GCE Flashcards

1
Q

GCE Configuration: Confidential VM service

A

Service adds protection to your data in-use by keeping memory of this VM encrypted with keys that Google doesn’t have access to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

GCE Configuration: Boot Disk

A

Each instance requires a disk to boot from. Select an image or snapshot to create a new boot disk or attach an existing disk to the instance
Deletion Rules:
*Keep boot disk
*delete boot disk
Encryption
Google Managed Key - No configuration
Customer Managed CMEK: managed via Google Cloud Key Management Service
Customer-supplied encryption key CSEK manage outside of Google cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

GCE Configuration: Identity and API access

A

Applications running on the VM use the service account to call Google Cloud APis.
Select the service account you want to use an the level of API access you want to allow.
Access Scopes
Default: read only access to storage and service management
write access to stackdriver logging and monitoring, read/write acces to service control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

GCE Configuration: Firewall

A

By default all incoming traffic from outside a network is blocked. Select the type of network traffic you want to allow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

GCE Configuration: Observability Ops Agent

A

The Ops Agent is the primary agent for collecting telemetry from your compute engine instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

GCE Configuration: Networking

A

Network tags hostname
Ip Forwarding
forwarding allows the instance to help route packets
NIC
gVNIC
VirtIO
Network Bandwidth
Per VM Tier_1 networking performance offers higher egress bandwidth for VM to VM and VM to Public IP communication.
Maximum outbound network bandwidth: 2Gbps Vm to Public IP: 2 Gbps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

GCE Configuration: Security

A

Shielded VM
Features include trusted UEFI firmware and come with options for secure Boot, vTPM, and integrity monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

GCE Configuration: Management

A

Deletion protection
When deletion protection is enabled, instance cannot be deleted
Reservations
Automation
You can choose to specify a startup script that will run when your instance boots up or restarts. Startup scripts can be used to install software and updates, and to ensure that services are running within the virtual machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

GCE Configuration: Data Encryption

A

**Google-managed **encryption key
Customer managed encryption CMEK
Available policies
standard for most workloads
Spot Ideal for fault-tolerant workloads
Set a time limit for the VM
A standard VM will run until the set max run duration.
A spot VM may be interrupted prior to the set time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

GCE Configuration: Sole-tenancy

A

CPU Overcommit
Sole-tenant nodes with CPU overcommit provides dedicated access to a physical server with the ability to control the overcommit levels of each virtual machine scheduled onto the node

How well did you know this?
1
Not at all
2
3
4
5
Perfectly