Blue/green deployment

Canary deployment

Rolling deployment

Recreate deployment

Create a user-managed service account with a custom Identity and Access Management (IAM) role.

Create a user-managed service account with the Storage Admin Identity and Access Management (IAM) role.

Create a user-managed service account with the Project Editor Identity and Access Management (IAM) role.

Use the default service account linked to the Cloud Run revision in production.

Store user data on a Cloud Shell home disk and log in at least every 120 days to prevent its deletion

Store user data on a persistent disk in a Compute Engine instance

Store user data m BigQuery tables

Store user data in a Cloud Storage bucket

Directly persist each POST request’s JSON data into Datastore.

Transform the POST request’s JSON data, and stream it into BigQuery.

Transform the POST request’s JSON data, and store it in a regional Cloud SQL cluster.

Persist each POST request’s JSON data as an individual file within Cloud Storage, with the file name containing the request identifier.

Store the credentials in a sidecar container proxy, and use it to connect to the third-party database.

Configure a service mesh to allow or restrict traffic from the Pods in your microservice to the database.

Store the credentials in an encrypted volume mount, and associate a Persistent Volume Claim with the client Pod.

Store the credentials as a Kubernetes Secret, and use the Cloud Key Management Service plugin to handle encryption and decryption.

Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Verify the provided JSON Web Token within the application.

Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Issue client-side certificates to everybody in the finance team and verify the certificates in the application.

Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Verify the provided JSON Web Token within the application.

Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Issue client side certificates to everybody in the finance team and verify the certificates in the application.

Create a new service account that has Editor authority to access the resources. The deployer is given permission to get the access token.

Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to get the access token.

Create a new service account that has Editor authority to access the resources. The deployer is given permission to act as the new service account.

Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to act as the new service account.

Perform Read-Only transactions.

Perform stale reads using single-read methods.

Perform strong reads using single-read methods.

Perform stale reads using read-write transactions.

Deploy the Pub/Sub and Cloud Run emulators on your local machine. Deploy the application locally, and change the logging level in the application to DEBUG or INFO. Write mock messages to topic A, and then analyze the logs.

Use the gcloud CLI to write mock messages to topic A. Change the logging level in the application to DEBUG or INFO, and then analyze the logs.

Deploy the Pub/Sub emulator on your local machine. Point the production application to your local Pub/Sub topics. Write mock messages to topic A, and then analyze the logs.

Use the Google Cloud console to write mock messages to topic A. Change the logging level in the application to DEBUG or INFO, and then analyze the logs.

Ask the user to run the jobs as batch jobs.

Create a separate project for the user to run jobs.

Add the user as a job.user role in the existing project.

Allow the user to run jobs when important workloads are not running.

Create an object with the name of the subdirectory ending with a trailing slash ('/') that is zero bytes in length.

Create an object with the name of the subdirectory, and then immediately delete the object within that subdirectory.

Create an object with the name of the subdirectory that is zero bytes in length and has WRITER access control list permission.

Create an object with the name of the subdirectory that is zero bytes in length. Set the Content-Type metadata to CLOUDSTORAGE_FOLDER.

Distribute your workload evenly using a multi-zonal node pool.

Distribute your workload evenly using multiple zonal node pools.

Use cluster autoscaler to resize the number of nodes in the node pool, and use a Horizontal Pod Autoscaler to scale the workload.

Create a managed instance group for Compute Engine with the cluster nodes. Configure autoscaling rules for the managed instance group.

Create alerting policies in Cloud Monitoring based on GKE CPU and memory utilization. Ask an on-duty engineer to scale the workload by executing a script when CPU and memory usage exceed predefined thresholds.

Change the application to accept images directly and store them in the database that stores other user information.

Change the application to create signed URLs for Cloud Storage. Transfer these signed URLs to the client application to upload images to Cloud Storage.

Set up a web server on GCP to accept user images and create a file store to keep uploaded files. Change the application to retrieve images from the file store.

Create a separate bucket for each user in Cloud Storage. Assign a separate service account to allow write access on each bucket. Transfer service account credentials to the client application based on user information. The application uses this service account to upload images to Cloud Storage.

Enable the Error Reporting API on the project.

Grant the instance full access to all Cloud APIs.

Configure the application log file as a custom source.

Create a Stackdriver Logs Export Sink with a filter that matches the application's log entries.

Use an external HTTP(S) load balancer to route a predetermined percentage of traffic to two different color

schemes of your application Analyze the results to determine whether there is a statistically significant

difference in sales.

Use an external HTTP(S) load balancer to route traffic to the original color scheme while the new deployment

is created and tested After testing is complete reroute all traffic to the new color scheme Analyze the

results to determine whether there is a statistically significant difference in sales.

Enable a feature flag that displays the new color scheme to half of all users. Monitor sales to see whether

they increase for this group of users.

Use an external HTTP(S) load balancer to mirror traffic to the new version of your application Analyze the

results to determine whether there is a statistically significant difference in sales.

Install the Stackdriver Logging Agent and configure it to send the application logs.

Use a Stackdriver Logging Library to log directly from the application to Stackdriver Logging.

Provide the log file folder path in the metadata of the instance to configure it to send the application logs.

Change the application to log to /var/log so that its logs are automatically sent to Stackdriver Logging.

Place the unique configuration values in the persistent disk.

Place the unique configuration values in a Cloud Bigtable table.

Place the unique configuration values in the instance template startup script.

Place the unique configuration values in the instance template instance metadata.

Deploy your code on Cloud Functions. Use a Pub/Sub trigger to invoke the Cloud Function. Use the Pub/Sub API to create a pull subscription to the Pub/Sub topic and read messages from it.

Deploy your code on Cloud Functions. Use a Pub/Sub trigger to handle new messages in the topic.

Deploy the application on Google Kubernetes Engine. Use the Pub/Sub API to create a pull subscription to the Pub/Sub topic and read messages from it

Deploy the application on Compute Engine. Use a Pub/Sub push subscription to process new messages in the topic.

Push your source code to Artifact Registry.

Submit a Cloud Build job to push the image.

Use the pack build command with pack CLI.

Include the --source flag with the gcloud run deploy CLI command.

Include the --platform=kubernetes flag with the gcloud run deploy CLI command.

Configure Cloud Build to deploy the Cloud Function. If the code passes the tests, a deployment approval is sent to you.

Configure Cloud Build to deploy the Cloud Function, using the specific service account as the build agent. Run the unit tests after successful deployment.

Configure Cloud Build to run the unit tests. If the code passes the tests, the developer deploys the Cloud Function.

Configure Cloud Build to run the unit tests, using the specific service account as the build agent. If the code passes the tests, Cloud Build deploys the Cloud Function.

Use HTTP signed URLs to securely provide access to the required resources.

Use the instance’s service account Application Default Credentials to authenticate to the required resources.

Generate a P12 file from the GCP Console after the instance is deployed, and copy the credentials to the host instance before starting the application.

Commit the credential JSON file into your application’s source repository, and have your CI/CD process package it with the software that is deployed to the instance.

You attempted the read operation without the base64-encoded SHA256 hash of the encryption key.

You entered the same encryption algorithm specified by the customer when attempting the read operation.

You attempted the read operation on the object with the base64-encoded SHA256 hash of the customer's key.

You attempted the read operation on the object with the customers base64-encoded key.

Enable Binary Authorization, and configure it to attest that no vulnerabilities exist in a container image.

Enable the Container Scanning API in Artifact Registry, and scan the built container images for vulnerabilities.

Upload the built container images to your Docker Hub instance, and scan them for vulnerabilities.

Add Artifact Registry to your Aqua Security instance, and scan the built container images for vulnerabilities

Enable the Vulnerability scanning setting in the Container Registry.

Create a Cloud Function that is triggered on a code check-in and scan the code for CVEs.

Disallow the use of non-commercially supported base images in your development environment.

Use Cloud Monitoring to review the output of Cloud Build to determine whether a vulnerable version has been used.

Use Cloud SQL, and assign the roles/cloudsql.editor role to the service account.

Use Bigtable, and assign the roles/bigtable.viewer role to the service account.

Use Firestore in Native mode and assign the roles/datastore.user role to the service account.

Use Firestore in Datastore mode and assign the roles/datastore.viewer role to the service account.

Navigate to the Cloud Run page in the Google Cloud console, and select the service from the services list.

Use the Metrics tab to visualize the number of errors for that revision and refresh the page daily.

Create a Cloud Function that consumes the Cloud Monitoring API Use Cloud Composer to trigger the Cloud

Function daily and alert you if the number of errors is above the defined threshold.

Create an alerting policy in Cloud Monitoring that alerts you if the number of errors is above the defined

threshold.

Create a Cloud Function that consumes the Cloud Monitoring API Use Cloud Scheduler to trigger the Cloud

Function daily and alert you if the number of errors is above the defined threshold

Set Account_id as a key.

Set Account_id_Event_timestamp as a key.

Set Event_timestamp_Account_id as a key.

Set Event_timestamp as a key.

Upload your application to Cloud Storage.

Upload your application to an App Engine environment.

Create a Compute Engine instance with Apache web server installed. Configure Apache web server to

host the application.

Containerize your application first. Deploy this container to Google Kubernetes Engine (GKE) and assign

an external IP address to the GKE pod hosting the application.

File a ticket with Cloud Support indicating that the application performs faster locally.

Use Stackdriver Debugger Snapshots to look at a point-in-time execution of the application.

Use Stackdriver Trace to determine which functions within the application have higher latency.

Add logging commands to the application and use Stackdriver Logging to check where the latency problem occurs.

Deploy Zonal clusters

Deploy Regional clusters

Deploy Multi-Zone clusters

Deploy GKE on-premises clusters

1. Store the application and infrastructure source code in a Git repository.

2. Use Cloud Build to deploy the application infrastructure with Terraform.

3. Deploy the application to a Cloud Function as a pipeline step.

1. Deploy Jenkins from the Google Cloud Marketplace, and define a continuous integration pipeline in Jenkins.

2. Configure a pipeline step to pull the application source code from a Git repository.

3. Deploy the application source code to App Engine as a pipeline step.

1. Create a continuous integration pipeline on Cloud Build, and configure the pipeline to deploy the application infrastructure using Deployment Manager templates.

2. Configure a pipeline step to create a container with the latest application source code.

3. Deploy the container to a Compute Engine instance as a pipeline step.

1. Deploy the application infrastructure using gcloud commands.

2. Use Cloud Build to define a continuous integration pipeline for changes to the application source code.

3. Configure a pipeline step to pull the application source code from a Git repository, and create a containerized application.

4. Deploy the new container on Cloud Run as a pipeline step.

Add RUN commands in the Dockerfile to execute unit and integration tests.

Create a Cloud Build build config file with a single build step to compile unit and integration tests.

Create a Cloud Build build config file that will spawn a separate cloud build pipeline for unit and integration

tests.

Create a Cloud Build build config file with separate cloud builder steps to compile and execute unit and

integration tests.

gcloud compute instances add-access-config ${NAME}-backend-instance-1

gcloud compute instances add-tags ${NAME}-backend-instance-1 --tags http-server

gcloud compute firewall-rules create allow-lb --network load-balancer --allow

tcp --source-ranges 130.211.0.0/22,35.191.0.0/16 --direction INGRESS

gcloud compute firewall-rules create allow-lb --network load-balancer --allow

tcp --destination-ranges 130.211.0.0/22,35.191.0.0/16 --direction EGRESS

Add a Stackdriver counter metric for path:/api/alpha/.

Add a Stackdriver counter metric for endpoint:/api/alpha/*.

Export the logs to Cloud Storage and count lines matching /api/alphA.

Export the logs to Cloud Pub/Sub and count lines matching /api/alphA.

Perform a rolling-action with maxSurge set to 1, maxUnavailable set to 0.

Perform a rolling-action with maxSurge set to 0, maxUnavailable set to 1

Perform a rolling-action with maxHealthy set to 1, maxUnhealthy set to 0.

Perform a rolling-action with maxHealthy set to 0, maxUnhealthy set to 1.

Manually trigger the build for new releases.

Create a build trigger on a Git tag pattern. Use a Git tag convention for new releases.

Create a build trigger on a Git branch name pattern. Use a Git branch naming convention for new releases.

Commit your source code to a second Cloud Source Repositories repository with a second Cloud Build trigger. Use this repository for new releases only.

Use Google Kubernetes Engine (GKE) to run the application as a microservice. Run the MySQL database on a dedicated GKE node.

Use multiple Compute Engine instances to run MySQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use Memorystore to store session information and CloudSQL to store state information. Use a Google Cloud-managed load balancer to distribute the load between instances. Use managed instance groups for scaling.

Use a Cloud Storage bucket to serve the application as a static website, and use another Cloud Storage bucket to store user state information.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain the database credentials.

Create a service account and download its key. Use the key to authenticate to Cloud Key Management Service (KMS) to obtain a key used to decrypt the database credentials.

Create a service account and grant it the roles/iam.serviceAccountUser role. Impersonate as this account and authenticate using the Cloud SQL Proxy.

Grant the roles/secretmanager.secretAccessor role to the Compute Engine service account. Store and access the database credentials with the Secret Manager API.

Cloud Armor

Cloud Functions

Cloud Endpoints

Shielded Virtual Machines

Take frequent snapshots of all of the VMs.

Install the Stackdriver Logging agent on the VMs.

Install the Stackdriver Monitoring agent on the VMs.

Use Stackdriver Trace to look for performance bottlenecks.

Migrate the database to Bigtable and use it to serve all global user traffic.

Migrate the database to Cloud Spanner and use it to serve all global user traffic.

Migrate the database to Firestore in Datastore mode and use it to serve all global user traffic.

Migrate the services to Google Kubernetes Engine and use a load balancer service to better scale the application.

Cloud Profiler

Cloud Monitoring

Cloud Trace

Cloud Logging

Create an API key. Use the API key to interact with Google Cloud.

Use the default compute service account to interact with Google Cloud.

Create a service account for the application. Export and deploy the private key for the application. Use the service account to interact with Google Cloud.

Create a service account for the application and for each Google Cloud API used by the application. Export and deploy the private keys used by the application. Use the service account with one Google Cloud API to interact with Google Cloud.

Use local SSDs to store state.

Put a memcache layer in front of MySQL.

Move the state storage to Cloud Spanner.

Replace the MySQL instance with Cloud SQL.

Create manual subnets.

Create an auto mode subnet.

Create multiple peered VPCs.

Provision a single instance for NAT.

Use the current single instance MySQL on Compute Engine and several read-only MySQL servers on

Compute Engine.

Use the current single instance MySQL on Compute Engine, and replicate the data to Cloud SQL in an

external master configuration.

Replace the current single instance MySQL instance with Cloud SQL, and configure high availability.

Replace the current single instance MySQL instance with Cloud SQL, and Google provides redundancy

without further configuration.

Use Google App Engine services.

Use serverless Google Cloud Functions.

Use Knative to build and deploy serverless applications.

Use Google Kubernetes Engine for automated deployments.

Use a large Google Compute Engine cluster for deployments.

Cloud VPN

Cloud Armor

Virtual Private Cloud

Cloud Identity-Aware Proxy

Create new Cloud SQL instances in Europe and North America for testing and deployment. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Bigtable. Instruct the development teams to use the Cloud SDK to emulate a local Bigtable development environment.

Move from Cloud SQL to MySQL hosted on Compute Engine. Replicate hosts across regions in the Americas and Europe. Provide developers with local MySQL instances to conduct testing on the application changes.

Migrate data to Firestore in Native mode and set up instan

BigQuery

Cloud SQL

Cloud Spanner

Cloud Datastore

Use App Engine for autoscaling.

Use Cloud Functions for autoscaling.

Use a Compute Engine cluster for the service.

Use a dedicated Compute Engine virtual machine instance for the service.

Use the Cloud Data Loss Prevention API for redaction of the review dataset.

Use the Cloud Data Loss Prevention API for de-identification of the review dataset.

Use the Cloud Natural Language Processing API for redaction of the review dataset.

Use the Cloud Natural Language Processing API for de-identification of the review dataset.

Include unit tests in their code, and prevent deployments to QA until all tests have a passing status.

Include performance tests in their code, and prevent deployments to QA until all tests have a passing status.

Create health checks for the QA environment, and redeploy the APIs at a later time if the environment is unhealthy.

Redeploy the APIs to App Engine using Traffic Splitting. Do not move QA traffic to the new versions if errors are found.

Block all traffic on port 443.

Allow all traffic into the network.

Allow traffic on port 443 for a specific tag.

Allow all traffic on port 443 into the network.

Cloud Spanner

Cloud Datastore

Cloud Memorystore as a cache

Separate Cloud SQL clusters for each region