You have deployed an HTTP(s) load balancer, but health checks to port 80 on the Compute Engine virtual machine instance are failing, and no traffic is sent to your instances. You want to resolve the problem. Which commands should you run?

1. A. gcloud compute instances add-access-config instance-1
2. B. gcloud compute firewall-rules create allow-lb --network load-balancer --allow tcp --destination-ranges 130.211.0.0/22,35.191.0.0/16 --direction EGRESS
3. C. gcloud compute firewall-rules create allow-lb --network load-balancer --allow tcp --source-ranges 130.211.0.0/22,35.191.0.0/16 --direction INGRESS
4. D. gcloud compute health-checks update http health-check --unhealthy-threshold 10

Correct Answer: A

You have a Cloud Storage bucket in Google Cloud project XYZ. The bucket contains sensitive data. You need to design a solution to ensure that only instances belonging to VPCs under project XYZ can access the data stored in this Cloud Storage bucket. What should you do?

1. A. Configure Private Google Access to privately access the Cloud Storage service using private IP addresses.
2. B. Configure a VPC Service Controls perimeter around project XYZ, and include storage.googleapis.com as a restricted service in the service perimeter.
3. C. Configure Cloud Storage with projectPrivate Access Control List (ACL) that gives permission to the project team based on their roles.
4. D. Configure Private Service Connect to privately access Cloud Storage from all VPCs under project XYZ.

Correct Answer: C

Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with access from on-premises locations using Cloud Interconnect connections. Your company must be able to send traffic to Cloud Storage only through the Interconnect links while accessing other Google APIs and services over the public internet. What should you do?

1. A. Use the default public domains for all Google APIs and services.
2. B. Use Private Service Connect to access Cloud Storage, and use the default public domains for all other Google APIs and services.
3. C. Use Private Google Access, with restricted.googleapis.com virtual IP addresses for Cloud Storage and private.googleapis.com for all other Google APIs and services.
4. D. Use Private Google Access, with private.googleapis.com virtual IP addresses for Cloud Storage and restricted.googleapis.com virtual IP addresses for all other Google APIs and services.

Correct Answer: B

You just finished your company’s migration to Google Cloud and configured an architecture with 3 Virtual Private Cloud (VPC) networks: one for Sales, one for Finance, and one for Engineering. Every VPC contains over 100 Compute Engine instances, and now developers using instances in the Sales VPC and the Finance VPC require private connectivity between each other. You need to allow communication between Sales and Finance without compromising performance or security. What should you do?

1. A. Configure an HA VPN gateway between the Finance VPC and the Sales VPC.
2. B. Configure the instances that require communication between each other with an external IP address.
3. C. Create a VPC Network Peering connection between the Finance VPC and the Sales VPC.
4. D. Configure Cloud NAT and a Cloud Router in the Sales and Finance VPCs.

Correct Answer: C

You work for a university that is migrating to GCP. These are the cloud requirements:
• On-premises connectivity with 10 Gbps
• Lowest latency access to the cloud
• Centralized Networking Administration Team
New departments are asking for on-premises connectivity to their projects. You want to deploy the most cost-efficient interconnect solution for connecting the campus to Google Cloud.
What should you do?

1. A. Use Shared VPC, and deploy the VLAN attachments and Interconnect in the host project.
2. B. Use Shared VPC, and deploy the VLAN attachments in the service project
3. C. Connect the VLAN attachment to the Shared VPC's host project.
4. D. Use standalone projects, and deploy the VLAN attachments in the individual project
5. E. Connect the VLAN attachment to the standalone projects' Interconnects.
6. F. Use standalone projects and deploy the VLAN attachments and Interconnects in each of the individual projects.

Correct Answer: A
https://cloud.google.com/interconnect/docs/how-to/dedicated/using-interconnects-other-projects
Using Cloud Interconnect with Shared VPC You can use Shared VPC to share your VLAN attachment in a project with other VPC networks. Choosing Shared VPC is preferable if you need to create many projects and would like to prevent individual project owners from managing their connectivity back to your on-premises network. In this scenario, the host project contains a common Shared VPC network usable by VMs in service projects. Because VMs in the service projects use this network, Service Project Admins don't need to create other VLAN attachments or Cloud Routers in the service projects. In this scenario, you must create VLAN attachments and Cloud Routers for a Cloud Interconnect connection only in the Shared VPC host project. The combination of a VLAN attachment and its associated Cloud Router are unique to a given Shared VPC network.
https://cloud.google.com/network-connectivity/docs/interconnect/how-to/enabling-multiple-networks-access-sa
https://cloud.google.com/vpc/docs/shared-vpc