs, hence we create a custom log based metrics to monitor only the particular service account.

The keyword here is "want to be notified" that means an alert.

You have a virtual machine that is currently configured with 2 vCPUs and 4 GB of memory. It is running out of memory. You want to upgrade the virtual machine to have 8 GB of memory. What should you do?

ANSWER D is correct because it is the correct process to follow to increase the memory of a virtual machine in the Google Cloud Platform. To increase the memory of a virtual machine, you need to first stop the VM, since it is not possible to modify the memory of a running VM. Then, you can increase the memory of the VM by editing the machine type and selecting a machine type with more memory. Once you have made the change, you can start the VM again.

You want to run a single caching HTTP reverse proxy on GCP for a latency-sensitive website. This specific reverse proxy consumes almost no CPU. You want to have a 30-GB in-memory cache, and need an additional 2 GB of memory for the rest of the processes. You want to minimize cost. How should you run this reverse proxy?

ANSWER A is the most cost-effective solution for running a caching HTTP reverse proxy on GCP. Cloud Memorystore for Redis is a managed service that provides an in-memory cache for your applications. It offers a high throughput and low latency access to the Redis protocol. Cloud Memorystore offers an SLA of 99.9% availability and automatic failover for Redis instances. In this case, a 32-GB Redis instance is sufficient to accommodate the 30-GB cache and the additional 2 GB of memory required for the rest of the processes. This solution is highly scalable and allows you to increase the size of the Redis instance as your needs grow.

C https://cloud.google.com/iam/docs/best-practices-for-using-and-managing-service-accounts If an application uses third-party or custom identities and needs to access a resource, such as a BigQuery dataset or a Cloud Storage bucket, it must perform a transition between principals. Because Google Cloud APIs don't recognize third-party or custom identities, the application can't propagate the end-user's identity to BigQuery or Cloud Storage. Instead, the application has to perform the access by using a different Google identity.

A. When creating the instances, specify a Service Account for each instance. To specify a more granular level of service account for each Compute Engine instance, you should specify a Service Account for each instance when you create it. This can be done through the Compute Engine API or the Cloud Console. By doing so, the specified Service Account will be used when calling Google Cloud APIs from that instance.

Option B, assigning the name of each Service Account as instance metadata, is not the best solution as metadata can be accessed by anyone with access to the instance, which could potentially lead to security issues. Options C and D, using gcloud compute instances update to specify a Service Account or assign the name of a Service Account as instance metadata after starting the instances, can also be done, but it is a less efficient approach as it requires additional steps and can lead to human error if not properly documented.