Associate Cloud Engineer Flashcards
You are seeing a series of malicious data packets from IPs in a certain region. What can you use to protect your apps the best?
Cloud Armor
True or False: Some products are served outside of google
True
Google Cloud is PCI-DSS compliant. What does this mean for a customer?
They still need to ensure their application is compliant.
Default Encryption
Data at rest- customer has no access to keys control of key rotation
Cloud KMS
Customer can manage keys generated and stored by Google integrated with other cloud services
Cloud HSM
Customer can manage keys generted by Google and stored in a google owned and operated HSM
Customer Supplied Encrypt keys
Keys owned by customer and provided on each API call to be used ephemerally to access data
Private Hosted HSM
Select customers may use keys their own HSM in a Colo. (GOOGLE does not have any control of the HSM.)
CLOUD EKM
customer encrypts data-at-rest using a key residing outside of Google Cloud. Provide Platform for KAJ.
My application has structured relational data. What storage option should I consider if my application requires horizontal scalability?
Cloud Spanner
My application has structured non-relational data. What storage option should I consider if I don’t require mobile SDKS?
Cloud Datastore
My application has heavy read/write requirements, and my workload is analytics. What storage option should I consider for low-latency updates?
Cloud Bigtable
Your application requries fine-grained control for users to download individual objects in a bucket. What option should you use to secure your storage objects?
Access Control List (ACLs)
Which of the following buckets follows naming best practices?
037763b8-2b55-us-east
Cloud Spanner
combines the benefits of relational database structure with non-relational horizontal scale
VPC Network Types
Auto,custom, default
Auto Mode
-default network, one subnet per region, regional IP allocation, fixed /20 subnetwrok per reigon, expanable up to /16
Custom Mode
No default subnets created, full control of IP ranges, regional IP allocation, expandable to IP ranges you specify
You need to give IT contractors access to your Google Cloud account. Which of these would you recommend?
Cloud Identity Account
Quotas
-prevent runaway consumption in case of an error, -prevent billing spikes or surprises, - forces sizing consideration and periodic review
Labels
Attached to resources; vm, disk, snapshot, image (inventory, filter resources, in scripts, help analyze costs, run bulk operations)
Storage requirement; very fast reads, typical use case like storing session data. Which database is appropriate?
Memorystore
Storage Requirment: NoSQL suited for mobile and web apps. Which database is appropriate?
Cloud Firestore
Which databases are supported by Cloud SQL?
Mysql, PostgreSQL, MS SQL server
Standard
optimized for performance and high frequency accesss
Nearline
highly durable storaged for data accessed less than once a month
Coldline
fast, highly durable storage for data accessed less than once a quarter
Archive
long-term preservation of data accessed less than once a year
Your Backup data is retrieved very rarely- once every 3 years. Which storage class should you use?
Archive
Zone
Independent geographic area (single failure domain within a region)
Why might a GCP custumer use resources in several zones within a region?
For improved fault tolerance
Why might a GCP customer use resources in several regions around the world?
To bring their applications closer to users around the world, and for improved fault tolerance
You want to serve your PDF, video and music content to users across the world. What do you use to configure It?
Cloud Storage + Cloud CDN, Attach it to Load Balancer
Your customers are spread across the world. How do you publish the IP addresses closest to a user’s region
Using an Anycast IP
You provide a service that you need to open to everyone in your partner network. You have a server and an IP address where the application is located. You do not want to have to change the IP address on your DNS server if your server crashes or is replaced. You also want to avoid downtime and deliver a solution for minimal cost and setup. What should you do?
Reserve a static external IP address, and assign it using Cloud DNS.
Your team is building the development, test, and production environments for your project deployment in Google Cloud. You need to efficiently deploy and manage these environments and ensure that they are consistent. You want to follow Google-recommended practices. What should you do?
For each environment, create a Terraform configuration. Use them for repeated deployment. Reconcile the templates periodically.
You receive an error message when you try to start a new VM: “You have exhausted the IP range in your subnet.” You want to resolve the error with the least amount of effort. What should you do?
Expand the CIDR range in your subnet, and restart the VM that issued the error.
You are running several related applications on Compute Engine virtual machine (VM) instances. You want to follow Google-recommended practices and expose each application through a DNS name. What should you do?
Use Cloud DNS to translate your domain names into your IP addresses.
You are charged with optimizing Google Cloud resource consumption. Specifically, you need to investigate the resource consumption charges and present a summary of your findings. You want to do it in the most efficient way possible. What should you do?
Attach labels to resources to reflect the owner and purpose. Export Cloud Billing data into BigQuery, and analyze it with Data Studio.
You are creating an environment for researchers to run ad hoc SQL queries. The researchers work with large quantities of data. Although they will use the environment for an hour a day on average, the researchers need access to the functional environment at any time during the day. You need to deliver a cost-effective solution. What should you do?
Store the data in BigQuery, and run SQL queries in BigQuery.
You are migrating your workload from on-premises deployment to Google Kubernetes Engine (GKE). You want to minimize costs and stay within budget. What should you do?
Configure Autopilot in GKE to monitor node utilization and eliminate idle nodes.
Your application allows users to upload pictures. You need to convert each picture to your internal optimized binary format and store it. You want to use the most efficient, cost-effective solution. What should you do?
Save uploaded files in a Cloud Storage bucket, and monitor the bucket for uploads. Run a Cloud Function to convert the files and to store them in a Cloud Storage bucket.
You are migrating your on-premises solution to Google Cloud. As a first step, the new cloud solution will need to ingest 100 TB of data. Your daily uploads will be within your current bandwidth limit of 100 Mbps. You want to follow Google-recommended practices for the most cost-effective way to implement the migration. What should you do?
Obtain a Transfer Appliance, copy the data to it, and ship it to Google.
You are setting up billing for your project. You want to prevent excessive consumption of resources due to an error or malicious attack and prevent billing spikes or surprises. What should you do?
Set up budgets and alerts in your project.
Your project team needs to estimate the spending for your Google Cloud project for the next quarter. You know the project requirements. You want to produce your estimate as quickly as possible. What should you do?
Use the Google Cloud Pricing Calculator to enter your predicted consumption for all groups of resources.
Your project team needs to estimate the spending for your Google Cloud project for the next quarter. You know the project requirements. You want to produce your estimate as quickly as possible. What should you do?
Use the Google Cloud Pricing Calculator to enter your predicted consumption for all groups of resources.
You are responsible for the user-management service for your global company. The service will add, update, delete, and list addresses. Each of these operations is implemented by a Docker container microservice. The processing load can vary from low to very high. You want to deploy the service on Google Cloud for scalability and minimal administration. What should you do?
Deploy your Docker containers into Google Kubernetes Engine.
You have created a Kubernetes deployment on Google Kubernetes Engine (GKE) that has a backend service. You also have pods that run the frontend service. You want to ensure that there is no interruption in communication between your frontend and backend service pods if they are moved or restarted. What should you do?
Create a service that groups your pods in the backend service, and tell your frontend pods to communicate through that service.
You are creating a Cloud IOT application requiring data storage of up to 10 petabytes (PB). The application must support high-speed reads and writes of small pieces of data, but your data schema is simple. You want to use the most economical solution for data storage. What should you do?
Store the data in Cloud Bigtable, and implement the business logic in the programming language of your choice.
You are implementing Cloud Storage for your organization. You need to follow your organization’s regulations. They include: 1) Archive data older than one year. 2) Delete data older than 5 years. 3) Use standard storage for all other data. You want to implement these guidelines automatically and in the simplest manner available. What should you do?
Set up Object Lifecycle management policies
Your team needs to directly connect your on-premises resources to several virtual machines inside a virtual private cloud (VPC). You want to provide your team with fast and secure access to the VMs with minimal maintenance and cost. What should you do?
Use Cloud VPN to create a bridge between the VPC and your network.
Your application needs to process a significant rate of transactions. The rate of transactions exceeds the processing capabilities of a single virtual machine (VM). You want to spread transactions across multiple servers in real time and in the most cost-effective manner. What should you do?
Send transactions to Pub/Sub. Process them in VMs in a managed instance group.
You are responsible for monitoring all changes in your Cloud Storage and Firestore instances. For each change, you need to invoke an action that will verify the compliance of the change in near real time. You want to accomplish this with minimal setup. What should you do?
Use Cloud Function events, and call the security script from the Cloud Function triggers.
You are managing your company’s first Google Cloud project. Project leads, developers, and internal testers will participate in the project, which includes sensitive information. You need to ensure that only specific members of the development team have access to sensitive information. You want to assign the appropriate Identity and Access Management (IAM) roles that also require the least amount of maintenance. What should you do?
Create groups. Assign an IAM Predefined role to each group as required, including those who should have access to sensitive data. Assign users to groups.
Your organization plans to migrate its financial transaction monitoring application to Google Cloud. Auditors need to view the data and run reports in BigQuery, but they are not allowed to perform transactions in the application. You are leading the migration and want the simplest solution that will require the least amount of maintenance. What should you do?
Create a group for auditors, and assign roles/bigquery.dataViewer to them.
