Associate-Cloud-Engineer Practice Exam Questions and Answers

A.  

Create a Cloud Function to create an instance template.

B.  

Create a snapshot schedule for the disk using the desired interval.

C.  

Create a cron job to create a new disk from the disk using gcloud.

D.  

Create a Cloud Task to create an image and export it to Cloud Storage.

A.  

Create a cron job that runs on a scheduled basis to review stackdriver monitoring metrics, and then resize the Spanner instance accordingly.

B.  

Create a Stackdriver alerting policy to send an alert to oncall SRE emails when Cloud Spanner CPU exceeds the threshold. SREs would scale resources up or down accordingly.

C.  

Create a Stackdriver alerting policy to send an alert to Google Cloud Support email when Cloud Spanner CPU exceeds your threshold. Google support would scale resources up or down accordingly.

D.  

Create a Stackdriver alerting policy to send an alert to webhook when Cloud Spanner CPU is over or under your threshold. Create a Cloud Function that listens to HTTP and resizes Spanner resources accordingly.

A.  

Use Cloud Bigtable for data storage.

B.  

Use Cloud SQL for data storage.

C.  

Use Cloud Spanner for data storage.

D.  

Use Firestore for data storage.

A.  

Fill in local SS

D.  

B.  

Fill in local SS

D.  

C.  

Select Add GPUs. Fill in persistent disk storage and snapshot storage.

D.  

Select Add GPUs. Add estimated cost for cluster management.

A.  

Deploy the monitoring pod in a StatefulSet object.

B.  

Deploy the monitoring pod in a DaemonSet object.

C.  

Reference the monitoring pod in a Deployment object.

D.  

Reference the monitoring pod in a cluster initializer at the GKE cluster creation time.

A.  

Use Deployment Manager templates to describe the proposed changes and store them in a Cloud Storage bucket.

B.  

Use Deployment Manager templates to describe the proposed changes and store them in Cloud Source Repositories.

C.  

Apply the change in a development environment, run gcloud compute instances list, and then save the output in a shared Storage bucket.

D.  

Apply the change in a development environment, run gcloud compute instances list, and then save the output in Cloud Source Repositories.

A.  

Set up a policy that uses Nearline storage for 30 days and then moves to Archive storage for three years.

B.  

Set up a policy that uses Standard storage for 30 days and then moves to Archive storage for three years.

C.  

Set up a policy that uses Nearline storage for 30 days, then moves the Coldline for one year, and then moves to Archive storage for two years.

D.  

Set up a policy that uses Standard storage for 30 days, then moves to Coldline for one year, and then moves to Archive storage for two years.

A.  

Upload the data to BigQuery using the bq command line tool.

B.  

Upload the data to Cloud Storage using the gsutil command line tool.

C.  

Upload the data into Cloud SQL using the import function in the console.

D.  

Upload the data into Cloud Spanner using the import function in the console.

A.  

Create a single custom VPC with 2 subnets. Create each subnet in a different region and with a different CIDR range.

B.  

Create a single custom VPC with 2 subnets. Create each subnet in the same region and with the same CIDR range.

C.  

Create 2 custom VPCs, each with a single subnet. Create each subnet is a different region and with a different CIDR range.

D.  

Create 2 custom VPCs, each with a single subnet. Create each subnet in the same region and with the same CIDR range.

A.  

Use the command gcloud config set container/cluster dev.

B.  

Use the command gcloud container clusters update dev.

C.  

Create a file called gke.default in the ~/.gcloud folder that contains the cluster name.

D.  

Create a file called defaults.json in the ~/.gcloud folder that contains the cluster name.

A.  

Use kubectl app deploy .

B.  

Use gcloud app deploy .

C.  

Create a docker image from the Dockerfile and upload it to Container Registry. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.

D.  

Create a docker image from the Dockerfile and upload it to Cloud Storage. Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file.

A.  

Select Google Kubernetes Engine. Use a single-node cluster with a small instance type.

B.  

Select Google Kubernetes Engine. Use a three-node cluster with micro instance types.

C.  

Select Compute Engine. Use preemptible VM instances of the appropriate standard machine type.

D.  

Select Compute Engine. Use VM instance types that support micro bursting.

A.  

Save file automatic first-of-the- month backup for three years Store the backup file in an Archive class Cloud Storage bucket

B.  

Convert the automatic first-of-the-month backup to an export file Write the export file to a Coldline class Cloud Storage bucket

C.  

Set up an export job for the first of the month Write the export file to an Archive class Cloud Storage bucket

D.  

Set up an on-demand backup tor the first of the month Write the backup to an Archive class Cloud Storage bucket

A.  

Deploy a new version of your application in Google Kubernetes Engine instead of App Engine and then use GCP Console to split traffic.

B.  

Deploy a new version of your application in a Compute Engine instance instead of App Engine and then use GCP Console to split traffic.

C.  

Deploy a new version as a separate app in App Engine. Then configure App Engine using GCP Console to split traffic between the two apps.

D.  

Deploy a new version of your application in App Engine. Then go to App Engine settings in GCP Console and split traffic between the current version and newly deployed versions accordingly.

A.  

Create and deploy a Custom Resource Definition per microservice.

B.  

Create and deploy a Docker Compose File.

C.  

Create and deploy a Job per microservice.

D.  

Create and deploy a Deployment per microservice.

A.  

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE container resource.

B.  

1. Go to the Logs ingestion window in Stackdriver Logging, and disable the log source for the GKE Cluster Operations resource.

C.  

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Logging.

D.  

1. Go to the GKE console, and delete existing clusters.2. Recreate a new cluster.3. Clear the option to enable legacy Stackdriver Monitoring.

A.  

Configure regional storage for the region closest to the users Configure a Nearline storage class

B.  

Configure regional storage for the region closest to the users Configure a Standard storage class

C.  

Configure dual-regional storage for the dual region closest to the users Configure a Nearline storage class

D.  

Configure dual-regional storage for the dual region closest to the users Configure a Standard storage class

A.  

1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery jobUser role to the group.

B.  

1. Create an IAM entry for each data scientist's user account.2. Assign the BigQuery dataViewer user role to the group.

C.  

1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery jobUser role to the group.

D.  

1. Create a dedicated Google group in Cloud Identity.2. Add each data scientist's user account to the group.3. Assign the BigQuery dataViewer user role to the group.

A.  

Manual Scaling with 3 instances.

B.  

Basic Scaling with min_instances set to 3.

C.  

Basic Scaling with max_instances set to 3.

D.  

Automatic Scaling with min_idle_instances set to 3.

A.  

Filter the Activity log to view the Configuration category. Filter the Resource type to Service Account.

B.  

Filter the Activity log to view the Configuration category. Filter the Resource type to Google Project.

C.  

Filter the Activity log to view the Data Access category. Filter the Resource type to Service Account.

D.  

Filter the Activity log to view the Data Access category. Filter the Resource type to Google Project.

A.  

Cloud Pub/Sub, Cloud Dataflow, Cloud Datastore, BigQuery

B.  

Firebase Messages, Cloud Pub/Sub, Cloud Spanner, BigQuery

C.  

Cloud Pub/Sub, Cloud Storage, BigQuery, Cloud Bigtable

D.  

Cloud Pub/Sub, Cloud Dataflow, Cloud Bigtable, BigQuery

A.  

Using the GCP Console, filter the Activity log to view the information.

B.  

Using the GCP Console, filter the Stackdriver log to view the information.

C.  

View the bucket in the Storage section of the GCP Console.

D.  

Create a trace in Stackdriver to view the information.

A.  

gcloud deployment-manager deployments create --config

B.  

gcloud deployment-manager deployments update --config

C.  

gcloud deployment-manager resources create --config

D.  

gcloud deployment-manager resources update --config

A.  

Meet with the cloud enablement team to discuss load balancer options.

B.  

Redesign the application to use a distributed user session service that does not rely on WebSockets and HTTP sessions.

C.  

Review the encryption requirements for WebSocket connections with the security team.

D.  

Convert the WebSocket code to use HTTP streaming.

A.  

Use kubect1 to delete the topic resource.

B.  

Use gcloud CLI to delete the topic.

C.  

Use kubect1 to create the label deleted-by-cnrm and to change its value to true for the topic resource.

D.  

Use gcloud CLI to update the topic label managed-by-cnrm to false.

A.  

For each GCP product in the solution, review the pricing details on the products pricing page. Use the pricing calculator to total the monthly costs for each GCP product.

B.  

For each GCP product in the solution, review the pricing details on the products pricing page. Create a Google Sheet that summarizes the expected monthly costs for each product.

C.  

Provision the solution on GCP. Leave the solution provisioned for 1 week. Navigate to the Billing Report page in the Google Cloud Platform Console. Multiply the 1 week cost to determine the monthly costs.

D.  

Provision the solution on GCP. Leave the solution provisioned for 1 week. Use Stackdriver to determine the provisioned and used resource amounts. Multiply the 1 week cost to determine the monthly costs.

A.  

Store the application data on a zonal persistent disk. Create a snapshot schedule for the disk. If an outage occurs, create a new disk from the most recent snapshot and attach it to a new VM in another zone.

B.  

Store the application data on a zonal persistent disk. If an outage occurs, create an instance in another zone with this disk attached.

C.  

Store the application data on a regional persistent disk. Create a snapshot schedule for the disk. If an outage occurs, create a new disk from the most recent snapshot and attach it to a new VM in another zone.

D.  

Store the application data on a regional persistent disk If an outage occurs, create an instance in another zone with this disk attached.

A.  

Verify that you are Project Billing Manager for the GCP project. Update the existing project to link it to the existing billing account.

B.  

Verify that you are Project Billing Manager for the GCP project. Create a new billing account and link the new billing account to the existing project.

C.  

Verify that you are Billing Administrator for the billing account. Create a new project and link the new project to the existing billing account.

D.  

Verify that you are Billing Administrator for the billing account. Update the existing project to link it to the existing billing account.

A.  

Grant the basic role roles/viewer and the predefined role roles/compute.admin to the DevOps group.

B.  

Create an 1AM policy and grant all compute. instanceAdmln." permissions to the policy Attach the policy to the DevOps group.

C.  

Create a custom role at the folder level and grant all compute. instanceAdmln. * permissions to the role Grant the custom role to the DevOps group.

D.  

Grant the basic role roles/editor to the DevOps group.

A.  

Build a lifecycle policy to delete Cloud Storage objects after 45 days.

B.  

Use signed URLs to allow suppliers limited time access to store their objects.

C.  

Set up an SFTP server for your application, and create a separate user for each supplier.

D.  

Build a Cloud function that triggers a timer of 45 days to delete objects that have expired.

E.  

Develop a script that loops through all Cloud Storage buckets and deletes any buckets that are older than 45 days.

A.  

Open the Cloud Spanner console to review configurations.

B.  

Open the IAM & admin console to review IAM policies for Cloud Spanner roles.

C.  

Go to the Stackdriver Monitoring console and review information for Cloud Spanner.

D.  

Go to the Stackdriver Logging console, review admin activity logs, and filter them for Cloud Spanner IAM roles.

A.  

Migrate the users to Active Directory. Connect the Human Resources system to Active Directory. Turn on Google Cloud Directory Sync (GCDS) for Cloud Identity. Turn on Identity Federation from Cloud Identity to Active Directory.

B.  

Organize the users in Cloud Identity into groups. Enforce multi-factor authentication in Cloud Identity.

C.  

Turn on identity federation between Cloud Identity and Google Workspace. Enforce multi-factor authentication for domain wide delegation.

D.  

Use a third-party identity provider service through federation. Synchronize the users from Google Workplace to the third-party provider in real time.

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

Upload the image to Cloud Storage and create a Kubernetes Service referencing the image.

B.  

Upload the image to Cloud Storage and create a Kubernetes Deployment referencing the image.

C.  

Upload the image to Container Registry and create a Kubernetes Service referencing the image.

D.  

Upload the image to Container Registry and create a Kubernetes Deployment referencing the image.

A.  

Write a script that runs gsutil Is -| – gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Schedule the script with cron.

B.  

Write a lifecycle management rule in JSON and push it to the bucket with gsutil lifecycle set config-json-file.

C.  

Write a lifecycle management rule in XML and push it to the bucket with gsutil lifecycle set config-xml-file.

D.  

Write a script that runs gsutil Is -Ir gs://myapp-gcp-ace-logs/** to find and remove items older than 90 days. Repeat this process every morning.

A.  

Coldline Storage

B.  

Nearline Storage

C.  

Regional Storage

D.  

Multi-Regional Storage

A.  

Add the cluster’s API as a new Type Provider in Deployment Manager, and use the new type to create the DaemonSet.

B.  

Use the Deployment Manager Runtime Configurator to create a new Config resource that contains the DaemonSet definition.

C.  

With Deployment Manager, create a Compute Engine instance with a startup script that uses kubectl to create the DaemonSet.

D.  

In the cluster’s definition in Deployment Manager, add a metadata that has kube-system as key and the DaemonSet manifest as value.

A.  

Enable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.

B.  

Tag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.

C.  

Set up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.

D.  

Ask the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

A.  

1. Verify that you are assigned the Project Owners IAM role for this project.

2. Locate the project in the GCP console, click Shut down and then enter the project I

D.  

B.  

1. Verify that you are assigned the Project Owners IAM role for this project.

2. Switch to the project in the GCP console, locate the resources and delete them.

C.  

1. Verify that you are assigned the Organizational Administrator IAM role for this project.

2. Locate the project in the GCP console, enter the project ID and then click Shut down.

D.  

1. Verify that you are assigned the Organizational Administrators IAM role for this project.

2. Switch to the project in the GCP console, locate the resources and delete them.

A.  

View System Event Logs in Stackdriver. Search for the user’s email as the principal.

B.  

View System Event Logs in Stackdriver. Search for the service account associated with the user.

C.  

View Data Access audit logs in Stackdriver. Search for the user’s email as the principal.

D.  

View the Admin Activity log in Stackdriver. Search for the service account associated with the user.

A.  

kubectl get deployments –output=pods

B.  

gcloud get pods –selector=”app=prod”

C.  

kubectl get pods -I “app=prod”

D.  

gcloud list gke-deployments -filter={pod }

A.  

Deploy Jenkins through the Google Cloud Marketplace.

B.  

Create a new Compute Engine instance. Run the Jenkins executable.

C.  

Create a new Kubernetes Engine cluster. Create a deployment for the Jenkins image.

D.  

Create an instance template with the Jenkins executable. Create a managed instance group with this template.

A.  

.00.0.0/0

B.  

10.0.0.0/8

C.  

172.16.0.0/12

D.  

192.168.0.0/16

A.  

Use a Deployment Manager script to automate creating storage buckets in an appropriate region

B.  

Use a local SSD to improve performance of the VM for the targeted workload

C.  

Use the gsutii command to create a storage bucket in the same region as the VM

D.  

Use a Persistent Disk SSD in the same zone as the VM to improve performance of the VM

A.  

Persistent SSD on VM instances.

B.  

Cloud Filestore.

C.  

Multiregional Cloud Storage bucket.

D.  

Cloud Datastore database.

A.  

Set up a budget alert on the project with an amount of 100 dollars, a threshold of 100%, and notification type of “email.”

B.  

Set up a budget alert on the billing account with an amount of 100 dollars, a threshold of 100%, and notification type of “email.”

C.  

Export the billing data to BigQuery. Create a Cloud Function that uses BigQuery to sum the egress network costs of the exported billing data for the Apache web server for the current month and sends an email if it is over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

D.  

Use the Stackdriver Logging Agent to export the Apache web server logs to Stackdriver Logging. Create a Cloud Function that uses BigQuery to parse the HTTP response log data in Stackdriver for the current month and sends an email if the size of all HTTP responses, multiplied by current GCP egress prices, totals over 100 dollars. Schedule the Cloud Function using Cloud Scheduler to run hourly.

A.  

Add the group for the finance team to roles/billing user role.

B.  

Add the group for the finance team to roles/billing admin role.

C.  

Add the group for the finance team to roles/billing viewer role.

D.  

Add the group for the finance team to roles/billing project/Manager role.

A.  

In the Log Viewer, filter the logs on severity 'Error' and the name of the Service Account.

B.  

Create a sink to BigQuery to export all the logs. Create a Data Studio dashboard on the exported logs.

C.  

Create a custom log-based metric for the specific error to be used in an Alerting Policy.

D.  

Grant Project Owner access to the Service Account.

A.  

Enable the Identity Aware Proxy API on the project.

B.  

Scan the bucker using the Data Loss Prevention API.

C.  

Allow only a single Service Account access to read the data.

D.  

Enable Data Access audit logs for the Cloud Storage API.

A.  

Enable Private Service Access on the Cloud Storage Bucket.

B.  

Add slorage.googleapis.com to the list of restricted services in a VPC Service Controls perimeter and add your project to the list to protected projects.

C.  

Enable Private Google Access on the subnet within the custom VP

C.  

D.  

Deploy a Cloud NAT instance and route the traffic to the dedicated IP address of the Cloud Storage bucket.

A.  

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -m 1h gs:///*.

B.  

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -d 1h gs:///**.

C.  

Create a service account with just the permissions to access files in the bucket. Create a JSON key for the service account. Execute the command gsutil signurl -p 60m gs:///.

D.  

Create a JSON key for the Default Compute Engine Service Account. Execute the command gsutil signurl -t 60m gs:///***

A.  

Use the GCP Console to transfer the file instead of gsutil.

B.  

Enable parallel composite uploads using gsutil on the file transfer.

C.  

Decrease the TCP window size on the machine initiating the transfer.

D.  

Change the storage class of the bucket from Nearline to Multi-Regional.

A.  

Enable Audit Logs for all APIs that are related to data storage.

B.  

Review the IAM permissions for any role that allows for data access. Most Voted

C.  

Review the Identity-Aware Proxy settings for each resource.

D.  

Create a Data Loss Prevention job.

A.  

Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

B.  

Select Multi-Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.

C.  

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Nearline Storage.

D.  

Select Regional Storage. Add a bucket lifecycle rule that archives data after 30 days to Coldline Storage.

A.  

Move both projects under the same folder.

B.  

Grant the VM Service Account the role Storage Object Creator on corp-aggregate-reports-storage.

C.  

Create a Shared VPC network between both projects. Grant the VM Service Account the role Storage Object Creator on corp-iot-insights.

D.  

Make corp-aggregate-reports-storage public and create a folder with a pseudo-randomized suffix name. Share the folder with the IoT team.

A.  

Use service account credentials in your on-premises application.

B.  

Use gcloud to create a key file for the service account that has appropriate permissions.

C.  

Set up direct interconnect between your data center and Google Cloud Platform to enable authentication for your on-premises applications.

D.  

Go to the IAM & admin console, grant a user account permissions similar to the service account permissions, and use this user account for authentication from your data center.

A.  

Use the gcloud CLI services enable cloudresourcemanager.googleapis.com command to enable all resources.

B.  

Use the gcloud services enable compute.googleapis.com command to enable Compute Engine and the gcloud services enable storage-api.googleapis.com command to enable the Cloud Storage APIs.

C.  

Open the Google Cloud console and enable all Google Cloud APIs from the API dashboard.

D.  

Open the Google Cloud console and run gcloud init --project in a Cloud Shell.

A.  

The pending Pod's resource requests are too large to fit on a single node of the cluster.

B.  

Too many Pods are already running in the cluster, and there are not enough resources left to schedule the pending Pod.

C.  

The node pool is configured with a service account that does not have permission to pull the container image used by the pending Pod.

D.  

The pending Pod was originally scheduled on a node that has been preempted between the creation of the Deployment and your verification of the Pods’ status. It is currently being rescheduled on a new node.

A.  

Review details of the myapp-service Service object and check for error messages.

B.  

Review details of the myapp-deployment Deployment object and check for error messages.

C.  

Review details of myapp-deployment-58ddbbb995-lp86m Pod and check for warning messages.

D.  

View logs of the container in myapp-deployment-58ddbbb995-lp86m pod and check for warning messages.

A.  

In the project where the images are stored, grant the Storage Object Viewer IAM role to the service account used by the Kubernetes nodes.

B.  

When you create the GKE cluster, choose the Allow full access to all Cloud APIs option under ‘Access scopes’.

C.  

Create a service account, and give it access to Cloud Storage. Create a P12 key for this service account and use it as an imagePullSecrets in Kubernetes.

D.  

Configure the ACLs on each image in Cloud Storage to give read-only access to the default Compute Engine service account.

A.  

Verify that both projects are in a GCP Organization. Create a new VPC and add all instances.

B.  

Verify that both projects are in a GCP Organization. Share the VPC from one project and request that the Compute Engine instances in the other project use this shared VP

C.  

C.  

Verify that you are the Project Administrator of both projects. Create two new VPCs and add all instances.

D.  

Verify that you are the Project Administrator of both projects. Create a new VPC and add all instances.

A.  

Project Editor

B.  

Storage Admin

C.  

Storage Object Admin

D.  

Storage Object Creator

A.  

Configure Cloud NAT for all subnets of your VPC to be used when egressing from the VM instances.

B.  

Create a private zone on Cloud DNS, and configure the applications with the DNS name.

C.  

Configure the IP of the database as custom metadata for each instance, and query the metadata server.

D.  

Query the Compute Engine internal DNS from the applications to retrieve the IP of the database.

A.  

Create one CNAME record to point mydomain.com to the load balancer, and create two A records to point WWW and HOME lo mydomain.com respectively.

B.  

Create one CNAME record to point mydomain.com to the load balancer, and create two AAAA records to point WWW and HOME to mydomain.com respectively.

C.  

Create one A record to point mydomain.com to the load balancer, and create two CNAME records to point WWW and HOME to mydomain.com respectively.

D.  

Create one A record to point mydomain.com lo the load balancer, and create two NS records to point WWW and HOME to mydomain.com respectively.

A.  

kubectl delete deployment nginx

B.  

kubectl delete –deployment=nginx

C.  

kubectl delete pod nginx-84748895c4-k6bzl –no-restart 2

D.  

kubectl delete inginx

A.  

Select Cloud SQL (MySQL). Verify that the enable binary logging option is selected.

B.  

Select Cloud SQL (MySQL). Select the create failover replicas option.

C.  

Select Cloud Spanner. Set up your instance with 2 nodes.

D.  

Select Cloud Spanner. Set up your instance as multi-regional.

A.  

When creating the VM via the web console, specify the service account under the ‘Identity and API Access’ section.

B.  

Download a JSON Private Key for the service account. On the Project Metadata, add that JSON as the value for the key compute-engine-service-account.

C.  

Download a JSON Private Key for the service account. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine-service-account.

D.  

Download a JSON Private Key for the service account. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service-account.json.

A.  

In Google Cloud, configure the VPC as a host for Shared VP

C.  

B.  

In Google Cloud, configure the VPC for VPC Network Peering.

C.  

Create bastion hosts both in your on-premises environment and on Google Cloud. Configure both as proxy servers using their public IP addresses.

D.  

Set up Cloud VPN between the infrastructure on-premises and Google Cloud.

A.  

Use Binary Authorization and whitelist only the container images used by your customers’ Pods.

B.  

Use the Container Analysis API to detect vulnerabilities in the containers used by your customers’ Pods.

C.  

Create a GKE node pool with a sandbox type configured to gvisor. Add the parameter runtimeClassName: gvisor to the specification of your customers’ Pods.

D.  

Use the cos_containerd image for your GKE nodes. Add a nodeSelector with the value cloud.google.com/gke-os-distribution: cos_containerd to the specification of your customers’ Pods.

A.  

Create a single budget for all projects and configure budget alerts on this budget.

B.  

Create a separate billing account per sandbox project and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per billing account.

C.  

Create a budget per project and configure budget alerts on all of these budgets.

D.  

Create a single billing account for all sandbox projects and enable BigQuery billing exports. Create a Data Studio dashboard to plot the spending per project.