Associate-Cloud-Engineer Sample Questions Answers

• Add a step for human approval to the CI/CD pipeline before the execution of the infrastructure

provisioning.

• Use the human approvals IAM account for the provisioning.

• Attach a single service account to the compute instances.

• Add minimal rights to the service account.

• Allow the service account to impersonate a Cloud Identity user with elevated permissions to create, update, or delete resources.

• Attach a single service account to the compute instances.

• Add all required Identity and Access Management (IAM) permissions to this service account to create, update, or delete resources

• Create multiple service accounts, one for each pipeline with the appropriate minimal Identity and

Access Management (IAM) permissions.

• Use a secret manager service to store the key files of the service accounts.

• Allow the CI/CD pipeline to request the appropriate secrets during the execution of the pipeline.

In the Google Cloud console for your organization, select Create role from selection, and choose destination as the startup company's organization

In the Google Cloud console for the startup company, select Create role from selection and choose source as the startup company's Google Cloud organization.

Use the gcloud iam roles copy command, and provide the Organization ID of the startup company's

Google Cloud Organization as the destination.

Use the gcloud iam roles copy command, and provide the project IDs of all projects in the startup company s organization as the destination.

Run gcloud iam roles list. Review the output section.

Run gcloud iam service-accounts list. Review the output section.

Navigate to the project and then to the IAM section in the GCP Console. Review the members and roles.

Navigate to the project and then to the Roles section in the GCP Console. Review the roles and status.

1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery jobUser role to the group.

1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery dataViewer user role to the group.

1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery jobUser role to the group.

1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery dataViewer user role to the group.

Create a Service Account in your own project, and grant this Service Account access to BigGuery in your project

Create a Service Account in your own project, and ask the partner to grant this Service Account access to BigQuery in their project

Ask the partner to create a Service Account in their project, and have them give the Service Account access to BigQuery in their project

Ask the partner to create a Service Account in their project, and grant their Service Account access to the BigQuery dataset in your project

Move both projects under the same folder.

Grant the VM Service Account the role Storage Object Creator on corp-aggregate-reports-storage.

Create a Shared VPC network between both projects. Grant the VM Service Account the role Storage Object Creator on corp-iot-insights.

Make corp-aggregate-reports-storage public and create a folder with a pseudo-randomized suffix name. Share the folder with the IoT team.

Project Editor

Storage Admin

Storage Object Admin

Storage Object Creator

Install a RDP client on your desktop. Verify that a firewall rule for port 3389 exists.

Install a RDP client in your desktop. Set a Windows username and password in the GCP Console. Use the credentials to log in to the instance.

Set a Windows password in the GCP Console. Verify that a firewall rule for port 22 exists. Click the RDP button in the GCP Console and supply the credentials to log in.

Set a Windows username and password in the GCP Console. Verify that a firewall rule for port 3389 exists. Click the RDP button in the GCP Console, and supply the credentials to log in.

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 1.

Set autoscaling to On, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

Set autoscaling to Off, set the minimum number of instances to 1, and then set the maximum number of instances to 2.

When creating the VM, use machine type n1-standard-96.

When creating the VM, use Intel Skylake as the CPU platform.

Create the VM using Compute Engine default settings. Use gcloud to modify the running instance to have 96 vCPUs.

Start the VM using Compute Engine default settings, and adjust as you go based on Rightsizing Recommendations.

When creating the VM via the web console, specify the service account under the ‘Identity and API Access’ section.

Download a JSON Private Key for the service account. On the Project Metadata, add that JSON as the value for the key compute-engine-service-account.

Download a JSON Private Key for the service account. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine-service-account.

Download a JSON Private Key for the service account. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service-account.json.

kubectl get deployments –output=pods

gcloud get pods –selector=”app=prod”

kubectl get pods -I “app=prod”

gcloud list gke-deployments -filter={pod }

Persistent SSD on VM instances.

Cloud Filestore.

Multiregional Cloud Storage bucket.

Cloud Datastore database.

Invite the user to transfer their existing account

Invite the user to use an email alias to resolve the conflict

Tell the user that they must delete their existing account

Tell the user to remove all personal email from the existing account

Run gcloud app restore.

On the App Engine page of the GCP Console, select the application that needs to be reverted and click Revert.

On the App Engine Versions page of the GCP Console, route 100% of the traffic to the previous version.

Deploy the original version as a separate application. Then go to App Engine settings and split traffic between applications so that the original version serves 100% of the requests.

1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.

1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.

1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ.

1. Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public egress traffic for the DMZ.

Use kubect1 to delete the topic resource.

Use gcloud CLI to delete the topic.

Use kubect1 to create the label deleted-by-cnrm and to change its value to true for the topic resource.

Use gcloud CLI to update the topic label managed-by-cnrm to false.

Manual Scaling with 3 instances.

Basic Scaling with min_instances set to 3.

Basic Scaling with max_instances set to 3.

Automatic Scaling with min_idle_instances set to 3.

1. Update your instances’ metadata to add the following value: snapshot–schedule: 0 1 * * *

2. Update your instances’ metadata to add the following value: snapshot–retention: 30

1. In the Cloud Console, go to the Compute Engine Disks page and select your instance’s disk.

2. In the Snapshot Schedule section, select Create Schedule and configure the following parameters:

–Schedule frequency: Daily

–Start time: 1:00 AM – 2:00 AM

–Autodelete snapshots after 30 days

1. Create a Cloud Function that creates a snapshot of your instance’s disk.

2.Create a Cloud Function that deletes snapshots that are older than 30 days.

3.Use Cloud Scheduler to trigger both Cloud Functions daily at 1:00 AM.

1. Create a bash script in the instance that copies the content of the disk to Cloud Storage.

2.Create a bash script in the instance that deletes data older than 30 days in the backup Cloud Storage bucket.

3.Configure the instance’s crontab to execute these scripts daily at 1:00 AM.

Create a signed URL with a four-hour expiration and share the URL with the company.

Set object access to ‘public’ and use object lifecycle management to remove the object after four hours.

Configure the storage bucket as a static website and furnish the object’s URL to the company. Delete the object from the storage bucket after four hours.

Create a new Cloud Storage bucket specifically for the external company to access. Copy the object to that bucket. Delete the bucket after four hours have passed.

Create a Cloud Monitoring Workspace.

Create a VPC network in the project.

Enable the compute googleapis.com API.

Grant yourself the IAM role of Compute Admin.

Use granular logging statements within a Deployment Manager template authored in Python.

Monitor activity of the Deployment Manager execution on the Stackdriver Logging page of the GCP Console.

Execute the Deployment Manager template against a separate project with the same configuration, and monitor for failures.

Execute the Deployment Manager template using the –-preview option in the same project, and observe the state of interdependent resources.

Create and deploy a Custom Resource Definition per microservice.

Create and deploy a Docker Compose File.

Create and deploy a Job per microservice.

Create and deploy a Deployment per microservice.

Create a Kubernetes Service of type NodePort for your application, and a Kubernetes Ingress to expose this Service via a Cloud Load Balancer.

Create a Kubernetes Service of type ClusterIP for your application. Configure the public DNS name of your application using the IP of this Service.

Create a Kubernetes Service of type NodePort to expose the application on port 443 of each node of the Kubernetes cluster. Configure the public DNS name of your application with the IP of every node of the cluster to achieve load-balancing.

Create a HAProxy pod in the cluster to load-balance the traffic to all the pods of the application. Forward the public traffic to HAProxy with an iptable rule. Configure the DNS name of your application using the public IP of the node HAProxy is running on.

For each GCP product in the solution, review the pricing details on the products pricing page. Use the pricing calculator to total the monthly costs for each GCP product.

For each GCP product in the solution, review the pricing details on the products pricing page. Create a Google Sheet that summarizes the expected monthly costs for each product.

Provision the solution on GCP. Leave the solution provisioned for 1 week. Navigate to the Billing Report page in the Google Cloud Platform Console. Multiply the 1 week cost to determine the monthly costs.

Provision the solution on GCP. Leave the solution provisioned for 1 week. Use Stackdriver to determine the provisioned and used resource amounts. Multiply the 1 week cost to determine the monthly costs.

Disable the flag “Delete boot disk when instance is deleted.”

Enable delete protection on the instance.

Disable Automatic restart on the instance.

Enable Preemptibility on the instance.

Assign appropriate access for Google services to the service account used by the Compute Engine VM.

Create a service account with appropriate access for Google services, and configure the application to use this account.

Store credentials for service accounts with appropriate access for Google services in a config file, and deploy this config file with your application.

Store credentials for your user account with appropriate access for Google services in a config file, and deploy this config file with your application.

Grant each individual external consultant the role of BigQuery Editor

Grant each individual external consultant the role of BigQuery Viewer

Create a Google Group that contains the consultants and grant the group the role of BigQuery Editor

Create a Google Group that contains the consultants, and grant the group the role of BigQuery Viewer

Split the users from business units to multiple projects.

Apply a user- or project-level custom query quota for BigQuery data warehouse.

Create separate copies of your BigQuery data warehouse for each business unit.

Split your BigQuery data warehouse into multiple data warehouses for each business unit.

Change your BigQuery query model from on-demand to flat rate. Apply the appropriate number of slots to each Project.

Export Cloud Datastore data using gcloud datastore export.

Create a Cloud Datastore index using gcloud datastore indexes create.

Install the google-cloud-sdk-datastore-emulator component using the apt get install command.

Install the cloud-datastore-emulator component using the gcloud components install command.

Download the private key from the service account, and add it to each VMs custom metadata.

Download the private key from the service account, and add the private key to each VM’s SSH keys.

Grant the service account the IAM Role of Compute Storage Admin in the project called proj-vm.

When creating the VMs, set the service account’s API scope for Compute Engine to read/write.

Expose the application by using an external TCP Network Load Balancer.

Expose the application by using a TCP Proxy Load Balancer.

Expose the application by using an SSL Proxy Load Balancer.

Expose the application by using an internal TCP Network Load Balancer.

Enable the Cloud Pub/Sub API in the API Library on the GCP Console.

Rely on the automatic enablement of the Cloud Pub/Sub API when the Service Account accesses it.

Use Deployment Manager to deploy your application. Rely on the automatic enablement of all APIs used by the application being deployed.

Grant the App Engine Default service account the role of Cloud Pub/Sub Admin. Have your application enable the API on the first connection to Cloud Pub/Sub.

Search for the CMS solution in Google Cloud Marketplace. Use gcloud CLI to deploy the solution.

Search for the CMS solution in Google Cloud Marketplace. Deploy the solution directly from Cloud Marketplace.

Search for the CMS solution in Google Cloud Marketplace. Use Terraform and the Cloud Marketplace ID to deploy the solution with the appropriate parameters.

Use the installation guide of the CMS provider. Perform the installation through your configuration management system.

Deploy Jenkins through the Google Cloud Marketplace.

Create a new Compute Engine instance. Run the Jenkins executable.

Create a new Kubernetes Engine cluster. Create a deployment for the Jenkins image.

Create an instance template with the Jenkins executable. Create a managed instance group with this template.

Use a Deployment Manager script to automate creating storage buckets in an appropriate region

Use a local SSD to improve performance of the VM for the targeted workload

Use the gsutii command to create a storage bucket in the same region as the VM

Use a Persistent Disk SSD in the same zone as the VM to improve performance of the VM

Create a Cloud Bigtable cluster and use the HBase API

Deploy MongoDB Alias from the Google Cloud Marketplace

Download a MongoDB installation package and run it on Compute Engine instances

Download a MongoDB installation package, and run it on a Managed Instance Group

1. Use nslookup to get the IP address for storage.googleapis.com.2. Negotiate with the security team to be able to give a public IP address to the servers.3. Only allow egress traffic from those servers to the IP addresses for storage.googleapis.com.

1. Using Cloud VPN, create a VPN tunnel to a Virtual Private Cloud (VPC) in Google Cloud Platform (GCP).2. In this VPC, create a Compute Engine instance and install the Squid proxy server on this instance.3. Configure your servers to use that instance as a proxy to access Cloud Storage.

1. Use Migrate for Compute Engine (formerly known as Velostrata) to migrate those servers to Compute Engine.2. Create an internal load balancer (ILB) that uses storage.googleapis.com as backend.3. Configure your new instances to use this ILB as proxy.

1. Using Cloud VPN or Interconnect, create a tunnel to a VPC in GCP.2. Use Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that network to your on-premises network through the VPN tunnel.3. In your on-premises network, configure your DNS server to resolve *.googleapis.com as a CNAME to restricted.googleapis.com.

Create a custom role, and add all the required compute.disks.list and compute, images.list permissions as includedPermissions. Grant the custom role to the user at the project level.

Create a custom role based on the Compute Image User role Add the compute.disks, list to the

includedPermissions field Grant the custom role to the user at the project level

Grant the Compute Storage Admin role at the project level.

Create a custom role based on the Compute Storage Admin role. Exclude unnecessary permissions from the custom role. Grant the custom role to the user at the project level.

1. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)• Protocols: allow all

1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow TCP:80802. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow TCP: 8080

1. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #2 service account• Source filter: all instances with tier #1 service account• Protocols: allow all2. Create an ingress firewall rule with the following settings:• Targets: all instances with tier #3 service account• Source filter: all instances with tier #2 service account• Protocols: allow all

1. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.2.0/24)• Protocols: allow TCP: 80802. Create an egress firewall rule with the following settings:• Targets: all instances• Source filter: IP ranges (with the range set to 10.0.1.0/24)• Protocols: allow TCP: 8080

Configure the Horizontal Pod Autoscaler for availability, and configure the cluster autoscaler for suggestions.

Configure the Horizontal Pod Autoscaler for availability, and configure the Vertical Pod Autoscaler recommendations for suggestions.

Configure the Vertical Pod Autoscaler recommendations for availability, and configure the Cluster autoscaler for suggestions.

Configure the Vertical Pod Autoscaler recommendations for availability, and configure the Horizontal Pod Autoscaler for suggestions.

Increase the size of the disk to 1 TB.

Increase the allocated CPU to the instance.

Migrate to use a Local SSD on the instance.

Migrate to use a Regional SSD on the instance.

HTTPS Load Balancer

Network Load Balancer

SSL Proxy Load Balancer

Internal TCP/UDP Load Balancer. Add a firewall rule allowing ingress traffic from 0.0.0.0/0 on the target instances.

Create an instance template for the instances. Set the ‘Automatic Restart’ to on. Set the ‘On-host maintenance’ to Migrate VM instance. Add the instance template to an instance group.

Create an instance template for the instances. Set ‘Automatic Restart’ to off. Set ‘On-host maintenance’ to Terminate VM instances. Add the instance template to an instance group.

Create an instance group for the instances. Set the ‘Autohealing’ health check to healthy (HTTP).

Create an instance group for the instance. Verify that the ‘Advanced creation options’ setting for ‘do not retry machine creation’ is set to off.

Create a health check on port 443 and use that when creating the Managed Instance Group.

Select Multi-Zone instead of Single-Zone when creating the Managed Instance Group.

In the Instance Template, add the label ‘health-check’.

In the Instance Template, add a startup script that sends a heartbeat to the metadata server.

Create two configurations using gcloud config. Write a script that sets configurations as active, individually. For each configuration, use gcloud compute instances list to get a list of compute resources.

Create two configurations using gsutil config. Write a script that sets configurations as active, individually. For each configuration, use gsutil compute instances list to get a list of compute resources.

Go to Cloud Shell and export this information to Cloud Storage on a daily basis.

Go to GCP Console and export this information to Cloud SQL on a daily basis.

Verify that you are Project Billing Manager for the GCP project. Update the existing project to link it to the existing billing account.

Verify that you are Project Billing Manager for the GCP project. Create a new billing account and link the new billing account to the existing project.

Verify that you are Billing Administrator for the billing account. Create a new project and link the new project to the existing billing account.

Verify that you are Billing Administrator for the billing account. Update the existing project to link it to the existing billing account.

Create a new service with the new version of the application. Split traffic between this version and the version that is currently running.

Create a new revision with the new version of the application. Split traffic between this version and the version that is currently running.

Create a new service with the new version of the application. Add an HTTP Load Balancer in front of both services.

Create a new revision with the new version of the application. Add an HTTP Load Balancer in front of both revisions.

Create a single budget for all projects and configure budget alerts on this budget.

Create a separate billing account per sandbox project and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per billing account.

Create a budget per project and configure budget alerts on all of these budgets.

Create a single billing account for all sandbox projects and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per project.

Create an alert policy to send a notification when the HTTP response latency exceeds the specified threshold.

Implement an App Engine service which invokes the Cloud Monitoring API and sends a notification in case of anomalies.

Use the Cloud Monitoring dashboard to observe latency and take the necessary actions when the response latency exceeds the specified threshold.

Export Cloud Monitoring metrics to BigQuery and use a Looker Studio dashboard to monitor your web applications latency.

Use the command gcloud auth login and point it to the private key

Use the command gcloud auth activate-service-account and point it to the private key

Place the private key file in the installation directory of the Cloud SDK and rename it to "credentials ison"

Place the private key file in your home directory and rename it to ‘’GOOGLE_APPUCATION_CREDENTiALS".

Create a bash script that contains all requirement steps as gcloud commands

Develop templates for the environment using Cloud Deployment Manager

Use curl in a terminal to send a REST request to the relevant Google API for each individual resource.

Use the Cloud Console interface to provision and manage all related resources

Enable Cloud CDN on the website frontend.

Enable ‘Share publicly’ on the PDF file objects.

Set Content-Type metadata to application/pdf on the PDF file objects.

Add a label to the storage bucket with a key of Content-Type and value of application/pdf.

Use gcloud storage for the video files. Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.

Use Transfer Appliance for the videos. BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.

Use Storage Transfer Service for the video files, BigQuery Data Transfer Service for the data warehouse data, and Storage Transfer Service for the PNG files.

Use Cloud Data Fusion for the video files, Dataflow for the data warehouse data, and Storage Transfer Service for the PNG files.

Filter the Activity log to view the Configuration category. Filter the Resource type to Service Account.

Filter the Activity log to view the Configuration category. Filter the Resource type to Google Project.

Filter the Activity log to view the Data Access category. Filter the Resource type to Service Account.

Filter the Activity log to view the Data Access category. Filter the Resource type to Google Project.

Set the europe-west1-d zone as the default zone using the gcloud config subcommand.

In the Settings page for Compute Engine under Default location, set the zone to europe–west1-d.

In the CLI installation directory, create a file called default.conf containing zone=europe–west1–d.

Create a Metadata entry on the Compute Engine page with key compute/zone and value europe–west1–d.

Create a file in Cloud Storage per device and append new data to that file.

Create a file in Cloud Filestore per device and append new data to that file.

Ingest the data into Datastore. Store data in an entity group based on the device.

Ingest the data into Cloud Bigtable. Create a row key based on the event timestamp.

Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

Verify that both projects are in a GCP Organization. Create a new VPC and add all instances.

Verify that both projects are in a GCP Organization. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VPC.

Verify that you are the Project Administrator of both projects. Create two new VPCs and add all instances.

Verify that you are the Project Administrator of both projects. Create a new VPC and add all instances.

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

In the Google Cloud console, validate which SSH keys have been stored as project-wide keys.

Navigate to Identity-Aware Proxy and check the permissions for these resources.

Enable Audit logs on the 1AM & admin page for all resources, and validate the results.

Use the gcloud projects get-iam-policy command to view the current role assignments.

Create an HTTP load balancer with a backend configuration that references an existing instance group. Set the health check to healthy (HTTP).

Create an HTTP load balancer with a backend configuration that references an existing instance group. Define a balancing mode and set the maximum RPS to 10.

Create a managed instance group. Set the Autohealing health check to healthy (HTTP).

Create a managed instance group. Verify that the autoscaling setting is on.

kubectl delete deployment nginx

kubectl delete –deployment=nginx

kubectl delete pod nginx-84748895c4-k6bzl –no-restart 2

kubectl delete inginx

Enable node auto-provisioning on the GKE cluster.

Create a VerticalPodAutscaler for those workloads.

Create a node pool with preemptible VMs and GPUs attached to those VMs.

Create a node pool of instances with GPUs, and enable autoscaling on this node pool with a minimum size of 1.

Download and deploy the Jenkins Java WAR to App Engine Standard.

Create a new Compute Engine instance and install Jenkins through the command line interface.

Create a Kubernetes cluster on Compute Engine and create a deployment with the Jenkins Docker image.

Use GCP Marketplace to launch the Jenkins solution.

gcloud deployment-manager deployments create --config

gcloud deployment-manager deployments update --config

gcloud deployment-manager resources create --config

gcloud deployment-manager resources update --config

Meet with the cloud enablement team to discuss load balancer options.

Redesign the application to use a distributed user session service that does not rely on WebSockets and HTTP sessions.

Review the encryption requirements for WebSocket connections with the security team.

Convert the WebSocket code to use HTTP streaming.

1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic.2. Call your application on Cloud Run from the Cloud Function for every message.

1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run.2. Create a Cloud Pub/Sub subscription for that topic.3. Make your application pull messages from that subscription.

1. Create a service account.2. Give the Cloud Run Invoker role to that service account for your Cloud Run application.3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.

1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal.2. Create a Cloud Pub/Sub subscription for that topic.3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application.

When creating the instances, specify a Service Account for each instance

When creating the instances, assign the name of each Service Account as instance metadata

After starting the instances, use gcloud compute instances update to specify a Service Account for each instance

After starting the instances, use gcloud compute instances update to assign the name of the relevant Service Account as instance metadata

Add the support team group to the roles/monitoring.viewer role

Add the support team group to the roles/spanner.databaseUser role.

Add the support team group to the roles/spanner.databaseReader role.

Add the support team group to the roles/stackdriver.accounts.viewer role.

Deploy the application on a managed instance group and configure autoscaling.

Deploy the application on a Kubernetes Engine cluster and configure node pool autoscaling.

Deploy the application on Cloud Functions and configure the maximum number instances.

Deploy the application on Cloud Run and configure autoscaling.

Use Cloud SQL database with cross-region replication to store game statistics in the EU, US, and APAC regions.

Use Cloud Spanner to store user data mapped to the game statistics.

Use BigQuery to store game statistics with a Redis on Memorystore instance in the front to provide global consistency.

Store game statistics in a Bigtable database partitioned by username.

Assign the finance team only the Billing Account User role on the billing account.

Assign the engineering team only the Billing Account User role on the billing account.

Assign the finance team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.

Assign the engineering team the Billing Account User role on the billing account and the Project Billing Manager role on the organization.

Use the gcloud CLI services enable cloudresourcemanager.googleapis.com command to enable all resources.

Use the gcloud services enable compute.googleapis.com command to enable Compute Engine and the gcloud services enable storage-api.googleapis.com command to enable the Cloud Storage APIs.

Open the Google Cloud console and enable all Google Cloud APIs from the API dashboard.

Open the Google Cloud console and run gcloud init --project in a Cloud Shell.

Add users to roles/bigquery user role only, instead of roles/bigquery dataOwner.

Add users to roles/bigquery dataEditor role only, instead of roles/bigquery dataOwner.

Create a custom role by removing delete permissions, and add users to that role only.

Create a custom role by removing delete permissions. Add users to the group, and then add the group to the custom role.

• Navigate to Cloud Mentioning in the Google Cloud console, and create a custom monitoring job for the

Bigtable instance to track all changes.

• Create an alert by using webhook endpoints. with the SIEM endpoint as a receiver

■ Navigate to the Audit Logs page in the Google Cloud console, and enable Data Read. Data Write and Admin Read logs for the Bigtable instance

• Create a Pub/Sub topic as a Cloud Logging sink destination, and add your SIEM as a subscriber to the topic.

• Install the Ops Agent on the Bigtable instance during configuration. K

• Create a service account with read permissions for the Bigtable instance.

• Create a custom Dataflow job with this service account to export logs to the company's SIEM system.

• Navigate to the Audit Logs page in the Google Cloud console, and enable Admin Write logs for the

Biglable instance.

• Create a Cloud Functions instance to export logs from Cloud Logging to your SIEM.

Use Shared VPC to connect all projects, and link Stackdriver to one of the projects.

For each project, create a Stackdriver account. In each project, create a service account for that project and grant it the role of Stackdriver Account Editor in all other projects.

Configure a single Stackdriver account, and link all projects to the same account.

Configure a single Stackdriver account for one of the projects. In Stackdriver, create a Group and add the other project names as criteria for that Group.