A. Start Here PCA Beginner Topics Flashcards
What is a GCP Service that handles streaming and batch data?
Cloud DataFlow
What does DLP stand for and how is it used?
Data Loss Prevention and it is used to sanitize data and remove sensitive information
App Engine is what type of service?
PAAS Platform as a Service
Compute Engine (GCE) is what type of service?
IAAS Infrastructure as a Service
What are the FireStore Components?
FieldCollection GroupDocumentDocument ID
What are the Cloud DataStore Components?
KindEntityPropertyKey
If a Compute Engine Application exists in a single VPC across three regions and your application must communicate over VPN to your company’s on-premise network then how many VPN Gateways are required?
3 Cloud VPN gateways are required. Cloud VPN Gateways are bound to a single region.Create a Cloud VPN Gateway in each region
What type of migration model does Dress4Win state in their business requirements?
Lift and Shift
What are the 5 sequential steps for cloud migration?
1 Assess2 Pilot3 Move Data4 Move Applications5 Cloudify & Optimize
Dynamic Routing uses a _________ to automatically discover new subnet routes
Cloud Router
The 4 layers of the GCP Cloud Resource Hierarchy
1 Organization2 Folders3 Projects4 Resources
Which network interconnect method connects your network to a GCP VPC over a public internet encrypted tunnel?
Cloud VPN
Command to create a new storage bucket
gsutil mb -l {location} -c {storage class} gs://BucketName
Cloud Router uses this protocol to handle dynamic routing between locations
BGP Border Gateway Protocol
Where can you export Stackdriver logs to (not counting customer locations)
1 Cloud Storage2 Cloud Pub/Sub3 BigQuery
What is the max speed of a single Cloud VPN tunnel (non-peered)
1.5 Gbps
Every load balancer must have a ___ and a ____
Frontend || Backend
Role necessary to link a project to a billing account
Billing Account User
How many VPN tunnels can you create in a single Cloud VPN gateway
8
What is the default, implied status of all egress traffic in a VPC firewall
Allow All
Google Cloud Storage holds what type of data?
Unstructured
This service is required to setup dynamic routing over a Cloud VPN Service
Cloud Router
Where does Cloud Dataaprep load data from?
Cloud Storage and BigQuery
The two methods of permissions for Google Cloud Storage
1 IAM: Identity and Access management2 ACL: Access control list
This database service is ideal for low-latency storage of time-series data
Cloud BigTable
Relational Databases
Cloud SQLCloud Spanner
Non-Relational Databases
Cloud DataStoreCloud FireStoreCloud BigTable
DataWareHouse
BigQuery
This managed database is a no-ops petabyte-scale data warehouse that queries data in standard SQL Format
Big Query
Retention period for data access logs
30 days
______ Roles apply to the entire project.
Primitive
An HTTP load balancer can forward traffic by ____ and ____
location content
Which GCP load balancers are multi-regional in scope?
1 HTTP Load Balancer2 TCP Proxy3 SSL Proxy
VPC subnets can exist in more than one _____
zone (in the same region)
Which connection protocol does the Cloud VPN service use?
IPSEC
This IAM member allows public/anonymous access to a resource
allUsers
Google account type for members of an organization WITHOUT access to Google apps
Cloud Identity Domain
What type of managed database is ideal for web and mobile applications?
Cloud DataStore
More lightweight container image option to run on GKE
Alpine Linux
The name for the modular components of a Cloud Deployment Manager Configuration
Templates
GCP Service for Providing a ‘single pane of glass’ for monitoring resources and alerts across projects in AWS
StackDriver Monitoring
VPC firewall rules are applied on a per-instance basis
True
What layer of the Cloud Resource Hierarchy are chargeable resources hosted in?
Projects
Which networking interconnect option connects your business directly to Google, but not directly to GCP VPC?
Peering
The 3 Primitive Roles and the types of access they give:
1 Owner: Full Project Access (Billing and Assigning IAM Roles)2 Editor: Full Access minus- Billing and IAM access3 Viewer: View only
Google account type for a collection of individual Google Accounts
Google Groups
When to use Dataproc over Data Flow
When using Hadoop/Spark workflows
Another term for mapping Cloud Identity to Active Directory to duplicate account information.
Federation
What is a pod on GKE?
Smallest deployable unit. Contains one or more containers that run on nodes
The three IAM Role Types
1 Primitive2 Predefined3 Custom
Two format options for Cloud Deployment Manager template files
JinjaPython
The five (non-beta) Stackdriver services
1). Logging2). Trace3). Monitoring4). Error Reporting5). Debug
Cloud Storage can act as a block-level SAN replacement (True/False)
False; you would need to use a persistent disk for a direct SAN replacement
The two Memcache service levels
1 Dedicated2 Shared
GCP service for asynchronous messaging, used for streaming data ingest
Cloud Pub/Sub
In a Shared VPC network, the ____ project hosts the VPC components, and the ___ project uses hosted VPC resources
HostService
This managed database is ideal for NoSQL purposes, is NoOps in setup/maintenance, and is ideal for mobile save game state
Cloud DataStore
What is a service account?
1 Assigned to an application or a server2 Authenticated with a service account key3 Both a member and a resource
How to easily apply VPC firewall rules to individual instances instead of the entire network
Network Tags
Admin Activity Logs are ____ by default
Enabled
When are un-managed instance groups useful?
Migrating grouped servers to the cloud with minimal disruption in workflow
____ provides a direct physical connection to connect your on-premises network to a Google Cloud VPC network.
Cloud Interconnect
How to optimize your CDN cache performance:
Configure Cache Hit Ratio
Collection of statements that define who has access to what resource on GCP
IAM Policy
This application is required to configure a Cloud Storage bucket as a mounted disk on a GCE instance.
Google Cloud Storage Fuse (gcs-fuse)
a managed instance group is created from an ____
Instance Template
Permissions for working with VPC networks fall under this service.
Compute Engine
What are the 5 load balancer options in GCP
1) Internal 2) Network3) HTTP(s)4) TCP Proxy5) SSL Proxy
How to add subnets in other regions to the same VPC network:
No configuration necessary
What are the two database structure formats we discussed in this course?
Relational (SQL) || Non-Relational (NoSQL)
An export in Stackdriver Logging requires what components to setup?
A filter to select log entriesA destination to export filtered logsSink: Select which filtered logs to send to which destination
Format of Deployment Manager configuration files
YAML format
GCP’s service that is build on Apache Beam, used for processing both batch and streaming data
Cloud DataFlow
Retention period for admin activity logs
400 days
This type of disk is directly connected to a GCE instance and must be set up on instance creation
Local SSD
Where can billing data be exported?
1 Cloud Storage 2 Big Query
Which are the benefits of quotas?
Protection of unexpected spikes in resource usagePrevent runaway consumption due to error or malicious intent
What could be the cause if an Instance Group VMs keep restarting every minute?
1 Failing Health Check2 Configure the firewall to allow proper access to instance group VM’s (subnet, tag) from load balancer IP
MountKirk Games is looking to migrate how many environments to the cloud?
(2) environments different storage for each service1 Game BackEnd on Google Cloud Compute Engine (GCE)2 Analytics
What would fulfill the MountKirk technical requirement for “connecting a trans-actional database service to manage user profiles and game state”?
Cloud Datastore - NoSQL transactional database - perfect for game user-profiles and game states
What would fulfill the MountKirk technical requirement “Store game activity in a timeseries database service for future analysis”?
Store in BigQuery BigQuery vs BigTableBigQuery a lot more managedNo requirement for low latency analytics response time (Big Table)BigQuery has a response measured in seconds, scales efficientlyBigQuery reading from BigTable possible response as well
What would fulfill the MountKirk technical requirement “As the System scales, ensure that data is not lost due to processing backlogs. “?
1 HTTP Load Balancer- Automatically scales to meet demand2 Managed Instance Groups - also auto-scales3 Pub/Sub - Buffers late/slow data
What would fulfill the MountKirk technical requirement “Run hardened Linux Distro”?
Managed Instance groups with custom images
What would fulfill the MountKirk technical requirement “Process incoming (streaming) data on the fly directly from the game servers?
Connect services (stackdriver logs metrics, gce game serverss) with Pub/SubProcess with DataFlow
What would fulfill the MountKirk technical requirement “Process data that arrives late because of slow mobile networks” ?
Pub/Sub: Scales and Buffers messagesDataFlow: Accounts for late/out of order data
What would fulfill the MountKirk technical requirement “Allow queries to access at least 10 TB of historical data.”?
BigQuery - SQL Queries against data
What would fulfill the MountKirk technical requirement “Process files that are regulary uploaded by users’ mobile devices. ?
Upload to Cloud StorageProcess via DataFlow
What would fulfill the Dress4Win technical requirement equivalent of “MySQL”?
DataCenter»_space; GCPMySQL»_space; Cloud SQL (Lift . Shift)5TB»_space; 10 TB Size LimitSingle Region - no global footprint requirementMigration - 1 Create replica server managed by Cloud SQL2 Once replica is synced: Update applications to point to replica3 Promote replica to stand-alone instance
What would fulfill the Dress4Win technical requirement “Redis 3 server Cluster” ?
Two options1) Run Redis server on Compute Engine2) Use new Memorystore managed Redis database
What would fulfill the Dress4Win technical requirement “40 Web Application servers providing micro-services based APIs and static content. “Tomcat - Java”, “Nginx”, “4 core CPUs”,”32 GB of RAM”?
The existing environment has lots of idle time- Managed instance groups - autoscaling using custom machine types (Fits Lift . Shift)Alternatively - can re-architect for GKE/GAE for microservices deployments for future phases
What would fulfill the Dress4Win technical requirement “20 Apache Hadoop/Spark servers:”?
Cloud Dataproc connecting to Cloud Storage
What would fulfill the Dress4Win technical requirement “3 RabbitMQ servers for messaging, social notifications, and events:”?
Pub/Sub likely replacementCan also deploy same environment on Compute engine instance group (lift and shift)
What would fulfill the Dress4Win technical requirement “Jenkins, monitoring, bastion hosts, security scanners”?
No managed service equivalentsUse GCE instances - custom machine typesThink about using the Market Place as well
What would fulfill the Dress4Win technical requirement “iSCSI for VM hosts/Fiber channel SAN - Backup for MySQL databases” ?
SAN/iSCSI requires block storagePersistent disks working in a SAN Cluster
What would fulfill the Dress4Win technical requirement “NAS - image storage, logs, backups”?
Cloud Storage - direct replacementInfinite scale in a single bucketPersistent also an option
What would fulfill the TerramEarth business requirement “Decrease unplanned vehicle downtime to less than 1 week”?
Convert to 100% cellular connectivity
What would fulfill the TerramEarth business requirement “Support the dealer network with more data on how their customers use their equipment to better position new products and services”?
Share insights with Data Studio
What would fulfill the TerramEarth business requirement “Have the ability to partner with different companies – especially with seed and fertilizer suppliers in the fast-growing agricultural business – to create compelling joint offerings for their customers”?
-Share insights with Data Studio-BigQuery / ML analytics to predict customer needs-Tech lead will enable partnerships
What would fulfill the TerramEarth technical requirement “expand beyond a single datacenter to decrease latency to American midwest and east coast”?
Multi-regional/global services
What would fulfill the TerramEarth technical requirement “create a backup strategy”?
Regular BigQuery Exports to Cloud Storage
What would fulfill the TerramEarth technical requirement “Increase the security of data transfer from equipment to the datacenter”?
- Cloud Endpoints - manage and protect APIs- Cloud IoT Core - also managed security- Customer supplied encryption keys
What would fulfill the TerramEarth technical requirement “Improve data warehouse”?
- Cloud dataflow - transform incoming streaming data to the preferred format- Alternatively, stage in Cloud Storage, clean with Cloud Dataprep, and run job backed by DataFlow into BigQuery
What would fulfill the TerramEarth technical requirement “Use Customer and equipment data to anticipate customer needs”?
Pair BigQuery with machine learning services for predictive analytics
_______ provides visual notebooks for working with BigQuery/Cloud ML Engine data for ML/analytics?
Datalab
What does CSEKs stand for?
Customer-supplied encryption keys
What does CMEK stand for?
Customer-managed encryption keys
What is a use case for a .boto file?
use a .boto configuration file to supply the customer_managed encryption key, then use gsutil to upload the files
______ works with Global HTTP(s) Load Balancers to Deliver defense against ddos attacks.
Cloud Armor
_________ will allow vms on your subnet to access GCP resources
Private Google Access
Resources not hosted on GCP should use a _____
CSEK Custome Service Encryption key for authentication
Subnets are ________ resources
Regional
An IAM Policy Consists of a ____________
List of Bindings
What role gives you permission to set up a Shared VPC
Shared VPC Admin Role
Based on MountKirk Games’ technical requirements, what GCP services/infrastructure will they use to host their game backend?
Managed Instance Group on Compute Engine
What is Google Container Engine?
GKE Google Container Engine is the older naming convention of the container orchestration Google Kubernetes
What does the HTTP status Error response 401?
Unauthorized
You want to enable your running Google Kubernetes cluster to scale as demand for your application changes. What should you do?
Update the existing Kubernetes Engine Cluster with the following command; “gcloud container clusters update CLUSTER_NAME –enable-autoscaling –min-nodes=1 –max-nodes=10”
Your company places a high value on being responsive and meeting customer needs quickly. Their primary business objectives are release speed and agility. You want to reduce the chance of security errors being accidentally introduced. Which two actions can you take?
1) Use source code security analyzers as part of the CI/CD pipeline2). Run a vulnerability security scanner as part of your continuous-integration - delivery (CI/CD) pipeline
What are 2 characteristics of GCP VPC subnets?
1). Each subnet can span at least 2 Availability Zones to provide a high-availability environment.2). By default, all subnets can route between each other, whether they are private or public
What is the minimum CIDR size for a subnet?
/29
Which of TerramEarth’s legacy enterprise processes in their existing data centers would experience significant change as a result of increased Google Cloud Platform adoption?
Capacity planning, utilization measurement, data center expansion
You have a mission-critical database running on an instance on Google Compute Engine. You need to automate a database backup once per day to another disk. The database must remain fully operational and functional and can have no downtime. How can you best perform an automated backup of the database with minimal downtime and minimal costs?
Use a cron job to schedule your application to backup the database to another persistent disk.
Once a month Terram Earth’s vehicles are serviced and the data is downloaded from the maintenance port. the data analysts would want to query this huge data collected from these vehicles and analyze the overall condition of the vehicles. Terram Earth’s management is looking at a solution which cost-effective and would scale for future requirements.
Load the data from Cloud Storage to BigQuery and run queries on BigQuery
Your company’s architecture is shown in the diagram. You want to automatically and simultaneously deploy new code to each Google Container Engine cluster. Which method should you use?
Use an automation tool, such as Jenkins
BigQuery Best practices for controlling cost
1). Avoid SELECT * Query only the columns that you need2). Use the –dry_run flag in the CLI before running queries, preview them to estimate costs3). If possible, partition your BigQuery tables by date
The security team has disabled external SSH access into production virtual machines in GCP. The operations team needs to remotely manage the VMs and other resources. What can they do?
Grant the operations team access to use Google Cloud Shell
Dress4Win has asked you to recommend machine types they should deploy their application servers t. How should you proceed?
Recommend that Dress4Win deploy into production with the smallest instances available, monitor them over time, and scale the machine type up until the desired performance is reached.
What is Google’s continuous integration solution?
Cloud Build
Kubernetes Engine offers integrated support for two types of ________ for a publicly accessible application:
Cloud Load Balancing
URL maps are used with the following Google Cloud products:
1). External HTTP(S) Load Balancing2). Internal HTTP(S) Load Balancing3). Traffic Director
Your customer is moving an existing corporate application from an on-premises data center to the Google Cloud Platform. The business owner requires minimal user disruption. There are strict security team requirements for storing passwords. What authentication strategy should they use?
Federate authentication via SAML 2.0 to the existing Identity Provider
You write a Python script to connect to Google BigQuery from a Google Compute Engine virtual machine. The script is printing errors that it cannot connect to BigQuery. What should you do to fix the script?
Run your script on a new virtual machine with the BigQuery access scope enable.”The error is most like caused by the access scope issue. When a new instance is created you have the Compute Engine default service account but most services like access including BigQuery is not enabled.”
AS part of migrating plans to the cloud, Dress4Win wants to set up a managed logging and monitoring system so they can understand and manage workload based on the traffic spikes and patterns. They want to ensure that:- The infrastructure can be notified when it needs to scale up and down to handle the daily workload- Their administrators are notified automatically when their application reports errors- They can filter their aggregated logs down to debug one piece of the application across many hosts.Which Google StackDriver features should they use?
Monitoring, Logging, Debug, Error Report
You work in a small company where everyone should be able to view the resources of a specific project. You want to grant them access following Google’s recommended practices. What should you do?
Create a new Google Group and add all users to the group. Use “gcloud projects add-iam-policy-binding” with the Project Viewer role and Group email address
One of your primary business objectives is being able to trust the data stored in your application. You want to log all changes to the application data. How can you design your logging system to verify the authenticity of your logs?
Digitally sign each timestamp and log entry and store the signature. “To verify the authenticity of your logs if they are tampered or forged, you can use certain algorithms to generate digest by hashing each timestamp or log entry and then digitally sign the digest with a private key to generate a signature. Anybody with your public key can verify that signature to confirm that it was made with your private key and they can tell if the timestamp or log entry was modified. You can put the signature files into a folder separate from the log files. This separation enables you to enforce granular security policies.
Mountkrik is setting up its backend platform for a new game. They expect the new game to become popular once it is released. The platform must adhere to their technical requirements. Please select the Google Cloud Services that would fulfill all their requirements.
Managed Instance Group with Auto Scaling enabled, Cloud Datastore BigQuery, DataFlow1. Dynamically scale up or down based on game activity (Managed Instance Group w/ Autoscaling)2. Connect to a transactional database service to manage user profiles and game state (Cloud Datastore because Cloud Datastore is good for user profiles that deliver a customized experience based on the user’s past activities and preferences(gaming).3. Store game activity in a time-series database server for future analysis (BigQuery is good for time-series data unless it is specified for ‘low-latency’, BigTable would be a better fit4. As the system scales, ensure that data is not lost due to processing backlogs (Dataflow can handle late-arriving data and out of order data)5. Run hardened Linux distro (Managed Instance Group with Hardened Linux Distribution)
How do webhooks work?
This exchange of data happens over the web through a “webhook URL.”
A webhook URL is provided by the receiving application, and acts as a phone number that the other application can call when an event happens.
Only it’s more complicated than a phone number, because data about the event is sent to the webhook URL in either JSON or XML format. This is known as the “payload.”
Here’s an example of what a webhook URL looks like with the payload it’s carrying:
