GCE

Question 1

GCE Configuration: Confidential VM service

Answer 1

Service adds protection to your data in-use by keeping memory of this VM encrypted with keys that Google doesn’t have access to.

Question 2

GCE Configuration: Boot Disk

Answer 2

Each instance requires a disk to boot from. Select an image or snapshot to create a new boot disk or attach an existing disk to the instance
Deletion Rules:
*Keep boot disk
*delete boot disk
Encryption
Google Managed Key - No configuration
Customer Managed CMEK: managed via Google Cloud Key Management Service
Customer-supplied encryption key CSEK manage outside of Google cloud

Question 3

GCE Configuration: Identity and API access

Answer 3

Applications running on the VM use the service account to call Google Cloud APis.
Select the service account you want to use an the level of API access you want to allow.
Access Scopes
Default: read only access to storage and service management
write access to stackdriver logging and monitoring, read/write acces to service control

Question 4

GCE Configuration: Firewall

Answer 4

By default all incoming traffic from outside a network is blocked. Select the type of network traffic you want to allow

Question 5

GCE Configuration: Observability Ops Agent

Answer 5

The Ops Agent is the primary agent for collecting telemetry from your compute engine instances.

Question 6

GCE Configuration: Networking

Answer 6

Network tags hostname
Ip Forwarding
forwarding allows the instance to help route packets
NIC
gVNIC
VirtIO
Network Bandwidth
Per VM Tier_1 networking performance offers higher egress bandwidth for VM to VM and VM to Public IP communication.
Maximum outbound network bandwidth: 2Gbps Vm to Public IP: 2 Gbps

Question 7

GCE Configuration: Security

Answer 7

Shielded VM
Features include trusted UEFI firmware and come with options for secure Boot, vTPM, and integrity monitoring

Question 8

GCE Configuration: Management

Answer 8

Deletion protection
When deletion protection is enabled, instance cannot be deleted
Reservations
Automation
You can choose to specify a startup script that will run when your instance boots up or restarts. Startup scripts can be used to install software and updates, and to ensure that services are running within the virtual machine

Question 9

GCE Configuration: Data Encryption

Answer 9

**Google-managed **encryption key
Customer managed encryption CMEK
Available policies
standard for most workloads
Spot Ideal for fault-tolerant workloads
Set a time limit for the VM
A standard VM will run until the set max run duration.
A spot VM may be interrupted prior to the set time

Question 10

GCE Configuration: Sole-tenancy

Answer 10

CPU Overcommit
Sole-tenant nodes with CPU overcommit provides dedicated access to a physical server with the ability to control the overcommit levels of each virtual machine scheduled onto the node