Misc

Question 1

Cloud Armour

Answer 1

Distributed service which is supported with Global HTTP(S) Load Balancer to provide built-in defenses against infrastructure DDoS attacks.

It will also scale up based on your traffic. You can also build your custom rules to protect your application.

Permit or block your incoming traffic based on IP addresses or ranges using allow lists and deny lists.

Question 2

Cloud DataProc

Answer 2

Dataproc is a fast, easy-to-use, fully managed cloud service for running Apache Spark and Apache Hadoop clusters in a simpler, more cost-efficient way.

Question 3

Cloud DataPrep

Answer 3

Cloud Dataprep by Trifacta is an intelligent data service for visually exploring, cleaning, and preparing structured and unstructured data for analysis, reporting, and machine learning. Because Cloud Dataprep is serverless and works at any scale, there is no infrastructure to deploy or manage.

Question 4

Cloud DataFlow or DataLab

Answer 4

Fully managed streaming analytics service that minimizes latency, processing time, and cost through autoscaling and batch processing.

Serverless

Horizontal autoscaling

Unified streaming and batch programming model

Reliable and consistent exactly-once processing

Question 5

Cloud Directory Sync

Answer 5

Google Cloud Directory Sync enables administrators to synchronize users, groups and other data from an Active Directory/LDAP service to their Google Cloud domain directory

Question 6

BigQuery

Answer 6

A serverless, highly scalable, and cost-effective cloud data warehouse

Analyze Petabytes of data using SQL

BigQuery is a query Engine for datasets that don’t change much, or change by appending. It’s a great choice when your queries require a “table scan” or the need to look across the entire database. Think sums, averages, counts, groupings. BigQuery is what you use when you have collected a large amount of data, and need to ask questions about it.

Question 7

BigTable

Answer 7

BigTable is a database. It is designed to be the foundation for a large, scaleable application. Use BigTable when you are making any kind of app that needs to read and write data, and scale is a potential issue.

Bigtable is not a relational database and it does not support SQL queries or JOINs, nor does it support multi-row transactions.

Google Cloud Bigtable offers you a fast, fully managed, massively scalable NoSQL database service that’s ideal for web, mobile, and Internet of Things applications requiring terabytes to petabytes of data.

Single-digit millisecond latency

Question 8

Cloud Spanner

Answer 8

Google Cloud Spanner is a distributed relational database service that runs on Google Cloud. It is designed to support global online transaction processing deployments, SQL semantics, highly available horizontal scaling and transactional consistency.

Google Cloud Spanner has a good reputation for managing large volumes of data, dealing with repetitive queries, and ease of deployment. Cloud Spanner is good for traditional transactions and and analytics, as well as geographically diverse databases.

Interleaved tables: tables can have physical dependencies with each other. Rows of a child table can be collocated with rows of the parent table. This approach speeds up lookups of relations that can be defined in the data modeling phase — for example, collocation of customers and their invoices.

Question 9

Cloud DataStore

Answer 9

Cloud Datastore is a highly scalable NoSQL database for your applications. Cloud Datastore automatically handles sharding and replication, providing you with a highly available and durable database that scales automatically to handle your applications’ load. Cloud Datastore provides a myriad of capabilities such as ACID transactions, SQL-like queries, indexes, and much more.

Question 10

Google Data Studio

Answer 10

Data Studio is Google’s reporting solution for power users who want to go beyond the data and dashboards of Google Analytics

Question 11

Cloud Pub/Sub

Answer 11

Pub/Sub is a fully-managed real-time messaging service that allows you to send and receive messages between independent applications.

Question 12

Storage Transfer Service

Answer 12

Transfer data from another GCP bucket, Amazon S3 or List of object URLs

Question 13

Cloud Firestore

Answer 13

Cloud Firestore is a fast, fully managed, serverless, cloud-native NoSQL document database that simplifies storing, syncing, and querying data for your mobile, web, and IoT apps at global scale. Its client libraries provide live synchronization and offline support, while its security features and integrations with Firebase and Google Cloud Platform (GCP) accelerate building truly serverless apps.

Question 14

Memorystore

Answer 14

REdis

Question 15

Project identification

Answer 15

Each GCP project has:

A project name, which you provide.

A project ID, which you can provide or GCP can provide for you.

A project number, which GCP provides.

Question 16

Deployment Manager

Answer 16

Google Cloud Deployment Manager allows you to specify all the resources needed for your application in a declarative format using yaml. You can also use Python or Jinja2 templates to parameterize the configuration and allow reuse of common deployment paradigms such as a load balanced, auto-scaled instance group.

Question 17

Pricing Innovations

Answer 17

1. Sustained Use: Automatically get up to a 30% discount on workloads that run for a significant portion of the billing month on Compute Engine and Cloud SQL
2. Preemptible VMs: Up to 79% off workloads that can be interrupted, like data mining and data processing.
3. Per-second billing : You pay per second, which is how a cloud should work
4. Coldline storage
5. Custom machine types
6. Committed-use discounts : Savings of up to 57% without up-front fees or instance-type lock-in.
7. Rightsizing recommendations : Sizing recommendations based on compute usage, time savings, and money management.

Question 18

StackDriver monitioring notification channels

Answer 18

Emai

Google Cloud Console Mobile App

PagerDuty

SMS

Slack

Webhooks

Pub/Sub

Question 19

Serial Console for instances

Answer 19

interactive access to an instance’s serial console to debug boot and networking issues, troubleshoot malfunctioning instances, interact with the GRand Unified Bootloader (GRUB), and perform other troubleshooting tasks.

Question 20

GCP IAM members

Answer 20

Members can be of the following types: Google account, Service account, Google group, G Suite domain, Cloud Identity domain.

Question 21

Binding

Answer 21

Binds members to roles

Question 22

IAM Policy object

Answer 22

An IAM Policy object consists of a list of bindings

Question 23

IAM Policy hierarchy

Answer 23

Policy hierarchy

Google Cloud resources are organized hierarchically:

• The organization is the root node in the hierarchy.
• Folders are children of the organization.
• Projects are children of the organization, or of a folder.
• Resources for each service are descendants of projects.

Each resource has exactly one parent.

Question 24

Effective Policy for a GCP resource

Answer 24

The effective policy for a resource is the union of the policy set at that resource and the policy inherited from higher up in the hierarchy

Question 25

G Suite Password Sync

Answer 25

G Suite Password Sync (GSPS) automatically keeps your users’ passwords in sync with their Microsoft® Active Directory® passwords.

Question 26

Zonal outage failover

Answer 26

Zonal Outage Failover needs to be manually setup and configured for GCP Resources

Question 27

Geo redundancy

Answer 27

Data that is geo-redundant is stored redundantly in at least two separate geographic places separated by at least 100 miles”
Geo-redundancy occurs asynchronously

Question 28

Multi-region location

Answer 28

“Cloud Platform services are managed by Google to be redundant and distributed within and across regions”

“Objects stored in multi-regions and dual-regions are geo-redundant”

“Data that is geo-redundant is stored redundantly in at least two separate geographic places separated by at least 100 miles. Objects stored in multi-regions and dual-regions are geo-redundant, regardless of their storage class.”

“Geo-redundancy occurs asynchronously”

“For multi-regions, geo-redundancy is achieved using any combination of data centers within the specified multi-region, which may include data centers that are not explicitly listed as available regions.”

“nam-eur-asia1” is a Multi-Region available to Spanner

Question 29

Cloud KMS

Answer 29

Cloud KMS is a cloud-hosted key management service that lets you manage cryptographic keys for your cloud services the same way you do on-premises. You can generate, use, rotate, and destroy cryptographic keys. Cloud KMS is integrated with Cloud Identity and Access Management and Cloud Audit Logs so that you can manage permissions on individual keys and monitor how these are used. Use Cloud KMS to protect secrets and other sensitive data that you need to store in Google Cloud Platform.

AES256, RSA 2048, RSA 3072, RSA 4096, EC P256, and EC P384

Question 30

Cloud HSM

Answer 30

Cloud HSM is a cloud-hosted hardware security module (HSM) service on Google Cloud Platform. With Cloud HSM, you can host encryption keys and perform cryptographic operations in FIPS 140-2 Level 3 certified HSMs.

With Cloud HSM, the keys that you create and use cannot be removed from HSMs. Using Cloud HSM, you can verifiably attest that your cryptographic keys were created within a hardware device.

Cloud HSM service is fully integrated with Cloud Key Management Service (KMS), which allows you to easily create and use customer-managed encryption keys (CMEK) that are generated and protected by a FIPS 140-2 Level 3 hardware device.

Question 31

Trusted Platform Module (TPM)

Answer 31

A TPM is a hardware, firmware, or virtual device that aids in securing machines in several ways: it can generate keys, use them for cryptographic operations (e.g., for symmetric and asymmetric key generation, signing, and decryption), and certify them based on its root Endorsement Key (which is in turn certified by the Google Public Root Certificate Authority). The TPM’s root keys and the keys that it generates can’t leave the TPM, thus gaining protection from compromised operating systems or highly privileged project admins. In addition, any private keys that you create on the TPM cannot be exported unless you explicitly configure them as such.

Question 32

Dual region and multi region locations for KMS

Answer 32

Dual:

eur4

nam4

Multi:

global

asia

europe

us

Question 33

Global resources

Answer 33

Global resources are accessible by any resource in any zone within the same project. When you create a global resource, you don’t need to provide a scope specification. Global resources include:

Addresses

The Addresses collection contains any global static external IP addresses that you have reserved for your project. Global static external IP addresses are a global resource and are used for global load balancers: HTTP(S), SSL proxy, and TCP proxy.

Images

Images are used by any instance or disk resource in the same project as the image. Google provides preconfigured images that you can use to boot your instance. You can customize one of these images, or you can build your own image. Optionally, you can share images across projects.

Snapshots

Persistent disk snapshots are available to all disks within the same project as the snapshot. Optionally, you can share snapshots across projects.

Instance templates

An instance template can be used to create VM instances and managed instance groups. An instance template is a global resource. However, you can specify some zonal resources in an instance template, which restricts the use of that template to the location of the specified zonal resource.

Cloud Interconnects

A Cloud Interconnect is a highly available connection from your on-premises network to Google’s network. This connection is a global resource. However, interconnect attachments, which run inside of this connection, are regional resources.

Cloud Interconnect locations

A Cloud Interconnect location is a physical connection point for Cloud Interconnect near your network. There is one Cloud Interconnect location for every available colocation facility and edge availability domain. Cloud Interconnect locations are read-only, global resources.

VPC network

A VPC network is a global resource, but individual subnets are regional resources.

Firewalls

Firewalls apply to a single VPC network and are considered a global resource because packets can reach them from other networks.

Routes

Routes let you create complex networking scenarios. You can manage how traffic is routed for a specific IP range. Routes are similar to how a router directs traffic within a local area network. Routes apply to VPC networks within a Google Cloud project and are considered global resources.

Global operations

Operations are a per-zone resource, a per-region resource, and a global resource. If you are performing an operation on a global resource, the operation is considered a global operation. For example, inserting an image is considered a global operation because images are a global resource.

Note: Operations are unique in that they span all three scopes: global resources, regional operations, and zonal operations. A request to list operations returns operations across all three scopes.

Question 34

Regional resources

Answer 34

Regional resources

Regional resources are accessible by any resources within the same region. For example, if you reserve a static external IP address in a specific region, that static external IP address can only be assigned to instances within that region. Each region also has one or more zones. For a list of available regions and zones, see Regions and zones.

Regional resources include:

Addresses

The Addresses collection contains any regional static external IP addresses that you have reserved for your project. Static external IP addresses are a regional resource that are used by instances that are in the same region as the address, by regional forwarding rules for network load balancers, and for protocol forwarding.

Cloud Interconnect attachments

An interconnect attachment allocates a VLAN on your Cloud Interconnect and connects that VLAN to a VPC network. An attachment is a regional resource, but a Cloud Interconnect connection is a global resource.

Subnets

Subnets regionally segment the network IP space into prefixes (subnets) and control which prefix an instance’s internal IP address is allocated from.

Regional managed instance groups

Regional managed instance groups are collections of identical instances that span multiple zones. Regional managed instance groups let you spread app load across multiple zones, rather than confining your app to a single zone or having to manage multiple instance groups across different zones.

Regional persistent disks

Regional persistent disks provide durable storage and replication of data between two zones within the same region. In a failover situation, you can force-attach a regional persistent disk to another instance within the same region. Optionally, you can share disk resources across projects, which lets other projects make images and snapshots from these disks but doesn’t let instances in other projects attach the disks.

Regional operations

Operations are a per-zone resource, a per-region resource, and a global resource. If you are performing an operation on a regional resource, the operation is considered a per-region operation. For example, reserving an address is considered regional operation because addresses are a region-specific resource.

Question 35

Zonal resources

Answer 35

Zonal resources

Resources that are hosted in a zone are called per-zone resources. Zone-specific resources, or per-zone resources, are unique to that zone and are only usable by other resources in the same zone. For example, an instance is a per-zone resource. When you create an instance, you must provide the zone where the instance is located. The instance can access other resources within the same zone, and can access global resources, but it can’t access other per-zone resources in a different zone, such as a disk resource.

Per-zone resources include:

Instances

A virtual machine (VM) instance is located within a zone and can access global resources or resources within the same zone.

Persistent disks

Persistent disks are accessed by other instances within the same zone. You can attach a disk only to instances in the same zone as the disk. You can’t attach a disk to an instance in another zone. Optionally, you can share disk resources across projects, which lets other projects make images and snapshots from these disks but doesn’t let instances in other projects attach the disks.

Machine types

Machine types are per-zone resources. Instances and disks can only use machine types that are in the same zone.

Zonal managed instance groups

A zonal managed instance group uses an instance template to create a group of identical instances within a single zone. You manage VM instances in a managed instance group as a single entity, rather than managing individual instances.

Per-zone operations

Operations are a per-zone resource, a per-region resource, and a global resource. If you are performing an operation on a zone-specific resource, the operation is considered a per-zone operation. For example, inserting an instance is considered a per-zone operation because the operation is being performed on a zone-specific resource, an instance.

Question 36

Cloud Security Scanner

Answer 36

Cloud Security Scanner is a web security scanner for common vulnerabilities in App Engine, Compute Engine, and Google Kubernetes Engine applications. It can automatically scan and detect four common vulnerabilities, including cross-site-scripting (XSS), Flash injection, mixed content (HTTP in HTTPS), and outdated/insecure libraries. It enables early identification and delivers very low false-positive rates. You can easily set up, run, schedule, and manage security scans, and it is available at no additional charge for Google Cloud Platform users.