Your company requires all developers to have the same permissions, regardless of the Google Cloud project they are working on. Your company's security policy also restricts developer permissions to Compute Engine.
Cloud Functions, and Cloud SQL. You want to implement the security policy with minimal effort. What should you do?

1. A. • Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions in one project within the Google Cloud organization.• Copy the role across all projects created within the organization with the gcloud iam roles copy command.• Assign the role to developers in those projects.
2. B. • Add all developers to a Google group in Google Groups for Workspace.• Assign the predefined role of Compute Admin to the Google group at the Google Cloud organization level.
3. C. • Add all developers to a Google group in Cloud Identity.• Assign predefined roles for Compute Engine, Cloud Functions, and Cloud SQL permissions to the Google group for each project in the Google Cloud organization.
4. D. • Add all developers to a Google group in Cloud Identity.• Create a custom role with Compute Engine, Cloud Functions, and Cloud SQL permissions at the Google Cloud organization level.• Assign the custom role to the Google group.

Correct Answer: D
https://www.cloudskillsboost.google/focuses/1035?parent=catalog#:~:text=custom%20role%20at%20the%20or

Your team is using Linux instances on Google Cloud. You need to ensure that your team logs in to these instances in the most secure and cost efficient way. What should you do?

1. A. Attach a public IP to the instances and allow incoming connections from the internet on port 22 for SSH.
2. B. Use a third party tool to provide remote access to the instances.
3. C. Use the gcloud compute ssh command with the --tunnel-through-iap fla
4. D. Allow ingress traffic from the IP range 35.235.240.0/20 on port 22.
5. E. Create a bastion host with public internet acces
6. F. Create the SSH tunnel to the instance through the bastion host.

Correct Answer: D

Every employee of your company has a Google account. Your operational team needs to manage a large number of instances on Compute Engine. Each member of this team needs only administrative access to the servers. Your security team wants to ensure that the deployment of credentials is operationally efficient and must be able to determine who accessed a given instance. What should you do?

1. A. Generate a new SSH key pai
2. B. Give the private key to each member of your tea
3. C. Configure the public key in the metadata of each instance.
4. D. Ask each member of the team to generate a new SSH key pair and to send you their public ke
5. E. Use a configuration management tool to deploy those keys on each instance.
6. F. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google accoun
7. G. Grant the “compute.osAdminLogin” role to the Google group corresponding to this team.
8. H. Generate a new SSH key pai
9. I. Give the private key to each member of your tea
10. J. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.

Correct Answer: C
https://cloud.google.com/compute/docs/instances/managing-instance-access

You have been asked to set up Object Lifecycle Management for objects stored in storage buckets. The objects are written once and accessed frequently for 30 days. After 30 days, the objects are not read again unless there is a special need. The object should be kept for three years, and you need to minimize cost. What should you do?

1. A. Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.
2. B. Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.
3. C. Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.
4. D. Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

Correct Answer: B
The key to understand the requirement is : "The objects are written once and accessed frequently for 30 days" Standard Storage
Standard Storage is best for data that is frequently accessed ("hot" data) and/or stored for only brief periods of time.
Archive Storage
Archive Storage is the lowest-cost, highly durable storage service for data archiving, online backup, and disaster recovery. Unlike the "coldest" storage services offered by other Cloud providers, your data is available within milliseconds, not hours or days. Archive Storage is the best choice for data that you plan to access less than once a year.
https://cloud.google.com/storage/docs/storage-classes#standard

You are developing a financial trading application that will be used globally. Data is stored and queried using a relational structure, and clients from all over the world should get the exact identical state of the data. The application will be deployed in multiple regions to provide the lowest latency to end users. You need to select a storage option for the application data while minimizing latency. What should you do?

1. A. Use Cloud Bigtable for data storage.
2. B. Use Cloud SQL for data storage.
3. C. Use Cloud Spanner for data storage.
4. D. Use Firestore for data storage.

Correct Answer: C
Keywords, Financial data (large data) used globally, data stored and queried using relational structure (SQL), clients should get exact identical copies(Strong Consistency), Multiple region, low latency to end user, select storage option to minimize latency.