Professional Cloud Architect

Question 1

What is a GCP Service that handles streaming and batch data?

Answer 1

Cloud DataFlow

Question 2

What does DLP stand for and how is it used?

Answer 2

Data Loss Prevention and it is used to sanitize data and remove sensitive information

Question 3

App Engine is what type of service?

Answer 3

PAAS Platform as a Service

Question 4

Compute Engine (GCE) is what type of service?

Answer 4

IAAS Infrastructure as a Service

Question 5

What are the FireStore Components?

Answer 5

Field
Collection Group
Document
Document ID

Question 6

What are the Cloud DataStore Components?

Answer 6

Kind
Entity
Property
Key

Question 7

If a Compute Engine Application exists in a single VPC across three regions and your application must communicate over VPN to your company’s on-premise network then how many VPN Gateways are required?

Answer 7

3 Cloud VPN gateways are required.
Cloud VPN Gateways are bound to a single region.
Create a Cloud VPN Gateway in each region

Question 8

What type of migration model does Dress4Win state in their business requirements?

Answer 8

Lift and Shift

Question 9

What are the 5 sequential steps for cloud migration?

Answer 9

1 Assess
2 Pilot
3 Move Data
4 Move Applications
5 Cloudify & Optimize

Question 10

Dynamic Routing uses a _________ to automatically discover new subnet routes

Answer 10

Cloud Router

Question 11

The 4 layers of the GCP Cloud Resource Hierarchy

Answer 11

1 Organization
2 Folders
3 Projects
4 Resources

Question 12

Which network interconnect method connects your network to a GCP VPC over a public internet encrypted tunnel?

Answer 12

Cloud VPN

Question 13

Command to create a new storage bucket

Answer 13

gsutil mb -l {location} -c {storage class} gs://BucketName

Question 14

Cloud Router uses this protocol to handle dynamic routing between locations

Answer 14

BGP Border Gateway Protocol

Question 15

Where can you export Stackdriver logs to (not counting customer locations)

Answer 15

1 Cloud Storage
2 Cloud Pub/Sub
3 BigQuery

Question 16

What is the max speed of a single Cloud VPN tunnel (non-peered)

Answer 16

1.5 Gbps

Question 17

Every load balancer must have a ___ and a ____

Answer 17

Frontend || Backend

Question 18

Role necessary to link a project to a billing account

Answer 18

Billing Account User

Question 19

How many VPN tunnels can you create in a single Cloud VPN gateway

Answer 19

8

Question 20

What is the default, implied status of all egress traffic in a VPC firewall

Answer 20

Allow All

Question 21

Google Cloud Storage holds what type of data?

Answer 21

Unstructured

Question 22

This service is required to setup dynamic routing over a Cloud VPN Service

Answer 22

Cloud Router

Question 23

Where does Cloud Dataaprep load data from?

Answer 23

Cloud Storage and BigQuery

Question 24

The two methods of permissions for Google Cloud Storage

Answer 24

1 IAM: Identity and Access management

2 ACL: Access control list

Question 25

This database service is ideal for low-latency storage of time-series data

Answer 25

Cloud BigTable

Question 26

Relational Databases

Answer 26

Cloud SQL

Cloud Spanner

Question 27

Non-Relational Databases

Answer 27

Cloud DataStore
Cloud FireStore
Cloud BigTable

Question 28

DataWareHouse

Answer 28

BigQuery

Question 29

This managed database is a no-ops petabyte-scale data warehouse that queries data in standard SQL Format

Answer 29

Big Query

Question 30

Retention period for data access logs

Answer 30

30 days

Question 31

______ Roles apply to the entire project.

Answer 31

Primitive

Question 32

An HTTP load balancer can forward traffic by ____ and ____

Answer 32

location

content

Question 33

Which GCP load balancers are multi-regional in scope?

Answer 33

1 HTTP Load Balancer
2 TCP Proxy
3 SSL Proxy

Question 34

VPC subnets can exist in more than one _____

Answer 34

zone (in the same region)

Question 35

Which connection protocol does the Cloud VPN service use?

Answer 35

IPSEC

Question 36

This IAM member allows public/anonymous access to a resource

Answer 36

allUsers

Question 37

Google account type for members of an organization WITHOUT access to Google apps

Answer 37

Cloud Identity Domain

Question 38

What type of managed database is ideal for web and mobile applications?

Answer 38

Cloud DataStore

Question 39

More lightweight container image option to run on GKE

Answer 39

Alpine Linux

Question 40

The name for the modular components of a Cloud Deployment Manager Configuration

Answer 40

Templates

Question 41

GCP Service for Providing a ‘single pane of glass’ for monitoring resources and alerts across projects in AWS

Answer 41

StackDriver Monitoring

Question 42

VPC firewall rules are applied on a per-instance basis

Answer 42

True

Question 43

What layer of the Cloud Resource Hierarchy are chargeable resources hosted in?

Answer 43

Projects

Question 44

Which networking interconnect option connects your business directly to Google, but not directly to GCP VPC?

Answer 44

Peering

Question 45

The 3 Primitive Roles and the types of access they give:

Answer 45

1 Owner: Full Project Access (Billing and Assigning IAM Roles)
2 Editor: Full Access minus- Billing and IAM access
3 Viewer: View only

Question 46

Google account type for a collection of individual Google Accounts

Answer 46

Google Groups

Question 47

When to use Dataproc over Data Flow

Answer 47

When using Hadoop/Spark workflows

Question 48

Another term for mapping Cloud Identity to Active Directory to duplicate account information.

Answer 48

Federation

Question 49

What is a pod on GKE?

Answer 49

Smallest deployable unit. Contains one or more containers that run on nodes

Question 50

The three IAM Role Types

Answer 50

1 Primitive
2 Predefined
3 Custom

Question 51

Two format options for Cloud Deployment Manager template files

Answer 51

Jinja

Python

Question 52

The five (non-beta) Stackdriver services

Answer 52

1) . Logging
2) . Trace
3) . Monitoring
4) . Error Reporting
5) . Debug

Question 53

Cloud Storage can act as a block-level SAN replacement (True/False)

Answer 53

False; you would need to use a persistent disk for a direct SAN replacement

Question 54

The two Memcache service levels

Answer 54

1 Dedicated

2 Shared

Question 55

GCP service for asynchronous messaging, used for streaming data ingest

Answer 55

Cloud Pub/Sub

Question 56

In a Shared VPC network, the ____ project hosts the VPC components, and the ___ project uses hosted VPC resources

Answer 56

Host

Service

Question 57

This managed database is ideal for NoSQL purposes, is NoOps in setup/maintenance, and is ideal for mobile save game state

Answer 57

Cloud DataStore

Question 58

What is a service account?

Answer 58

1 Assigned to an application or a server
2 Authenticated with a service account key
3 Both a member and a resource

Question 59

How to easily apply VPC firewall rules to individual instances instead of the entire network

Answer 59

Network Tags

Question 60

Admin Activity Logs are ____ by default

Answer 60

Enabled

Question 61

When are un-managed instance groups useful?

Answer 61

Migrating grouped servers to the cloud with minimal disruption in workflow

Question 62

____ provides a direct physical connection to connect your on-premises network to a Google Cloud VPC network.

Answer 62

Cloud Interconnect

Question 63

How to optimize your CDN cache performance:

Answer 63

Configure Cache Hit Ratio

Question 64

Collection of statements that define who has access to what resource on GCP

Answer 64

IAM Policy

Question 65

This application is required to configure a Cloud Storage bucket as a mounted disk on a GCE instance.

Answer 65

Google Cloud Storage Fuse (gcs-fuse)

Question 66

a managed instance group is created from an ____

Answer 66

Instance Template

Question 67

Permissions for working with VPC networks fall under this service.

Answer 67

Compute Engine

Question 68

What are the 5 load balancer options in GCP

Answer 68

1) Internal
2) Network
3) HTTP(s)
4) TCP Proxy
5) SSL Proxy

Question 69

How to add subnets in other regions to the same VPC network:

Answer 69

No configuration necessary

Question 70

What are the two database structure formats we discussed in this course?

Answer 70

Relational (SQL) || Non-Relational (NoSQL)

Question 71

An export in Stackdriver Logging requires what components to setup?

Answer 71

A filter to select log entries
A destination to export filtered logs
Sink: Select which filtered logs to send to which destination

Question 72

Format of Deployment Manager configuration files

Answer 72

YAML format

Question 73

GCP’s service that is build on Apache Beam, used for processing both batch and streaming data

Answer 73

Cloud DataFlow

Question 74

Retention period for admin activity logs

Answer 74

400 days

Question 75

This type of disk is directly connected to a GCE instance and must be set up on instance creation

Answer 75

Local SSD

Question 76

Where can billing data be exported?

Answer 76

1 Cloud Storage

2 Big Query

Question 77

Which are the benefits of quotas?

Answer 77

Protection of unexpected spikes in resource usage

Prevent runaway consumption due to error or malicious intent

Question 78

What could be the cause if an Instance Group VMs keep restarting every minute?

Answer 78

1 Failing Health Check

2 Configure the firewall to allow proper access to instance group VM’s (subnet, tag) from load balancer IP

Question 79

MountKirk Games is looking to migrate how many environments to the cloud?

Answer 79

(2) environments different storage for each service
1 Game BackEnd on Google Cloud Compute Engine (GCE)
2 Analytics

Question 80

What would fulfill the MountKirk technical requirement for “connecting a trans-actional database service to manage user profiles and game state”?

Answer 80

Cloud Datastore - NoSQL transactional database - perfect for game user-profiles and game states

Question 81

What would fulfill the MountKirk technical requirement “Store game activity in a timeseries database service for future analysis”?

Answer 81

Store in BigQuery
BigQuery vs BigTable
BigQuery a lot more managed
No requirement for low latency analytics response time (Big Table)
BigQuery has a response measured in seconds, scales efficiently
BigQuery reading from BigTable possible response as well

Question 82

What would fulfill the MountKirk technical requirement “As the System scales, ensure that data is not lost due to processing backlogs. “?

Answer 82

1 HTTP Load Balancer- Automatically scales to meet demand
2 Managed Instance Groups - also auto-scales
3 Pub/Sub - Buffers late/slow data

Question 83

What would fulfill the MountKirk technical requirement “Run hardened Linux Distro”?

Answer 83

Managed Instance groups with custom images

Question 84

What would fulfill the MountKirk technical requirement “Process incoming (streaming) data on the fly directly from the game servers?

Answer 84

Connect services (stackdriver logs metrics, gce game serverss) with Pub/Sub
Process with DataFlow

Question 85

What would fulfill the MountKirk technical requirement “Process data that arrives late because of slow mobile networks” ?

Answer 85

Pub/Sub: Scales and Buffers messages

DataFlow: Accounts for late/out of order data

Question 86

What would fulfill the MountKirk technical requirement “Allow queries to access at least 10 TB of historical data.”?

Answer 86

BigQuery - SQL Queries against data

Question 87

What would fulfill the MountKirk technical requirement “Process files that are regulary uploaded by users’ mobile devices. ?

Answer 87

Upload to Cloud Storage

Process via DataFlow

Question 88

What would fulfill the Dress4Win technical requirement equivalent of “MySQL”?

Answer 88

DataCenter&raquo_space; GCP
MySQL&raquo_space; Cloud SQL (Lift . Shift)
5TB&raquo_space; 10 TB Size Limit
Single Region - no global footprint requirement
Migration -
1 Create replica server managed by Cloud SQL
2 Once replica is synced: Update applications to point to replica
3 Promote replica to stand-alone instance

Question 89

What would fulfill the Dress4Win technical requirement “Redis 3 server Cluster” ?

Answer 89

Two options

1) Run Redis server on Compute Engine
2) Use new Memorystore managed Redis database

Question 90

What would fulfill the Dress4Win technical requirement “40 Web Application servers providing micro-services based APIs and static content. “Tomcat - Java”, “Nginx”, “4 core CPUs”,”32 GB of RAM”?

Answer 90

The existing environment has lots of idle time
- Managed instance groups - autoscaling using custom machine types (Fits Lift . Shift)
Alternatively - can re-architect for GKE/GAE for microservices deployments for future phases

Question 91

What would fulfill the Dress4Win technical requirement “20 Apache Hadoop/Spark servers:”?

Answer 91

Cloud Dataproc connecting to Cloud Storage

Question 92

What would fulfill the Dress4Win technical requirement “3 RabbitMQ servers for messaging, social notifications, and events:”?

Answer 92

Pub/Sub likely replacement

Can also deploy same environment on Compute engine instance group (lift and shift)

Question 93

What would fulfill the Dress4Win technical requirement “Jenkins, monitoring, bastion hosts, security scanners”?

Answer 93

No managed service equivalents
Use GCE instances - custom machine types
Think about using the Market Place as well

Question 94

What would fulfill the Dress4Win technical requirement “iSCSI for VM hosts/Fiber channel SAN - Backup for MySQL databases” ?

Answer 94

SAN/iSCSI requires block storage

Persistent disks working in a SAN Cluster

Question 95

What would fulfill the Dress4Win technical requirement “NAS - image storage, logs, backups”?

Answer 95

Cloud Storage - direct replacement
Infinite scale in a single bucket
Persistent also an option

Question 96

What would fulfill the TerramEarth business requirement “Decrease unplanned vehicle downtime to less than 1 week”?

Answer 96

Convert to 100% cellular connectivity

Question 97

What would fulfill the TerramEarth business requirement “Support the dealer network with more data on how their customers use their equipment to better position new products and services”?

Answer 97

Share insights with Data Studio

Question 98

What would fulfill the TerramEarth business requirement “Have the ability to partner with different companies – especially with seed and fertilizer suppliers in the fast-growing agricultural business – to create compelling joint offerings for their customers”?

Answer 98

• Share insights with Data Studio
• BigQuery / ML analytics to predict customer needs
• Tech lead will enable partnerships

Question 99

What would fulfill the TerramEarth technical requirement “expand beyond a single datacenter to decrease latency to American midwest and east coast”?

Answer 99

Multi-regional/global services

Question 100

What would fulfill the TerramEarth technical requirement “create a backup strategy”?

Answer 100

Regular BigQuery Exports to Cloud Storage

Question 101

What would fulfill the TerramEarth technical requirement “Increase the security of data transfer from equipment to the datacenter”?

Answer 101

• Cloud Endpoints - manage and protect APIs
• Cloud IoT Core - also managed security
• Customer supplied encryption keys

Question 102

What would fulfill the TerramEarth technical requirement “Improve data warehouse”?

Answer 102

• Cloud dataflow - transform incoming streaming data to the preferred format
• Alternatively, stage in Cloud Storage, clean with Cloud Dataprep, and run job backed by DataFlow into BigQuery

Question 103

What would fulfill the TerramEarth technical requirement “Use Customer and equipment data to anticipate customer needs”?

Answer 103

Pair BigQuery with machine learning services for predictive analytics

Question 104

_______ provides visual notebooks for working with BigQuery/Cloud ML Engine data for ML/analytics?

Answer 104

Datalab

Question 105

What does CSEKs stand for?

Answer 105

Customer-supplied encryption keys

Question 106

What does CMEK stand for?

Answer 106

Customer-managed encryption keys

Question 107

What is a use case for a .boto file?

Answer 107

use a .boto configuration file to supply the customer_managed encryption key, then use gsutil to upload the files

Question 108

______ works with Global HTTP(s) Load Balancers to Deliver defense against ddos attacks.

Answer 108

Cloud Armor

Question 109

_________ will allow vms on your subnet to access GCP resources

Answer 109

Private Google Access

Question 110

Resources not hosted on GCP should use a _____

Answer 110

CSEK Custome Service Encryption key for authentication

Question 111

Subnets are ________ resources

Answer 111

Regional

Question 112

An IAM Policy Consists of a ____________

Answer 112

List of Bindings

Question 113

What role gives you permission to set up a Shared VPC

Answer 113

Shared VPC Admin Role

Question 114

Based on MountKirk Games’ technical requirements, what GCP services/infrastructure will they use to host their game backend?

Answer 114

Managed Instance Group on Compute Engine

Question 115

What is Google Container Engine?

Answer 115

GKE Google Container Engine is the older naming convention of the container orchestration Google Kubernetes

Question 116

What does the HTTP status Error response 401?

Answer 116

Unauthorized

Question 117

You want to enable your running Google Kubernetes cluster to scale as demand for your application changes. What should you do?

Answer 117

Update the existing Kubernetes Engine Cluster with the following command; “gcloud container clusters update CLUSTER_NAME –enable-autoscaling –min-nodes=1 –max-nodes=10”

Question 118

Your company places a high value on being responsive and meeting customer needs quickly. Their primary business objectives are release speed and agility. You want to reduce the chance of security errors being accidentally introduced. Which two actions can you take?

Answer 118

1) Use source code security analyzers as part of the CI/CD pipeline
2) . Run a vulnerability security scanner as part of your continuous-integration - delivery (CI/CD) pipeline

Question 119

What are 2 characteristics of GCP VPC subnets?

Answer 119

1) . Each subnet can span at least 2 Availability Zones to provide a high-availability environment.
2) . By default, all subnets can route between each other, whether they are private or public

Question 120

What is the minimum CIDR size for a subnet?

Answer 120

/29

Question 121

Which of TerramEarth’s legacy enterprise processes in their existing data centers would experience significant change as a result of increased Google Cloud Platform adoption?

Answer 121

Capacity planning, utilization measurement, data center expansion

Question 122

You have a mission-critical database running on an instance on Google Compute Engine. You need to automate a database backup once per day to another disk. The database must remain fully operational and functional and can have no downtime. How can you best perform an automated backup of the database with minimal downtime and minimal costs?

Answer 122

Use a cron job to schedule your application to backup the database to another persistent disk.

Question 123

Once a month Terram Earth’s vehicles are serviced and the data is downloaded from the maintenance port. the data analysts would want to query this huge data collected from these vehicles and analyze the overall condition of the vehicles. Terram Earth’s management is looking at a solution which cost-effective and would scale for future requirements.

Answer 123

Load the data from Cloud Storage to BigQuery and run queries on BigQuery

Question 124

Your company’s architecture is shown in the diagram. You want to automatically and simultaneously deploy new code to each Google Container Engine cluster. Which method should you use?

Answer 124

Use an automation tool, such as Jenkins

Question 125

BigQuery Best practices for controlling cost

Answer 125

1) . Avoid SELECT * Query only the columns that you need
2) . Use the –dry_run flag in the CLI before running queries, preview them to estimate costs
3) . If possible, partition your BigQuery tables by date

Question 126

The security team has disabled external SSH access into production virtual machines in GCP. The operations team needs to remotely manage the VMs and other resources. What can they do?

Answer 126

Grant the operations team access to use Google Cloud Shell

Question 127

Dress4Win has asked you to recommend machine types they should deploy their application servers t. How should you proceed?

Answer 127

Recommend that Dress4Win deploy into production with the smallest instances available, monitor them over time, and scale the machine type up until the desired performance is reached.

Question 128

What is Google’s continuous integration solution?

Answer 128

Cloud Build

Question 129

Kubernetes Engine offers integrated support for two types of ________ for a publicly accessible application:

Answer 129

Cloud Load Balancing

Question 130

URL maps are used with the following Google Cloud products:

Answer 130

1) . External HTTP(S) Load Balancing
2) . Internal HTTP(S) Load Balancing
3) . Traffic Director

Question 131

Your customer is moving an existing corporate application from an on-premises data center to the Google Cloud Platform. The business owner requires minimal user disruption. There are strict security team requirements for storing passwords. What authentication strategy should they use?

Answer 131

Federate authentication via SAML 2.0 to the existing Identity Provider

Question 132

You write a Python script to connect to Google BigQuery from a Google Compute Engine virtual machine. The script is printing errors that it cannot connect to BigQuery. What should you do to fix the script?

Answer 132

Run your script on a new virtual machine with the BigQuery access scope enable.

“The error is most like caused by the access scope issue. When a new instance is created you have the Compute Engine default service account but most services like access including BigQuery is not enabled.”

Question 133

AS part of migrating plans to the cloud, Dress4Win wants to set up a managed logging and monitoring system so they can understand and manage workload based on the traffic spikes and patterns.

They want to ensure that:
- The infrastructure can be notified when it needs to scale up and down to handle the daily workload

• Their administrators are notified automatically when their application reports errors
• They can filter their aggregated logs down to debug one piece of the application across many hosts.

Which Google StackDriver features should they use?

Answer 133

Monitoring, Logging, Debug, Error Report

Question 134

You work in a small company where everyone should be able to view the resources of a specific project. You want to grant them access following Google’s recommended practices. What should you do?

Answer 134

Create a new Google Group and add all users to the group. Use “gcloud projects add-iam-policy-binding” with the Project Viewer role and Group email address

Question 135

One of your primary business objectives is being able to trust the data stored in your application. You want to log all changes to the application data. How can you design your logging system to verify the authenticity of your logs?

Answer 135

Digitally sign each timestamp and log entry and store the signature.

“To verify the authenticity of your logs if they are tampered or forged, you can use certain algorithms to generate digest by hashing each timestamp or log entry and then digitally sign the digest with a private key to generate a signature. Anybody with your public key can verify that signature to confirm that it was made with your private key and they can tell if the timestamp or log entry was modified.

You can put the signature files into a folder separate from the log files. This separation enables you to enforce granular security policies.

Question 136

Mountkrik is setting up its backend platform for a new game. They expect the new game to become popular once it is released. The platform must adhere to their technical requirements. Please select the Google Cloud Services that would fulfill all their requirements.

Answer 136

Managed Instance Group with Auto Scaling enabled, Cloud Datastore BigQuery, DataFlow

1. Dynamically scale up or down based on game activity (Managed Instance Group w/ Autoscaling)
2. Connect to a transactional database service to manage user profiles and game state (Cloud Datastore because Cloud Datastore is good for user profiles that deliver a customized experience based on the user’s past activities and preferences(gaming).
3. Store game activity in a time-series database server for future analysis (BigQuery is good for time-series data unless it is specified for ‘low-latency’, BigTable would be a better fit
4. As the system scales, ensure that data is not lost due to processing backlogs (Dataflow can handle late-arriving data and out of order data)
5. Run hardened Linux distro (Managed Instance Group with Hardened Linux Distribution)

Question 137

How are subnetworks different than the legacy networks?

Answer 137

Each subnetwork controls the IP address range used for instances that are allocated to that subnetwork

Question 138

What is the command to use multi-threaded uploads?

Answer 138

gsutil -m cp -r dir gs://my-bucket

Question 139

You have a collection of media files over 5GB each that you need to migrate to Google Cloud Storage. The files are in your on-premises data center. What migration method can you use to help speed up the transfer process?

Answer 139

Use parallel uploads to break the file into smaller chunks then transfer it simultaneously.

gsutil -o GSUtil:parallel_composite_upload_threshold=150M cp bigfile gs:///yourbucket

Question 140

What are the flags to start a recursive upload?

Answer 140

The -R and -r options are synonymous. It causes directories, buckets, and bucket subdirectories to be copied recursively.

Question 141

What are two business risks of migrating to Cloud Deployment Manager?

Answer 141

1) . Cloud Deployment Manager only supports the automation of Google Cloud Resources.
2) . Cloud Deployment Manager can be used to permanently delete cloud resources

Question 142

Dress4Win wants to do penetration security scanning on the test and development environment deployed to the cloud. The scanning should be performed from an end-user perspective as much as possible. How should they conduct penetration testing?

Answer 142

Use the on-premises scanners to conduct penetration testing on the cloud environments routing traffic over the public internet.

Question 143

Mountkirk Games wants you to design their new testing strategy. How should the test coverage differ from their existing backends on the other platforms?

Answer 143

Tests should include directly testing the Google Cloud Platform (GCP) Infrastructure

Question 144

Your company collects and stores security camera footage in Google Cloud Storage. Within the first 30 days, the footage is processed regularly for threat detection, object detection, trend analysis, and suspicious behavior detection. You want to minimize the cost of storing all the data. How should you store the videos?

Answer 144

Use Google Cloud Regional Storage for the first 30 days, and then move to Coldline Storage.

Question 145

A production database virtual machine on Google Compute Engine has an ext4-formatted persistent disk for data files. The database is about to run out of storage space. How can you remediate the problem with the least amount of downtime?

Answer 145

In the Cloud Platform Console, increase the size of the persistent disk and use the resize2fs command in Linux.

Question 146

What is the command to resize a GCE disk?

Answer 146

gcloud compute disks resize [DISK_NAME] –size [DISK_SIZE]

Question 147

You are migrating your existing data center environment to Google Cloud Platform. You have 1 petabyte Storage Area Network (SAN) that needs to be migrated. What GCP service will this data map to?

Answer 147

Persistent Disk

SAN data uses block storage, which will map directly to a persistent disk on GCP for equivalent storage.

Question 148

What type of storage does a SAN map to in GCP?

Answer 148

Persistent Disk

Question 149

What type of storage does a NAS map to in GCP

Answer 149

Persistent Disk or Cloud Storage

Question 150

Your company plans to host a large donation website on Google Cloud Platform. You anticipate a large and undetermined amount of traffic that will create many database writes. To be certain that you do not drop any writes to a database hosted on GCP. Which service should you use with managed service?

Answer 150

Cloud Pub/Sub for capturing the writes and draining the queue to write to the database.

Question 151

Dress4Win has end-to-end tests covering 100% of their endpoints. They want to ensure that the move to the cloud does not introduce any new bugs. Which additional testing methods should the developers employ to prevent an outage?

Answer 151

They should add additional unit tests and production scale load tests on their cloud staging environment

Question 152

Your development team has installed a new Linux kernel module on the batch servers in Google Compute Engine (GCE) virtual machines (VMs) to speed up the nightly batch process. Two days after the installation, 50% of the batch servers failed the nightly batch run. You want to collect details on the failure to pass back to the development team. Which three actions should you take? Choose 3 answers

Answer 152

1) . Identify whether a live migration event of the failed server occurred, using the activity log.
2) . Use gcloud or Cloud Console to connect to the serial console and observe the logs
3) . Adjust the Google Stackdriver timeline to match the failure time and observe the batch server metrics.

Question 153

Your company runs several databases on a single MySQL instance. They need to take backups of a specific database at regular intervals. The backup activity needs to complete as quickly as possible and cannot be allowed to impact disk performance. How should you configure the storage?

Answer 153

Mount a Local SSD volume as the backup location. After the backup is complete, use gsutil to move the backup to Google Cloud Storage.

Question 154

You have created a Kubernetes engine cluster named ‘mycluster’. You’ve realized that you need to change the machine type for the cluster from n-standard-1 to n1-standard-4. What is the command to make this change?

Answer 154

You must create a new node pool in the same cluster and migrate the workload to the new pool.

“you cannot change the machine type for an individual node pool after creation. You need to create a new node pool and migrate your workload over”

Question 155

Every server in the payment-processing application network sends its logs to Stackdriver Monitoring and Stackdriver Logging, using _____________ servers to securely transmit the log data.

Answer 155

Squid Proxy

Question 156

You want to optimize the performance of an accurate, real-time, weather-charting application. The data comes from 50,000 sensors sending 10 readings a second, in the format of a timestamp and sensor reading. Where should you store the data?

Answer 156

Google Cloud Bigtable

• A scalable, fully-managed NoSQL Wide-column database that is suitable for both real-time access and analytics workloads
• Low-latency read/write access
• High-throughput analytics

Question 157

You need to take streaming data from thousands of Internet of Things (IoT) devices, ingest it, run it through a pipeline, and store it for analysis. You want to run SQL queries against your data for analysis. What services in which order should you use for this task?

Answer 157

Cloud Pub/Sub, Cloud Dataflow, BigQuery

Question 158

Your company has developed a series of LAMP stack applications, that are required to be scalable and fast and that are often updated by the IT teams. Which of the following actions allow you to facilitate the process of managing the various configurations in production, staging, and development ?

Answer 158

1) . Create deployments using Deployment manager
2) . Use Labels for your Resources
3) . Organize Resources according to your standard and setup/reuse configurations and templates
4) . Use references, template properties, and outputs

Question 159

You have been asked to setup up a Disaster Recovery solution for a non-critical Database Server with multiple disks. The application can be stopped for hours without creating major issues. The data must be recovered at the beginning of the last day. The solution must be simple and inexpensive. What would you advise?

Answer 159

Custom Image, Regional SSD persistent disks, and daily snapshots stored to Cloud Storage

Question 160

You have several Python apps in App Engine Standard. You want to start experience continuous deployment but you want to handle the process in the best way possible. You need to deploy a new release for two apps: myapp-a and myapp-b.
myapp-a has some deeply tested updates regarding the bugs. The main requirement is that the transition to the new version which is myapp-b, has to be smooth and without any disruptions.
myapp-b has new features and updates and you want to do an A / B testing, introducting the new version for only 50% of the traffic.
What are the correct and best commands to executed?

Answer 160

1) gcloud app services set-traffic myapp-b splits 1=.5 2=.5 by cookie
2) Add warmup and issue; gcloud app services set-traffic myapp-a –splits 2=1 –migrate

Question 161

Your team is developing a social engagement app in Node.js on App Engine Flexible Edition. Among the various features required, there is an online chat between related and connected users. Which of the following functions should you use or activate to accomplish what is required?

Answer 161

1) Session Affinity

2) Websocket

Question 162

An e-commerce system is operating in an “App Engine Flex” with Node.js and has to perform many operations while registering orders. You have been asked to find a way to “decouple the service” with a procedure that will send an e-mail to the customer with an order confirmation, at the end.

Answer 162

“Use Cloud Task and define an appropriate worker server”

Question 163

You have a Cloud Function that sometimes fails because of an error that is still not well identified. The error happens randomly, sometimes it occurs and sometimes it doesn’t. Is there a method to minimize the effect while the developers are looking for the solution?

Answer 163

Use the Retry failure option

Question 164

In your organization, you have 2 projects: projA and projB. You have never created a VPC in your projects. Which network configuration do you actually have?

Answer 164

1) A Global default VPC
2) . A route for Internet connection and a route for each subnet/region
3) . A set of firewall, with incoming traffic from outside networks that are blocked

Question 165

You created a new development environment project and you don’t want to manage a Network. So, you delete the default network because it may consume unwanted resources. What is most likely expected to happen?

Answer 165

1) . You cannot create a VM
2) You are free to create Cloud Functions
3) You may create a Storage Bucked

Any compute operations require a network

Serverless technologies are free from infrastructure. So no server NO NETWORK

Question 166

A ______ should be used when you only need to allow outgoing traffic to get updates (while blocking all incoming traffic except for the data coming back from update request).

Answer 166

NAT

Question 167

A _______should be used when you want a user(s) to SSH or RDP into the private server.

Answer 167

Bastion host

Question 168

_________ are instances that sit within your public subnet and are typically accessed using SSH or RDP. It acts as a ‘jump’ server, allowing you to use SSH or RDP to login to other instance in a private subnet

Answer 168

Bastion Hosts

Question 169

___ instance is, like a bastion host, lives in your public subnet. A ___ instance, however, allows your private instances outgoing connectivity to the Internet, while at the same time blocking inbound traffic from the Internet.

Answer 169

NAT

Question 170

The ___ __ can detect and extract text from images. There are two annotation features that support optical character recognition (OCR):

TEXT_DETECTION detects and extracts text from any image

DOCUMENT_TEXT_DETECTION also extracts text from an image, but the response is optimized for dense text and documents. The JSON includes page, block, paragraph, word, and break information.

Answer 170

VISION API

Question 171

Your team has created a set of applications that will run in GKE clusters. IT management wants to activate and standardize a simple but effective security system. You have prepared a list of possibilities and features that you can use. You realize that some choices must be discarded because they are not safe enough or even wrong. Which solutions would you recommend?

Answer 171

1) . In the cluster, the nodes will be assigned on internal RFC 1918 IP addresses only
2) . Use Service Accounts and store the keys as a Kubernetes secret
3) . Use WorkLoad identity

Question 172

_______ _______, is the new way for GKE applications to authenticate and consume other Google Cloud services.

Answer 172

Workload Identity

Question 173

_________ ______ Let’s user inspect the state of an application, at any code location, without stopping or slowing down the running app. It has a user interface similar to that of the popular Chrome Devtools

Answer 173

StackDriver Debugger

Question 174

You are a consultant for a client company and the management wants to migrate its systems to the cloud. The customer is concerned about cost control. They send you communication with a series of hypotheses and questions that you must solve. Which of the required possibilities are correct?

Answer 174

1) Is it possible to create separate budgets for projects and resources?
2) Is it possible to have notifications?
3) Is there a way to have a programmatic interface?

Question 175

You’re reviewing an application that sometimes executes some SQL queries with unacceptable response times. You need to find a way to scale the problem and identify the causes. Which of the following methods would you suggest?

Answer 175

Use Stackdriver Logs and set up a metric

YOu can set a metric that accurately identifies the log lines related to queries. You can also create an alert that can promptly alert you when the problem is displayed, so you can review all the related logs and information at the right time.

Question 176

Dress4Win business is growing strongly. The management wants to accelerate cloud migration in the most convenient and scalable way. They did a test with GCE and it went well. Now they also want to evaluate GKE before making the final decision in order to optimize the price/performance ratio. What actions would you recommend for this general test?

Answer 176

• Use Cloud SQL mySQL Service
• Setup a Pod for the Application Server and start using Cloud Build
• Us DB Server with high availability

Question 177

Dress4Win 2 Support failover of the production environment to cloud during an emergency. After several tests, you are developing the final plan for Disaster Recovery and hot failover of the on-premises production environment on the Cloud. You have planned network, storage, and infrastructure.
Which of the following actions would be in your final plan?

Answer 177

• Prepare a custom image of the DB server stopping the instance
• Configure replication between your on-premises database server and the Cloud DB
• Setup the Cloud VPN and DNS

Question 178

TerramEearth is in the process of creating a faster transmission of the gzip CSV files. It has deployed 5g devices in their vehicles with the goal of achieving an unplanned vehicle downtime to a minimum.
You are planning to:

• Acquire directly files, from vehicles or from the services points, to the Cloud
• Transform and get statistical figures immediately
• Store everything in the Data Warehouse and in the Data Lake in the most suite way
• Use the current work routines, whenever possible

Which of the following steps contains your solution?

Answer 178

• Pub/Sub
• Cloud Dataflow
• Cloud Storage
• Big Query

Question 179

You have been asked to select the storage system for the click-data of your company’s large portfolio of websites. This data is streamed in from a custom website analytics package at a typical rate of 6,000 clicks per minute, with bursts of up to 8,5000 clicks per second. It must be stored for future analysis by your data science and user experience teams.
Which storage infrastructure should you choose?

Answer 179

Google Cloud Bigtable

• The reason is the data is in IoT nature and it will be used for analytics.

Question 180

Over time, you’ve created 5 snapshots of a single instance. To save space you delete snapshots number 3 and 4.
What has happened to the fifth snapshot?

Answer 180

• The data from both snapshots 3 and 4 necessary for continuance are transferred to snapshot 5

Question 181

One of your clients is using customer-managed encryption, which of the following statements are true when you are applying a customer-managed encryption key to an object.

Answer 181

• the encryption key is used to encrypt the object’s data
• the encryption key is used to encrypt the object’s CRC32C checksum
• the encryption key is used to encrypt the object’s MD5 hash

“The remaining metadata for the object, including the object’s name, is encrypted using standard server-side keys.

Question 182

What permission allows read access to read custom images from GCE engine?

Answer 182

• compute.images.useReadOnly (permission)

Question 183

What role allows access to custom images from GCE?

Answer 183

• roles/compute.imageUser (role)

Question 184

What role allows access to snapshots from GCE?

Answer 184

• roles/compute.StorageAdmin (role)

Question 185

What permission allows read access to snapshots from GCE?

Answer 185

• roles/compute.snapshots.useReadOnly (permission)

Question 186

What role allows for disk access from GCE?

Answer 186

• roles/compute.StorageAdmin (role)

Question 187

What roles allow read access for disks from GCE?

Answer 187

• compute.disks.useReadOnly (permission)

Question 188

You need to regularly create disk-level backups of the root disk of a critical instance. These backups need to be able to be converted into new instances that can be used in different projects. How should you do this?

Answer 188

• Create snapshots, turn the snapshot into a custom image, and share the image across projects
• Create snapshots and share them to other projects

Question 189

Your company has decided to build a backup replica of their on-premises user authentication PostgresSQL database on Google Cloud Platform. The database is 4 TB, and large updates are frequent. Replication requires RFC1918 private address space. Which networking approach would be the best choice?

Answer 189

• Google Cloud Dedicated Interconnect
• Google Cloud Partner Interconnect

“The database is 4TB, and large updates are frequent” makes DI/PI a suitable solution”

Question 190

You are using DataFlow to ingest a large amount of data and later you send the data to Bigquery for Analysis, but you realize the data is dirty, what would be the best choice to use to clean the data in the stream with a serverless approach?

Answer 190

• Fetch the data from Bigquery and create one more pipeline, clean data from DataFlow and send it back to BigQuery

Question 191

You have a long-running job that one of your employees has permissions to start. You don’t want that job to be terminated when the employee who last started that job leaves the company. What would be the best way to address the concern in this scenario?

Answer 191

• Create a service account.
• Grant the Service Account User Permission to the employees who needs to start the job.

Also, provide “Compute Instance Admin” permission to that service account.

Question 192

Your company is using Bigquery for data analysis, many users have access to this service and the data set, you would want to know which user has run what query, what would be the best way to get the required information?

Answer 192

Go to the “Query history” it has information about what a user has run what query.

Question 193

A power generation company is looking to use the Google Cloud platform to monitor a power station. They have installed several IoT sensors in the power station like temperature sensors, smoke detectors, motion detectors, etc. Sensor data will be continuously streamed to the cloud. There it has to be handled by different components for real-time monitoring and alerts, analysis, and performance improvement.
What Google Cloud Architecture would serve this purpose?

Answer 193

Cloud IoT Core receives data from IoT devices, Cloud IoT core transforms and redirects requests to a Cloud Pub/Subtopic. After the data is stored in Cloud Pub/Sub, it is retrieved by a streaming job running in Cloud Dataflow that transforms the data and sends it to Big Query for analysis

Cloud IoT&raquo_space; Cloud Pub/Sub&raquo_space; Cloud Dataflow&raquo_space; BigQuery

Question 194

Using the principle of least privilege and allowing for maximum automation, what steps can you take to store audit logs for long-term access and to allow access for external auditors’ view?

Answer 194

• Generate a signed URL to the Stackdriver export destination for auditors to access
• Export audit logs to Cloud Storage via an export sink

Question 195

MountKirk Games needs to build out their streaming data analytics pipeline to feed from their game backend application. What GCP services in which order will achieve this?

Answer 195

Cloud Pub/Sub - Cloud Dataflow - BigQuery

Question 196

___ ________ ______ create a security perimeter around data stored in API-based GCP services such as Google Cloud Storage, BigQuery, and Bigtable. This helps mitigate data exfiltration risks stemming from stolen identities, IAM policy misconfigurations, malicious insiders, and compromised virtual machines.

Answer 196

VPC Service Controls

Question 197

You are helping the QA team roll out a new load-testing tool to test the scalability of your primary cloud services that run on Google Compute Engine with Cloud Bigtable.
What three requirements should they include?

Answer 197

• Instrument the load-testing tool and the target services with detailed logging metrics collection
• Create a separate Google Cloud Project to use for the load-testing environment
• Ensure that the load tests validate the performance of Cloud Bigtable

Question 198

Your company places a high value on being responsive and meeting customer needs quickly. Their primary business objectives are release speed and agility.
You want to reduce the chance of security errors being accidentally introduced. Which two actions can you take?

Answer 198

• Use source code security analyzers as part of the CI/CD pipeline.
• Run a vulnerability security scanner as part of your continuous-integration / continuous - delivery (CI/CD) pipeline.

Question 199

You have a mission-critical database running on an instance on Google Compute Engine. You need to automate a database backup once per day to another disk. The database must remain fully operational and functional and can have no downtime. How can you best perform an automated backup of the database with minimal downtime and minimal costs?

Answer 199

• Use a cron job to schedule your application to backup the database to another persistent disk

Question 200

To speed up data retrieval, more vehicles will be upgraded to cellular connections and be able to transmit data to the ETL process. The current FTP process is error-prone and restarts the data transfer from the start of the file when connections fail, which happens often. You want to improve the reliability of the solution and minimize data transfer time on cellular connections. What should you do?

Answer 200

Directly transfer the files to a different “Google Cloud Regional bucket” location in US, EU, and Asia using Google APIs over HTTP(S).

Run the ETL process to retrieve the data from each Regional Bucket.

Question 201

Ensure the following requirements are met.

• Provide the ability for real-time analytics of the inbound biometric data
• Ensure processing of the biometric data is highly durable, elastic and parallel
• The results of the analytic processing should be persisted for “data mining”

Answer 201

Utilize Cloud Pub/Sub to collect the inbound sensor data, analyze the data with DataFlow and save the results to BigQuery

-
- BigQuery = Data mining features

Question 202

Your infrastructure runs on another cloud and includes a set of multi-TB enterprise databases that are backed up nightly both on-premises and also to the cloud. You need to create a redundant backup to Google Cloud. You are responsible for performing “scheduled monthly disaster recovery drills”. You want to create a cost-effective solution. What should you do?

Answer 202

• Use Storage Transfer Service to transfer the offsite backup files to a Cloud Storage Nearline storage bucket as a final destination

“Regular data transfers, so you should use the storage transfer service”

“Transfer appliance more for one -time bulk”

Question 203

• Do not run out of storage/disk space
• Keep average CPU usage under 80%
• Keep replication lab under 60 seconds

Answer 203

1 - Enable the automatic storage increase feature for your Cloud SQL instance.

2 - Create an alert in Stackdriver when CPU usage exceeds 80% and change the instance type reduce CPU usage

3 - Create an alert in Stackdriver for replication lag and <b>shard the database</b> to reduce replication time.

Question 204

You have a website hosted on App Engine. After a recent update, you are receiving reports that some portions of the site take up to 20 seconds to load. The slow loading times occurred after the recent update. Which two actions should you perform to troubleshoot?

Answer 204

Rollback to a previous version of your app using the version management feature in App Engine

Use Stackdriver Trace and Logging to troubleshoot latency issues with you website and diagnose in a testing environment

Question 205

When would you use Storage Transfer Service for migrating data?

Answer 205

• Transfer from an on-premises location to Google Cloud Storage

– Transfer from AWS S3 bucket to Google Cloud Storage bucket.

• Transfer from publicly-available web resource to Google Cloud Storage bucket.

Question 206

_______.______._______ permissions is needed to create the transfer and __________.__________._______ permissions is needed on the target dataset.

Answer 206

• bigquery.transers.update

- bigquery.datasets.update

Question 207

The _____.______ predefined Cloud IAM role includes _________.________._______ and _______.________.________ permissions

Answer 207

• bigquery.admin
• bigquery.transfers.update
• bigquery.datasets.update

Question 208

What does the error code 429 mean?

Answer 208

Too Many Requests

Question 209

What is the flag used for GCE to make the VM preemptible?

Answer 209

–preemptible

Question 210

If you using a preemptible machine and you want to use a shutdown script; how would you do this?

Answer 210

Under Management&raquo_space;> Metadata enter in “shutdown-script-url” &laquo_space;and then for the value use a url cloud bucket name for best practice

gs://learning-gcp-229815/shutdown.sh

Question 211

Your company has developed a series of LAMP stack applications, that are required to be scalable and fast and that are often updated by the IT teams. Which of the following actions allow you to facilitate the process of managing the various configurations in production, staging, and development? (4)

Answer 211

• Create deployments using Deployment Manager
• Use Labels for your Resources
• Organize Resources according to your standard and setup/reuse configurations and templates
• Use References, template properties, and outputs

Question 212

Your team has created a set of applications that will run in GCP. IT management wants to activate and standardize a simple but effective security system.

You have prepared a list of possibilities and features that you can use. You realize that some choices must be discarded because they are not safe enough or even wrong.

What solutions would you, recommend at the end?

Answer 212

• Service Accounts related to your applications
• Service Accounts related to your VMs
• Service Accounts related to your K8s Clusters

Question 213

Cloud DataStore

Answer 213

• User Profiles
• Game State
• A scalable, fully-managed NoSQL document Database for your web and mobile applications

Question 214

Cloud BigTable

Answer 214

• High-throughput analytics
• Native time series
• Geospatial datasets
• Low-latency read/write access

Question 215

RTO

Answer 215

Recovery Time Objective

• Maximum acceptable length of time that your application can be offline

Question 216

RPO

Answer 216

Recovery Point Objective

• Maximum acceptable length of time during which data might be lost from your application due to a major incident

Question 217

Your company is using BigQuery for data analysis, many users have access to this service and the data set, you want to know which user has run what query, what would be the best way to get the required information?

Answer 217

Go to Query history it has information about which user has run what query.

Question 218

Horizontally scalable transactional DB

Answer 218

Cloud Spanner

Question 219

Access to audit logs and perform analytics using SQL

Answer 219

Stackdriver Logging + BigQuery

Question 220

Health-check is failing

Answer 220

Check Firewall rule(s)

Question 221

Scale down to Zero Web Application

Answer 221

App Engine Standard

Question 222

How Compute Engine can access BigQuery?

Answer 222

Access Scope (Default Service Account) OR IAM (Custom Service Account)

Question 223

Analyst knows SQL

Answer 223

BigQuery

Question 224

A managed instance group spreads and balances workloads across ____ zones in a region by default.

Answer 224

3

Question 225

_______________ improve your application availability by spreading your instances across three zones.

Answer 225

Regional managed groups

Question 226

A ___________ image is a baked image has everything set and tested and is ready for production use.

Answer 226

Golden

Question 227

3 Cloud Pub/Sub Use Cases

Answer 227

• Balancing workloads in network clusters
• Refreshing distributed caches
• Implementing asynchronous workflows

Question 228

Connection draining delays the termination of an instance until existing connections are closed. Which of the following are also true about connection draining?

Answer 228

• Minimizes interruption for users
• New connections to the instance are prevented
• Instance preserves existing sessions until they end OR a designate timeout is reached (1 to 3600 seconds)

Question 229

Google Cloud Platform has several unique and innovative benefits when it comes to billing and resource control. What are these benefits? (3)

Answer 229

• Sub-hour billing (Billed for 10 minutes and thereafter every minute on VMs)
• Sustained-use discounts
• Compute Engine custom machine types

Question 230

Your customer has decided to run Windows in GCS and the customer also likes to use Powershell. What detail about scripts should you notify them of about with Windows?

Answer 230

A startup script is specified through the metadata server

Question 231

What is the name of the two “Managed” Instance Group types that are supported in GCP?

Answer 231

• Managed Instance Group (Zonal)

- Managed Instance Group (Regional)

Question 232

A ____ __________ ______ provides a single global IP address for an application.

Answer 232

global forwarding rule

Question 233

What are the two benefits for developers to use Cloud Endpoints?

Answer 233

• Exposes an API for front-end client for mobile or web-application to make use of cloud-based application services
• Frees developers from writing a wrapper to access App Engine resources from a mobile or web client

Question 234

Google Cloud Deployment Manager allows you to create and manage cloud resources with simple templates. What are some other features?

Answer 234

Repeatable Deployment Process, Declarative Language, Parallel Deployment, Schema Files

Question 235

Which specific object can you specify but also GCP can specify?

Answer 235

Project ID

Question 236

Cloud DNS pricing includes a monthly charge per zone plus usage costs based on

Answer 236

Query Traffic

Question 237

With Continous ________, revisions are deployed to a production environment automatically without explicit approval from a developer, making the entire software release process automated

Answer 237

Deployment

Question 238

______ ________ is a DevOps software development practice where code changes are automatically built, tested, and prepared for release to production.

Answer 238

Continuous delivery

Question 239

What are three benefits of using DevOps in a Production Environment?

Answer 239

• Automate Software Releases
• Improve Developer Productivity
• Find Bugs Quicker

Question 240

_____ ___ enables integration with other tools such as compression and partial resource request/reply (access to specific fields in the data) so you don’t have to transfer the whole object to get a tiny part of it. There is no Python API for Cloud Storage.

Answer 240

JSON API

Question 241

What would be some reasons to use GCP platforms Transfer Appliance?

Answer 241

• It would take more than 1 week to transfer data

- If you have more than 60TB of data

Question 242

Google recommends using the “____”, technique which is an iterative interrogation technique to help identify the root cause of a problem and get past the apparent surface cause. What is the technique named?

Answer 242

“5 Whys”

Question 243

What are 2 facts of Cloud SQL?

Answer 243

• Cloud SQL is limited to a maximum of 10 TB of data processing
• Cloud SQL will scale up to 4,000 concurrent connections.

Question 244

What are the two ways to isolate microservices in GCP?

Answer 244

Service Isolation/Project Isolation

Question 245

What is the name of the design process that Google uses?

Answer 245

12 Factor Design

Question 246

Measuring helps ensure:

Answer 246

• Making Design Choices
• Testing and Validation
• Monitoring

Question 247

What is the name of the design process Google uses?

Answer 247

12 Factor Design

Question 248

What are some disadvantages of Microservices?

Answer 248

• Management overhead
• Isolation
• Resource overhead

Question 249

_____ are a concept that comes from user experience (UX) design and originated in marketing and represents the user and groups goals and behaviors.

Answer 249

User personas

Question 250

Terramearth Case Study
Your primary goal is to increase the operating efficiency of all 20 million cellular and unconnected vehicles in the field. How can you accomplish this goal?

Answer 250

Capture all operating data, train machine learning models that identify ideal operations, and “run locally” to make operational adjustments automatically

Question 251

Your company wants to control IAM policies for different departments. the departments must be independent from each other, however, you want to centrally manage the IAM policies for each individual department. How should you approach this?

Answer 251

Use a single Organization with a Folder for each department.

This is the best structure to use. One single organization for the entire company. Organize departments inside folders inside of the single organization. You can then apply a single IAM policy to the single department folder, which will be applied to any projects or subfolders inside of it.

Question 252

compute.xpnAdmin

Answer 252

Shared VPC Admin

• Organization level role
• Configure Shared VPC
• Associate service projects with host projects
• Grant Network User Role

Question 253

compute.networkUser

Answer 253

NetworkUser

• Project level role
• Create resources to use shared VPC
• Discover shared VPC assets
• Requires project admin role (Project Owner, Editor, Compute Engine Admin)

Question 254

Sharing and moving images requires ________ _______ ______ _____

Answer 254

Compute Engine Image User role

• Example: User in Project A wants to use images from Project B
• User in Project A must have Compute Engine Image User role granted for project B
• Role grants access to all images in project

*For managed instance groups, Project A service account must be granted role to Project B

Question 255

How do you set a new project from google cloud cli?

Answer 255

gcloud config set project

Question 256

Retrieve IAM policy and download in YAML format

Answer 256

gcloud projects get-iam-policy (project_id) > [filename].yaml

Question 257

Update IAM Policy from file

Answer 257

gcloud projects set-iam-policy (project_id) [filename].yaml

Question 258

Add a single binding

Answer 258

gcloud projects add-iam-policy-binding (project_id) –member user:bob@gmail.com –role roles/editor

Question 259

Instance Template = ________

Answer 259

Global

Question 260

Instance Group = ______

Answer 260

Regional

Question 261

Cloud Functions scale down to _

Answer 261

0

Question 262

Set default region

Answer 262

gcloud config set compute/region us-central1

Question 263

Set default zone

Answer 263

gcloud config set compute/zone us-central1-a

Question 264

The application reliability team at your company has added a debug feature to their backend service to send all server events to Google Cloud Storage for eventual analysis.

The event records are at least 50 KB and at most 15 MB and are expected to peak at 3,000 events per second. You want to minimize data loss. Which process should you implement?

Answer 264

Append metadata to the file body. Compress individual files. Name files with a random prefix pattern. Save files to one bucket.