General Knowledge

Question 1

APIs enabled by default (14 of them)

Answer 1

BigQuery API
BigQuery Storage API
Cloud Datastore API
Cloud Debugger API
Cloud Logging API
Cloud Monitoring API
Cloud SQL
Cloud Storage
Cloud Storage API
Cloud Trace API
Google Cloud APIs
Google Cloud Storage JSON API
Service Management API
Service Usage API

Question 2

Dataproc and Dataflow

Answer 2

Cloud Dataflow uses the Apache Beam framework and can process streamed data.
Cloud Dataproc is for Spark/Hadoop and doesn’t handle streamed data.

Question 3

get information about a GKE cluster

Answer 3

kubectl get deployment [Deployment Name] -o yaml

Question 4

What do you use when dealing with stack traces

Answer 4

Stackdriver Error Reporting

Question 5

Should you log to stdout and stderr on GCE for Stackdriver

Answer 5

No it is not the recommended way, write to a log file instead and configure Stackdriver to use that.

Question 6

What role allows modification of an App engine cookie time

Answer 6

App Engine Admin

Question 7

What is the maximum size of an object in GCS

Answer 7

5 TiB

Question 8

What the limit to the size of object names.

Answer 8

This limit is 1024 bytes.

Question 9

Maximum payload size for a GCS JSON API call

Answer 9

10MB.

Question 10

What are the bandwidth limits for GCS

Answer 10

200 Gbps for each region from Cloud Storage to Google services.
50 Gbps per-project, per-region default bandwidth quota for Google services accessing a bucket

Egress to Cloud CDN is exempt from these quotas.

Question 11

GCS Minimum storage duration

Answer 11

Standard Storage : None
Nearline Storage : 30 days
Coldline Storage : 90 days
Archive Storage : 365 days

Question 12

GCS Retrieval Fees

Answer 12

Standard Storage : $0 per GB
Nearline Storage : $0.01 per GB
Coldline Storage : $0.02 per GB
Archive Storage : $0.05 per GB

About Doubles

Question 13

Sample Storage Fees (differs by region)

Answer 13

Standard Storage: $0.023
Nearline Storage: $0.013 1/2 standard
Coldline Storage: $0.006 .05 of Nearline
Archive Storage: $0.0025 .05 of Archive

Question 14

If you want to use JSON to send structure logging to Cloud Logging from the command line, what must you do

Answer 14

Pass

–payload-type=json

Question 15

How do you list the name of the currently active account

Answer 15

gcloud auth lists

Question 16

How do you linke a project to a billing account?

Answer 16

gcloud beta billing links a project to a billing account, in GUI it is automatic

Question 17

How are credentials pass to Cloud Functions

Answer 17

As Environment Variables - i.e. key value pairs

Question 18

What is the minimum number of service accounts an instance needs

Answer 18

The default instance account can be removed from an instance leaving none

Question 19

What was Cloud Logging previous known by?

Answer 19

previously Stackdriver Logs

Question 20

What email address is used for the default App Engine service

Answer 20

PROJECT_ID@appspot.gserviceaccount.com

Question 21

How many keys can you configure for a service account?

Answer 21

You may generate a small number of keys per service account to facilitate key rotation. Primarily used for outside services and so that you can rotate to new keys. 10 is the max.

Question 22

How do you enable to Compute API

Answer 22

Via the command line but a quicker way is to navigate to the Compute Engine of the console which automatically enables the GCE API.

Question 23

How do you configure authentication for using Cloud Shell

Answer 23

You do not have to configure authentication to be able to use Cloud Shell

Question 24

How does the “Defaults” project affect API inheritance

Answer 24

‘There is no such thing as a “defaults” project

Question 25

What does “Metadata-Flavor: Google” do

Answer 25

This header indicates that the request was sent with the intention of retrieving METADATE VALUES, rather than unintentionally from an insecure source, and lets the metadata server return the data you requested.

Question 26

What does legacyBucketWriter do

Answer 26

Grants permission to create, replace, list and delete objects

Question 27

What is the command for generating a Kubernetes Secret from a file of key value pairs

Answer 27

kubectl create secret generic –from-file=.env.staging

Question 28

What is Data Studio

Answer 28

Visualize your data through highly configurable charts and tables.
Easily connect to a variety of data sources.
Tell your data story with charts, including line, bar, and pie charts, geo maps, area and bubble graphs, paginated data tables, pivot tables, and more.

Question 29

What is a limitation of roles/compute.storageAdmin

Answer 29

Grants permissions to create, modify, and delete disks, images, and snapshots, but not view the contents of Storage Buckets

Question 30

What does the following do

kubectl diff -f ./my-manifest.yaml

Answer 30

Compares the current state of a cluster with the contents of the manifest file

Question 31

Can you expand a IP-Subnet in GCP?

Answer 31

Yes you can, provided there aren’t conflicts.

https://cloud.google.com/sdk/gcloud/reference/compute/networks/subnets/expand-ip-range

Question 32

What is gvisor

Answer 32

gVisor is a userspace re-implementation of the Linux kernel API that does not need elevated privileges. In conjunction with a container runtime such as containerd , the userspace kernel re-implements the majority of system calls and services them on behalf of the host kernel.

Question 33

What does Datastore Emulator do and how do you install it

Answer 33

Provides local emulation of the production Datastore environment, installed by

gcloud components install cloud-datastore-emulator

Question 34

How do you list the components available for installation in gcloud

Answer 34

gcloud components list

Question 35

How can you manage GKE locally

Answer 35

By installing kubectl locally

gcloud components install kubectl

Question 36

What does roles/browser allow

Answer 36

To view the hierarchy of the GCP org structure

Question 37

What does the following do

kubectl config use-context

Answer 37

Allows you to access multiple clusters by using configuration files

Question 38

What are some resource types that Deployment Manager can deploy

Answer 38

Compute Engine
Managed Instances
GKE
BigQuery
Cloud SQL
And many more

Question 39

How do you deploy a docker files

Answer 39

Create Docker image from it, upload to Container Registry then deploy from kubectl using that

Question 40

What is Google Datastore

Answer 40

A time series NoSQL database

Question 41

What does
gcloud iam roles list
do?

Answer 41

It lists the IAM roles available

Question 42

What do these roles do
Compute Admin
Compute Image User
Compute Instance Admin
Compute OS Admin Login
Compute Storage Admin
Compute Security Admin

Answer 42

Compute Admin - Full control
Compute Image User - Permission to list and read images without having other permissions on the image.

Compute Instance Admin - Permissions to create, modify, and delete virtual machine instances. This includes permissions to create, modify, and delete disks, and also to configure Shielded VM settings.

Compute OS Admin Login - Access to log in to a Compute Engine instance as an administrator user.

Compute Storage Admin - Permissions to create, modify, and delete disks, images, and snapshots.

Compute Security Admin - Permissions to create, modify, and delete firewall rules and SSL certificates, and also to configure Shielded VM settings.

Question 43

What is a Shielded VM

Answer 43

Shielded VMs are virtual machines (VMs) on Google Cloud hardened by a set of security controls that help defend against rootkits and bootkits.

Question 44

Does GCP allow migration of App Engine Standard apps to a new zone/region

Answer 44

No, it does not. Each Cloud project can contain only a single App Engine application, and once created you cannot change the location of your App Engine application.

Question 45

What does the following do

gcloud iam roles describe

Answer 45

It list information about the role along with the included permissions

Question 46

What 3 IAM roles can run BigQuery queries?

Answer 46

roles/bigquery.admin
roles/bigquery.jobUser
roles/bigquery.user

Question 47

For compute engine, what is the combined total limit for all metadata entries?

Answer 47

512KB

Question 48

Are metadata entries case sensative?

Answer 48

Yes

Question 49

What are the size limits for metadata entries

Answer 49

metadata key - 128 bytes

metadata value - 256 KB

Question 50

For metadata fields, what are valid boolean values

Answer 50

TRUE Y, Yes, 1

FALSE N, No, 0

Question 51

How do you delete a GAE

Answer 51

You don’t. The currently is no way to delete an existing app in GAE, or change its initial configuration, such as region. If such changes are needed you will have to spin up a new project.

However you can disable the app by going top App Engine -> Settings -> Disable Application

Question 52

What are the 7 layers for the OSI TCP/IP model

Answer 52

1) Physical
2) Data Link
3) Network
4) Transport
5) Session
6) Presentation
7) Application

Question 53

Which App Engine flavor allows custom code

Answer 53

App Engine Flexible allows custom code and languages. Runs in a Docker Container

Question 54

What is Cloud Run

Answer 54

a managed compute platform that enables you to run containers that are invocable via requests or events.

Question 55

Does Cloud SQL support user defined functions

Answer 55

No, Cloud SQL does not support user defined functions but it does support user defined procedures
BigQuery does support user defined functions

Question 56

Does BigQuery support UDF (User Defined Functions)

Answer 56

Yes, BigQuery does support UDFs.

Question 57

What is Cloud Spanner

Answer 57

Spanner is a distributed, globally scalable SQL database service that decouples compute from storage,

Question 58

How do you calculate number of IPs from a CIDR

Answer 58

Starting at 32, which gives 1 IP, the number of IPs double as the number decreases.
32 - 1
31 - 2
30 - 4
29 - 8
28 - 16
27 - 32

Question 59

Can you set IAM permissions at the folder level in the organizational hierarchy?

Answer 59

Yes

Question 60

Where would you migrate a Apache HBase workload to.

Answer 60

Cloud Bigtable, NoSQL database

Question 61

Bigtable
BigQuery
Cloud Spanner

Answer 61

Cloud Bigtable. A fully managed, scalable NoSQL database
BigQuery stores data using a columnar storage format that is optimized for analytical queries. (BI)
Fully managed relational database with unlimited scale, strong consistency and up to 99.999% availability.

Question 62

Cloud Run

Answer 62

For running managed highly scalable containerized applications

Question 63

What would you use to migrate MySQL, PostgreSQL or SQL Server data bases to GCP

Answer 63

Database Migration Services

Question 64

What does Striim do?

Answer 64

A service that provides automated connectors to build data streams from multiple sources into backend databases.

Question 65

Datastream

Answer 65

a serverless change data capture (CDC) and replication service.
Analogous to Apache Beam

Question 66

gcloud command to expand a subnets IP range

Answer 66

gcloud compute networks subnets expand-ip-range NAME –prefix-length=PREFIX_LENGTH

Question 67

BigQuery pricing

Answer 67

Analysis Pricing (data processing) and Storage pricing.

Active storage $0.02 per GB
Long-term storage $0.01 per GB

Queries (on-demand)
$5 per TB
The first 1 TB per month is free.

Data Ingestion
Batch Loading Free using the shared slot pool.
Streaming inserts (tabledata.insertAll) $0.01 per 200 MB. Individual rows are calculated using a 1 KB minimum size.
BigQuery Storage Write API $0.025 per 1 GB The first 2 TB per month are free.

Batch exports Free using the shared slot pool.
Streaming reads (BigQuery Storage Read API) $1.1 per TB read 300 TB of data per month free

Question 68

How much is BigQuery fixed rate pricing?

Answer 68

$2500 per month, does not include storage

Question 69

What does a GKE DaemonSet, do.

Answer 69

A DaemonSet ensures that all (or some) Nodes run a copy of a Pod. As nodes are added to the cluster, Pods are added to them.

Question 70

What is GKE StatefulSet

Answer 70

StatefulSet is the workload API object used to manage stateful applications and provide storage persistence for your workload

Question 71

What is a GKE Ingress Object?

Answer 71

An API object that manages external access to the services in a cluster, typically HTTP. May provide load balancing, SSL termination and name-based virtual hosting.

Question 72

Whats the difference between GKE AutoPilot and GKE Standard

Answer 72

Autopilot: GKE provisions and manages the cluster’s underlying infrastructure, including nodes and node pools, giving you an optimized cluster with a hands-off experience.

Standard: You manage the cluster’s underlying infrastructure, giving you node configuration flexibility.

Question 73

What are the 4 types of Cloud Storage Triggers

Answer 73

google. storage.object.finalize (default)
google. storage.object.delete
google. storage.object.archive
google. storage.object.metadataUpdate

Question 74

How do you grant access to Pub/Sub

Answer 74

Pub/Sub uses Identity and Access Management (IAM) for access control.

Grant access on a per-topic or per-subscription basis, rather than for the whole Cloud project.
Grant access with limited capabilities, such as to only publish messages to a topic, or to only consume messages from a subscription, but not to delete the topic or subscription.
Grant access to all Pub/Sub resources within a project to a group of developers.

Question 75

What is the gcloud command for creating a DB

Answer 75

gcloud sql instances create INSTANCE

Question 76

Does BigQuery Data Transfer Service for Cloud Storage support versioning

Answer 76

No, if you include a generation number in the Cloud Storage URI, then the load job fails.

Question 77

Is loading a compressed JSON file into BigQUery, faster or slower than loading an uncompressed file

Answer 77

It is slower, BigQuery cannot read compressed data in parallel.

Question 78

What is the format for data and timestamp fields when loading CSV and JSON files into BigQuery?

Answer 78

YYYY-MM-DD and hh:mm:ss

Question 79

What is the maximum gzip file size for loading into BigQuery?

Answer 79

4 GB.

Question 80

What are the 4 emulators available to Google Cloud SDK

Answer 80

BigTable, Datastore, Firestore, and Cloud Pub/Sub

Example commands
gcloud components install cloud-datastore-emulator

gcloud beta emulators datastore start [flags]

Question 81

What is Data Studio

Answer 81

Data Studio is a free tool that turns your data into informative, easy to read, easy to share, and fully customizable dashboards and reports. Use the drag and drop report editor

Question 82

Does a server behind a GFE HTTPS load balancer require a valid certificate

Answer 82

No
When a GFE connects to backends that are within Google Cloud, the GFE accepts any certificate your backends present. GFEs do not perform certificate validation. For example, the certificate is treated as valid even in the following circumstances:

The certificate is self-signed.
The certificate is signed by an unknown certificate authority (CA).
The certificate has expired or is not yet valid.
The CN and subjectAlternativeName attributes don’t match a Host header or DNS PTR record.

Question 83

Which Cloud Storage classes offer low latency

Answer 83

All storage classes offer low latency (time to first byte typically tens of milliseconds) and high durability.

Question 84

What are GKE Deployments

Answer 84

GKE Deployments are a declaration of what you want. Functionally, a Deployment uses ReplicaSets to make sure that the right configuration and number of pods are deployed to the cluster.

Question 85

What are the three deployment lifecycles

Answer 85

A Deployments lifecycle can be in one of three states: progressing, completed, or failed.

Question 86

Are predefined roles fine-grained?

Answer 86

Yes, predefined roles are fine-grained enough to set permissions for specific roles requiring sensitive data access.

Question 87

Which is faster, BigQuery or BigTable?

Answer 87

Bigtable because it provides high-speed reads and writes, accommodates a simple schema, and is cost-effective

Question 88

What is Cloud Foundation Toolkit (CFT)?

Answer 88

It provides a series of reference templates for Deployment Manager and Terraform which reflect Google Cloud best practices.

Question 89

What are the 3 ways to protect a budget and what are their uses

Answer 89

1) Set up budgets and alerts in your project.
Will notify but not prevent excessive resource consumption.

2) Quotas
Quotas will prevent resource consumption from exceeding specified limits.

3) Export the billing reports, and analyze them with BigQuery
Allows for analyzing the root cause for going over the budget but will not prevent overspend.

Question 90

What is the maximum cache size for Apigee Edge

Answer 90

512KB

Question 91

What is the maximum cache size for Cloud CDN

Answer 91

5TB

Question 92

When would you use Identity-Aware Proxy (IAP)

Answer 92

Use IAP when you want to enforce access control policies for applications and resources. IAP works with signed headers or the App Engine standard environment Users API to secure your app.

Question 93

What benefits does Virtual Private Network Service Controls provide

Answer 93

1) Can create granular access control policies in Google Cloud based on attributes like user identity and IP address.
2) Can define a security perimeter around Google Cloud resources such as Cloud Storage buckets, Bigtable instances, and BigQuery datasets to constrain data within a VPC and control the flow of data.
3) Can enforce a security posture across numerous Google Cloud services and projects.

Question 94

How do you init a gcloud without it opening a web browser

Answer 94

Pass the –console-only flag

gcloud init –console-only