You are working with a user to set up an application in a new VPC behind a firewall. The user is concerned about data egress. You want to configure the fewest open egress ports. What should you do?

1. A. Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.
2. B. Set up a high-priority (1000) rule that pairs both ingress and egress ports.
3. C. Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.
4. D. Set up a high-priority (1000) rule to allow the appropriate ports.

Correct Answer: A
Implied rules Every VPC network has two implied firewall rules. These rules exist, but are not shown in the Cloud Console: Implied allow egress rule. An egress rule whose action is allow, destination is 0.0.0.0/0, and priority is the lowest possible (65535) lets any instance send traffic to any destination, except for traffic blocked by Google Cloud. A higher priority firewall rule may restrict outbound access. Internet access is allowed if no other firewall rules deny outbound traffic and if the instance has an external IP address or uses a Cloud NAT instance. For more information, see Internet access requirements. Implied deny ingress rule. An ingress rule whose action is deny, source is 0.0.0.0/0, and priority is the lowest possible (65535) protects all instances by blocking incoming connections to them. A higher priority rule might allow incoming access. The default network includes some additional rules that override this one, allowing certain types of incoming connections. https://cloud.google.com/vpc/docs/firewalls#default_firewall_rules

The core business of your company is to rent out construction equipment at a large scale. All the equipment that is being rented out has been equipped with multiple sensors that send event information every few seconds. These signals can vary from engine status, distance traveled, fuel level, and more. Customers are billed based on the consumption monitored by these sensors. You expect high throughput – up to thousands of events per hour per device – and need to retrieve consistent data based on the time of the event. Storing and retrieving individual signals should be atomic. What should you do?

1. A. Create a file in Cloud Storage per device and append new data to that file.
2. B. Create a file in Cloud Filestore per device and append new data to that file.
3. C. Ingest the data into Datastor
4. D. Store data in an entity group based on the device.
5. E. Ingest the data into Cloud Bigtabl
6. F. Create a row key based on the event timestamp.

Correct Answer: D
Keyword need to look for
- "High Throughput",
- "Consistent",
- "Property based data insert/fetch like ngine status, distance traveled, fuel level, and more." which can be designed in column,
- "Large Scale Customer Base + Each Customer has multiple sensor which send event in seconds" This will go for pera bytes situation,
- Export data based on the time of the event.
- Atomic
o BigTable will fit all requirement. o DataStore is not fully Atomic
o CloudStorage is not a option where we can export data based on time of event. We need another solution to do that
o FireStore can be used with MobileSDK.

Your coworker has helped you set up several configurations for gcloud. You've noticed that you're running commands against the wrong project. Being new to the company, you haven't yet memorized any of the projects. With the fewest steps possible, what's the fastest way to switch to the correct configuration?

1. A. Run gcloud configurations list followed by gcloud configurations activate .
2. B. Run gcloud config list followed by gcloud config activate.
3. C. Run gcloud config configurations list followed by gcloud config configurations activate.
4. D. Re-authenticate with the gcloud auth login command and select the correct configurations on login.

Correct Answer: C
as gcloud config configurations list can help check for the existing configurations and activate can help switch to the configuration.
gcloud config configurations list lists existing named configurations
gcloud config configurations activate activates an existing named configuration
Obtains access credentials for your user account via a web-based authorization flow. When this command completes successfully, it sets the active account in the current configuration to the account specified. If no configuration exists, it creates a configuration named default.

You are running a data warehouse on BigQuery. A partner company is offering a recommendation engine based on the data in your data warehouse. The partner company is also running their application on Google Cloud. They manage the resources in their own project, but they need access to the BigQuery dataset in your project. You want to provide the partner company with access to the dataset What should you do?

1. A. Create a Service Account in your own project, and grant this Service Account access to BigGuery in your project
2. B. Create a Service Account in your own project, and ask the partner to grant this Service Account access to BigQuery in their project
3. C. Ask the partner to create a Service Account in their project, and have them give the Service Account access to BigQuery in their project
4. D. Ask the partner to create a Service Account in their project, and grant their Service Account access to the BigQuery dataset in your project

Correct Answer: D
https://gtseres.medium.com/using-service-accounts-across-projects-in-gcp-cf9473fef8f0#:~:text=Go%20to%20t

You want to configure autohealing for network load balancing for a group of Compute Engine instances that run in multiple zones, using the fewest possible steps. You need to configure re-creation of VMs if they are unresponsive after 3 attempts of 10 seconds each. What should you do?

1. A. Create an HTTP load balancer with a backend configuration that references an existing instance group.Set the health check to healthy (HTTP).
2. B. Create an HTTP load balancer with a backend configuration that references an existing instance group.Define a balancing mode and set the maximum RPS to 10.
3. C. Create a managed instance grou
4. D. Set the Autohealing health check to healthy (HTTP).
5. E. Create a managed instance grou
6. F. Verify that the autoscaling setting is on.

Correct Answer: C
https://cloud.google.com/compute/docs/instance-groups
https://cloud.google.com/load-balancing/docs/network/transition-to-backend-services#console
In order to enable auto-healing, you need to group the instances into a managed instance group.
Managed instance groups (MIGs) maintain the high availability of your applications by proactively keeping your virtual machine (VM) instances available. An auto-healing policy on the MIG relies on an application-based health check to verify that an application is responding as expected. If the auto-healer determines that an application isnt responding, the managed instance group automatically recreates that instance.
It is important to use separate health checks for load balancing and for auto-healing. Health checks for load balancing can and should be more aggressive because these health checks determine whether an instance receives user traffic. You want to catch non-responsive instances quickly, so you can redirect traffic if necessary. In contrast, health checking for auto-healing causes Compute Engine to proactively replace failing instances, so this health check should be more conservative than a load balancing health check.