Your team needs to make sure that a Compute Engine instance does not have access to the internet or to any Google APIs or services.
Which two settings must remain disabled to meet these requirements? (Choose two.)
Which two implied firewall rules are defined on a VPC network? (Choose two.)
Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.
What should your team do to meet these requirements?
When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)