PCSE Managing operations in a cloud solution environment • Complete Question Bank
Complete PCSE Managing operations in a cloud solution environment question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` resource.type = "gce_instance" resource.labels.instance_id = "1234567890123456789" severity = "ERROR" log_name = "projects/my-project/logs/compute.googleapis.com%2Factivity_log" ```
Refer to the exhibit.
```
{
"bindings": [
{
"role": "roles/storage.objectViewer",
"members": [
"serviceAccount:sa-1@project.iam.gserviceaccount.com"
]
},
{
"role": "roles/storage.objectAdmin",
"members": [
"serviceAccount:sa-2@project.iam.gserviceaccount.com"
]
}
]
}
```Refer to the exhibit.
```
$ gcloud logging read "logName=projects/my-project/logs/cloudaudit.googleapis.com%2Factivity AND protoPayload.methodName=google.cloud.kms.v1.Decrypt" --limit 5
---
insertId: 1a2b3c4d5e
logName: projects/my-project/logs/cloudaudit.googleapis.com%2Factivity
protoPayload:
@type: type.googleapis.com/google.cloud.audit.AuditLog
authenticationInfo:
principalEmail: user@example.com
methodName: google.cloud.kms.v1.Decrypt
resourceName: projects/my-project/locations/global/keyRings/my-keyring/cryptoKeys/my-key/cryptoKeyVersions/1
response:
plaintext: "REDACTED"
serviceName: cloudkms.googleapis.com
status: {}
resource:
labels:
key_id: my-key
location: global
key_ring: my-keyring
type: cloudkms_crypto_key
severity: NOTICE
```Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Ingress or egress traffic direction
CIDR blocks for incoming traffic
VM instance tags that rule applies to
Rule evaluation order (lower number = higher priority)
Allow or deny traffic
Drag a concept onto its matching description — or click a concept then click the description.
Free, includes basic vulnerability scanning and findings
Paid, includes threat detection, event threat detection, and container threat detection
Paid, includes all Premium features plus security posture, asset inventory, and compliance
Built-in vulnerability scanning and misconfiguration detection
Detects threats from Cloud Logging and DNS logs
Refer to the exhibit.
{
"name": "allow-http-s-https-all-instances",
"network": "projects/my-project/global/networks/default",
"priority": 1000,
"sourceRanges": ["0.0.0.0/0"],
"targetTags": ["http-server", "https-server"],
"allowed": [
{"IPProtocol": "tcp", "ports": ["80","443"]}
],
"direction": "INGRESS"
}Refer to the exhibit.
{
"bindings": [
{
"role": "roles/storage.objectAdmin",
"members": ["user:admin@example.com"]
},
{
"role": "roles/storage.objectViewer",
"members": ["user:viewer@example.com", "serviceAccount:sa@project.iam.gserviceaccount.com"]
}
]
}Refer to the exhibit.
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"serviceName": "compute.googleapis.com",
"methodName": "v1.compute.instances.delete",
"resourceName": "projects/my-project/zones/us-central1-a/instances/instance-1",
"authenticationInfo": {
"principalEmail": "admin@example.com"
},
"authorizationInfo": [
{
"resource": "projects/my-project/zones/us-central1-a/instances/instance-1",
"permission": "compute.instances.delete",
"granted": true,
"resourceAttributes": {}
}
],
"request": {
"instance": "instance-1"
}
}
}$ gcloud compute firewall-rules list --format="table(name, network, priority, allow, sourceRanges)" NAME NETWORK PRIORITY ALLOW SOURCE_RANGES allow-http default 1000 tcp:80 0.0.0.0/0 allow-https default 1000 tcp:443 0.0.0.0/0 deny-all default 2000 tcp:0-65535 10.0.0.0/8 default-allow-internal default 65534 tcp:0-65535,udp:0-65535,icmp 10.128.0.0/9
{
"bindings": [
{
"role": "roles/storage.objectViewer",
"members": [
"user:alice@example.com",
"user:bob@example.com"
]
},
{
"role": "roles/storage.objectAdmin",
"members": [
"serviceAccount:my-sa@project.iam.gserviceaccount.com"
]
}
],
"etag": "BwXq..."
}ERROR: (gcloud.compute.instances.create) Could not fetch resource: - Invalid value for field 'resource.disks[0].initializeParams.sourceImage': 'projects/other-project/global/images/family/my-image'. The referenced image family does not exist in project 'other-project'.
NAME NETWORK DIRECTION PRIORITY ALLOW DENY SOURCE_RANGES default-allow-http my-vpc INGRESS 1000 tcp:80 0.0.0.0/0 default-allow-ssh my-vpc INGRESS 1000 tcp:22 0.0.0.0/0 deny-ssh-all my-vpc INGRESS 200 tcp:22 0.0.0.0/0 allow-ssh-from-bastion my-vpc INGRESS 500 tcp:22 10.0.1.2/32
{
"bindings": [
{
"role": "roles/storage.objectViewer",
"members": ["user:jane@example.com"],
"condition": {
"title": "IP restriction",
"expression": "request.headers['x-forwarded-for'].startsWith('10.0.0.')"
}
}
]
}Error: Container failed to start. Failed to start and then listen on the port defined by the PORT environment variable.
Refer to the exhibit.
```yaml
# monitoring alert policy
combiner: OR
conditions:
- conditionThreshold:
filter: resource.type="gce_instance" AND metric.type="compute.googleapis.com/instance/cpu/utilization"
aggregations:
- alignmentPeriod: 60s
perSeriesAligner: ALIGN_RATE
duration: 300s
comparison: COMPARISON_GT
thresholdValue: 0.8
trigger:
count: 1
displayName: CPU > 80%
- conditionMonitoringQueryLanguage:
query: |
fetch gce_instance
| metric 'compute.googleapis.com/instance/cpu/utilization'
| filter resource.zone == 'us-central1-a'
| group_by [resource.instance_id], 60s, [value_utilization_mean: mean(value.utilization)]
| every 60s
| condition value_utilization_mean > 0.9
duration: 0s
trigger:
count: 1
displayName: High average CPU per instance
documentation:
content: |
Alert when CPU is high.
mime_type: text/markdown
```