You want to enable Stackdriver logging on a Google Compute Engine VM instance using the metadata server. Which configuration property must be set correctly?
Think about the exact metadata key that controls Stackdriver logging on VM instances.
The correct metadata key to enable Stackdriver logging on a Compute Engine VM is 'logging.googleapis.com/enable' set to 'true'. Other keys control different features.
You want to configure a Cloud Storage bucket so that only resources inside a specific VPC network can access it. Which configuration property should you use?
Think about how Google Cloud restricts access between services and networks.
VPC Service Controls allow you to create a security perimeter around resources like Cloud Storage buckets and restrict access to specific VPC networks.
What is the result of setting the 'publicAccessPrevention' property to 'enforced' on a Cloud Storage bucket?
Consider what 'publicAccessPrevention' means for public permissions.
Setting 'publicAccessPrevention' to 'enforced' blocks all public access to the bucket, ignoring any IAM policies that would otherwise allow public access.
In Cloud Run, what happens if you configure the autoscaling policy with 'minInstances' set to 5 and 'maxInstances' set to 3?
Think about valid ranges for autoscaling configuration.
Cloud Run requires 'minInstances' to be less than or equal to 'maxInstances'. Setting 'minInstances' higher than 'maxInstances' causes a configuration error and deployment rejection.
You want to enforce that all BigQuery datasets in your project use customer-managed encryption keys (CMEK) by default. Which configuration approach achieves this best?
Consider how to enforce policies across all datasets automatically.
Using an Organization Policy constraint to enforce CMEK on BigQuery datasets ensures all datasets comply by default without manual configuration per dataset.