Assign members of the networking team the compute.networkUser role.

Assign members of the networking team the compute.networkAdmin role.

Assign members of the networking team a custom role with only the compute.networks.* and the compute.firewalls.list permissions.

Assign members of the networking team the compute.networkViewer role, and add the compute.networks.use permission.

Set request-path to a specific URL used for health checking, and set proxy-header to PROXY_V1.

Set request-path to a specific URL used for health checking, and set host to include a custom host header that identifies the health check.

Set request-path to a specific URL used for health checking, and set response to a string that the backend service will always return in the response body.

Set proxy-header to the default value, and set host to include a custom host header that identifies the health check.

Assign each user the editor role.

Assign each user the compute.networkAdmin role.

Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get.

Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get, compute.routers.create, compute.routers.get, compute.routers.update.

Manually patch some of the instances, and then perform a rolling restart on the instance group.

Using the new instance template, perform a rolling update across all instances in the instance group. Verify the new feature once the rollout completes.

Deploy a new instance group and canary the updated template in that group. Verify the new feature in the new canary instance group, and then update the original instance group.

Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new template. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.

Create a single managed instance group, specify the desired region, and select Multiple zones for the location.

Create a managed instance group for each region, select Single zone for the location, and manually distribute instances across the zones in that region.

Create an unmanaged instance group in a single zone, and then create an HTTP load balancer for the instance group.

Create an unmanaged instance group for each zone, and manually distribute the instances across the desired zones.

Ensure that the object you don't want to be cached anymore is not shared publicly

Create a new storage bucket, and move the object you don't want to be checked anymore inside it. Then edit the bucket setting and enable the private attribute.

Add an appropriate lifecycle rule on the storage bucket containing the two objects.

Add a Cache-Control entry with value private to the metadata of the object you don't want to be cached anymore. Invalidate all the previously cached copies.

Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.

Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service

Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.

Create IPTables firewall rules that block all traffic except for the traffic-scrubbing service.