Google Cloud-Digital-Leader Google Cloud Digital Leader exam Exam Practice Test

The correct answer is D. Service-level objective. Here's why:

Context of the Question: The organization wants to understand the term used in Site Reliability Engineering (SRE) for defining the desired level of reliability and performance.

Google Cloud Product Relevance:

A Service-Level Objective (SLO) is a key term in SRE, representing the target level of reliability or performance for a specific service. SLOs define acceptable levels of service in terms of availability, latency, or other performance metrics. They are used to set clear expectations and help measure whether services meet the desired reliability levels.

SLOs are closely tied to Service-Level Agreements (SLAs) and Service-Level Indicators (SLIs), where SLIs measure specific aspects of service performance, and SLOs set the target levels based on those indicators.

Why Not Other Options:

A. Enhanced support: This is a support option for Google Cloud customers and is not related to SRE concepts.

B. Scalable infrastructure: This refers to cloud infrastructure's ability to scale resources up or down but is not specific to reliability and performance metrics.

C. Service-level indicator: An SLI measures a specific aspect of the service’s performance but does not define the target level of performance.

Google Cloud Digital Leader References:

Refer to the Site Reliability Engineering (SRE) documentation to learn more about SLOs, SLIs, and SLAs.

Real-time data ingestion and updates. A simple and universal solution for continually ingesting your enterprise data into popular cloud-based data warehouses in real time.

The Natural Language API from Google Cloud is designed to understand and analyze human language. It can automatically identify and extract key topics, sentiments, and entities from text data, making it ideal for processing large datasets of text transcripts to determine what topics customers care most about.

Option D: Natural Language API is correct because it is specifically built for text analysis, topic modeling, and sentiment analysis.

The correct answer is B. The policy will be inherited by the projects and their resources within the folder. Here's why:

Context of the Question: The organization is deciding on the layout of their resource hierarchy in Google Cloud and wants to understand the impact of applying user access policies at the folder level.

Google Cloud Product Relevance:

In Google Cloud, policies applied at a higher level in the resource hierarchy (like an organization or folder) are inherited by all lower-level resources (such as projects and resources within those projects). Therefore, if a policy is applied to a folder, it will be inherited by all projects and their resources under that folder.

This is a core concept in Google Cloud's Identity and Access Management (IAM) system, which ensures that permissions and policies are consistently applied throughout the resource hierarchy.

Why Not Other Options:

A. The policy applies to the folder only, and will not be inherited by any projects: This is incorrect because IAM policies are inherited down the resource hierarchy.

C. The policy will be applied to all folders within the organization: This is incorrect because the policy applies only to the specific folder and its contents, not to other folders.

D. The policy will be inherited by the projects in the folder but will not affect their resources: This is incorrect because policies inherited by projects also apply to the resources within those projects.

Google Cloud Digital Leader References:

Refer to Google Cloud IAM documentation to understand how IAM policies are inherited in a resource hierarchy.

Cloud Debugger is a feature of Google Cloud Platform that lets you inspect the state of an application, at any code location, without stopping or slowing down the running app. Cloud Debugger makes it easier to view the application state without adding logging statements.

Accepting failure as normal is one of the SRE principles. SREs believe that accepting failure as normal helps to build an iterative, collaborative culture. One way this is done is by holding a blameless “lessons learned” discussion after an incident occurs.

The Premium customer care service level in Google Cloud provides the fastest response times and includes a dedicated Technical Account Manager (TAM) to assist with managing critical workloads and ensuring smooth operations.

Option A: Premium is correct because it provides the required support features, including fast response times and a dedicated TAM.

An Application Programming Interface (API) is a set of protocols, routines, and tools that allow different software applications to communicate with each other. APIs provide the necessary instructions for one program to interact with another, enabling the integration of different systems and the development of new functionalities.

Option D: To provide a set of instructions that allow computer programs to communicate with each other is correct because it accurately describes the fundamental purpose of an API.

The correct answer is D. Cloud Storage. Here's why:

Context of the Question: The organization has a large archive of unstructured data, including video and audio files. These types of files are typically large and require scalable storage that supports unstructured data formats.

Google Cloud Product Relevance:

Cloud Storage is a fully managed, scalable, and highly durable object storage service that supports storing any amount of unstructured data, including images, videos, audio files, backups, and more. It offers various storage classes to optimize costs based on access frequency, making it ideal for large archives.

Cloud Storage provides features like versioning, lifecycle management, and access control, which are essential for managing a large archive of files.

Why Not Other Options:

A. Cloud SQL: Cloud SQL is a managed relational database service that supports structured data with predefined schemas, not suitable for storing unstructured data like videos and audio files.

B. Cloud Spanner: Cloud Spanner is a fully managed, globally distributed relational database. It is also designed for structured data and not suitable for large-scale unstructured data storage.

C. Cloud Bigtable: Cloud Bigtable is a NoSQL database for large-scale analytics but is not optimized for storing unstructured data like multimedia files.

Google Cloud Digital Leader References:

Refer to Google Cloud Storage documentation for details on storing unstructured data and managing large archives.

Legacy infrastructure is typically based on on-premises hardware that is managed and maintained by the organization. As the application grows and the user base expands, the hardware required to support it must also grow. This can lead to significant costs associated with provisioning and maintaining hardware, particularly if the organization needs to provision for peak usage.

The correct answer is B. Platform as a service. Here's why:

Context of the Question: The organization wants to run a custom application in the cloud in a flexible and scalable way without managing any infrastructure.

Google Cloud Product Relevance:

Platform as a Service (PaaS) provides a platform that allows customers to develop, run, and manage applications without dealing with the complexity of building and maintaining the underlying infrastructure.

Google Cloud's App Engine is an example of a PaaS offering. It enables organizations to deploy custom applications in a fully managed environment where scaling, load balancing, and infrastructure management are handled automatically.

Why Not Other Options:

A. Infrastructure as a service: IaaS requires the organization to manage the underlying infrastructure (like virtual machines, networks, and storage), which is not suitable if the organization does not want to manage any infrastructure.

C. Network as a service: NaaS is focused on network connectivity and does not provide the capabilities needed to run custom applications.

D. Software as a service: SaaS provides pre-built applications managed by a provider; it is not suitable for running custom applications.

Google Cloud Digital Leader References:

For more on PaaS, refer to the Google App Engine documentation.

The correct answer is A. The refactored application is more efficient and scalable. Here's why:

Context of the Question: The organization wants to refactor its application into a microservices architecture when migrating to the cloud.

Google Cloud Product Relevance:

Microservices architecture breaks down applications into smaller, independent services that can be developed, deployed, and scaled independently. This increases efficiency and scalability, as each microservice can be scaled according to its needs without affecting the entire application.

Google Cloud provides tools such as Kubernetes Engine (GKE) for container orchestration, Anthos for managing microservices across hybrid and multi-cloud environments, and Cloud Run for deploying containerized applications efficiently.

Why Not Other Options:

B. No code changes will be required: Refactoring to microservices often requires significant code changes to decouple services.

C. This migration pattern provides the fastest path to the cloud: Refactoring to microservices is a complex process that typically takes more time compared to a "lift-and-shift" migration.

D. The application will become PCI-DSS compliant by default: Compliance with PCI-DSS (Payment Card Industry Data Security Standard) depends on specific security controls, not on using microservices architecture.

Google Cloud Digital Leader References:

For more information on microservices and cloud-native architectures, refer to the Google Cloud Microservices documentation.

Apigee's API Monitoring enables you to track your APIs to make sure they are up and running correctly. API Monitoring provides near real-time insights into API traffic and performance, to help you quickly diagnose and solve issues as they arise.

Apigee works with APIs not necessarily applications. It allows organizations to gain actionable insights across the entire API value chain and monetize API products and maximize the business value of digital assets.

An effective data governance program helps organizations manage data quality, privacy, and security, ensuring compliance with regulations and optimizing the value derived from data. This approach involves defining policies and procedures for data access, usage, and retention, which improves cost control and strengthens regulatory compliance.

Option B: Establish an effective data governance program is correct because it provides a comprehensive framework for managing data, optimizing value, controlling costs, and ensuring compliance.

The Google Cloud Pricing Calculator is a tool designed to help users estimate the cost of Google Cloud services based on their specific needs and configurations. It allows organizations to input various service usage parameters, such as storage, compute, and networking requirements, to calculate a detailed cost estimate.

Option A: Use the Google Cloud Pricing Calculator is correct because it provides an accurate and comprehensive way to estimate the costs of running a workload on Google Cloud.

The correct answer is D. Run a replica of the application in a region in the United States. Here's why:

Context of the Question: The application currently runs in a single region in Europe, and customers in the United States are experiencing high latencies. The organization needs to reduce latencies for these customers.

Google Cloud Product Relevance:

Running a replica of the application in a region in the United States would reduce latency by hosting the application closer to the end users. This improves response times and ensures a better user experience for customers in the United States.

Google Cloud provides services such as Cloud Load Balancing to distribute traffic efficiently between instances in different regions.

Why Not Other Options:

A. Set up a new billing account in the United States: Billing accounts do not affect application performance or latency.

B. Run the application in additional regions in Europe: This would not reduce latencies for users in the United States, as their traffic would still need to travel across the Atlantic.

C. Run the application in additional zones in the European region: Additional zones in Europe would not help with reducing latency for U.S. customers.

Google Cloud Digital Leader References:

Refer to Google Cloud's multi-region deployment documentation for more information on deploying applications across multiple regions.

Google Cloud VMware Engine is a fully managed service that allows organizations to run VMware environments natively in Google Cloud. It enables customers to retain their existing VMware operational processes, tools, and policies while migrating to the cloud, providing a seamless transition for VMware-based workloads.

Option A: Google Cloud VMware Engine is correct because it supports VMware environments and allows for continuity of existing operations and tools.

To follow Site Reliability Engineering (SRE) principles, the recommended approach when introducing a new system, like an image recognition login system, is to minimize risk and test in a controlled environment. SRE emphasizes progressive rollouts and monitoring to ensure reliability, stability, and security.

Option A: Roll out the new system to a subset of employees to test it out is the correct answer because this aligns with SRE practices, such as:

Canary Releases: Deploying a new feature to a small group of users (subset of employees) allows the organization to test the system in a real-world environment with minimal risk. This practice helps identify any potential issues, gather feedback, and monitor system behavior without impacting the entire organization.

Gradual Rollouts: SRE encourages gradual rollouts to detect and mitigate any failures early, reducing the blast radius in case of a malfunction or security issue. This ensures the reliability of the system while maintaining service quality.

Monitoring and Observability: Rolling out to a subset allows for comprehensive monitoring and collection of metrics to ensure the system performs as expected. If issues arise, they can be quickly identified and resolved before a wider deployment.

Option B: Roll out the new system to all employees to collect as much data as possible is not advisable under SRE principles because it poses a higher risk of widespread failure or security issues.

Option C: Avoid rolling out the new system because it may have security flaws and Option D: Avoid rolling out the new system because it may violate privacy policy are also incorrect in the context of SRE. While security and privacy are crucial, outright avoidance does not align with SRE practices. Instead, risk is managed through controlled rollouts, testing, and monitoring.

The correct answer is B. Back up data regularly. Here's why:

Context of the Question: The organization is concerned about data loss due to hardware failures or cyber-attacks and wants to restore their systems to a previous state in case of such events.

Google Cloud Product Relevance:

Backing up data regularly is the most effective way to ensure data can be restored in case of loss or damage. Regular backups create copies of data that can be stored separately from the main systems, ensuring that even if the primary data is lost or compromised, the backup can be used to restore it to a previous state.

Google Cloud offers several backup solutions, such as Cloud Storage for storing backups and Cloud SQL automated backups for database instances.

Why Not Other Options:

A. Use Cloud Monitoring: Cloud Monitoring helps observe and monitor the health and performance of applications and infrastructure but does not provide backup or data restoration capabilities.

C. Set service level objectives (SLOs): SLOs are targets for service availability and performance but do not directly help with data backup or recovery.

D. Enable autoscaling: Autoscaling helps automatically adjust resources to meet demand but does not protect against data loss or provide restoration capabilities.

Google Cloud Digital Leader References:

To understand more about backup strategies in Google Cloud, refer to Backup and DR (Disaster Recovery) documentation.

The Bare Metal solution is the recommended approach. You can deploy Oracle capabilities like clustered databases, replication, and all performance features at licensing costs that are similar to on-premise systems

Integrated repository for analytics and ML: The highest level of availability and performance within a single region is ideal for compute, analytics, and machine learning workloads in a particular region. Cloud Storage is also strongly consistent, giving you confidence and accuracy in analytics workloads.

Table Description automatically generated with medium confidence

Folders for a related group of projects are the recommended approach.

-> A flat structure under the organization node is possible on Google Cloud, but it is not recommended. It becomes tougher to manage.

-> Projects cannot have sub-projects; there can only be resources within Projects.

Reference link-  

- Cloud Spanner is the online transaction processing solution that is relational and offers petabyte scalability. Cloud SQL is not designed for petabyte-scale data.

Because Dataproc  is used to run Hadoop/Spark workloads

Customer-managed encryption keys for Cloud BigTable.

By default, all the data at rest in Cloud Bigtable is encrypted using Google's default encryption. Bigtable handles and manages this encryption for you without any additional action on your part.

If you have specific compliance or regulatory requirements related to the keys that protect your data, you can use customer-managed encryption keys (CMEK) for BigTable. Instead of Google managing the encryption keys that protect your data, your BigTable instance is protected using a key that you control and manage in Cloud Key Management Service (Cloud KMS).

Features

Security: CMEK provides the same level of security as Google's default encryption but provides more administrative control.

Data access control: Administrators can rotate, manage access to, and disable or destroy the key used to protect data at rest in BigTable .

Auditability: All actions on your CMEK keys are logged and viewable in Cloud Logging.

Comparable performance: BigTable CMEK-protected instances offer comparable performance to BigTable instances that use Google default encryption.

Flexibility: You can use the same CMEK key in multiple projects or instances or you can use separate keys, depending on your business needs.

Logged information

Your Google Cloud projects contain only the audit logs for resources that are directly within the Cloud project. Other Google Cloud resources, such as folders, organizations, and billing accounts, contain the audit logs for the entity itself.

Reference link- 

To change the Cloud Billing account for a project, you need to be able to move a project from one Cloud Billing account to another. To accomplish this task, you need permissions adequate to unlink the project from the existing Cloud Billing account AND to link the project to the target Cloud Billing account. Roles with adequate permissions to perform this task: Project Owner or Project Billing Manager on the project, AND Billing Account Administrator or Billing Account User for the target Cloud Billing account

Graphical user interface, text, application, email Description automatically generated

Reference link- 

You can send notification messages using the Notifications composer in the Firebase console. Though this does not provide the same flexibility or scalability as sending messages with the Admin SDK or the HTTP and XMPP protocols, it can be very useful for testing or for highly targeted marketing and user engagement. The Firebase console provides analytics-based A/B testing to help refine and improve marketing messages.

After you have developed logic in your app to receive messages, you can allow non-technical users to send messages per the instructions on the Notifications page in the Firebase Help Center.

Policies are a union of those applied to resources themselves and those inherited from higher levels in the hierarchy. If a parent policy is less restrictive, it overrides a more restrictive policy applied to the resource. If a parent policy is more restrictive, it does not override a less restrictive policy applied to the resource. Therefore, access granted at a higher level in the hierarchy cannot be taken away by policies applied at a lower level in the hierarchy.

With Lift and Shift migrations, the customer could move workloads from a source environment to a target environment with few or no modifications or refactoring

Firebase/Firestore is easy to build and is suitable for user information that could bvary in nature.

Classification. De-classification and Inspection

Classification is the process to inspect the data and know what data we have, how sensitive it is, and the likelihood. Inspection and classification happen here.

De-identification is the process of removing, masking, replacing information from data.

Reference link- 

Groups are convenient to use for this requirement. Permissions to the group are automatically inherited by the members of the group. Adding and removing UX testers from the group will grant and remove permissions.

Preemptible instances function like normal instances but have the following limitations:

-> Compute Engine might stop preemptible instances at any time due to system events. The probability that Compute Engine will stop a preemptible instance for a system event is generally low, but might vary from day to day and from zone to zone depending on current conditions.

-> Compute Engine always stops preemptible instances after they run for 24 hours. Certain actions reset this 24-hour counter.

-> Preemptible instances are finite Compute Engine resources, so they might not always be available.

-> Preemptible instances can't live migrate to a regular VM instance, or be set to automatically restart when there is a maintenance event.

-> Due to the above limitations, preemptible instances are not covered by any Service Level Agreement (and, for clarity, are excluded from the Compute Engine SLA).

-> The Google Cloud Free Tier credits for Compute Engine do not apply to preemptible instances.

Preemptible VMs have all these features

Simple configuration

Create a preemptible instance simply by flipping a bit via command, API, or developer console.

Easy extensibility

Attach GPUs and local SSDs to preemptible instances for additional performance and savings.

Graceful shutdown

Compute Engine gives you 30 seconds to shut down when you're preempted, letting you save your work in progress for later.

Large scale computing

Spin up as many instances as you need and turn them off when you're done. You only pay for what you use.

Quickly reclaim capacity

Managed instance groups automatically recreate your instances when they're preempted (if capacity is available).

Fixed pricing

Preemptible VMs have fixed pricing up to 80% off regular instances. They show up on your bill separately so you'll see just how much you're saving.

Multi-region option will use multiple datacenters that are within the European Union. More regions will also help with lower latency since users are spread across the European U.

Cloud BigTable

Key features

High throughput at low latency

Bigtable is ideal for storing very large amounts of data in a key-value store and supports high read and write throughput at low latency for fast access to large amounts of data. Throughput scales linearly—you can increase QPS (queries per second) by adding Bigtable nodes. Bigtable is built with proven infrastructure that powers Google products used by billions such as Search and Maps.

Cluster resizing without downtime

Scale seamlessly from thousands to millions of reads/writes per second. Bigtable throughput can be dynamically adjusted by adding or removing cluster nodes without restarting, meaning you can increase the size of a Bigtable cluster for a few hours to handle a large load, then reduce the cluster's size again—all without any downtime.

Flexible, automated replication to optimize any workload

Write data once and automatically replicate where needed with eventual consistency—giving you control for high availability and isolation of reading and write workloads. No manual steps are needed to ensure consistency, repair data, or synchronize writes and deletes. Benefit from a high availability SLA of 99.999% for instances with multi-cluster routing across 3 or more regions (99.9% for single-cluster instances).

"Cloud VPN securely extends your peer network to Google's network through an IPsec VPN tunnel. Traffic is encrypted and travels between the two networks over the public internet. Cloud VPN is useful for low-volume data connections. For additional connection options, see the Hybrid Connectivity product page."

You can dynamically increase the size of a subnet in a custom network by expanding the range of IP addresses allocated to it. Doing that doesn’t affect already configured VMs.

A classification model classifies the incoming data into one or more discrete classes.

Cloud Armor provides DDoS protection for applications. It can also "Filter your incoming traffic based on IPv4 and IPv6 addresses or CIDRs. Enforce geography-based access controls to allow or deny traffic based on source geo using Google’s geoIP mapping."

Local SSDs are attached to the VM and have very high throughput. However, when the VM shuts down, The local SSD is also shut down, Since our Workload here is foult tolerant, than is not an issue.

Scalability. When your apps require additional compute resources, autoscaled MIGs can automatically grow the number of instances in the group to meet demand. If demand drops, autoscaled MIGs can automatically shrink to reduce your costs

Bots attacking the application is the most likely scenario in this case. Using WAAP is the right protection plan: Anti-DDoS, anti-bot, WAF, and API protection help you protect against new and existing threats while helping you keep your apps and APIs compliant and continuously available.

Compliance Reports Manager, GDPR Home Page, Compliance Offerings

GCP provides three main compliance resource webpages

Compliance Reports Manager – 

Text, timeline Description automatically generated

Compliance Offerings  – 

GDPR Resource Center –

At Google Cloud, we champion initiatives that prioritize and improve the security and privacy of customer personal data, and want you, as a Google Cloud customer, to feel confident using our services in light of GDPR requirements. If you partner with Google Cloud, we will support your GDPR compliance efforts

Google Cloud Platform has other storage options to meet your needs for structured, unstructured, transactional and relational data. Core storage options: Cloud Storage, Cloud SQL, Cloud Spanner, Cloud Data Store and Google Big Table. Depending on your application, you might want to use one or several of these services to get the job done.

In many cases, customers might not know the implications of the 9s with respect to scheduled maintenance, upgrades, etc. It's possible that they are holding unnecessary expectations that significantly exceed their requirements.

-> Even though 0.0009 % increase it looks like a small increment, an addition of a single 9 reduces the possible downtime by 10 times. So the effort is often much greater.

Reference link-  

Cloud Bigtable

A fully managed, scalable NoSQL database service for large analytical and operational workloads with up to 99.999% availability.

- Consistent sub-10ms latency—handle millions of requests per second

- Ideal for use cases such as personalization, ad tech, fintech, digital media, and IoT

- Seamlessly scale to match your storage needs; no downtime during reconfiguration

- Designed with a storage engine for machine learning applications leading to better predictions

- Easily connect to Google Cloud services such as BigQuery or the Apache ecosystem

Service Level Agreement (SLA) 

A service level agreement (SLA) is a contract between a service provider (either internal or external) and the end user that defines the level of service expected from the service provider. Some common SLA’s are uptime, Response Time, etc.

Web Security Scanner identifies security vulnerabilities in your App Engine, Google Kubernetes Engine (GKE), and Compute Engine web applications. It crawls your application, following all links within the scope of your starting URLs, and attempts to exercise as many user inputs and event handlers as possible.

Currently,  Web Security Scanner only supports public URLs and IPs that aren’t behind a firewall. Web Security Scanner currently supports the App Engine standard environment and App Engine flexible environments, Compute Engine instances, and GKE resources.

Reference link- 

Cloud SQL for MySQL:

Features

- Fully managed MySQL Community Edition databases in the cloud.

- Cloud SQL instances support MySQL 8.0, 5.7 (default), and 5.6, and provide up to 624 GB of RAM and 64 TB of data storage, with the option to automatically increase the storage size, as needed.

- Create and manage instances in the Google Cloud Console.

- Instances are available in the Americas, EU, Asia, and Australia.

- Customer data is encrypted on Google's internal networks and in database tables, temporary files, and backups.

- Support for secure external connections with the Cloud SQL Auth proxy or with the SSL/TLS protocol.

- Support for private IP (private services access).

- Data replication between multiple zones with automatic failover.

- Import and export databases using mysqldump, or import and export CSV files.

- Support for MySQL wire protocol and standard MySQL connectors.

- Automated and on-demand backups and point-in-time recovery.

- Instance cloning.

- Integration with Google Cloud's operations suite logging and monitoring.

Flavors of Apigee

Apigee comes in the following flavors:

Apigee: A hosted SaaS version in which Apigee maintains the environment, allowing you to concentrate on building your services and defining the APIs to those services.

Apigee hybrid: A hybrid version consisting of a runtime plane installed on-premises or in a cloud provider of your choice, and a management plane running in Apigee's cloud. In this model, API traffic and data are confined within your own enterprise-approved boundaries.

This is the definition of a least privilege model.

A supporting principle that helps organizations achieve these goals is the principle of least privilege. The principle of least privilege addresses access control and states that an individual should have only the minimum access privileges necessary to perform a specific job or task and nothing more

Instance is alive for no more than 24 hours,  Can be pre-empted with a 30 second notice, Discounted Significantly.

  Preemptible VM is an instance that you can create and run at a lower cost than normal instances.

However, Compute Engine might stop (pre-empt) these instances if it requires access to those resources for other tasks. Preemptible instances are excess Compute Engine capacity, so their availability varies with usage.

Live at most 24 hours Can be pre-empted with a 30 second notification via API  and are Discounted significantly

Reference link- 

Security Command Center is the right tool for this use case. It can check resources for security issues and notify you when issues are found.

Compute Engine allows you to allocate VMs with different OSs - Windows and Linux, included.

Google provides a page that brings together everything needed around support. Its called the Support Hub

Reference link- 

Moving to Google Cloud is not an all-or-nothing option. Certain workloads can continue to remain on-premise while the predominant chunk moves to Google Cloud

- if the need is to authenticate the application to access your dataset, it's the application's serice account that will be provided during the authentication, so the service account is to be created at their side to run the application

In a shared responsible model, hardware maintence and capacity management cloud provider is the responsible part.

Anthos :

Anthos unifies the management of infrastructure and applications across on-premises, edge, and in multiple public clouds with a Google Cloud-backed control plane for consistent operation at scale.

- Build, deploy, and optimize apps on GKE and VMs anywhere—simply, flexibly, and securely.

- Consistent development and operations experience for hybrid and multi-cloud environments.

Key features:

1. Enterprise-grade container orchestration and management service

2. Automate policy and security at scale

3. Fully managed service mesh with built-in visibility

4. Modernizing your security for hybrid and multi-cloud deployments

Reference link- 

Reference link-

Security Health Analytics and Web Security Scanner detectors generate vulnerabilities findings that are available in Security Command Center. Your ability to view and edit findings is determined by the Identity and Access Management (IAM) roles and permissions you are assigned. For more information about IAM roles in Security Command Center.

Reference link:-

Turn on committed use discount sharing, and create a commitment for the combined usage

Sharing your committed use discounts across all your projects reduces the overhead of managing discounts on a per-project basis, and maximizes your savings by pooling all your discounts across your projects' resource usage. If you have multiple projects that share the same Cloud Billing account, you can enable committed use discount sharing so all of your projects within that Cloud Billing account share all of your committed use discount contracts. Your sustained use discounts are also pooled at the same time. That is, sustained use discounts are calculated using the total resources across these projects, rather than just the resources within a single project.

Text Description automatically generated

Reference link- 

Explanation

By storing their application data in the cloud the organization will be able to gather and analyze user behavior data in real-time. This will enable them to dynamically adjust their application for different user needs.

Choose the Standard network service tier. While Premium tier is the default for all egress traffic and offers the highest performance, when cost is a consideration. Standard tier is the more economical.

Explanation

General Availability is the stage where SLAs apply.

Deprecated - in the deprecated stage, you should start moving away from those APIs and products. Depending on the deprecation policy, SLAs could still be valid.

you can get a 57% discount by agreeing to commit to a 3-year contract. Any usage over the commitment will just be billed at the standard rate. Since they only need 300 CPUs 30% of the time, will pick answer C so that we are not paying usage off 300 CPUs all of the time. This gives us a discount of 57% for 200 CPU's, huge cost savings.

Explanation

Because this will enable the business to better serve their users.

Because in the cloud era, users expect more personalization and customization.

Explanation

Cloud Spanner: "Fully managed relational database with unlimited scale, strong consistency, and up to 99.999% availability."

Store the information in Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage access, and audit secrets across Google Cloud.

The straightforward way to set it is using Organizational Policy constraint. Any attempts to change the organizational setting will be rejected for any project and resource.

References link:

-> 

-> 

Cloud Identity:

A unified identity, access, app, and endpoint management (IAM/EMM) platform.

- Give users easy access to apps with single sign-on.

- Multi-factor authentication protects user and company data.

- Endpoint management enforces policies for personal and corporate devices

KEY FEATURES :

Modernize IT and strengthen security

Multi-factor authentication (MFA)

Help protect your user accounts and company data with a wide variety of MFA verification methods such as push notifications, Google Authenticator, phishing-resistant Titan Security Keys, and using your Android or iOS device as a security key.

Endpoint management

Improve your company’s device security posture on Android, iOS, and Windows devices using a unified console. Set up devices in minutes and keep your company data more secure with endpoint management. Enforce security policies, wipe company data, deploy apps, view reports, and export details.

Single sign-on (SSO)

Enable employees to work from virtually anywhere, on any device, with single sign-on to thousands of pre-integrated apps, both in the cloud and on-premises.

Works with your favorite apps

Cloud Identity integrates with hundreds of cloud applications out of the box—and we’re constantly adding more to the list so you can count on us to be your single identity platform today and in the future.

The PAYG model is more convenient because you only pay for usage. And the case describes that the workloads are only run on certain days.

Explanation

In cloud computing, multitenancy means that multiple customers of a cloud vendor are using the same computing resources. Even though they share resources, cloud customers aren’t aware of each other, and their data is kept totally separate. Mul-titenancy is a crucial component of cloud computing; without it, cloud services would be far less practical. Multitenant architecture is a feature in many types of public cloud com-puting, including IaaS, PaaS, SaaS, containers, and serverless computing.

Multi zone is also redundant within the region and it provides the lowest latency.

Reference link:-

Explanation

IDaaS - identity providers managed by the company give better control over security and privacy. Security/access can be set granularly, while also being centralized. You don't have to manage multiple credentials.

Migrate for Compute Engine enables you to lift and shift workloads at scale to Google Cloud Compute Engine with minimal changes and risk.

When an identity calls a Google Cloud API, BigQuery requires that the identity has the appropriate permissions to use the resource. You can grant permissions by granting roles to a user, a group, or a service account.

Reference link- 

Deploy your application to App Engine using the gcloud app deploy command. This command automatically builds a container image by using the Cloud Build service and then deploys that image to the App Engine flexible environment.

Option A is true

You are responsible for the licensing of all of your software. Bare Metal Solution uses a bring-your-own-license (BYOL) model.

Apart from this you are responsible for the software, applications, and data that you use and store in the Bare Metal Solution environment.

Responsibilities

Data, including:

- Security and encryption

- Backups

Software and applications, including:

- Installation

- Configuration

- Upgrades and patching

Operating system and any hypervisor, including:

- Configuration changes

- Upgrades and patching

Server clusters, including:

- Installation

- Configuration

- Maintenance

Licensing

Option B & C is also true.

With Bare Metal Solution, Google Cloud provides and manages the core infrastructure, the net-work, the physical and network security, and hardware monitoring capabilities in an environment from which you can access all of the Google Cloud services. The core infrastructure includes secure, controlled-environment facilities, and power.

The Bare Metal Solution also includes the provisioning and maintenance of the custom, sole-tenancy hardware with local SAN, and smart hands support.

The network, which is managed by Google Cloud includes a low-latency Cloud Interconnect con-nection into the customer Bare Metal Solution environment.

The available Google Cloud services include private API access, management tools, support, and billing.

After the service provider provisions your connection, you can start passing traffic between your networks by using the service provider's network.

Security Command Center is a centralized security and risk management platform for your Google Cloud resources. It is a single tool that offers a variety of security features including:

1. Gain centralized visibility and control

2. Discover misconfigurations and vulnerabilities

3. Report on and maintain compliance

4. Detect threats targeting your Google Cloud assets