Security, Billing, Resource Hierarchy Flashcards
Your organization needs to plan its cloud infrastructure expenditures.
Which should your organization do?
A. Review cloud resource costs frequently, because costs change often based on use
B. Review cloud resource costs annually as part of planning your organization’s overall budget
C. If your organization uses only cloud resources, infrastructure costs are no longer part of your overall budget
D. Involve fewer people in cloud resource planning than your organization did for on-premises resource planning
A. Review cloud resource costs frequently, because costs change often based on use
Which Google Cloud product can report on and maintain compliance on your entire Google Cloud organization to cover multiple projects?
A. Cloud Logging
B. Identity and Access Management
C. Google Cloud Armor
D. Security Command Center
D. Security Command Center
Security Command Center is a centralized security and risk management platform for your Google Cloud resources. It is a single tool that offers a variety of security features including:
1. Gain centralized visibility and control
2. Discover misconfigurations and vulnerabilities
3. Report on and maintain compliance
4. Detect threats targeting your Google Cloud assets
Which Google Cloud product or feature makes specific recommendations based on security risks and compliance violations?
A. Google Cloud firewalls
B. Security Command Center
C. Cloud Deployment Manager
D. Google Cloud Armor
B. Security Command Center
Security Command Center is a centralized security and risk management platform for your Google Cloud resources. It is a single tool that offers a variety of security features including:
1. Gain centralized visibility and control
2. Discover misconfigurations and vulnerabilities
3. Report on and maintain compliance
4. Detect threats targeting your Google Cloud assets
Your organization needs to restrict access to a Cloud Storage bucket. Only employees who are based in Canada should be allowed to view the contents.
What is the most effective and efficient way to satisfy this requirement?
A. Deploy the Cloud Storage bucket to a Google Cloud region in Canada
B. Configure Google Cloud Armor to allow access to the bucket only from IP addresses based in Canada
C. Give each employee who is based in Canada access to the bucket
D. Create a group consisting of all Canada-based employees, and give the group access to the bucket
D. Create a group consisting of all Canada-based employees, and give the group access to the bucket
The easiest way to control access to create a Group and then add all canadian employees to that group.
Now allow that canada group to have access to the cloud storage bucket. And ensure that no other group or use has access to that bucket.
Now Any employee not part of that group will not be able to access the bucket.
You can achieve the same effect by allowing each canada employee to have access to that bucket but it would be too cumbersome to do it for say, 300 employees.
Your organization needs to ensure that the Google Cloud resources of each of your departments are segregated from one another. Each department has several environments of its own: development, testing, and production. Which strategy should your organization choose?
A. Create a project per department, and create a folder per environment in each project.
B. Create a folder per department, and create a project per environment in each folder.
C. Create a Cloud Identity domain per department, and create a project per environment in each domain.
D. Create a Cloud Identity domain per environment, and create a project per department in each domain.
B. Create a folder per department, and create a project per environment in each folder.
You need to remember the order
Org (has domain)
–> Folder –> Folder ….. Folder
–> Project
–> Cloud Resource (DB, VM etc)
Org - TCS
Domain - gcp.tcs.com
Folder can have Folders
Folders can have Projects
Project will have Resources
Folders directly can not have Resources
A can’t be true because projects can’t have folders
C, D is not ok because you should have a single Org and domain
B is correct.
Org
–> Folder(Finance) –>Project(Dev)
–>Project(Prod)
–> Folder(HR) –>Project(Dev)
–>Project(Prod)
Your company needs to segment Google Cloud resources used by each team from the others. The teams’ efforts are changing frequently, and you need to reduce operational risk and maintain cost visibility. Which approach does Google recommend?
A. One project per team.
B. One organization per team.
C. One project that contains all of each team’s resources.
D. One top-level folder per team.
You need to remember the order
Org (has domain)
–> Folder –> Folder ….. Folder
–> Project
–> Cloud Resource (DB, VM etc)
Org - TCS
Domain - gcp.tcs.com
Folder can have Folders
Folders can have Projects
Project will have Resources
Folders directly can not have Resources
The Q is asking to separate one team from another.
So have a folder at team level. Inside it you can have projects.
An organization is planning its cloud expenditure.
What should the organization do to control costs?
A. Consider cloud resource costs as capital expenditure in annual planning.
B. Use only cloud resources; they have no cloud infrastructure costs.
C. Review cloud resource costs frequently because costs depend on usage.
D. Assess cloud resources costs only when SLO is not met by their cloud provider.
C. Review cloud resource costs frequently because costs depend on usage.
A is wrong because Cloud is about OpEx and not about CapEx
B is wrong because cost of cloud resources has infra cost included in them
D. Wrong
You should always have a closed eye on how much your cloud is costing you else it may shoot up very quickly and you wont know until you get the bill
Your organization meant to purchase a 3-year Committed Use Discount, but accidentally purchased a 1-year Committed Use Discount instead. What should your organization do?
A. Contact your financial institution.
B. Contact Trust and Safety.
C. Contact Cloud Billing Support.
D. Contact Technical Support.
C. Contact Cloud Billing Support.
A food delivery service needs access to real-time menu information from all partner restaurants. They also need to share customer order information with the restaurants in real time.
What should the organization use?
A. Site reliability engineering (SRE)
B. An application programming interface (API)
C. A customized machine learning model
D. A multi-regional database
B. An application programming interface (API)
Whenever you need to provide data to your partners or customers, the best option is to use API. You could still do it by sharing files or providing access to DB but that would be unsafe and completely wrong.
An organization wants to collect metrics and metadata from their cloud applications and put them into dashboards.
Which Google Cloud tool should they use?
A. Cloud Monitoring
B. Cloud Trace
C. Cloud Logging
D. Cloud Debugger
A. Cloud Monitoring
This reads all cloud services and resources, collect data and shows on dashboards.
What does Cloud Debugger help an organization do?
A. Implement code updates in real time without affecting the service level objective (SLO).
B. Inspect source code in real time without affecting user downtime.
C. Manage code and accelerate application development.
D. Analyze live source code during user downtime.
B. Inspect source code in real time without affecting user downtime.
If there is a production defect, you can use Cloud Debugger to debug the code in production itself and without stopping the production application.
An organization needs to search an application’s source code to identify a potential issue. The application is distributed across multiple containers.
Which Google Cloud product should the organization use?
A. Google Cloud Console
B. Cloud Trace
C. Cloud Monitoring
D. Cloud Logging
B. Cloud Trace
It can show how your data is flowing across different components eg App->Server->DB
What does Cloud Logging help an organization do?
A. Analyze live source code and log code updates.
B. Deploy infrastructure as code.
C. Analyze logs and accelerate application troubleshooting.
D. Manage storage of custom VM images.
C. Analyze logs and accelerate application troubleshooting.
Cloud Logging enables logging data collection from over 150 common application components, on-premises systems, and hybrid cloud systems. It supports storing, searching, analyzing, monitoring, and alerting on logging data and events.
What is logging within the context of cloud technology?
A. Writing application and operating system events as text
B. Monitoring network and resource limitations
C. Tracking source code across an organization
D. Recording infrastructure and hardware expenditure
A. Writing application and operating system events as text
Cloud Logging enables logging data collection from over 150 common application components, on-premises systems, and hybrid cloud systems. It supports storing, searching, analyzing, monitoring, and alerting on logging data and events.
You can collect logging data/events from most of the application on cloud
An organization wants to leverage tooling and automation as part of its new DevOps philosophy.
Which operational challenge will this resolve?
A. Repetitive manual tasks that hinder workflows
B. Time-consuming supervision of creative tasks
C. Distribution and supply-chain issues
D. Defective technical equipment that limits innovation
A. Repetitive manual tasks that hinder workflows
DevOps is about automation and we use automation to avoid Repetitive manual tasks. hence A to be correct !