Your team needs to prevent users from creating projects in the organization. Only the DevOps team should be allowed to create projects on behalf of the requester.
Which two tasks should your team perform to handle this request? (Choose two.)

1. A. Remove all users from the Project Creator role at the organizational level.
2. B. Create an Organization Policy constraint, and apply it at the organizational level.
3. C. Grant the Project Editor role at the organizational level to a designated group of users.
4. D. Add a designated group of users to the Project Creator role at the organizational level.
5. E. Grant the billing account creator role to the designated DevOps team.

Correct Answer: BD

A patch for a vulnerability has been released, and a DevOps team needs to update their running containers in Google Kubernetes Engine (GKE).
How should the DevOps team accomplish this?

1. A. Use Puppet or Chef to push out the patch to the running container.
2. B. Verify that auto upgrade is enabled; if so, Google will upgrade the nodes in a GKE cluster.
3. C. Update the application code or apply a patch, build a new image, and redeploy it.
4. D. Configure containers to automatically upgrade when the base image is available in Container Registry.

Correct Answer: B

You have an application where the frontend is deployed on a managed instance group in subnet A and the data layer is stored on a mysql Compute Engine virtual machine (VM) in subnet B on the same VPC. Subnet A and Subnet B hold several other Compute Engine VMs. You only want to allow thee application frontend to access the data in the application's mysql instance on port 3306.
What should you do?

1. A. Configure an ingress firewall rule that allows communication from the src IP range of subnet A to the tag "data-tag" that is applied to the mysql Compute Engine VM on port 3306.
2. B. Configure an ingress firewall rule that allows communication from the frontend's unique service account to the unique service account of the mysql Compute Engine VM on port 3306.
3. C. Configure a network tag "fe-tag" to be applied to all instances in subnet A and a network tag "data-tag" to be applied to all instances in subnet
4. D. Then configure an egress firewall rule that allows communication from Compute Engine VMs tagged with data-tag to destination Compute Engine VMs tagged fe-tag.
5. E. Configure a network tag "fe-tag" to be applied to all instances in subnet A and a network tag "data-tag" to be applied to all instances in subnet
6. F. Then configure an ingress firewall rule that allows communication from Compute Engine VMs tagged with fe-tag to destination Compute Engine VMs tagged with data-tag.

Correct Answer: B

An organization receives an increasing number of phishing emails.
Which method should be used to protect employee credentials in this situation?

1. A. Multifactor Authentication
2. B. A strict password policy
3. C. Captcha on login pages
4. D. Encrypted emails

Correct Answer: D

When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)

1. A. Ensure that the app does not run as PID 1.
2. B. Package a single app as a container.
3. C. Remove any unnecessary tools not needed by the app.
4. D. Use public container images as a base image for the app.
5. E. Use many container image layers to hide sensitive information.

Correct Answer: BC