GCP Dev

Question 1

Internal eks cluster communication can be done through a Service or an Ingress?

Answer 1

Service

Question 2

In order to not have a secret available from the Kubernetes API Server, you need to use - Kubernetes Secrets, GKE Application-layer Secrets Encryption, or Secret Manager with service account and Workload Identity to auth the service account?

Answer 2

Secret Manager with service account and Workload Identity to auth the service account

Question 3

In GKE with Istio, how can you restrict access to a single API endpoint? NetworkPolicy, AuthorizationPolicy, or mTLS?

Answer 3

Authorization Policy

Question 4

When using workload identity what is the best way to use service accounts to validate to a Google Cloud API? using roles/iam.workloadIdentityUser, use account keys from secret manager, attach service account to the GKE node?

Answer 4

using roles/iam.workloadIdentityUser

Question 5

What autoscaler should you use for a distributed service running in GKE? Horizontal or Vertical pod autoscaler?

Answer 5

Horizontal Pod Autoscaler

Question 6

What should you use for storing session information?

Answer 6

Memorystore for Redis

Question 7

What is the best storage for shopping cart information that can be accessed on each login? BigQuery, Cloud storage, or Firestore?

Answer 7

Firestore

Question 8

What api tool can be public, authenticate, enforces quotas and report metrics? Cloud Run, Cloud Endpoints, Identity-Aware Proxy or GKE Ingress for HTTP(s) Load Balancing

Answer 8

Cloud Endpoints

Question 9

For bucket data that might only be accessed annually what are the two best storage options? Archive, Nearline, Coldline, Standard

Answer 9

Archive or Coldline

Question 10

Which datastore has zero operational cost when no traffic is hitting it? FIrestore or Cloud Sql?

Answer 10

Firestore

Question 11

Which Kubernetes solution can scale down to zero so you don’t have costs when there’s no traffic? GKE, Cloud Run, App Engine, or Compute Engine managed instance group with autoscaling?

Answer 11

Cloud Run

Question 12

Which container option supports running containers in Knative? Cloud Run, Compute Engine, GKE, or App Engine?

Answer 12

Cloud Run utilizes the Knative Serverless Framework

Question 13

Which solution allows instances in a private subnet to communicate with public GoogleApis? Carrier Peering, VPC peering, Shared VPC networks or Private Google Access?

Answer 13

Private Google Access

Question 14

Which cluster mount support read-write-many? Cloud storage bucket mounted by FUSE, persistent disk mounted as shared PersistentVolume, or Filestore mounted as nfs PersistentVolume?

Answer 14

Filestore mounted as nfs PersistentVolume

Question 15

If you have a pub/sub topic and are handling large volumes of messages, should you use a pull subscription or a push subscription?

Answer 15

pull subscription

Question 16

True/False, GOOGLE_APPLICATION_CREDENTIALS env var can be set to an Access Token value for authorization?

Answer 16

False, GOOGLE_APPLICATION_CREDENTIALS should be set to the name of a file that contains the access token

Question 17

Which datastore provides high availability across regions and global consistency? Cloud SQL, Cloud Spanner, Cloud Bigtable?

Answer 17

Cloud Spanner

Question 18

Which provides high speed reads and writes? Cloud Bigtable, Cloud Storage or BigQuery?

Answer 18

Cloud Bigtable

Question 19

Which is the most cost effective for 100T byte initial data migration? Partner Interconnect, Dedicated Interconnect , Transfer Appliance?

Answer 19

Transfer Appliance

Question 20

Data stores that offer a multi-regional location are: Cloud Storage, Memorystore, Fiirestore, Cloud SQL, Cloud Spanner

Answer 20

Cloud Storage, Firestore, Cloud Spanner

Question 21

When forwarding messages to https endpoints if you need explicit rate controls, and timeouts longer than 10 min, you should use: Pub/Sub or Cloud Tasks

Answer 21

Cloud Tasks

Question 22

What is the preferred way to implement URL discovery on Cloud Run

Answer 22

Treat other service URLs as configuration and pass them using environment variables

Question 23

What is the hierarchy of Projects, Resources, Organizations, Folders?

Answer 23

Organization -> Folders -> Projects -> Resources

Question 24

Which container solution will not charge you when not handling requests?

Answer 24

Cloud Run

Question 25

Where can CloudRun pull containers from?

Answer 25

Only from artifact registry

Question 26

Where do jobs from Cloud Run get run?

Answer 26

Cloud Scheduler

Question 27

What is the closest equivalent to EC2?

Answer 27

Compute Engine

Question 28

How can you autoscale on Compute Engine?

Answer 28

managed instance groups (MIG)

Question 29

What is the closest equivalent of S3?

Answer 29

Cloud Storage

Question 30

What is the closest equivalent of RDS?

Answer 30

Cloud SQL

Question 31

What do you use for big data analysis and interactive querying capabilities?

Answer 31

BigQuery

Question 32

What storage offerings are SQL?

Answer 32

Cloud SQL, Cloud Spanner,

Question 33

What storage offerings are no sql?

Answer 33

BigQuery, BigTable, Firestore, Firebase Realtime Database, Cloud storage

Question 34

What storage should you use for Financial analysis and prediction, IOT processing and analytics, or marketing applications?

Answer 34

Cloud BigTable

Question 35

What data store should you use for Mobile and web applications with both online and offline capabilities?

Answer 35

Firestore

Question 36

What datastore should you use for Development of apps that work across devices, Ad optimization and personalization, or Third-party payment processing?

Answer 36

Firebase Realtime Database

Question 37

What datastore do you use when you plan to use large amounts of data (more than 10TB) and need transactional consistency?

Answer 37

Cloud Spanner

Answer 38

Cloud Spanner

Question 39

What datastore do you use if you are using large amounts of single key data. In particular, it is good for low-latency, high throughput workloads.

Answer 39

Cloud Bigtable

Question 40

How can you setup physical connection between your on-premises infrastructure, Google Cloud, and other resources?

Answer 40

Cloud Interconnect

Question 41

Which two provide a direct connection to Google Cloud’s network? Direct Peering, Dedicated Interconnect, Carrier Peering, Partner Interconnect

Answer 41

Direct Peering and Dedicated Interconnect

Question 42

Which two provide a connection to Google Cloud’s network through a partner? Direct Peering, Dedicated Interconnect, Carrier Peering, Partner Interconnect

Answer 42

Carrier Peering and Partner Interconnect

Question 43

Which two provides access to Google Workspace services, YouTube, and Google Cloud APIs using public IP addresses? Direct Peering, Dedicated Interconnect, Carrier Peering, Partner Interconnect

Answer 43

Direct Peering and Carrier Peering

Question 44

Which two provide connections use a VLAN that pipes directly into your Google Cloud environment, providing connectivity to internal IP addresses in the RFC 1918 address space? Direct Peering, Dedicated Interconnect, Carrier Peering, Partner Interconnect

Answer 44

Dedicated Interconnect and Partner Interconnect

Question 45

How do you configure private communication between VPC networks in the same project?

Answer 45

VPC Network Peering

Question 46

How do you configure private communication between VPC networks in different projects?

Answer 46

Shared VPC

Question 47

What is the closest equivalent of Route53?

Answer 47

Google Cloud DNS

Question 48

What service implements dynamic VPN that allows topology to be discovered and shared automatically, which reduces manual static route maintenance?

Answer 48

Cloud Router

Question 49

What is the lowest-cost option, used ideally for data archiving, online backup, and disaster recovery. data that you plan to access less than once a year?

Answer 49

Archive Storage

Question 50

You can use what feature in Cloud Storage to move logs to Nearline or Coldline storage classes and delete them after the required retention period has passed?

Answer 50

Object lifecycle management

Question 51

What allows instances in the subnetworks to communicate with public Google API endpoints even if the instances don't have external IP addresses?

Answer 51

Private Google Access

Question 52

What allows resources without external IP addresses to create outbound connections to the internet?

Answer 52

Cloud NAT

Question 53

T/F - VPCs are region specific?

Answer 53

False, VPCs can be deployed across multiple regions

Question 54

If you are transferring data from Azure to GCP should you use Storage Transfer Service or Transfer Appliance

Answer 54

Storage Transfer Service, (Transfer appliance only works with on prem)

Question 55

What creates Pod-level firewall rules that determine which Pods and Services can access one another inside your cluster?

Answer 55

Network Policy