GCP ACE

Question 1

What is the order of GCP launch stages? Used in logging and monitoring to check where features are.

Answer 1

UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA (General Availability)

Question 2

Can the Organizational Administrator IAM role turn off all services in an existing GCP project?

Answer 2

No. An admin of an Organization is a member that has privileges which include modifying product access privileges for other members, inviting and removing members from an Organization and changing member roles. An Organization can have more than one admin. More to do with IAM policies than resources. The Project owner CAN shut down all resources.

Question 3

What service enables admins to synchronize users, groups, and other data from an Active Directory/LDAP service to their cloud domain directory?

Answer 3

Google Cloud Directory Sync (GCDS)

Question 4

What are the recommended access reoccurrence threshold for the different GCS Storage Classes?

Answer 4

Standard - frequently, daily
Nearline - less than once a Month
Coldline - less than once a quarter
Achive - less than once a year

Question 5

Does roles/iam.serviceAccountUser or roles/iam.serviceAccountAdmin allow you to create service accounts?

Answer 5

roles/iam.serviceAccountAdmin

Question 6

What role allows you to view the hierarchal structure on your organization, but not any resources?

Answer 6

roles/browser. This does allow them to view IAM policy as well

Question 7

You want to quickly deploy a third-party app, what should you use?

Answer 7

Google Cloud Marketplace

Question 8

How should you group resources that share common IAM policies?

Answer 8

Use folders to group resources that share common IAM policies.

Question 9

By default, where does GKE collect the app logs when the log data is written? Two answers

Answer 9

STDOUT and STDERR

Question 10

What is the CLI command to default to a GKE cluster?

Answer 10

gcloud config set container/cluster <CLUSTER_NAME></CLUSTER_NAME>

Question 11

Can App Engine flexible scale to zero?

Answer 11

No. It has to start at one. Standard can scale to zero, and does by default.

Question 12

Are images recommended for pub/sub?

Answer 12

No.

Question 13

What is the gcloud command to use a service account private key for authentication?

Answer 13

gcloud auth activate-service-account <PRIVATE_KEY_PATH></PRIVATE_KEY_PATH>

Question 14

What are the memory-optimized machine types?

Answer 14

M1, M2, M3. Can be used for in-memory purposes

Question 15

What are the Alert Maxiumums for high-priority single-region and multi-region?

Answer 15

single-region: 65%

Multi-region: 45%

Question 16

Can you enable deletion protection on a VM instance?

Answer 16

Yes.

Question 17

How can you grant access to an operations partner (no GCP account) to VM instances to install tooling?

Answer 17

Cloud IAP Tunnel user with IAP. Identity-Aware Proxy.

Question 18

Can you update an App Engine’s region after it is created?

Answer 18

NO. You either need to create a new project and then deploy the new region there, or delete and recreate in that project.

Question 19

What is a DaemonSet?

Answer 19

Ensures that all (or some) Nodes run a copy of a pod.
Typical Use cases:
- running a cluster storage daemon on every node
- running a log collection daemon on every node
- running a node monitoring daemon on every node

Question 20

What is the best storage/db solution for time-series data?

Answer 20

BigTable. But you can use BigQuery to run analysis on it.

Question 21

Can Managed Instance Groups read config files like YAML?

Answer 21

No, for that you would need Deployment Manager

Question 22

How do you support point-in-time recovery for data in SQL?

Answer 22

Enable binary logging.

Question 23

How is GKE sandbox built?

Answer 23

With gvisor. You can enable GKE sandbox to isolate untrusted workloads.

Question 24

Why would a GKE pod be in a ponding status? 3 answers.

Answer 24

Not enough CPU. Not enough Memory. Not enough CPU and Memory.

Question 25

What data services can use Dataplex?

Answer 25

Cloud Storage and BigQuery. Then you can use Data Catalog.

Question 26

What command allows you to reset and retrieve a password for a windows VM?

Answer 26

gcloud compute reset-windows-password <INSTANCE_NAME></INSTANCE_NAME>

Question 27

What does Cloud Container Registry use as underlying storage for container images?

Answer 27

Cloud Storage. So if someone needs access, they need Cloud Storage permissions.

Question 28

What are the 5 types of GKE services?

Answer 28

• ClusterIP: default, client sends requests to stable internal IP address
• NodePort: client sends IP address of a node on 1 or more nodePort
• Loadbalancer: client sends requests to IP address of a network loadbalancer
• ExternalName: Internal client uses the DNS name of a service as an alias for an external DNS name
• Headless: Pod grouping, but no stable IP address

Loadbalance is an extension of nodePort which is an extension of ClusterIP

Question 29

What does maxSurge indicate within a managed instance group update?

Answer 29

Maxiumum additional # of instances that can be created during the update process.

Can be fixed or %.

Question 30

Does Instance Template have the ability to enable health checks?

Answer 30

No, but managed instance groups can.