Question 1mediummultiple choice
Read the full Manage implementation of cloud architecture explanation →Google PCA Manage implementation of cloud architecture • Complete Question Bank
Complete Google PCA Manage implementation of cloud architecture question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
```
{
"bindings": [
{
"role": "roles/storage.objectViewer",
"members": [
"user:alice@example.com",
"serviceAccount:sa-bucket@project.iam.gserviceaccount.com"
]
},
{
"role": "roles/storage.objectAdmin",
"members": [
"group:data-team@example.com"
]
}
]
}
```Refer to the exhibit. ``` $ gcloud container clusters describe my-cluster --zone us-central1-a --format 'table(name, nodeConfig.machineType, nodePools[].initialNodeCount, nodePools[].config.machineType)' NAME: my-cluster MASTER_VERSION: 1.28.5-gke.2000 NODE_CONFIG_MACHINE_TYPE: e2-standard-4 NODE_POOLS: [0].initialNodeCount: 3 NODE_POOLS: [0].config.machineType: e2-standard-4 ```
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Legacy roles like Owner, Editor, Viewer
Fine-grained roles managed by Google
User-defined roles with specific permissions
Another name for Basic roles
Identity for applications, not users
Refer to the exhibit. gcloud container clusters describe prod-cluster --region us-central1 ... networkPolicy: enabled: true provider: CALICO ... The cluster is using Calico network policies. A developer deploys a manifest that defines a NetworkPolicy that allows ingress from pods with label 'app: frontend' but the traffic is still blocked. The pod logs show no network error but the connection times out.
Refer to the exhibit.
gcloud deployment-manager deployments describe my-deployment
---
id: '12345'
name: my-deployment
manifest: manifest-123
state: DEPLOYED
resources:
- name: my-vm
type: compute.v1.instance
properties:
machineType: zones/us-central1-a/machineTypes/n1-standard-1
networkInterfaces:
- network: global/networks/default
currentStatus: FAILED
- name: my-disk
type: compute.v1.disk
properties:
zone: us-central1-a
sizeGb: 10
currentStatus: SUCCESSRefer to the exhibit. error: googleapi: Error 403: The caller does not have permission, forbidden Stackdriver Logging logged: 'iam.serviceAccounts.actAs' permission on service account '12345-compute@developer.gserviceaccount.com'.
Refer to the exhibit. $ gcloud compute instances list --zones=us-central1-a,us-central1-b,us-central1-c NAME ZONE MACHINE_TYPE PREEMPTIBLE STATUS instance-1 us-central1-a n1-standard-4 yes RUNNING instance-2 us-central1-b n1-standard-4 yes RUNNING instance-3 us-central1-c n1-standard-4 yes RUNNING instance-4 us-central1-a n1-standard-4 yes RUNNING instance-5 us-central1-b n1-standard-4 yes TERMINATED instance-6 us-central1-c n1-standard-4 yes RUNNING
{
"textPayload": "Error 403: The caller does not have permission to access the resource. Request prohibited by organization's policy. [ORGANIZATION_POLICY: constraints/iam.allowedPolicyMemberDomains]"
}