CDL Flashcards
What is Compliance Report Manager ?
Website where you can download PDFs of Google’s certifications (such as SOC, GDPR etc)
What is Cloud Armor?
DDoS protection + WAF
What is Security Command Center?
centralized security platform
Which service allows browsing through internal enterprise solutions?
Service Catalogue (former Private Catalogue)
What is the Resource Hierarchy in GCP?
- Organization (with domain as identifier)
- Folders
- Projects
Use Labels for further differentiation.
AI Infrastructure services
- AI Infrasturcture (orchestrate compute across CPUs, GPUs, TPUs)
- Cloud GPUs
- Cloud TPUs
- DL Containers
- DL VMs
- TensorFlow Enterprise
How to make sure Data Residency & Compliance Boundries ?
Use “Assured Workloads”
What is Knative?
Abstraction above K8s: Focus on code instead of setting up deployments, services etc
What is Cloud Run?
Fully managed environment for running containerized Apps
What is the Shared Responsibility Model?
Responsibility IN the cloud: If you can configure it, you are responsible
Responsibility OF the cloud: If you cant configure it, Google is responsible
What is CAPEX and OPEX
CAPEX = Capital Expenditure
OPEX = Operational Expenditure
WHen adopting Cloud you move from CAPEX (buying physical infrastructure) to OPEX
What is Elasticity in the Cloud?
Scale up or down depending on demand
What is Failover?
Plan to shift traffic to a redundant system if primary fails
What are main features of App Engine?
- Fully managed, PaaS
- Supports common languages like Java, Go, Python
- Versioning of Services
- Traffic Splitting (across versions) for A/B testing, graduate rollout etc
Which environments exist for App Engine?
Standard ( = serverless)
Flexible ( = fully managed containers)
What is the Standard env in App Engine?
- Deploy & Startup in seconds
- For rapid scaling
- Can scale to 0
- No Custom Runtime, SSH or Background processes
- Pricing based on instance hours
What is the Flexible env in App Engine?
- Deploy & Statup in minutes
- For consistent traffic
- Custom Runtimes (Containers)
- SSH
- Background processes
- Pricing based on CPUS, memory, disk
What are semi-structured and unstructured data?
Semi-structured: JSON, Email
Unstructured: Text, Video
What is a Data Lake?
Store large amounts of raw data of any type, including unstructured.
(Data Warehouses are mostly for structured data)
What are the core Data Products in GCP?
- Cloud SQL
- Cloud Spanner
- Bigtable
- Firestore
- Cloud Storage
- BigQuery
When use Firestore vs BigTable?
Use Firestore when you need a flexible, scalable NoSQL database that supports real-time synchronization and offline capabilities.
Ideal for mobile and web applications.
Use Bigtable when you need a high-throughput, low-latency database for large-scale analytical and operational workloads.
Good for time-series data or IoT applications.
What is Datastream?
Service to stream and synch data from SQL databases into GCP databases (SQL, Spanner, BigQuery)
What is Looker?
BI Tool to analyse and visualize data.
Support connections to BigQUery and dozens of other SQL databases.
Which service can be used for ingesting stream events, e.g. from gaming or IOT?
PubSub
What are 4 options to develop ML models?
- BigQuery ML
- Pre-trained APIs (Vision API, Natural Language API…)
- Auto ML (No code solution)
- Vertex AI (for custom training)
Which AI solutions exists on GCP?
- Conversational AI
- Contact Center AI
- Document AI
- Discovery for Retail
- Cloud Talent Solution
Which product help with Rehosting workloads to GCP?
VMware Engine for VMware workloads
Bare Metal solution for Oracle workloads
Spot VMs vs preemptible VMs
Spot VMs are newer and have more features like running more than 24h
Which migration services exist?
- Migrate to VMs
- Migrate to Containers
- Anthos / GKE Enterprise
- Database Migration Service
- BigQuery Transfer Service
- Transfer Appliances
- Cloud Storage Transfer Service
Which ETL tools exist on GCP?
- Dataproc
Managed Apache Spark, Hadoop, Flink, Presto and more - Dataflow
Fully Managed batch & Streaming pipelines based on Apache Beam - Cloud Data Fusion
No-code, drag-and-drop tool for ETL pipelines
How to configure Compute Engine if you plan to run Containers?
Container Optimized OS for Compute Engine
How can seperate projects communicate with each other?
Use “VPC Peering” or “Shared VPC”
SLI vs SLO vs SLA
SLI = Specific metric like uptime, error rate
SLO = Goal for a system = Number + SLI like 99% Uptime
SLA = Multiple SLOs plus legal terms like refunds
Which Operations Suite services are there?
Cloud Monitoring
Logging
Error Reporting
Cloud Trace
Cloud Debugger
Cloud Profiler
What APM (Application Performance Managment) services are in the Operations Suite?
Cloud Debugger
Cloud Trace
Cloud Profiler
What is the core data of a project?
Name = You choose (can be changes)
ID -> You or Google choose
Project Number -> Google chooses
ID is unique across GCP
Does Cloud Monitoring work for AWS as well?
Yes
Can BigQuery host TensorFlow models?
Yes
Which role do you need to create, modify and delete Compute Engine Instances?
Compute Engine Instance Admin
Cloud Run vs AppEngine flexible?
Cloud Run is simpler and more cost effective.
App Engine flexible is more flexible but more expensive
How big are inter-zone and inter-region latencies?
Inter-zone: double digit
Inter-region: Triple digit
What is Cloud Composer?
Workflow orchestration service with fully managed Apache Airflow
Which API Gateway options are there?
- Cloud Endpoints
- ApiGee
Cloud Endpoints vs ApiGee ?
Cloud Endpoints is simpler and cheaper.
ApiGee is expensive but has features like:
Security
Analytics
Monetization
ApiGee Hybrid
Cloud Storage classes and minimum storage duration
Standard - 0 days
Nearline - 30 days
Coldline - 90 days
Archive - 365 days
What is Private Google Access?
Allow private VMs without Internet Access to access Google Services
What is Serverless VPC Access?
Allow to connect to VPC from serverless services like Cloud Run, Cloud Functions etc
What is Migrate for Compute Engine?
- Continuous replication of disk data from source to GCP
- Minimal downtime, source VMs can still operate during migration
- “Clone and Test” of migrated VMs
What is Storage Transfer Service?
- Move data from other CSPs or on-prem to GCP
- Move data between GCS buckets (e.g. for replicating across regions)
- One-time or recurring operations
What are Transfer Appliances?
Use when >10TB or when upload would take more than a week
Sizes:
Rackable: 7TB, 40TB, 300TB
Freestanding: 40TB, 300TB
What is the Zero Trust Model?
Shift Access Control from Network to Identity
- Access is NOT determined by Network
- Access granted based on context: user, device, …
- All access authenticated, authorized, encrypted
What is Beyond Corp?
Collection of Services on GCP which help to implement the Zero Trust Model
What is Access Context Manager?
Fine-grained access control for project based on attributes like user, device, IP
What are VPC Service Controls?
Service to create Service Perimeters (=isolated environments)
What charging cycles can you configure?
Monthly billing vs Threshold billing
What is LDAP?
Lightweight Directory Access Protocol
Used for same-sign-on, most SSO uses LDAP
How to use Active Directory on GCP?
Managed Service for Microsoft AD
How to synch AD/LDAP to GCP?
Google Cloud Directory Synch
