GCP General

Question 1

What is the purpose of Google Compute Engine?

Answer 1

Creating VM’s, it much like AWS EC2

Question 2

What is the purpose of Google Cloud Storage?

Answer 2

It is object storage used for storing unstructured data like files, images, videos. It is much like AWS S3.

Question 3

What is the purpose of Google Cloud SQL?

Answer 3

It is a fully-managed MySQL/PostgresSQL database service.

Question 4

What is the purpose of Google App Engine?

Answer 4

It is a PaaS platform for running cloud native, highly available and scalable application, it is a PAAS much like AWS Beanstalk.

Question 5

What is the purpose of Google Cloud Kubernetes engine?

Answer 5

It is a managed Kuberentes service for running container-based applications.

Question 6

What is Google Cloud Functions?

Answer 6

It is a function as a service. (Lambda)

Question 7

What is the main unit in GCP used to group resources?

Answer 7

Project

Question 8

Is a project tied to a region?

Answer 8

No, it is independent of the region.

Question 9

Does GCP bill per hour, what if you something for 5 minutes?

Answer 9

5min, GCP is billed per minute.

Question 10

To receive discounts on pricing do you have to make an upfront commitment like you do with Azure and AWS using reserved instances?

Answer 10

No, you automatically receive a discount based on sustained usage by aggregating the instance usage over the month.

Question 11

When I store data on GCP do I need to enable encryption for data at rest and in transit?

Answer 11

No, all data in GCP is automatically encrypted for both transit and at rest.

Question 12

What are the big category areas in GCP?

Answer 12

Compute
-Compute Engine
-Container Engine
-Cloud App engine
-Cloud Functions

Storage
- Cloud storage (Object storage)
- Bigtable (Wide column DB)
- Cloud SQL (MySQL and Postgres)
- Cloud Datastore (Document DB)
-Spanner (SQL like DB)

Big data
- Pub/Sub (High performance messaging)
- Dataflow (ETL)
- BigQuery (Data wherehouse, SQL query)
- Dataproc
- Datalab

Machine Learning
-Vision API
Machine Learning
Speech API
Translate API

Question 13

For GCP what is the structure hierarchy?

Answer 13

Orgnizatiuons->Folders->Projects-Resources

Question 14

For GCP what is the hierarchy parent of a resource?

Answer 14

Project

Question 15

For GCP what is the hierarchy parent of a project?

Answer 15

Folder

Question 16

Can I attach a Project to two organizations?

Answer 16

No, an organization can only be attached to a single organization.

Question 17

Is the project a core organizational component of GCP?

Answer 17

Yes, the project is the core hierarchy component used for,
- Permission
- Billing
- API’s

Question 18

What are the 3 projetc attributes?

Answer 18

• Frendly name : ‘keith-project-01’
• Project ID: also known as an app ID
• Project number: Used to identify resources belong to a project

Question 19

Can you change the project frendly name?

Answer 19

Yes

Question 20

Can you change the project frendly name?

Answer 20

YES

Question 21

Can you have duplicate projetc name on GCP?

Answer 21

No the name has to be unique.

Question 22

Where cna I quickely find my projetc ID?

Answer 22

When you open a projetc in GCP portal, the project panel is in the top righ. It contanns,
-Frendly name
- Project ID

Question 23

Can you rename a GCP projetc?

Answer 23

Yes

Question 24

When you shutdown a project can it be stgopped with in 30days.

Answer 24

Yes, the billing owner will be notified and has the poition to stop the shutdown.

Question 25

When you shutdown a GCP project, whne will the project be deleted and gone for ever?

Answer 25

30day from shutdown.

Question 26

How can i restore a projetc form the console screen?

Answer 26

In IAM -> Managed resources -> there is a link resources pending deletion.

Question 27

In GCP what is IAS?

Answer 27

IAS is identity and acces managment, it is like IAM in AWS.

Question 28

What is the GCP hierarchy?

Answer 28

Organizations
Folders
Projects
Resources

Question 29

What is a GCP organization?

Answer 29

The organization represents a company.

Question 30

Is the GCP organization a root node?

Answer 30

Yes, it is the start of the hierarchy.

Question 31

What are the 3 types of interaction with GCP?

Answer 31

GCP web portal, CLI and API.

Question 32

What are gcloud, gsutil, bq?

Answer 32

gcloud is many common GCP tasks
gsutil is google cloud storage
bq is goodle cloud big query

Question 33

What format does the API use?

Answer 33

JSON

Question 34

What authorization and authentication does the GCP API use?

Answer 34

OAUTH 2.0
To turn on and off APIs in Google Cloud Platform (GCP), you need the following permissions:

cloudresourcemanager.projects.update: This permission allows you to modify project metadata, including enabling or disabling APIs.
cloudresourcemanager.projects.get: This permission is required to retrieve project information before making changes.
Note: These permissions can be granted at the project level or at the organization level.

Question 35

If you were polling the GCP often and started to receive errors what could it be?

Answer 35

API has a daily limit.

Question 36

What is the GCP cloud shell?

Answer 36

It is a shell available in the CCP portal, it is a Linux machine with 5GB persistent storage. The home directory is where data is preserved.

Question 37

What is the format of the GCLOUD command?

Answer 37

gcloud compute instance create
gcloud group group command args

Question 38

How can you call an AP{I to exercise?

Answer 38

Call google API explorer, this is a GCP tool enabling you to call all the GCP API from a web console.

Question 39

What is the name of the service for running VM’s?

Answer 39

Google Compute Engine

Question 40

What is the name of the service for running applications?

Answer 40

Google app engine

Question 41

What is the name of the service for running containers?

Answer 41

Google container engine

Question 42

What is the name of the Google service for running function?

Answer 42

Google cloud functions

Question 43

What is google compute engine used for?

Answer 43

Running instances

Question 44

What is google container engine used for?

Answer 44

Running Kubernetes type containers.

Question 45

What is google app engine used for?

Answer 45

It is a PaaS for running apps like Python, Go, PHP, Java, .NET Core, Docker Image

Question 46

What is google cloud functions used for?

Answer 46

It’s functions as a service and is restricted to running node js or java. It is triggered by an event.

Question 47

What is a label and where is it used?

Answer 47

A label is a tag and is used to group and filter resources.

Question 48

What is a fast and easy way to grab an unknown CLI command?

Answer 48

Using the web portal you have a way to get what the gcloud CLI command would look like.

Question 49

What is the URL for the google login?

Answer 49

console.cloud.google.com

Question 50

Is a zone equal to a physical data center?

Answer 50

No, the are fault tolerant physical units, we can think of zones as existing in multiple data centers where each data center has multiple independent zones.

Question 51

Are zones separated by more than 160 KM

Answer 51

No, zones exist in more then one physical data center in a region, with each data center having multiple zones.

Question 52

When resources store data in a multi region, what is the expected minimum distance between regions?

Answer 52

More than 160 KM
In Google Cloud (GCP), the minimum distance between regions typically exceeds 100 miles (160 km). This geographic separation helps to ensure data redundancy and high availability by mitigating the impact of local natural disasters or network failures. GCP regions are designed to be physically and logically separated, with multiple availability zones within each region that are also spread out geographically.

Question 53

For a project can you turn off and on the GCP API’s per service?;

Answer 53

Yes, you can say turn off the API for Compute Engine.

Question 54

What are the different types of workloads in GKE?

Answer 54

ypes of workloads
Kubernetes provides different kinds of controller objects that correspond to different kinds of workloads you can run. Certain controller objects are better suited to representing specific types of workloads. The following sections describe some common types of workloads and the Kubernetes controller objects you can create to run them on your cluster, including:

Stateless applications
Stateful applications
Batch jobs
Daemons

Question 55

What is a deployment in GKE?

Answer 55

What is a Deployment?
Deployments represent a set of multiple, identical Pods with no unique identities. A Deployment runs multiple replicas of your application and automatically replaces any instances that fail or become unresponsive. In this way, Deployments help ensure that one or more instances of your application are available to serve user requests. Deployments are managed by the Kubernetes Deployment controller.

Deployments use a Pod template, which contains a specification for its Pods. The Pod specification determines how each Pod should look like: what applications should run inside its containers, which volumes the Pods should mount, its labels, and more.

When a Deployment’s Pod template is changed, new Pods are automatically created one at a time.

Question 56

What are VPC Service Controls?

Answer 56

Control dataflow in and out of VPC
VPC Service Controls provides an extra layer of security defense for Google Cloud services that is independent of Identity and Access Management (IAM). While IAM enables granular identity-based access control, VPC Service Controls enables broader context-based perimeter security, including controlling data egress across the perimeter. We recommend using both VPC Service Controls and IAM for defense in depth.
Enforced mode
Enforced mode is the default mode for service perimeters. When a service perimeter is enforced, requests that violate the perimeter policy, such as requests to restricted services from outside a perimeter, are denied.

A perimeter in enforced mode protects Google Cloud resources by enforcing the perimeter boundary for the services restricted in the perimeter configuration. API requests to restricted services do not cross the perimeter boundary unless the conditions of the necessary ingress and egress rules of the perimeter are satisfied. An enforced perimeter protects against data exfiltration risks, such as stolen credentials, misconfigured permissions, or malicious insiders that have access to the projects.

Establish virtual security perimeters for API-based services
Users can define a security perimeter around Google Cloud resources such as Cloud Storage buckets, Bigtable instances, and BigQuery datasets to constrain data within a VPC and control the flow of data. With VPC Service Controls, enterprises can keep their sensitive data private as they take advantage of the fully managed storage and data processing capabilities of Google Cloud.

Question 57

How many ways can you publish a new topic to Cloud Pub Sub?

Answer 57

Console
CLI
API call
publish messages to a topic which is associated with a schema.

Question 58

What file types can you use for deployment manager?

Answer 58

Python, Yaml, Jinja2

Question 59

Which load balancers can use a target pool of instances for the backend?

Answer 59

Using target pools

External TCP/UDP Network Load Balancing can use either a backend service or a target pool to define the group of backend instances that receive incoming traffic.

When a network load balancer’s forwarding rule directs traffic to a target pool, the load balancer chooses an instance from the target pool based on a hash of the source IP address, the source port, the destination IP address, and the destination port.

Question 60

How do you figure out LB type?

Answer 60

From internet or not
For TCP or HTTP traffic

Question 61

What permissions do you need to monitoring workspace?

Answer 61

Monitoring Editor, Monitoring Owner, and Project Owner

Question 62

What are the two ways to have a workspace for two projects?

Answer 62

If you have created a multiproject Workspace in the past, you have a few options to consider.

You can either create a new Workspace
or

Add the project to an existing Workspace.

Google describes these as the

Add Workspace Approach

Merge Workspace Approach

Question 63

A Workspace requires that your project be provisioned with the following user roles in IAM:

Answer 63

•Monitoring Editor

•Monitoring Admin

•Project Owner

Before you create a new Workspace, you need to identify who in the organization has roles in a given project. To do so, go to Cloud Console and select IAM & Admin. Each user role is listed beside the member name (see Figure 11-2). You should filter your user list to only actual users in order to remove service accounts.

Question 64

How do you establish a service account for a new application on your GCE VM Instance.

Answer 64

You create the service account in IAM.
You add the account to the GCE Instance
Don’t use the Google default service acount, that doesn’t have proper permissions.

Question 65

Your company uses BigQuery to store customer information in its data warehouse. The company is made up of five different business units. Each business unit has created thousands of projects based on different marketing metrics. The chief marketing officer has asked the CIO if the cloud engineering team can create a single dataset that evaluates all tables where customers purchased specific products that were recently recalled across stores. The column name is PROD_ID. What is the most economical way to complete this task?

Answer 65

Establish a Cloud Dataflow job. This requires the creation of an empty BigQuery table and the use of a Dataflow SQL query looping through all the project data pooled together in the organization. You would query on the schema columns in the view you’ve create that match PROD_ID.

Cloud Dataflow is GCP’s data processing service for both batch and real-time data streaming applications. Dataflow allows developers to set up processing capabilities to integrate, prepare, and analyze big data analytics sets. Creating a single table in BigQuery that ingests all datapoints using a common information schema creates many opportunities for data efficiency. Once all data is isolated in the single table, querying for the specific identifier is easier than querying across several hundred datasets or having to migrate across many tools unnecessarily.

Question 66

You recently configured a Google Kubernetes instance. You want to make this application available to the public. You consider the need for Cloud Load Balancing given the application is publicly exposed, with a significant population of users. What type of configuration best fits these requirements?

Answer 66

Create a Kubernetes service using type NodePort. Then create an ingress resource to ensure the HTTPS web server application is publicly accessible.

Node Port is another option for exposing your GKE application to the public, but it has some limitations compared to HTTP(S) load balancing:

Less scalable: Node Port doesn’t offer the same level of scalability and performance as HTTP(S) load balancing, especially for large-scale applications.
Requires manual configuration: You need to manually configure firewall rules and DNS records to expose your application using Node Port.
Security concerns: Node Port can expose your application directly to the internet, making it more vulnerable to attacks.
When to use Node Port:

Small-scale applications: Node Port is suitable for small-scale applications with limited traffic.
Testing and development: It can be used for testing and development purposes before deploying a more scalable solution.
Specific use cases: There may be specific use cases where Node Port is preferred, such as when you need to access the application from within the cluster or for certain networking configurations.
However, for most production applications, HTTP(S) load balancing is the recommended approach due to its superior scalability, performance, and security benefits.

Question 67

How do you exposing applications using GKE services

Answer 67

bookmark_border
This page shows how to create Kubernetes Services in a Google Kubernetes Engine (GKE) cluster. For an explanation of the Service concept and a discussion of the various types of Services, see Service.

Introduction
The idea of a Service is to group a set of Pod endpoints into a single resource. You can configure various ways to access the grouping. By default, you get a stable cluster IP address that clients inside the cluster can use to contact Pods in the Service. A client sends a request to the stable IP address, and the request is routed to one of the Pods in the Service.

There are five types of Services:

ClusterIP (default)
NodePort
LoadBalancer
ExternalName
Headless

Question 68

You created a Google Kubernetes Engine cluster. The cluster requires a minimum of four Pods to be operational at any given time. You need to make sure that the minimum number of Pods in the cluster is always available. What approach should be utilized to ensure operational continuity?

Answer 68

The purpose of a ReplicaSet is to maintain a stable set of replica Pods running at any given time. ReplicaSets are used to guarantee the availability of a specified number of identical Pods.

Question 69

A new teammate needs to gain access to a recently deployed Linux VM using SSH. They are only familiar with how to connect to a VM using Windows RDP. What would you suggest the user consider?

Answer 69

You would instruct the user that Compute Engine self-manages the SSH keys when you connect to a Linux VM using a browser. The instance creates and applies the SSH key pairs automatically. Since you cannot manage the SSH keys, you connect using the browser where roles are controlled by Cloud IAM. You must be a project member with roles/compute.instanceAdmin.
The user is given the appropriate project membership role, role/compute.instanceAdmin. The permission assigned allows for the creation, modification, and deletion of virtual machine instances, including Shielded VMs. If the user is intended to run VM instances as service accounts, the user also requires the roles/iam.serviceAccountUser role.

Question 70

You recently deployed a highly available application in your GCP environment. The helpdesk has received notifications daily that the system experiences performance issues around noon. Many users are getting timeout errors. Which Operations solution is best to determine the initial end-user problems?

Answer 70

Cloud Trace is a distributed tracing application. The purpose of Cloud Trace is to enable developers and their counterpart operations engineers to identify where performance issues exist, specifically code-based performance challenges.

Question 71

Your organization would like to create new projects for each of the DevOps interns. The interns will be partaking in a corporate-wide initiative to develop mobile applications on GCP. The cloud engineer is having trouble creating new accounts for each intern. What permissions are required to create a project?

Answer 71

The user must have roles/resourcemanager.projectCreator permission.
The role provides access to create new projects. If the user creates a project, they are then automatically given owner role access for that project.

Question 72

You work for a design company. You recently created various graphics stored in a ZIP file called Graphic.ZIP. You housed them in the Cloud Storage bucket called Demo. Much of the team develops its graphics portfolio on a Compute Engine instance called DesignInstance. Today, you presented your work to the client and want to move the designs placed in Demo to Production. How would you go about completing this task?

Answer 72

gsutil mv gs://Demo/Graphics.Zip gs://Production/Graphics.Zip

When you are moving objects between Cloud Storage buckets, you utilize gsutil, and mv stands for move. The Demo bucket is the source bucket, whereas Production is the destination. The question is asking you to move the document, not copy it.

Question 73

What is a replica set?

Answer 73

ReplicaSet is a controller, as mentioned earlier in the chapter, that is capable of identifying when there are not enough Pods available for a running application or workload. If such a condition is recognized, a ReplicaSet will create one or more Pods. ReplicaSets can also update and delete Pods.

Question 74

What are GKE Deploykments

Answer 74

Deployments are sets of like-kind Pods managed by the Kubernetes Deployment controller that does not have any unique characteristics. When an instance becomes unhealthy, a Deployment can run one or more replicas of an application to replace failed or unresponsive instances. Deployments ensure that application instances are available to serve user requests as necessary.
Deployments makes use of the Pod template to describe a Pod specification.
The Pod specification acts as a blueprint detailing what the Pod should act and look like throughout its entire life cycle. The specification makes clear how an application should operate, the prerequisites for volume mounting, and labeling conventions among specific details. New Pods are automatically created any time a template is modified.

Question 75

How to you run Bigquery jobs programmatically

Answer 75

To run a BigQuery job programmatically using the REST API or client libraries, you:

Call the jobs.insert method.
Periodically request the job resource and examine the status property to learn when the job is complete.
Check to see whether the job finished successfully

Required permissions
To run a BigQuery job, you need the bigquery.jobs.create IAM permission.

Each of the following predefined IAM roles includes the permissions that you need in order to run a job:

roles/bigquery.user
roles/bigquery.jobUser
roles/bigquery.admin
Additionally, when you create a job, you are automatically granted the following permissions for that job:

bigquery.jobs.get
bigquery.jobs.update

Question 76

What roles would you use to manage service accounts? to create?

Answer 76

iam.serviceAccountUser - manage and control accounts
iam.serviceAccountAdmin - create plus User
iam.serviceAccountCreator - create but nothing else