Architecture Framework Flashcards

1
Q

What are the areas of a well-architected framework?

A
PROS
Performance and cost optimization
Reliability
Operational excellence
Security and compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What design areas and GCP tools are covered within “performance and cost optimization”?

A

Evaluate performance requirements, use scalable design patterns, identify and implement cost-saving approaches.

Performance requirements - Cloud Trace, Cloud Debugger, Cloud Profiler

Scalability - GCE, GKE, Dataproc, Dataflow, App Engine, Cloud Functions, Cloud Run

Analyze/optimize costs - export billing to BigQuery, visualize billing data using BI tool, select appropriate GCE instance (i.e. Preemptible VM), use Google Cloud Pricing Calculator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What design areas and GCP tools are covered within “security and compliance”?

A

Identity and auth controls (principle of least privilege), build a layered security approach (at every level of application and infra), use automated monitoring/auditing

Authentication & authorization - IAM, BeyondCorp Enterprise (zero-trust solution), Cloud Asset Inventory, Cloud Audit Logs

Compute - Shielded VMs, Workload Identity, GKE Sandbox

Network - VPC Service Controls, Traffic Director, Security Command Center, Event Threat Detection, Istio

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What design areas and GCP tools are covered within “reliability”?

A

Defined and measurable reliability objectives; app designed for scalability, HA, automated change mgmt; self-healing with observability; use automated deployment; build efficient alerting, build collaborative incident mgmt process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What design areas and GCP tools are covered within “security and compliance”?

A

Contractual protections and third-party attestations (i.e. ISO); manage IAM (i.e. principle of least privilege), build a layered security approach (compute, network, and data security), use automation where possible, audit your infra

Authentication & authorization - IAM, BeyondCorp Enterprise (zero-trust solution), Cloud Asset Inventory, Cloud Audit Logs

Compute - Shielded VMs, Workload Identity, GKE Sandbox

Network - VPC Service Controls, Traffic Director, Security Command Center, Event Threat Detection, Istio, Packet Mirroring

Data security - Cloud KMS, Cloud DLP

Automation - Container Registry, Binary Authorization, Container Analysis, Security Command Center

Audit - Cloud Audit Logs, Cloud Logging, Access Transparency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are ways GC maintains compliance?

A

Maintain ISO 27001, 27017, 27018 certifications and updating SOC 2 and SOC 3 reports every year; access controls, auditing, and approval process for customer environments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are ways GC provides controls around authentication and authorization?

A

Admins can use IAM policies, which provide granular control to the resource level. I always recommend following security best practices and following the principle of least privilege.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does it mean for a workload to be reliable? What’s an example where you’ve applied this concept at work?

A

The workload performs consistently and correctly when it’s expected to. It’s also resilient - it quickly recovers from failures to meet business and customer needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are key concepts within the operational excellence pillar?

A

Operational excellence focuses on how your organization supports overall business objectives. It looks at how to effectively run and monitor your workloads and continuously improving processes and procedures.

IMOW… the business requirements, “DevOps and observability” pillar, service-level KPIs, event mgmt, incident response, continuous feedback, resource readiness (training), Splunk On Call, Phantom

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What design principles are covered within the operational excellence pillar?

A
Perform operations as code
Make frequent, small, reversible changes
Regularly refine operations procedures
Anticipate failure
Learn from all operational failures - "what are the lessons learned?"
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are key questions to ask around operational excellence?

A

Who are your key external customers (key stakeholders)?
Who are your main internal customers?
If you had to prioritize your business objectives, and I know they’re all important, in what order do you think we should focus our efforts?
What activities do you think would have the greatest impact on meeting your business objectives (i.e. improving workload performance, reducing costs, automating runbooks, enhancing monitoring)?
What governance and regulatory requirements does your organization need to operate under, both internal and external?
What key risks/threats do you see to your business? Either existing or down the road?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some tradeoffs around database design?

A

Migration timeline goal vs using a database that’s right for your data (relational vs non-relational)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly