- (Topic 5)
Your company has an application running on App Engine that allows users to upload music files and share them with other people. You want to allow users to upload files directly into Cloud Storage from their browser session. The payload should not be passed through the backend. What should you do?
A.
* 1. Set a CORS configuration in the target Cloud Storage bucket where the base URL of the App
Engine application is an allowed origin.
* 2. Use the Cloud Storage Signed URL feature to generate a POST URL.
B.
* 1. Set a CORS configuration in the target Cloud Storage bucket where the base URL of the App
Engine application is an allowed origin.
* 2. Assign the Cloud Storage WRITER role to users who upload files.
C.
* 1. Use the Cloud Storage Signed URL feature to generate a POST URL.
* 2. Use App Engine default credentials to sign requests against Cloud Storage.
D.
* 1. Assign the Cloud Storage WRITER role to users who upload files.
* 2. Use App Engine default credentials to sign requests against Cloud Storage.

1. A.

Correct Answer: B

- (Topic 5)
You are creating a solution to remove backup files older than 90 days from your backup Cloud Storage bucket. You want to optimize ongoing Cloud Storage spend. What should you do?

1. A. Write a lifecycle management rule in XML and push it to the bucket with gsutil.
2. B. Write a lifecycle management rule in JSON and push it to the bucket with gsutil.
3. C. Schedule a cron script using gsutil is -lr gs://backups/** to find and remove items older than 90 days.
4. D. Schedule a cron script using gsutil ls -1 gs://backups/** to find and remove items older than 90 days and schedule it with cron.

Correct Answer: B
https://cloud.google.com/storage/docs/gsutil/commands/lifecycle

- (Topic 5)
Your company just finished a rapid lift and shift to Google Compute Engine for your compute needs. You have another 9 months to design and deploy a more cloud-native solution. Specifically, you want a system that is no-ops and auto-scaling. Which two compute products should you choose? Choose 2 answers

1. A. Compute Engine with containers
2. B. Google Kubernetes Engine with containers
3. C. Google App Engine Standard Environment
4. D. Compute Engine with custom instance types
5. E. Compute Engine with managed instance groups

Correct Answer: BC
B: With Container Engine, Google will automatically deploy your cluster for you, update, patch, secure the nodes.
Kubernetes Engine's cluster autoscaler automatically resizes clusters based on the demands of the workloads you want to run.
C: Solutions like Datastore, BigQuery, AppEngine, etc are truly NoOps.
App Engine by default scales the number of instances running up and down to match the load, thus providing consistent performance for your app at all times while minimizing idle instances and thus reducing cost.
Note: At a high level, NoOps means that there is no infrastructure to build out and manage during usage of the platform. Typically, the compromise you make with NoOps is that you lose control of the underlying infrastructure.
References: https://www.quora.com/How-well-does-Google-Container-Engine-support-Google-Cloud-Platform%E2%80%99s-NoOps-claim

- (Topic 5)
Your organization has stored sensitive data in a Cloud Storage bucket. For regulatory reasons, your company must be able to rotate the encryption key used to encrypt the data in the bucket. The data will be processed in Dataproc. You want to follow Google- recommended practices for security What should you do?

1. A. Create a key with Cloud Key Management Service (KMS) Encrypt the data using the encrypt method of Cloud KMS.
2. B. Create a key with Cloud Key Management Service (KMS). Set the encryption key on the bucket to the Cloud KMS key.
3. C. Generate a GPG key pai
4. D. Encrypt the data using the GPG ke
5. E. Upload the encrypted data to the bucket.
6. F. Generate an AES-256 encryption ke
7. G. Encrypt the data in the bucket using the customer-supplied encryption keys feature.

Correct Answer: AD
https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys#add-object-key
https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys

- (Topic 5)
Google Cloud Platform resources are managed hierarchically using organization, folders, and projects. When Cloud Identity and Access Management (IAM) policies exist at these different levels, what is the effective policy at a particular node of the hierarchy?

1. A. The effective policy is determined only by the policy set at the node
2. B. The effective policy is the policy set at the node and restricted by the policies of its ancestors
3. C. The effective policy is the union of the policy set at the node and policies inherited from its ancestors
4. D. The effective policy is the intersection of the policy set at the node and policies inherited from its ancestors

Correct Answer: B
Reference: https://cloud.google.com/resource-manager/docs/cloud-platform-resource- hierarchy