- (Topic 5)
Auditors visit your teams every 12 months and ask to review all the Google Cloud Identity and Access Management (Cloud IAM) policy changes in the previous 12 months. You want to streamline and expedite the analysis and audit process. What should you do?

1. A. Create custom Google Stackdriver alerts and send them to the auditor.
2. B. Enable Logging export to Google BigQuery and use ACLs and views to scope the data shared with the auditor.
3. C. Use cloud functions to transfer log entries to Google Cloud SQL and use ACLS and views to limit an auditor's view.
4. D. Enable Google Cloud Storage (GCS) log export to audit logs Into a GCS bucket and delegate access to the bucket.

Correct Answer: D
Export the logs to Google Cloud Storage bucket - Archive Storage, as it will not be used for 1 year, price for which is $0.004 per GB per Month. The price for long term storage in BigQuery is $0.01 per GB per Month (250% more). Also for analysis purpose, whenever Auditors are there(once per year), you can use BigQuery and use GCS bucket as external data source. BigQuery supports querying Cloud Storage data from these storage classes:
Standard Nearline Coldline Archive

- (Topic 5)
The operations team in your company wants to save Cloud VPN log events (or one year You need to configure the cloud infrastructure to save the logs What should you do?

1. A. Set up a filter in Cloud Logging and a topic in Pub/Sub to publish the logs
2. B. Set up a Cloud Logging Dashboard titled Cloud VPN Logs, and then add a chart that queries for the VPN metrics over a one-year time period
3. C. Enable the Compute Engine API and then enable logging on the firewall rules that match the traffic you want to save
4. D. Set up a filter in Cloud Logging and a Cloud Storage bucket as an export target for the logs you want to save

Correct Answer: D

- (Topic 7)
For this question, refer to the TerramEarth case study. You are asked to design a new architecture for the
ingestion of the data of the 200,000 vehicles that are connected to a cellular network. You want to follow
Google-recommended practices.
Considering the technical requirements, which components should you use for the ingestion of the data?

1. A. Google Kubernetes Engine with an SSL Ingress
2. B. Cloud IoT Core with public/private key pairs
3. C. Compute Engine with project-wide SSH keys
4. D. Compute Engine with specific SSH keys

Correct Answer: A
https://cloud.google.com/solutions/iot-overview https://cloud.google.com/iot/quotas

- (Topic 5)
You are managing several projects on Google Cloud and need to interact on a daily basis with BigQuery, Bigtable and Kubernetes Engine using the gcloud CLI tool You are travelling a lot and work on different workstations during the week You want to avoid having to manage the gcloud CLI manually What should you do?

1. A. Use a package manager to install gcloud on your workstations instead of installing it manually
2. B. Create a Compute Engine instance and install gcloud on the instance Connect to this instance via SSH to always use the samegcloud installation when interacting with Google Cloud
3. C. Install gcloud on all of your workstations Run the command gcloud components auto- update on each workstation
4. D. Use Google Cloud Shell in the Google Cloud Console to interact with Google Cloud

Correct Answer: D
This option allows you to use the gcloud CLI tool without having to install or manage it manually on different workstations. Google Cloud Shell is a browser-based command-line tool that provides you with a temporary Compute Engine virtual machine instance preloaded with the Cloud SDK, including the gcloud CLI tool. You can access Google Cloud Shell from any web browser and use it to interact with BigQuery, Bigtable and Kubernetes Engine using the gcloud CLI tool. The other options are not optimal for this scenario, because they either require installing and updating the gcloud CLI tool on multiple workstations (A, C), or creating and maintaining a Compute Engine instance for the sole purpose of using the gcloud CLI tool (B). References:
✑ https://cloud.google.com/shell/docs/overview
✑ https://cloud.google.com/sdk/gcloud/

- (Topic 10)
You are migrating your on-premises solution to Google Cloud in several phases. You will use Cloud VPN to maintain a connection between your on-premises systems and Google
Cloud until the migration is completed.
You want to make sure all your on-premises systems remain reachable during this period. How should you organize your networking in Google Cloud?

1. A. Use the same IP range on Google Cloud as you use on-premises
2. B. Use the same IP range on Google Cloud as you use on-premises for your primary IP range and use asecondary range that does not overlap with the range you use on-premises
3. C. Use an IP range on Google Cloud that does not overlap with the range you use on- premises
4. D. Use an IP range on Google Cloud that does not overlap with the range you use on- premises for yourprimary IP range and use a secondary range with the same IP range as you use on- premises

Correct Answer: C