extracted_questions-01 Flashcards
Your company stores terabytes of image thumbnails in Google Cloud Storage bucket with versioning enabled. An engineer deleted a current (live) version of an image and a non-current (not live) version of another image. What is the outcome of this operation?
The deleted current version becomes a non-current version. The deleted non-current version is deleted permanently.
Your company has terabytes of audit logs and analytics data in multiple BigQuery datasets. Some of these data sets need to be retained long term for audit purposes. You want to ensure analysts do not delete this data. What should you do?
Grant roles/bigquery.user IAM role to the analysts’ group.
You developed a new mobile game that uses Cloud Spanner for storing user state, player profile and leaderboard. Data is always accessed by using the primary key. Your performance testing team identified latency issues in the application, and you suspect it might be related to table primary key configuration. You created the table by executing this DDL: CREATE TABLE users { user_id INT64 NOT NULL, user_name STRING (255), email_address STRING (255) } PRIMARY KEY (user_id) What should you do to fix this read latency issue?
Update the primary key (user_id) to not have sequential values.
There has been an increased phishing email activity recently, and you deployed a new application on a GKE cluster to help scan and detect viruses in uploaded files. Each time the Finance or HR department receive an email with an attachment, they use this application to scan the email attachment for viruses. The application pods open the email attachment in a sandboxed environment before initiating a virus scan. Some infected email attachments may run arbitrary phishing code with elevated privileges in the container. You want to ensure that the pods that run these scans do not impact pods of other applications running in the same GKE cluster. How can you achieve this isolation between pods?
Create a new (non-default) node pool with sandbox type set to gvisor and configure the deployment spec with a runtimeClassName of gvisor.
An external partner working on a production issue has asked you to share a list of all GCP APIs enabled for your GCP production project – production_v1. How should you retrieve this information?
Execute gcloud projects list –filter=’name:production_v1’ to retrieve the ID of the project, and execute gcloud services list –project to retrieve a list of all services enabled for the project.
Your finance team owns two GCP projects – one project for payroll applications and another project for accounts. You need the VMs in the payroll project in one VPC to communicate with VMs in accounts project in a different VPC and vice versa. How should you do it?
Share the VPC from one of the projects and have the VMs in the other project use the shared VPC. Ensure both projects belong to the same GCP organization.
Your company procured a license for a third-party cloud-based document signing system for the procurement team. All members of the procurement team need to sign in with the same service account. Your security team prohibits sharing service account passwords. You have been asked to recommend a solution that lets the procurement team login as the service account in the document signing system but without the team knowing the service account password. What should you do?
Register the application as a password vaulted app and set the credentials to the service account credentials.
Your company uses a legacy application that still relies on the legacy LDAP protocol to authenticate. Your company plans to migrate this application to the cloud and is looking for a cost-effective solution while minimizing any developer effort. What should you do?
Use secure LDAP to authenticate the legacy application and ask users to sign in through Gmail.
You developed a python application that exposes an HTTP(s) endpoint for retrieving 2-week weather forecast for a given location. You deployed the application in a single Google Cloud Compute Engine Virtual Machine, but the application is not as popular as you anticipated and has been receiving very few requests. To minimize costs, your colleague suggested containerizing the application and deploying on a suitable GCP compute service. Where should you deploy your containers?
Cloud Run.
You developed a python application that gets triggered by messages from a Cloud Pub/Sub topic. Your manager is a big fan of both serverless and containers and has asked you to containerize the application and deploy on Google Cloud Run. How should you do it?
Assign roles/run.invoker role (Cloud Run Invoker role) on your Cloud Run application to a service account. Set up a Cloud Pub/Sub subscription on the topic and configure it to use the service account to push the message to your Cloud Run application.
Your data warehousing team executed an Apache Sqoop job to export data from Hive/Hbase and uploaded this data in AVRO file format to Cloud Storage. The business analysts at your company have years of experience using SQL. They have asked you to identify if there is a cost-effective way to query the information in AVRO files through SQL. What should you do?
Point a BigQuery external table at the Cloud Storage bucket and advise the business analysts to run their SQL queries in BigQuery.
Your company wants to move all its on-premises applications to Google Cloud. Most applications depend on Kubernetes orchestration, and you have chosen to deploy these applications in Google Kubernetes Engine (GKE) in your GCP project app_prod. The security team have requested you to store all container images in Google Container Registry (GCR) in a separate project gcr_proj, which has an automated vulnerability management scanning set up by a security partner. You are ready to push an image to GCR repo and want to tag it as tranquillity:v1. How should you do it?
Execute gcloud builds submit –tag gcr.io/gcr_proj/tranquillity:v1 from Cloud shell.
Your company has several business-critical applications running on its on-premises data centre, which is already at full capacity, and you need to expand to Google Cloud Platform to handle traffic bursts. You want virtual machine instances in both on-premises data centre and Google Cloud Compute Engine to communicate via their internal IP addresses. What should you do?
Create a new VPC in GCP with a non-overlapping IP range and configure Cloud VPN between the on-premises network and GCP.
The machine learning team at your company infrequently needs to use a GKE cluster with specific GPUs for processing a non-restartable and long-running job. How should you set up the GKE cluster for this requirement?
Deploy the workload on a node pool with non-preemptible compute engine instances and GPUs attached to them. Enable cluster autoscaling and set min-nodes to 1.
You want to deploy an application to GKE cluster to enable the translation of mp3 files. The application uses an opensource translation library that is IOPS intensive. The organization backup strategy involves taking disk snapshots of all nodes at midnight. You want to estimate the cost of running this application in GKE cluster for the next month. In addition to the node pool size, instance type, location and usage duration, what else should you fill in the GCP pricing calculator when estimating the cost of running this application?
Local SSD, Snapshot Storage and Persistent disk storage.
Your organization has several applications in the on-premises data centre that depend on Active Directory for user identification and authorization. Your organization is planning a migration to Google Cloud Platform and requires complete control over the Cloud Identity accounts used by staff to access Google Services and APIs. Where possible, you want to re-use Active Directory as the source of truth for identification and authorization. What should you do?
Synchronize users in Google Cloud Identity with identities in Active Directory by running Google Cloud Directory Sync (GCDS).
Your colleague is learning about docker images, containers and Kubernetes, and has recently deployed a sample application to a GKE You deployed a demo application on a GKE cluster that uses preemptible nodes. The deployment has 2 replicas, and although the demo application is responding to requests, the output from Cloud Shell shows one of the pods is pending state. What is the most likely explanation for this behaviour?
Cluster autoscaling is not enabled, and the existing (only) node doesn’t have enough resources for provisioning the pod.
Your company stores terabytes of image thumbnails in Google Cloud Storage bucket with versioning enabled. You want to cut down the storage costs and you spoke to the image editing lab to understand their usage requirements. They inform you that they access noncurrent versions of images at most once a month and are happy for you to archive these objects after 30 days from the date of creation, however, there may be a need to retrieve and update some of these archived objects at the end of each month. What should you do?
Configure a lifecycle rule to transition non-current versions to Coldline Storage Class after 30 days.
