Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Google Cloud Professional Data Engineer - Curated > 0_GCP Fundamentals > Flashcards

0_GCP Fundamentals Flashcards

1
Q

Strackdriver (aka Cloud Logging)

Stackdriver offers capabilities in six areas:

  • Monitoring
    • Platform, system and application metrics
    • Uptime/health checks
    • Dashboards and alerts
  • Logging
    • Platform, system and application logs
    • Log search, view filter and export
    • Log-based metrics
    • The Logging agent uses fluentd input plugins to retrieve and pull event logs from external sources, such as files on disk, or to parse incoming log records.
  • Trace
    • Latency reporting and sampling
    • Per-URL latency and statistics
  • Error Reporting
    • Error notifications
    • Error dashboard
  • Debugger
    • Debug applications
  • Profiler
    • Continuous profiling of CPU and memory consumption
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Stackdriver - Configure and Manage Sinks

Sinks control how Cloud Logging routes logs. Using sinks, you can route some or all of your logs to supported destinations.

Sinks belong to a given Google Cloud resource: Cloud projects, billing accounts, folders, and organizations. When the resource receives a log entry, it routes the log entry according to the sinks contained by that resource. The log entry is sent to the destination associated with each matching sink.

You can also create aggregated sinks to specify that your sink combine and route log entries from the Google Cloud resources contained by an organization or folder.

To create and manage sinks, you can use

  • Google Cloud console,
  • Cloud Logging API, and
  • Google Cloud CLI.

Using the Google Cloud console has the following advantages over the other methods:

  • View and manage all of your sinks in one place.
  • Preview which log entries are matched by your sink’s filter before you create the sink.
  • Create and authorize sink destinations for your sinks.

You can route logs to the following destinations:

  • Cloud Storage: JSON files stored in Cloud Storage buckets.
  • Pub/Sub: JSON messages delivered to Pub/Sub topics. Supports third-party integrations, such as Splunk, with Logging.
  • BigQuery: Tables created in BigQuery datasets.
  • Another Cloud Logging bucket: Log entries held in Cloud Logging log buckets.
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Stackdriver - Aggregated Sink

Aggregated sinks combine and route log entries from the Google Cloud resources contained by an organization or folder. For instance, you might aggregate and route audit log entries from all the folders contained by an organization to a Cloud Storage bucket.

Without the aggregated sink feature, sinks are limited to routing log entries from the exact resource in which the sink was created: a Google Cloud project, organization, folder, or billing account.

You can create aggregated sinks for Google Cloud folders and organizations. Because neither Cloud projects nor billing accounts contain child resources, you can’t create aggregated sinks for those.

You can use aggregated sinks to route logs within or between the same organizations and folders to the following destinations:

  • Cloud Storage: JSON files stored in Cloud Storage buckets.
  • Pub/Sub: JSON messages delivered to Pub/Sub topics. Supports third-party integrations, such as Splunk, with Logging.
  • BigQuery: Tables created in BigQuery datasets.
  • Another Cloud Logging bucket: Log entries held in Cloud Logging log buckets.
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Stackdriver - Logging query language

You can use the Logging query language in the Logs Explorer in

  • the Google Cloud console,
  • the Logging API,
  • or the command-line interface.

You can use the Logging query language to query data and to write filters to create sinks and log-based metrics.

A query is a Boolean expression that specifies a subset of all the log entries in your selected Google Cloud resource, such as a Cloud project or folder.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Encryption of VM disks and Cloud Storage buckets

Default Encryption

  • Data is automatically encrypted before being written to disk
  • Each encryption key is itself encrypted with a set of root keys

Customer-Managed Encryption Keys (CMEK)

  • Google-generated data encryption key (DEK) is still used
  • Allows you to create, use and revoke the key encryption key (KEK)
  • Uses Cloud Key Management Service (Cloud KMS)

Customer-Supplied Encryption Keys (CSEK)

  • Keep keys on premises, and use them to encrypt your cloud services
  • Google can’t recover them
  • Disk encryption on VMs Cloud Storage encryption
  • Keys are never stored on disk unencrypted
  • You provide your key at each operation, and Google purges it from its servers when each operation completes

Client-Side Encryption

  • Data is encrypted before it is sent to the cloud
  • Your keys; your tools
  • Google doesnt know whether your data is encrypted before it’s uploaded
  • No way to recover keys
  • If you lose your keys, remember to delete the objects!

NOTE: Additional authenticated data (AAD) is any string that you pass to Cloud Key Management Service as part of an encrypt or decrypt request.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Google Cloud Professional Data Engineer - Curated (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions