GCP PCA Case Study

A. Deploy an external HTTP(S) load balancer, configure VPC firewall rules, and move the applications onto Compute Engine virtual machines​

B. Deploy an external HTTP(S) load balancer, configure Google Cloud Armor, and move the application onto Compute Engine virtual machines.​

C. Containerize the application and move it into Google Kubernetes Engine (GKE). Create a GKE service to expose the pods within the cluster, and set up a GKE network policy.​

D. Containerize the application and move it into Google Kubernetes Engine (GKE). Create an internal load balancer to expose the pods outside the cluster, and configure Identity-Aware Proxy (IAP) for access.

A. Provision Carrier Peering.​

B. Provision a new Internet connection.​

C. Provision a Partner Interconnect connection.​

D. Provision a Dedicated Interconnect connection.

A. Encrypt the data in the application on-premises before the data is stored in the "europe-west2" region.​

B. Enable Virtual Private Cloud Service Controls, and create a service perimeter around the Cloud Storage resources.​

C. Assign the Identity and Access Management (IAM) "storage.objectViewer" role only to users and service accounts that need to use the data.​

D. Create an access control list (ACL) that limits access to the bucket to authorized users only, and apply it to the buckets in the "europe-west2" region.

A. Create an Identity-Aware Proxy (IAP) connector that points to the sales tool application​

B. Create a Google group for the sales tool application, and upgrade that group to a security group.​

C. Deploy an external HTTP(S) load balancer and create a custom Cloud Armor policy for the sales tool application.​

D. For every sales employee who needs access to the sales tool application, give their Google Workspace user account the predefined AppEngine Viewer role.

A. Archive audit logs in Cloud Storage, and manually generate reports.​

B. Write a Cloud Logging filter to export specific date ranges to Pub/Sub.​

C. Archive audit logs in BigQuery, and generate reports using Google Data Studio​

D. Archive user logs on a locally attached persistent disk, and cat them to a text file for auditing.

A. Ensure that you aren’t running privileged containers.​

B. Ensure that you are using obfuscated Tags on workloads.​

C. Ensure that you are using the native logging mechanisms.​

D. Ensure that workloads are not using securityContext to run as a group.​

E. Ensure that each cluster is running GKE metering so each team can be charged for their usage.

A. Define one SLO as 99.9% game server availability. Define the other SLO as less than 100-ms latency.​

B. Define one SLO as service availability that is the same as Google Cloud's availability. Define the other SLO as 100-ms latency.​

C. Define one SLO as 99% HTTP requests return the 2xx status code. Define the other SLO as 99% requests return within 100 ms.​

D. Define one SLO as total uptime of the game server within a week. Define the other SLO as the mean response time of all HTTP requests that are less than 100 ms.

A. Serve the video content directly from a multi-region Cloud Storage bucket.​

B. Use Cloud CDN to cache the video content from HRL’s existing public cloud provider.​

C. Use Apigee Edge to cache the video content from HRL’s existing public cloud provider.​

D. Replicate the video content in Google Kubernetes Engine clusters in regions close to the fans.

A. Use AutoML to provide data to the recommendation service​

B. Process PII data on-premises to keep the private information more secure.​

C. Use the Cloud Data Loss Prevention (DLP) API to provide data to the recommendation service.​

D. Manually build, train, and test machine learning models to provide product recommendations anonymously.