GCP Professional Cloud Architect Flashcards
What are the General Purpose Machine Families?
E2, N2, N2D, N1
What are the benefits of general purpose machine types in GCP compute?
Best price to performance ratio
What are the Memory Optimized Machine Families?
M2 and M1
What are the compute optimized machine family designations
C2
How is the compute engine naming convention broken down?
e2-standard-2
Machine Type Family-Type of Workload-Number of CPU
What are the two types of compute engine Images?
Public (Maintained by google or open source sources)
Custom (created by you for your projects)
T or F:
Static IP can be switched to another VM instance in same project
True
Does a static IP address remain attached to a VM if you stop the instance?
Yes
T or F:
Are are billed for an Static IP when you are NOT using it?
Yes/True
What are ways to reduce the number of steps for creating a vm instances setting up a HTTP Server?
Startup Scripts
Instance Template
Custom Image
After Creating an Instance Template, can you update this?
No, you need to copy it, and then modify what you need, save this as the new template
Which of these is the preferred option to reduce the launch time of a VM instance?
- Startup Script
- Custom Image
Custom Image. This does not need to run any installation and would be built from a VM that already has been fully configured.
How can you avoid specifying all the VM instance details every time you create a VM?
Create an Instance Template
What does 2 in the Machine Type e2-standard-2 represent?
2 vCPU
What are the prerequisites to be able to create a VM instance?
- Project
- Billing Account
- Compute Engines APIs should be enabled
How do you get dedicated instances that are not shared with other customers?
βSole Tenant nodesβ in the compute engine console
How do you automate VM OS patching across many machines?
VM Manager/ OS Patch Management
How to prevent internet to a VM
Do not assign an external IP address
What are instance groups?
Group of VM instances managed as a single entity. Manage similar groups of VMs having a similar life cycle as one unit
What are the two types of instance groups?
Managed: Identical VMs created using template. Has auto scaling, auto healing, and managed releases
Unmanaged: Different configuration for VMs in same group: Does not offer previous features
Managed Instance Groups have what important features?
On instance Crash, MIG launches another instance
Auto scaling instance numbers
Add a LB to distrubute load
Create instances in multiple zones using Regional MIGs
Release new application versions without downtime
Rolling updates
Canary Deployment: Test new version with a group of instances before releasing it across all instances
What are Auto Scaling metrics?
CPU utilization
Load Balancer Utilization
Any other metric from Stack Driver
What is the Cool-down period in Auto Scaling?
How long to wait before looking at auto scaling metrics again
What are Scale In Controls?
Prevent sudden drop in number of VM instances
βdonβt scale in by more that 10% or 3 instances in 5 minutesβ
What is Autohealing?
Configure a health check with initial delay, before looking in on whether an instance needs to be replaced or not.
What is the difference between stateless and stateful MIG?
Stateless provides serving and batch processing.
Stateful is persistent data or configurations such as DBs or legacy apps
In updating MIG, what are the update tempos?
Update Immediately (Proactive)
Update when Instance group is resized (Opportunistic/Selective)
What is the Rolling Restart/Replace Upgrade Option in MIGs?
No change in template but replace/restart existing VMs
Can a MIG contain VMs created with different machine types?
No
Cloud Load Balancing has what important features?
- Health check, route to healthy instances
- Auto Scaling based on demand
- Global Load Balancing with Single Anycast IP
- Internal Load Balancing
What is a restriction of UDP load balancers?
They cannot be multi-regional
What are the 3 important configurations for Cloud Load Balancers?
What is the backend?
What are the host and path rules?
What is different then?
Does a Cloud Load Balancer require a certificate?
Yes
In Cloud Load Balancing, what is SSL Termination/Offloading?
If youβre using layer seven, this has HTTPS going to the LB, but continuing the request in HTTP to the backend service over Google internal network.
In Cloud Load Balancing, what is TLS Termination/Offloading?
If youβre using layer four, and youβre using security
This layer 4 traffic switches to regular traffic to the backend instead of keeping TLS the whole path.
In Cloud Load Balancer selection, if you need SSL offloading, what would you select?
SSL Proxy
In Cloud LB selection, if itβs global, or IPv6, what would you need to select?
TCP Proxy
In Cloud LB selection, if you need to preserve client IP addresses from end user, what would you select?
Network Load Balancer
In Cloud LB External HTTP features, what is the difference between a Proxy and a Pass Through?
Proxy load balancers get the request from a client and they transform it or make changes, sending a different request to the backend.
Pass-through, whatever request comes from the end user is sent out to the backend. So the client will be able to see all the details of the request, which is sent by the client as is.
In Cloud LB, what ports can External HTTP load balance on?
HTTP: 80 or 8080
HTTPS: 443
In Cloud Load balancing, what type of traffic is an SSL Proxy designed for?
Global, External, TCP traffic and an SSL offload
In Cloud LB, what are the two main points of an External Network TCP/UDP LB?
Regional, External, TCP or UDP, PASS THROUGH, and can listen on any port for services
In Cloud LB, what is a URL Map?
Designate URL specific format to route to specific back end services
In Cloud LB, if you want to use global routing, what is needed?
Premium Networking Tier
In Cloud LB, Standard Tier Networking, what is specific to the front end rule?
The IP address is going to be regional, only backends
What are the factors to consider when mentioning βScalability?β
Growth in:
Users
Traffic,
Data Size
What is Vertical Scaling?
Deploying an application/database to bigger instance. Larger resources per individual instance.
What is Horizontal Scaling?
Deploying multiple instances of applications/DBs.
What dependency does Horizontal Scaling require?
Likely to need additional infrastructure such as Load Balancer
In Compute Engine, what is live migration?
Running instances is migrated to another host in the same zone.
In Compute Engine Live Migration, what is SUPPORTED?
Supported for instances with local SSDs
In Compute Engine Live Migration, what is UNSUPPORTED?
Not supported for GPUs and preemptible instances
In Compute Engine Live Migration, what is Availability Policy βOn Host Maintenance?β
What should happen during periodic infra maintenance?
Migrate or Terminate?
In Compute Engine Features: GPUs are not supported on what machine types?
Shared Core or Mem Optimized machine types
Also cannot do Live Migration with a GPU attached
What are Sustained Use Discounts?
Automatic discounts for running VM instances for a significant portion of the billing month.
What does not apply to Sustained Use Discounts?
RESTRICTION: Does NOT apply on certain machine types (example: E2 and A2)
RESTRICTION: Does NOT apply to VMs created by App Engine flexible and Dataflow
What are Committed use discounts?
Workloads with predictable resource needs. Commit for 1 or 3 years. Up to 70% based on machine time.
What do Committed Use Discounts not apply to?
Does NOT apply to VMs created by App Engine flexible
and Dataflow
What is a Preemptible VM
Short-lived cheaper (up to 80%) compute instances.
Max time you can run one is 24 hours.
What are restrictions on Preemptible Instances?
NOT always available
NO SLA and CANNOT be migrated to regular VMs
NO Automatic Restarts
Free Tier credits not applicable
What are Spot VMs?
Latest Versions of Preemptible VMs.
Key difference is that Spot VM does not have a maximum run time.
What is GCloud?
Command line interface to interact with Google Cloud Resources
What Services have specific CLI tools?
Cloud Storage -gsutil
Cloud BigQuery - bq
Cloud Bigtable - cbt
Kubernetes - kubectl
What is the structure of the glcoud command structure?
gcloud GROUP SUBGROUP ACTION
EX: gcloud compute instances list
What are the important things to remember about using Cloud Shell?
Cloud Shell is backed by a VM instance (automatically provisioned by
Google Cloud when you launch Cloud Shell)
5 GB of free persistent disk storage is provided as your $HOME directory
Prepackaged with latest version of Cloud SDK, Docker etc
(Remember) Files in your home directory persist between sessions, instance is terminated if you are inactive for more than 20 minutes
After 120 days of inactivity, even your $HOME directory is deleted
What is IAAS
Infrastructure as a service.
Only using GCP for infrastructure.
You are responsible for:
Application Code and Runtime
Configuring load balancing
Auto scaling
OS upgrades and patches
Availability
What is PAAS?
Platform as a Service
In PAAS, what is the client responsible for?
Client is responsible for:
Configuration (of Application and Services)
Application code (if needed)
In PAAS, what is the provider responsible for?
OS (incl. upgrades and patches)
Application Runtime
Auto scaling
Availability & Load balancing etc..
What is App Engine used for?
Build highly scalable applications on a fully managed platform
using open and familiar languages and tools
PaaS, CaaS, Serverless
What is Cloud Functions used for?
Build event-driven applications using simple, single-purpose
functions.
FaaS, Serverless
What is Cloud Run used for?
Develop and deploy highly scalable containerized applications.
Does NOT need a cluster!
Caas (Serverless)
What languages does App Engine Support?
Go, Java, .NET, Node.js, PHP, Python, and Ruby
What features does App Engine have?
Auto LB
Auto Scale
Managed Platform updates
Application health Monitoring
Application versioning
Traffic Splitting
What are the different App Engine Environments?
Standard: Apps run in language specific sandboxes
What are the App Engine Restrictions on Java, Python, PHP, and Go on V1?
V1: OLD Versions
Restricted network access
Only allow white listed extensions and libraries
What are the App Engine restrictions on languages in V2?
V2: Newer Versions
No restrictions
What is App Engine Flexible?
- Application instances run within Docker containers
Makes use of Compute Engine virtual machines
Support ANY runtime (with built-in support for Python, Java, Node.js, Go,
Ruby, PHP, or .NET)
Provides access to background processes and local disks
In App Engine how many applications can you have per project?
One app per project
In App Engine, what does the Application Component Hierarchy contain?
Application > Service > Version
In App Engine, can you have multiple versions coexist in the same application structure?
Yes.
In App Engine, can you create traffic rules to dictate how much traffic goes to what version of service?
Yes, you can split this up in order to test out V2 of an application.
In App Engine, can your Scaling go to zero?
On Standard, Yes
On Flexible, No
In App Engine, which startup time is faster? Standard or Flexible?
Standard is Faster in instance startup time.
Standard = Seconds
Flexible = Minutes
In App Engine, which version supports Rapid Scaling?
Standard or Flexible?
Standard supports rapid scaling, this is due to the instance start-up time being in seconds instead of minutes as in Flexible.
In App Engine Flexible, what kind of disks are created?
Ephemeral Disks, not permanent storage
In App Engine, which version (Standard or Flexible) supports SSH for debugging?
Flexible
In App Engine, what is the default way to split traffic?
By IP Address
In App Engine, what are the 3 ways to split traffic?
IP Address
Random
Cookie
When working with G Kubernetes Engine, what is the command line prefix?
gcloud container
In GKE, what is the command to expose a cluster to the outside world?
kubectl expose deployment
What does GKE create in the background when you create a cluster?
Global Load Balancer
In GKE, what is the difference between Services, and Ingress?
Services are sets of pods with network endpoints and can be used for discovery and LB.
Ingresses are collections of rules for routing external HTTP(S) traffic to Services
In GKE, where do you configure access to resources like databases?
kubectl create configmap
Configmap is where these are stored
In GKE how do you add a password configuration?
kubectl create secret
In GKE, what is the Master Nodeβs (Control Plane) function?
Itβs an API server and handles all communication for K8s cluster from nodes, and outside requests
In GKE, what component functions make a Master Node?
API Server
Scheduler (deciding placement of pods)
Control Manager - Manages deployments and replica sets
etcd - Distributed database storing the cluster state
In GKE what are worker nodes?
Components that run your pods
Kubelets, manages communication with the master node
in GKE, what are single zone clusters?
Single Zone - Single control plane, nodes running in the same zone.
In GKE, what are Multi-zonal clusters?
Multi-zonal - Single contro lplane but noeds are running in multiple zones
In GKE, what are Regional Clusters?
Regional cluster - replicas of the control pane run in multiple zones of a given region. Nodes also run in same zones where the control plane runs.
In GKE, what are Private Clusters?
Private Cluster - VPC native cluster nodes only ahve internal IP addresses
In GKE, what Alpha Clusters?
Alpha Clusters - Created with alpha APIs with early features. used to test new K8s Features
In GKE what is a pod?
Itβs the smallest deployable unit in kubernetes
Pod contains one or more containers
In GKE, what are the resources all containers in a pod share?
Network
Storage
IP address
Ports
Volumes (Shared persistent disks)
IF A Pod status is βUnknownβ what does that mean?
The Master is unable to find out the status of the pod
In GKE, what is a deployment?
Created for each microservice. These represent a microservice with all its releases.
In GKE, what is a Replica Set?
Ensures that specific number of pods are running for a specific microservice version
In GKE, what is an ingress?
The recommended approach for providing external access to services in the cluster.
In GKE, what does an ingress provide?
Provides Load Balanacing
Provides SSL Termination
Control Traffic by defining rules on the ingress resources
In GKE, what is a Container Registry?
You can secure your container images.
Analyze for vulnerabilities and enforce deployment policies.
If you want to keep your costs low and optimize your GKE implementation, what should you consider?
Consider Preemptible VMs,
Appropriate region,
Committed use discounts.
E2 machine types are cheaper than N1.
Choose the right environment to fit your workload type (Use
multiple node pools if needed).
In GKE if you want an efficient, completely auto scaling GKE solution, what should you consider?
Configure Horizontal Pod Autoscaler for deployments and
Cluster Autoscaler for node pools
In GKE if you want to execute untrusted third-party
code in Kubernetes Cluster, what should you do?
Create a new node pool with GKE Sandbox. Deploy
untrused code to Sandbox node pool.
In GKE, if your pod stays in βpendingβ status, what is the likely cause?
Probably Pod cannot be scheduled
onto a node(insufficient resources)
In GKE, if my pod stays waiting What is the likely cause?
Most probably failure to pull the docker image.
Permissions to pull or network access to the image repository
In GKE, if a pod becomes unhealthy. Which of these will identify and replace the pod?
ReplicaSet
In GKE, How do we store sensitive configuration (passwords) in Kubernetes?
Secrets
If you want to execute code when an event happens (Google Pub/Sub), what service would you use?
Cloud Functions
In Cloud Functions, what are you paying for when running the code?
Pay only for what you use
Number of invocations
Compute time of the invocations
Memory and CPU provisioned
In Cloud Functions what is the default Time out?
60 minutes
1 Hour
3600 seconds
In Cloud Functions, what are events triggered from?
Cloud Storage
Cloud Pub/Sub
HTTP POST/GET/DELETE/PUT/OPTIONS
What kind of scaling do Cloud Functions do?
Horizontal Scaling
What kind of work are Cloud Functions not ideal for?
Not ideal for long running processes
What is Cloud Run?
βContainer to Production in Secondsβ
Built on top of an open standard - Knative
Fully managed serverless platform for containerized applications
ZERO infrastructure management
Pay-per-use (For used CPU, Memory, Requests and Networking
What does Cloud Run for Anthos provide?
Provides the ability to run K8 clusters anywhere.
Cloud
Multi-Cloud
On Premises
In Cloud Functions Gen 1 how many requests can a Function Instance handle?
One at a time.
This means a new function instance will be spun up to handle each new request
In Cloud Functions Gen 2, how many request can a single Function Instance handle?
Can handle multiple requests at the same time.
Max = 1000 (One Thousand)
What are some best practices with Cloud Functions?
To avoid cold starts, set min no of instances (increases cost)
Minimize dependencies (loading dependencies increases initialization time)
Configure max no of instances (protect from abnormally high request
levels)
Use Cloud Endpoints (or Apigee or API gateway) for versioning
Use Cloud Run (& Cloud Functions gen 2) revisions for safer releases:
Configure which revisions should receive traffic and how much
You can rollback to a previous revision if needed
Use Secret Manager to securely store secrets (ex: API keys)
Use Individual Service Accounts for each function
Grant roles/cloudfunctions.invoker role to invoke a cloud function
Manage dependencies using your language specific tool (npm, pip,..)
What is βData in Useβ state?
Active data processed in non persistent state, such as data in RAM.
What is Symmetric Encryption?
Encryption algorithms use the same key for encryption and decryption
What is Cloud KMS?
Key Management Service
Create and manage cryptographic keys, symmetric and asymmetric
Control their use in your applications and GCP service
Allowed to store keys created on premises.
What is the difference between Block Storage and File Storage?
Block storage is like your HDD.
File storage are for files shared by multiple virtual servers
Block storage is also known as?
Persistent Disk, network block storage
What are the two different versions of Persistent Storage?
Zonal: Data replicated in one zone
Regional: Data Replicated in Multiple Zone
What are the two versions of Block Storage?
Persistent Disks
Local SSDs
With Local SSDs, what are two performance selection recommendations?
NVMe-enabled
Multi-queue SCSI
What are the disadvantages of Local SSDs?
Ephemeral storage
Cannot detach and attach to another VM
What is a Persistent Disk (PD)?
Attached to VM as a network drive
Lifecycle Separate from VM instance
I/O Speed Lower (network latency)
Snapshots Supported
Permanent storage
What are the different types of Persistent Disk (PD)?
PD Standard - HDD
PD Balanced - SSD
PD SSD - SSD
What is Sequential IOPS?
Big Data Workloads are needing sequential reads, and not random reads.
What are the steps to mounting a Persistent Disk on a VM?
Attach Disk to VM
Format Disk
Mount the Disk
What is the difference between a Machine Image and an Image
An image contains an operating system (boot persistent disk)
Machine image is everything contained to create a VM instance. Config, metadata, permissions, data from disks
What is Cloud Filestore?
Shared Cloud File Storage
Suitable for high perf workloads
True or False:
Cloud Storage provides REST API acces to modify objects?
True
What are the storage classes in Cloud Storage?
Standard - Frequent usage
Nearline - Read or Mod once a month
Coldline - Read or mod once a quarter
Archive - Less than once a year
In Cloud Storage, what is Object Lifecycle Management?
Moves files based on set conditions to different types of storage classes to reduce costs
In Cloud Storage, Object Lifecycle Management, what direction can you migrate objects?
Regional > Nearline > Coldline > Archive
Only can move in the direction of longer term storage classes.
In Cloud storage, how can you meet compliance needs?
Bucket Lock:
Create a retention policy.
What are limitations once Bucket Lock retention policy is set?
Cannot remove retention policy
Cannot reduce retention period
Cannot delete the bucket unless all objects in bucket have age greater that retention period
What is the Storage Transfer Service?
Petabyte scale data transfers from on-premises, or other hyper-scalers. Fault tolerant.
What is a Transfer Appliance?
Itβs a custom server delivered. Use when your data size is greater than 20TB.
What is Cloud Storage FUSE?
Enables file system access to cloud storage.
Allows mounting of cloud storage buckets as file systems in Mac and Linux
In Cloud Storage, if you wanted to transfer 2 TB of data from Azure Storage to GC Storage, what would you use?
Use Cloud Storage Transfer Service.
In Cloud Storage, if you have regulatory compliance, and an object should not be modified for 2 years, what would you use?
Configure and lock Data Retention Policy
In Cloud storage, what are Cache-Control, Content-Disposition, and Content-Type are examples of?
Fixed-key metadata
TRUE or FALSE: Cloud Storage is serverless and auto-scaling.
True
TRUE or FALSE: Cloud Storage supports partial updates for an object
False
Which Cloud Storage - Storage Class would you recommended for data expected to be accessed once in a quarter?
Coldline Storage
Which feature of Cloud storage can be used to avoid accidental deletion of files?
Object Versioning
How do you provide time-limited read or write access to objects in a Cloud Storage Bucket?
Signed URL
In Cloud IAM, what are Identities?
A GCP User (Google Account or Externally Authenticated User)
A Group of GCP Users
An Application running in GCP
An Application running in your data center
Unauthenticated users
In Cloud IAM, what are Roles?
A set of permissions (to perform specific actions on specific resources)
Roles do NOT know about members. It is all about permissions!
In IAM, how do you assign permissions to a member?
A Policy is assigned (bound/bind) a role to a member
What are IAM Roles?
Permissions
Perform some set of actions on a set of resources
What are the three types of Basic Roles in IAM?
Viewer
Editor
Owner
In IAM policy, how are roles assigned to users?
IAM Policy Documents
In IAM, how is member type identified?
There is a prefix, eg:
user, serviceaccount, group, or domain
What are the different Service account types in IAM?
Default Service Account
User Managed
Google Managed Service Account
What are the three different type of credentials in IAM?
OAuth 2.0 access tokens
OpenID Connect ID tokens
Json Web Tokens (JWTs)
What is an Access Control List?
Define who has access to your buckets and objects, as well as what level of access they have.
Ho are IAM permissions and ACL permissions different when it comes to Storage buckets?
IAM permissions apply to all objects within the bucket
ACLs can be customized to specific accesses to different objects
In IAM, if you wanted an application on prem to access cloud storage, how would you set this up?
Service account with a User Managed Key
IN IAM, if you wanted to allow a user limited time to access to your objects, what would you use?
Signed URL
In IAM, if you needed to customize access to a subset of objects in a bucket, how would you set this up?
Use an Access Control List
In Databases, what is RPO
Recovery Point Objective
Max acceptable period of data loss
In Databases, what is RTO?
Recovery Time Objective
Acceptable down time
In Database Consistency, what are the different types of consistency?
Strong Consistency - Synchronous
Eventual Consistency - Asynchronous (a little lag)
Read-after-Write Consistency - Inserts immediately available. Updates have Eventual Const.
In Databases, what is a Hot Standby?
Automatically synchronize data
Have a standby ready to pick up load
Use automatic failover from master to standby
In Databases, what is a Warm Standby?
Automatically synchronize data
Have a standby with minimum infrastructure
Scale it up when a failure happens
In Databases, with Reporting and Analytics Applications, what options increase performance of the DB?
Vertically scale the database - increase CPU and memory
Create a database cluster (Distribute the database) -
Typically expensive
Create read replicas - Run read only applications against read replicas
In databases, what is ACID?
Atomic
Consistency
Isolated
Durable
ACID database transaction model ensures that a performed transaction is always consistent.
In Databases, what is BASE?
Basically
Available
Soft State
Eventually Consistent
What are the different categories of Databases?
OLTP - Online Trans. Process
OLAP - Online Analytical Proc
Document
Key Value
Graph
In Memory
In Databases, what is the main difference between OLTP and OLAP databases?
OLTP DBs use row storage
OLAP DBs use Columnar Storage
In Databases, what does NoSQL stand for?
Not only SQL
Provides flexible schema
What is Cloud Firestore?
Managed serverless NoSQL document DB.
ACID, SQL-like queries
Small to Medium DBs
What is Cloud BigTable?
Managed, scalable, NoSQL wide column DB
NOT serverless, need instance
What is Cloud Spanner?
Relational DB with unlimited scale (multiple PBs) and 99.999% availability for
global applications with horizontal scaling
What is BigQuery?
Relational OLAP DB, Columnar storage with predefined schema. Datawarehousing &
BigData workloads
What is Cloud Memorystore?
In Memory DBs and Caches, needing microseconds of responses
What is Cloud Dataflow?
Used to export data from BigTable to CloudStorage
In Databases, does Cloud Spanner offer read replicas?
No, scales horizontally for reads and writes.
Cloud SQL provides an option for read replicas
Which NoSQL Database allows you to create multiple indexes on a table?
Cloud Datastore/Firestore
In Networking, what is the Cloud VPC?
Virtual isolated private network in GCP
In Networking, can a VPC contain subnets in more than one region?
Yes.
These are global resources
In a VPC, how do you separate public resources from private resources?
Create separate Subnets
In VPCs, what is the differences between Auto and Custom mode?
Auto: Subnets auto-created in each region
Custom: No subnets auto-created
What is a CIDR Block?
Classless Inter-Domain Routing Blocks
Consists of a starting IP address, and a range
Are firewall rules stateful or stateless?
Stateful.
If incoming is allowed, outgoing is automatically allowed.
What are the two lowest default implied Firewall rules?
Allow all egress
Deny all ingress
What are the Default VPCβs four additional firewall rules?
Allow incoming traffic from VM instances in same network (default-allow-internal)
Allow Incoming TCP traffic on port 22 (SSH) default-allow-ssh
Allow Incoming TCP traffic on port 3389 (RDP) default-allow-rdp
Allow Incoming ICMP from any source on the network default-allow-icmp
How would your organizationβs multiple project resources be able to talk to other?
Create a Shared VPC
What is VPC Peering
Allows connection of VPC networks across different organizations.
What option would you enable on a subnet to allow VMβs in a subnet to connect to Google APIs using private IPs?
Enable Private Google Access
True or False:
Cloud Monitoring Workspace can monitor GCP projects, and AWS accounts.
True
In Cloud Monitoring Virtual Machines, what are the monitored default metrics?
CPU
Disk Traffic
Network Traffic
Uptime Confirmation
What is Cloud Logging?
Real time log management and analysis tool
Allows to store, search, analyze and alert on massive volume of data
Exabyte scale, fully managed service
In Cloud Logging, how would you set up to ingest logs from on-premises?
Use Cloud Logging API
In Cloud Logging, what is the Access Transparency Log?
Captures Actions performed by GCP team on your content (NOT supported by all services):
ONLY for organizations with Gold support level & above
What are Cloud Audit Logs?
Logs of who did what, when, and where.
What are the types of Cloud Audit Logs?
Types of Audit Logs:
Admin
Data Access
System Event
Policy Denied
What are the two types of Log Buckets?
_Required: Holds Admin activity, System Events &
Access Transparency Logs (retained for 400 days)
Cannot delete or change retention policy on bucket
_Default: All other Logs (30 Days)
Cannot delete
Can edit retention settings
What is Cloud Trace?
Distributed tracing system for GCP: Collect latency data from supported Google Cloud Services.
What is Cloud Debugger?
Capture state of a running application and inspect the state of the application directly in the GCP environment
Take snapshots of variables and call stack
What is Cloud Profiler?
How to identify performance bottlenecks in production
Statistical, low-overhead profiler
Continuously gathers CPU and Memory usage from production systems
Connect profiling data with application source code
Two major components:
Profiling agent (collects profiling information)
Profiler interface (visualization
What is Error Reporting?
Real-time exception monitoring:
Aggregates and displays errors reported from cloud services (using stack
traces)
Centralized Error Management console
What would you use Cloud Trace for?
You need to trace a request across multiple microservices
In GCP, what is the organizational resource hierarchy?
Org > Folders > Projects > Resources
In Billing, what are the two export options to review billing information in depth?
Big Query
Cloud Storage
In IAM, what is a good practice with sensitive operations?
Have separation of duties, requiring two people to work on the task.
In IAM, what is Corporate Directory Federation? Google Cloud Directory Sync?
Federate Cloud Identity or google workspace with your external identity provider. AD/Azure AD, etc
What is an Organization Policy Service?
Not IAM, however, a policy that dictates the organization constraints and permissions
What does Org Policy focus on?
Focuses on the βwhatβ can be done on specific resources
What level can IAM policy be set?
Any level.
Policy is inherited from the above level.
What are the two Cloud Big Query Roles?
Admin
Data Owner
Data Editor
Data Viewer
Job User
User
In IAM , you want to give permanent access to a sub set of objects in cloud Storage Bucket?
Use ACLs
In, IAM, yo uwant to give access to the entire bucket in Cloud Storage?
Use IAM Role
If you want to provide limited time access to a specific object in Cloud Storage Bucket, what would you use?
Create a Signed URL
In IAM, if you want to give access to a set of resources to your dev team?
Create a Group with your development team as members. Bind correct Predefined Roles to this group.
With SSHing into Linux VMs, what are you three options?
- Console SSH Button - Ephemeral SSH keypair creation
- Gcloud - gcloud compute ssh
- Use custom SSH keys. Meta data managed or OS login profile
When troubleshooting VM start up, what are the common things to check?
- Quota Errors
- Is the Boot Disk Full?
- Check Serial Port output
- Does your disk have a valid file system?
When moving VMs between zones in the same region, what are the known restrictions?
Cannot move:
- Instances that are part of a MIG
- Instances attached with Local SSD
- Instances in Terminated status
- Moving across regions
If you have to move a VM across different Regions, what would your steps be?
- Create snapshot of persistent Disks
- Use snapshot and create in new zone
- Create new instance in the destination zone
What does Pub/Sub do?
Logging service that picks up logging for processing when ready
Advantages:
Decoupling: Publisher (Apps) donβt care about who is listening
Availability: Publisher (Apps) up even if a subscriber (Logging Service) is down
Scalability: Scale consumer instances (Logging Service) under high load
Durability: Message is not lost even if subscriber (Logging Service) is down
True or False:
Pub/Sub auto scales based on usage?
True
What is Pub/Subβs primary use case?
Event ingestion and deliver for streaming analytics pipeline.
In Pub/Sub, what is the publisher?
Sender of a message.
Sent by making HTTPS requests
In Pub/Sub, what is the Subscriber?
Receiver of messages
What kind of Subscribers are there in Pub/Sub?
Pull - Subscriber pulls the messages when ready
Push - Messages are sent to subscribers. HTTPS post sent to webhooks
In Pub/Sub, what is dead lettering?
Configuration of max attempts to deliver a message. When this is hit, the message is republished to the specific dead letter topic.
What is Pub/Sub Lite?
Zonal Messaging service optimized for cost.
In Pub/Sub, what can you add to enable message de-duplication?
Add Dataflow.
What is Cloud Dataflow?
Pub/Sub Deduplication service that maintains list of message IDs for a time period.
Can bulk convert files and bulk compress files
What is Cloud Dataflow based on?
Apache Beam
True or False
Cloud Dataflow is serverless
True
True or False
Cloud Dataflow cannot Auto Scale?
False
What is Cloud VPN?
Used to connect on-premise resources to GCP network over internet.
Routes through Public routes
Encrypted Traffic
What are the two types of Cloud VPN solutions
HA VPN - only Dynamic routing and (BGP) supported
Classic VPN - Single external IP address
In Classic VPN Cloud VPN, what kind of routing is supported?
Static routing: Policy-based or Route-based
In Cloud VPN, what is required on the client on-premise side?
A peer gateway
In Cloud VPN, High Availability, what is the restriction
Regional Resource
What is Cloud Interconnect?
High speed, highly available, low-latency private connection into
Google Cloud from your companyβs on-premises network
Which Cloud Interconnect option has higher bandwidth?
Dedicated or Partner?
Dedicated
What is a main drawback of Dedicated Interconnect on Cloud VPN?
Longer setup time.
What is a third option for hybrid connectivity?
Direct Peering, connecting customer network to google network.
What does Cloud Interconnect do?
Enables Dynamic Routing (Automatic route update when network topology changes) for your Cloud VPN connections.
What is BigQuery?
Exabyte scale modern Datawarehousing solution
Relational
Serverless
True or False, BigQuery can be configured to query data without storing it in BigQuery?
True
Cloud Storage
Cloud SQL
BigTable
Google Drive
How are charges made for BigQuery?
Charged by the amount of data scanned.
What is a cost saving method for reducing BigQuery costs forscanned data?
Reduce the size of the data by creating temporary table partitions
Or Cluster related data
What are the types of data importation into BigQuery?
Batch import (free)
Streaming Import (Expensive)
What is the BigQuery Data Transfer Service?
Service to import from
google SaaS apps
External Cloud storage provider
Data Warehouses - eg. Teradata, Amazon Redshift
What are the streaming quota limitations for BigQuery?
IF you are NOT populating insertId:
Maximum bytes per second - 1 GB per second, per project (REMEMBER per project - NOT per table)
ELSE (i.e. you are using insertId)
Maximum rows per second per project
US and EU multi-regions: 500,000, Other locations: 100,000
per table limitation: 100,000
Maximum bytes per second: 100 MB
What are 4 cost optimization best practices with BigQuery?
Estimate your queries before running
Avoid Streaming Inserts
Expire Data Automatically
Consider Long Term Storage option
What is Cloud Dataproc?
Managed Spark and Hadoop service:
Variety of jobs are supported:
Spark, PySpark, SparkR, Hive, SparkSQL, Pig, Hadoop
Perform complex batch processing
What are the Cluster Modes of Dataproc?
Multiple Cluster Modes:
Single Node /
Standard/
High Availability (3 masters)
Use regular/preemptible VMs
What option would you recommend to import data from Amazon S3, Amazon Redshift, or an on-premise Teradata installation into BigQuery?
BigQuery Data Transfer Service
If you are running complex Machine Learning and AI workloads on your Hadoop and Spark clusters, and you want to move these workloads to Google Cloud. What service would you recommend?
Cloud Dataproc
What is the Data Life Cycle?
Ingest: Stream or Batch ingest
Store: Durably and cost-efficiently store data in a convenient format
Process and analyze: Convert data to information (normalizations or
aggregations)
Explore and visualize: Flexibility to play with data/information. Get and
share insights.
What are the different Data Lifecycle ingestion methods?
Streaming: Pub/Sub
Batch
Database Migration
What is Dataprep?
Clean and prepare data
Fully managed, No-Ops
Usecases: Clean data on-boarded from external sources, Prepare data for ML
Visual approach for non-programmers
What is Cloud Data Loss Prevention?
Scan, discover, classify, and report on data in Cloud Storage, BigQuery, and Datastore
(mask, tokenize, and transform sensitive elements)
What is Dataflow?
Flexible ETL pipeline. Managed, no ops, batch and streaming options
What is Cloud Datalab?
Web based tool to explore, analyze and visualize data
Based on Jupyter notebooks (Use Python, SQL queries etc)
Support for popular data-science toolkits - pandas, numpy, and scikit-learn
What is Cloud Data Studio?
Dashboarding and visualization live charts and graphs based on data in Cloud SQL, BigQuery etc
What is Cloud Data Catalog?
Data discovery and metadata management
Unified view of all datasets
Tag sensitive data using Cloud Data Loss Prevention (DLP)
What Service Manages IOT registration, authentication, and authorization of devices?
IoT Core
Which service can be used to clean data on-boarded from external sources?
Cloud Dataprep
Which service can be used to mask, tokenize, and transform sensitive elements in your data stored in Cloud Storage, BigQuery, and Datastore?
Cloud Data Loss Prevention
Which service can be used to build flexible batch and streaming pipelines?
Cloud Dataflow
Which service enables you to run Jupyter notebooks to explore, analyze and visualize your data running Python programs and SQL queries?
Cloud Datalab
Which of these services can be used to create dashboards and visualization around data stored in BigQuery?
Cloud Data Studio
Is Memcached persistent or ephemeral?
Ephemeral storage. If the node in the cluster crashes, that data is lost.
What are the two service levels of Memcache service?
Shared Memcache: Free, best effort
Dedicated: Fixed cache capacity dedicated to your app
What is the Waterfall Development Life Cycle?
Software dev in multiple long phases.
What are the Phases of Waterfall Development Lifecycle?
Requirements
Design
Implementation
Testing
Deployment
What is Agile Software Development?
Software development in smaller iterations.
What are the Agile Software Principles?
Individuals and interactions over processes and tools
Working software over comprehensive documentation
Customer collaboration over contract negotiation
Responding to change over following a plan
Total of 12
What is DevOps CI and CD?
Continuous Integration and Continuous Development
What is Google Cloud Deployment Manager?
Deploy infrastructure from the management template, similar to AWS Cloud Formation
What language can be used for Cloud Deployment Manager?
Python
JinJa2 (recommended only for very simple scripts
What is Cloud Marketplace (Cloud Launcher)?
Central repo of easily deployable apps & datasets
kSimilar to App Store/Play Store for mobile applications
In Site Reliability Engineering, what is the best practice regarding SLO vs. SLAs?
Have stricter internal SLO than your external (contract) SLAs
In SRE, what does DiRT stand for?
Disaster Recovery Testing at google.
Plan and execute outages for a defined period of time.
In DevOps, what is Spinnaker?
Multi Cloud continuous delivery platform
Release software changes with high velocity and confidence
Supports deployments to Google Compute Engine, Google Kubernetes Engine,
Google App Engine and other cloud platforms
Supports Multiple Deployment Strategies
What is an open-source solution to provision infrastructure using Infrastructure as Code?
Terraform
What Metric is used to manage development velocity in SRE?
Error Budgets
What are recommended options to Handling Excess Loads?
Load Shedding
Reduce Quality of Service
What is a tool used during Resilience Testing?
Simian Army to perform Chaos Testing
What deployment strategy allows you to perform zero-downtime deployments without additional infrastructure?
Canary Deployment
What deployment strategy givess the ability to test if your users like a feature in production?
A/B Testing
What is the COPPA compliance certification?
COPPA: Childrenβs Online Privacy Protection Act of 1998
Special requirements on websites created for children under the age of 13
What is the HIPPA Compliance certification?
Health Insurance Portability and Accountability Act of 1996
Data privacy and security requirements for organizations handling protected health information
(PHI)
What is GDPR Compliance certification?
General Data Protection Regulation (GDPR):
Strengthens personal data protection in Europe
What is the PCI DSS compliance certification?
Payment Card Industry Data Security Standards
Enhance card-holder security
What are the different approaches for a Cloud Migration?
Rehosting (βlift and shiftβ)
Re-platforming Few adjustments to suit the cloud
Example: Containerizing
Repurchasing: Move to a new, cloud-native product Move to a new database
Refactoring Example: Serverless Computing Most expensive
Retiring End of service
Retaining Do NOT move to Cloud Stay on-premisesk
What are the phases of Cloud Migration Planning?
Phase 1: Assess the workloads to be migrated
Phase 2: Plan the foundation
Phase 3: Deploy the workloads
Phase 4: Optimize your environment
What is a service that you can use to protect against DDoS attacks?
Cloud Armor on your Load Balancer
What is OWASP?
Open Web Application Security Project.
What is GCP Cloud Scheduler?
Fully managed, enterprise-grade scheduler
Schedule all kinds of jobs
Batch, big data jobs, cloud infrastructure operations etc
What is Cloud Emulator?
Develop GCP applications in your local machine without
connecting to GCP.
Setup local development environment with Cloud Emulators
What does Cloud Emulator support the emulation of?
Cloud Bigtable
Cloud Datastore
Cloud Firestore
Cloud Pub Sub
Cloud Spanner
What is Cloud Identity Platform?
Customer identity and access management
What is the difference between IAM and Cloud Identity Management?
IAM is for Employees and Partner Authorization.
Cloud Identity is for Customer Identity Management
If you want to enable βLogin using facebook/twitterβ for your application, what service would you use?
Identity Platform
What is Eventarc?
Loosely coupled services that react to state changes and require no infra management.
Simplifies event-driven architectures in GCP.
What are the three pillars of observability? to measure the internal state of a system?
Logs, Metrics, and Traces
What is OpenTelemetry?
Collection of technologies (tools, APIs, SDKs) to collect
and export telemetry - metrics, traces, and logs
What is Service Directory?
Helps microservices find one another.
Register/resolve services using DNS, HTTP, and gRPC
What is Google Game Servers?
Agones + Kubernetes
(Does this still exist?)
Your company has decided to make a major revision of their API in order to create better experiences for their developers. They need to keep the old version of the API available and deployable, while allowing new customers and testers to try out the new API. They want to keep the same SSL and DNS records in place to serve both APIs.
What should they do?
A. Configure a new load balancer for the new version of the API
B. Reconfigure old clients to use a new endpoint for the new API
C. Have the old API forward traffic to the new API based on the path
D. Use separate backend pools for each API path behind the load balancer
D. Use separate backend pools for each API path behind the load balancer
Your company plans to migrate a multi-petabyte data set to the cloud. The data set must be available 24hrs a day. Your business analysts have experience only with using a SQL interface.
How should you store the data to optimize it for ease of analysis?
A. Load data into Google BigQuery
B. Insert data into Google Cloud SQL
C. Put flat files into Google Cloud Storage
D. Stream data into Google Cloud Datastore
Correct Answer: A π³οΈ
BigQuery is Googleβs serverless, highly scalable, low cost enterprise data warehouse designed to make all your data analysts productive. Because there is no infrastructure to manage, you can focus on analyzing data to find meaningful insights using familiar SQL and you donβt need a database administrator.
BigQuery enables you to analyze all your data by creating a logical data warehouse over managed, columnar storage as well as data from object storage, and spreadsheets.
Reference:
https://cloud.google.com/bigquery/
The operations manager asks you for a list of recommended practices that she should consider when migrating a J2EE application to the cloud.
Which three practices should you recommend? (Choose three.)
A. Port the application code to run on Google App Engine
B. Integrate Cloud Dataflow into the application to capture real-time metrics
C. Instrument the application with a monitoring tool like Stackdriver Debugger
D. Select an automation framework to reliably provision the cloud infrastructure
E. Deploy a continuous integration tool with automated testing in a staging environment
F. Migrate from MySQL to a managed NoSQL database like Google Cloud Datastore or Bigtable
Correct Answer: ADE π³οΈ
References:
https://cloud.google.com/appengine/docs/standard/java/tools/uploadinganapp https://cloud.google.com/appengine/docs/standard/java/building-app/cloud-sql
Community vote distribution
CDE (43%)
ADE (32%)
ACE (25%)
An application development team believes their current logging tool will not meet their needs for their new cloud-based product. They want a better tool to capture errors and help them analyze their historical log data. You want to help them find a solution that meets their needs.
What should you do?
A. Direct them to download and install the Google StackDriver logging agent
B. Send them a list of online resources about logging best practices
C. Help them define their requirements and assess viable logging tools
D. Help them upgrade their current tool to take advantage of any new features
C. Help them define their requirements and assess viable logging tools Most Voted
Community vote distribution
C (53%)
A (47%)
You need to reduce the number of unplanned rollbacks of erroneous production deployments in your companyβs web hosting platform. Improvement to the QA/
Test processes accomplished an 80% reduction.
Which additional two approaches can you take to further reduce the rollbacks? (Choose two.)
A. Introduce a green-blue deployment model
B. Replace the QA environment with canary releases
C. Fragment the monolithic platform into microservices
D. Reduce the platformβs dependency on relational database systems
E. Replace the platformβs relational database systems with a NoSQL database
A. Introduce a green-blue deployment model Most Voted
C. Fragment the monolithic platform into microservices Most Voted
To reduce costs, the Director of Engineering has required all developers to move their development infrastructure resources from on-premises virtual machines
(VMs) to Google Cloud Platform. These resources go through multiple start/stop events during the day and require state to persist. You have been asked to design the process of running a development environment in Google Cloud while providing cost visibility to the finance department.
Which two steps should you take? (Choose two.)
A. Use the - -no-auto-delete flag on all persistent disks and stop the VM
B. Use the - -auto-delete flag on all persistent disks and terminate the VM
C. Apply VM CPU utilization label and include it in the BigQuery billing export
D. Use Google BigQuery billing export and labels to associate cost to groups
E. Store all state into local SSD, snapshot the persistent disks, and terminate the VM
F. Store all state in Google Cloud Storage, snapshot the persistent disks, and terminate the VM
A. Use the - -no-auto-delete flag on all persistent disks and stop the VM Most Voted
D. Use Google BigQuery billing export and labels to associate cost to groups Most Voted
Your company wants to track whether someone is present in a meeting room reserved for a scheduled meeting. There are 1000 meeting rooms across 5 offices on 3 continents. Each room is equipped with a motion sensor that reports its status every second. The data from the motion detector includes only a sensor ID and several different discrete items of information. Analysts will use this data, together with information about account owners and office locations.
Which database type should you use?
A. Flat file
B. NoSQL
C. Relational
D. Blobstore
Correct Answer: B π³οΈ
Relational databases were not designed to cope with the scale and agility challenges that face modern applications, nor were they built to take advantage of the commodity storage and processing power available today.
NoSQL fits well for:
β Developers are working with applications that create massive volumes of new, rapidly changing data types Χβ¬β structured, semi-structured, unstructured and polymorphic data.
You set up an autoscaling instance group to serve web traffic for an upcoming launch. After configuring the instance group as a backend service to an HTTP(S) load balancer, you notice that virtual machine (VM) instances are being terminated and re-launched every minute. The instances do not have a public IP address.
You have verified the appropriate web response is coming from each instance using the curl command. You want to ensure the backend is configured correctly.
What should you do?
A. Ensure that a firewall rules exists to allow source traffic on HTTP/HTTPS to reach the load balancer.
B. Assign a public IP to each instance and configure a firewall rule to allow the load balancer to reach the instance public IP.
C. Ensure that a firewall rule exists to allow load balancer health checks to reach the instances in the instance group.
D. Create a tag on each instance with the name of the load balancer. Configure a firewall rule with the name of the load balancer as the source and the instance tag as the destination.
Correct Answer: C π³οΈ
The best practice when configuration a health check is to check health and serve traffic on the same port. However, it is possible to perform health checks on one port, but serve traffic on another. If you do use two different ports, ensure that firewall rules and services running on instances are configured appropriately. If you run health checks and serve traffic on the same port, but decide to switch ports at some point, be sure to update both the backend service and the health check.
Backend services that do not have a valid global forwarding rule referencing it will not be health checked and will have no health status.
Reference:
https://cloud.google.com/compute/docs/load-balancing/http/backend-service
You write a Python script to connect to Google BigQuery from a Google Compute Engine virtual machine. The script is printing errors that it cannot connect to
BigQuery.
What should you do to fix the script?
A. Install the latest BigQuery API client library for Python
B. Run your script on a new virtual machine with the BigQuery access scope enabled
C. Create a new service account with BigQuery access and execute your script with that user
D. Install the bq component for gcloud with the command gcloud components install bq.
Correct Answer: B π³οΈ
Community vote distribution
C (83%)
Your customer is moving an existing corporate application to Google Cloud Platform from an on-premises data center. The business owners require minimal user disruption. There are strict security team requirements for storing passwords.
What authentication strategy should they use?
A. Use G Suite Password Sync to replicate passwords into Google
B. Federate authentication via SAML 2.0 to the existing Identity Provider
C. Provision users in Google using the Google Cloud Directory Sync tool
D. Ask users to set their Google password to match their corporate password
Correct Answer: C π³οΈ
Provision users to Googleβs directory
The global Directory is available to both Cloud Platform and G Suite resources and can be provisioned by a number of means. Provisioned users can take advantage of rich authentication features including single sign-on (SSO), OAuth, and two-factor verification.
You can provision users automatically using one of the following tools and services:
Google Cloud Directory Sync (GCDS)
Community vote distribution
B (73%)
C (27%)
Question #12Topic 1
Your company has successfully migrated to the cloud and wants to analyze their data stream to optimize operations. They do not have any existing code for this analysis, so they are exploring all their options. These options include a mix of batch and stream processing, as they are running some hourly jobs and live- processing some data as it comes in.
Which technology should they use for this?
A. Google Cloud Dataproc
B. Google Cloud Dataflow
C. Google Container Engine with Bigtable
D. Google Compute Engine with Google BigQuery
Correct Answer: B π³οΈ
Cloud Dataflow is a fully-managed service for transforming and enriching data in stream (real time) and batch (historical) modes with equal reliability and expressiveness β no more complex workarounds or compromises needed.
Reference:
Question #13Topic 1
Your customer is receiving reports that their recently updated Google App Engine application is taking approximately 30 seconds to load for some of their users.
This behavior was not reported before the update.
What strategy should you take?
A. Work with your ISP to diagnose the problem
B. Open a support ticket to ask for network capture and flow data to diagnose the problem, then roll back your application
C. Roll back to an earlier known good release initially, then use Stackdriver Trace and Logging to diagnose the problem in a development/test/staging environment
D. Roll back to an earlier known good release, then push the release again at a quieter period to investigate. Then use Stackdriver Trace and Logging to diagnose the problem
Correct Answer: C π³οΈ
Stackdriver Logging allows you to store, search, analyze, monitor, and alert on log data and events from Google Cloud Platform and Amazon Web Services
(AWS). Our API also allows ingestion of any custom log data from any source. Stackdriver Logging is a fully managed service that performs at scale and can ingest application and system log data from thousands of VMs. Even better, you can analyze all that log data in real time.
Reference:
Question #14Topic 1
A production database virtual machine on Google Compute Engine has an ext4-formatted persistent disk for data files. The database is about to run out of storage space.
How can you remediate the problem with the least amount of downtime?
A. In the Cloud Platform Console, increase the size of the persistent disk and use the resize2fs command in Linux.
B. Shut down the virtual machine, use the Cloud Platform Console to increase the persistent disk size, then restart the virtual machine
C. In the Cloud Platform Console, increase the size of the persistent disk and verify the new space is ready to use with the fdisk command in Linux
D. In the Cloud Platform Console, create a new persistent disk attached to the virtual machine, format and mount it, and configure the database service to move the files to the new disk
E. In the Cloud Platform Console, create a snapshot of the persistent disk restore the snapshot to a new larger disk, unmount the old disk, mount the new disk and restart the database service
Correct Answer: A π³οΈ
On Linux instances, connect to your instance and manually resize your partitions and file systems to use the additional disk space that you added.
Extend the file system on the disk or the partition to use the added space. If you grew a partition on your disk, specify the partition. If your disk does not have a partition table, specify only the disk ID. sudo resize2fs /dev/[DISK_ID][PARTITION_NUMBER] where [DISK_ID] is the device name and [PARTITION_NUMBER] is the partition number for the device where you are resizing the file system.
Reference:
https://cloud.google.com/compute/docs/disks/add-persistent-disk
Community vote distribution
Question #15Topic 1
Your application needs to process credit card transactions. You want the smallest scope of Payment Card Industry (PCI) compliance without compromising the ability to analyze transactional data and trends relating to which payment methods are used.
How should you design your architecture?
A. Create a tokenizer service and store only tokenized data
B. Create separate projects that only process credit card data
C. Create separate subnetworks and isolate the components that process credit card data
D. Streamline the audit discovery phase by labeling all of the virtual machines (VMs) that process PCI data
E. Enable Logging export to Google BigQuery and use ACLs and views to scope the data shared with the auditor
Correct Answer: A π³οΈ
Reference:
https://www.sans.org/reading-room/whitepapers/compliance/ways-reduce-pci-dss-audit-scope-tokenizing-cardholder-data-33194
Community vote distribution
A (100%)
You have been asked to select the storage system for the click-data of your companyβs large portfolio of websites. This data is streamed in from a custom website analytics package at a typical rate of 6,000 clicks per minute. With bursts of up to 8,500 clicks per second. It must have been stored for future analysis by your data science and user experience teams.
Which storage infrastructure should you choose?
A. Google Cloud SQL
B. Google Cloud Bigtable
C. Google Cloud Storage
D. Google Cloud Datastore
Correct Answer: B π³οΈ
Google Cloud Bigtable is a scalable, fully-managed NoSQL wide-column database that is suitable for both real-time access and analytics workloads.
Good for:
β Low-latency read/write access
β High-throughput analytics
β Native time series support
Common workloads:
β IoT, finance, adtech
β Personalization, recommendations
β Monitoring
β Geospatial datasets
β Graphs
Incorrect Answers:
C: Google Cloud Storage is a scalable, fully-managed, highly reliable, and cost-efficient object / blob store.
Is good for:
β Images, pictures, and videos
β Objects and blobs
β Unstructured data
D: Google Cloud Datastore is a scalable, fully-managed NoSQL document database for your web and mobile applications.
Is good for:
β Semi-structured application data
β Hierarchical data
β Durable key-value data
β Common workloads:
β User profiles
β Product catalogs
β Game state
Reference:
https://cloud.google.com/storage-options/
Community vote distribution
B (94%)
6%
You are creating a solution to remove backup files older than 90 days from your backup Cloud Storage bucket. You want to optimize ongoing Cloud Storage spend.
What should you do?
A. Write a lifecycle management rule in XML and push it to the bucket with gsutil
B. Write a lifecycle management rule in JSON and push it to the bucket with gsutil
C. Schedule a cron script using gsutil ls Χβ¬βlr gs://backups/** to find and remove items older than 90 days
D. Schedule a cron script using gsutil ls Χβ¬βl gs://backups/** to find and remove items older than 90 days and schedule it with cron
Correct Answer: B π³οΈ
Community vote distribution
B (100%)
Question #18Topic 1
Your company is forecasting a sharp increase in the number and size of Apache Spark and Hadoop jobs being run on your local datacenter. You want to utilize the cloud to help you scale this upcoming demand with the least amount of operations work and code change.
Which product should you use?
A. Google Cloud Dataflow
B. Google Cloud Dataproc
C. Google Compute Engine
D. Google Kubernetes Engine
Correct Answer: B π³οΈ
Google Cloud Dataproc is a fast, easy-to-use, low-cost and fully managed service that lets you run the Apache Spark and Apache Hadoop ecosystem on Google
Cloud Platform. Cloud Dataproc provisions big or small clusters rapidly, supports many popular job types, and is integrated with other Google Cloud Platform services, such as Google Cloud Storage and Stackdriver Logging, thus helping you reduce TCO.
Reference:
https://cloud.google.com/dataproc/docs/resources/faq
Question #19Topic 1
The database administration team has asked you to help them improve the performance of their new database server running on Google Compute Engine. The database is for importing and normalizing their performance statistics and is built with MySQL running on Debian Linux. They have an n1-standard-8 virtual machine with 80 GB of SSD persistent disk.
What should they change to get better performance from this system?
A. Increase the virtual machineβs memory to 64 GB
B. Create a new virtual machine running PostgreSQL
C. Dynamically resize the SSD persistent disk to 500 GB
D. Migrate their performance metrics warehouse to BigQuery
E. Modify all of their batch jobs to use bulk inserts into the database
Correct Answer: C π³οΈ
Community vote distribution
Answer is C because persistent disk performance is based on the total persistent disk capacity attached to an instance and the number of vCPUs that the instance has. Incrementing the persistent disk capacity will increment its throughput and IOPS, which in turn improve the performance of MySQL.
Question #20Topic 1
You want to optimize the performance of an accurate, real-time, weather-charting application. The data comes from 50,000 sensors sending 10 readings a second, in the format of a timestamp and sensor reading.
Where should you store the data?
A. Google BigQuery
B. Google Cloud SQL
C. Google Cloud Bigtable
D. Google Cloud Storage
Correct Answer: C π³οΈ
Google Cloud Bigtable is a scalable, fully-managed NoSQL wide-column database that is suitable for both real-time access and analytics workloads.
Good for:
β Low-latency read/write access
β High-throughput analytics
β Native time series support
Common workloads:
β IoT, finance, adtech
β Personalization, recommendations
β Monitoring
β Geospatial datasets
β Graphs
Reference:
https://cloud.google.com/storage-options/
