You are running a web application on Google Kubernetes Engine that you inherited. You want to determine whether the application is using libraries with known vulnerabilities or is vulnerable to XSS attacks. Which service should you use?

A. Google Cloud Armor

B. Debugger

C. Web Security Scanner

D. Error Reporting

You are planning to migrate a MySQL database to the managed Cloud SQL database for Google Cloud. You have Compute Engine virtual machine instances that will connect with this Cloud SQL instance. You do not want to whitelist IPs for the Compute Engine instances to be able to access Cloud SQL.

What should you do?

A. Enable private IP for the Cloud SQL instance.

B. Whitelist a project to access Cloud SQL, and add Compute Engine instances in the whitelisted project.

C. Create a role in Cloud SQL that allows access to the database from external instances, and assign the Compute Engine instances to that role.

D. Create a CloudSQL instance on one project. Create Compute engine instances in a different project. Create a VPN between these two projects to allow internal access to CloudSQL.

You work for an organization that manages an ecommerce site. Your application is deployed behind a global HTTP(S) load balancer. You need to test a new product recommendation algorithm. You plan to use A/B testing to determine the new algorithm's effect on sales in a randomized way. How should you test this feature?

A. Split traffic between versions using weights.

B. Enable the new recommendation feature flag on a single instance.

C. Mirror traffic to the new version of your application.

D. Use HTTP header-based routing.

Your application takes an input from a user and publishes it to the user's contacts. This input is stored in a table in Cloud Spanner. Your application is more sensitive to latency and less sensitive to consistency. How should you perform reads from Cloud Spanner for this application?

A. Perform Read-Only transactions.

B. Perform stale reads using single-read methods.

C. Perform strong reads using single-read methods.

D. Perform stale reads using read-write transactions.

You are parsing a log file that contains three columns: a timestamp, an account number (a string), and a transaction amount (a number). You want to calculate the sum of all transaction amounts for each unique account number efficiently. Which data structure should you use?

A. A linked list

B. A hash table

C. A two-dimensional array

D. A comma-delimited string

You are using Cloud Build build to promote a Docker image to Development, Test, and Production environments. You need to ensure that the same Docker image is deployed to each of these environments. How should you identify the Docker image in your build?

A. Use the latest Docker image tag.

B. Use a unique Docker image name.

C. Use the digest of the Docker image.

D. Use a semantic version Docker image tag.

You are using Cloud Build for your CI/CD pipeline to complete several tasks, including copying certain files to Compute Engine virtual machines. Your pipeline requires a flat file that is generated in one builder in the pipeline to be accessible by subsequent builders in the same pipeline. How should you store the file so that all the builders in the pipeline can access it?

A. Store and retrieve the file contents using Compute Engine instance metadata.

B. Output the file contents to a file in /workspace. Read from the same /workspace file in the subsequent build step.

C. Use gsutil to output the file contents to a Cloud Storage object. Read from the same object in the subsequent build step.

D. Add a build argument that runs an HTTP POST via curl to a separate web server to persist the value in one builder. Use an HTTP GET via curl from the subsequent build step to read the value.

Your team is building an application for a financial institution. The application's frontend runs on Compute Engine, and the data resides in Cloud SQL and one Cloud Storage bucket. The application will collect data containing PII, which will be stored in the Cloud SQL database and the Cloud Storage bucket. You need to secure the PII data. What should you do?

A. 1) Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database 2) Using IAM, allow only the frontend service account to access the Cloud Storage bucket

B. 1) Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database 2) Enable private access to allow the frontend to access the Cloud Storage bucket privately

C. 1) Configure a private IP address for Cloud SQL 2) Use VPC-SC to create a service perimeter 3) Add the Cloud SQL database and the Cloud Storage bucket to the same service perimeter

D. 1) Configure a private IP address for Cloud SQL 2) Use VPC-SC to create a service perimeter 3) Add the Cloud SQL database and the Cloud Storage bucket to different service perimeters

Which service should HipLocal use for their public APIs?

A. Cloud Armor

B. Cloud Functions

C. Cloud Endpoints

D. Shielded Virtual Machines

For this question, refer to the HipLocal case study.

A recent security audit discovers that HipLocal's database credentials for their Compute Engine-hosted MySQL databases are stored in plain text on persistent disks. HipLocal needs to reduce the risk of these credentials being stolen. What should they do?

A. Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

B. Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

C. Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

D. Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.