Fundamentals - Getting Started Infrastructure Flashcards

1
Q

What is the main way you organise resources in GCP?

A

Projects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe the GCP hierarchy from the bottom up

A

Resources -> Projects -> Folders -> Organisation node

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Do projects have to be organised into folders?

A

No - “Optionally, projects may be organized into folders”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why would you usually group resources under a given project?

A

The resources are related, usually because they have a common business objective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Can you define policies on all individual GCP resources?

A

No - Projects, folders, and organization nodes are all places where the policies can be defined.
Some GCP resources let you put policies on individual resources too, like those cloud storage buckets I mentioned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Give an example of GCP resource where you can define policies directly at the resource level?

A

Cloud Storage Bucket

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which levels are policies normally defined?

A

Org Node
Folders
Project

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Does GCP allow you to create a folder within a folder?

A

Yes - “projects may be organized into folders. Folders can contain other folders.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Does a folder inherit policies from the project?

A

No - policies are inherited downwards in the hierarchy where “Org Node” is the top of the hierarchy, followed by Folders, Projects and at the bottom - resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Can a GCP resource be attached to a folder?

A

No - “All Google Cloud Platform resources belong to a project”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Can a resource be assigned to more than one project?

A

No - “Each project is a separate compartment, and each resource belongs to exactly one.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the three identifying attributes of a project?

A

Project ID
Project Name
Project Number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is assigned by GCP rather than by you: the project id or the project number?

A

Project Number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Can you re-use the same project id under a different organisation?

A

No - it has to be globally unique

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Is the project name globally unique?

A

No - it need not be unique.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Can you change the project number after creating it?

A

No - it is immutable?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Can you change the project id after creating it?

A

No - it is immutable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Can you change the project name after creating it?

A

Yes - it is mutable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Why would you generally refer to the project id rather than the project number?

A

The project id is usually defined as a human readable string which is much easier to refer to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You don’t have to assign resources to a folder but what benefit does it present from a policies perspective?

A

Resources inherit policies from the folder they are under.

Without it, you’d have to duplicate the policies on earch resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Give examples of what you might define your folders as?

A

You can use folders to represent different:

  • departments,
  • teams,
  • applications,
  • or environments in your organization.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the lowest level of hierachy at which GCP bills?

A

Projects - Projects can have different owners and users. They’re billed separately,

23
Q

What service do you use to create an org node?

A

Google Cloud Identity

24
Q

What are the 2 paths for getting an organisation node?

A

You are G Suite customer: “If you have a G Suite domain, GCP projects will automatically belong to your organization node”
Use Google Cloud Identity to create one

25
Q

If you define a more relaxed policy at the bottom of the hierachy than what is defined at the parent, which policy will take effect?

A

The one defined at the lower level - even if it is more relaxed.
“There’s one important rule to keep in mind. The policies implemented at a higher level in this hierarchy can’t take away access that’s granted at a lower level.”

26
Q

What is recommended as a first step when you create a new organisation?

A

Determine who in your team should be able to create projects and billing accounts and define policies accordingly.
By default, everyone in the domain or the organisation has access to create projects and billing accounts on a new org.

27
Q

What does IAM stand for?

A

Identity AND Access Management

28
Q

Why would you use Google’s Identity and Access Management (IAM) service?

A

To configure:
+ “who”
+ “can do what”
+ on which “resource”.

29
Q

When defining an Identity and Access Management (IAM) policy, what can you use to define the “who” part?

A
  • A Google account,
  • A Google group,
  • A service account,
  • An entire G Suite,
  • Or a cloud identity domain
30
Q

What does an IAM role define/set?

A

A collection of permissions

31
Q

What do you use/need to define the “can do what” part of an IAM policy?

A

An IAM role

32
Q

What are the 3 types of IAM roles?

A

+ Primitive role
+ Predefined role
+ Custom role

33
Q

Name the IAM primitive roles?

A

+ Owner
+ Editor
+ Viewer
+ Billing administrator

34
Q

What 2 things do you need to be mindful about before using IAM custom roles?

A
  1. Creates an additional admin overhead - you have to manage the permissions yourself
  2. They can only be used at “Organisation” or “Project” level - you cannot assign them to a “folder”
35
Q

Can you set folder privileges using an IAM custom role?

A

No - custom roles can only be used against “organisations” or “projects”

36
Q

What type of account would you use to define permissions of a service rather than a person (e.g.: you want to give permissions to a Compute Engine virtual machine)?

A

A service account

37
Q

What do you need to define a service account?

A

The service account must have:
+ an email address
+ a cryptographic key

38
Q

Is a service account a resource?

A

Yes - in addition to being an identity, a service account is also a resource

39
Q

Can you define IAM policies to administer service accounts you create?

A

Yes - service accounts as well as being an identity are a resource.

40
Q

What ways can you interact with GCP?

A

+ Cloud Platform Console
+ Cloud Shell and Cloud SDK
+ Cloud Console Mobile App
+ REST-based API

41
Q

What is the Google Cloud Console?

A

A web‑based
Administrative
Interface

42
Q

What does the Google Cloud Console enable you to do?

A

+ View/manage all your projects/resources
+ Enable, disable, and explore the APIs of GCP services.
+ Gives you access to Cloud Shell.

43
Q

What is Goolge Cloud Shell?

A

A command-line interface to GCP

44
Q

What does SDK stand-for?

A

Software Development Kit

45
Q

Which interfaces allow you to access Google Cloud’s SDK without having to install it yourself?

A

Only the Google Cloud Shell.

46
Q

What is the Google Cloud SDK?

A

A set of tools you can use to manage your resources and your applications on GCP.

47
Q

Name 3 Google Cloud SDK tools?

A

+ gcloud: the main command‑line interface for Google Cloud Platform products and services
+ gsutil: used for Google Cloud Storage
+ bq: used for Big Query

48
Q

List 3 ways you can access the Google Cloud SDK?

A

Google Cloud Shell: comes pre-installed on the virtual machine
Self-install on your own computers, your laptop, your on‑premise servers, or virtual machines and other clouds.
As a Docker image

49
Q

What does API stand for?

A

Application Programming Interface

50
Q

What 2 types of API libraries can you choose from in GCP?

A

Cloud vs. Google API libraries:
+ Cloud Client Libraries
+ Google API Client Library

51
Q

What are Google’s Cloud Client Libraries?

A

+ Latest and recommended libraries for its APIs.
+ They adopt the native styles and idioms of each language.
+ But may not yet support the newest services and features

52
Q

Why would you choose to work with a Google API Client library rather than a Cloud Client library?

A

The Google API Client Library:
+ gives you access to a new feature that is not yet available in the Cloud Client library
+ is written in the language you want to use for your development/integration

53
Q

Why might you use the Cloud Console Mobile App?

A

+ Resource monitoring/management: It lets you examine/manage the resources you’re using in GCP.
+ Dashboarding: It lets you build dashboards so that you can get the information you need at a glance.