Study Guide, Glossary Flashcards
Google Cloud Certified Professional Cloud Architect Study Guide, 2nd Edition by Dan Sullivan
A test designed to show a client that the features of a system or application meet their business needs.
acceptance test
Rules that authorize users to perform operations on objects and systems.
access controls
Methods of software development that stress incremental and iterative development.
agile methodologies
Automated notifications in response to events detected in time-series metric data, logs, or other monitoring data.
alerting
GCP’s PaaS for building and deploying web applications in a serverless environment.
App Engine
A feature of an application that accepts pro-grammatic requests or data.
application programming interface (API)
A class of Cloud Storage that provides long-term storage for objects that need to be accessed less than once per year.
Archive storage
Service calls that do not wait for an operation to complete before returning.
asynchronous calls
The process of reviewing the structure and configuration of systems often to determine compliance with policy or regulations.
auditing
An automated response to a problem with a health check.
autohealing
The automated process of adding or removing instances based on workload.
autoscaling
A fraction of time that services are functioning correctly and accessible to users.
availability
Roles in GCP that existed prior to IAM.
basic roles
A petabyte-scale data warehousing and analytics service managed by GCP that uses tables to organize data and SQL as the query language.
BigQuery
A deployment strategy that uses two identically configured environments.
Blue/Green deployment
The ability to use a license you have already purchased to run an application in the cloud.
bring-your-own-license (BYOL)
A structure for grouping objects in Cloud Storage.
bucket
The process of planning for a large-scale service disruption, such as extreme weather or long-term power outages.
business continuity planning
When a small portion of a systems workload is routed to a new version of the software, allowing developers and administrators to test code under production conditions without exposing all users to new code.
canary deployment
When a failure causes a falling domino effect of distributed system failures, one after the other.
cascading failure
The practice of introducing random failures into a system to under-stand the consequences of those failures better and identifying unanticipated failure modes.
chaos engineering
A US federal law that requires the US Federal Trade Commission to define and enforce regulations regarding children’s online privacy.
Children’s Online Privacy Protection Act (COPPA)
A design pattern that uses an object that monitors the results of a function or service call.
Circuit Breaker pattern
A wide-column, NoSQL database for high-volume writes and low-latency reads (less than 10 ms).
Cloud Bigtable
A GCP service that provides software building services and is integrated with other GCP services, such as Cloud Source Repository.
Cloud Build
A managed service for processing streaming and batch data sets using Java, SQL, and Python APIs.
Cloud Dataflow
A managed service providing Apache Hadoop and Apache Spark platforms.
Cloud Dataproc
A serverless, managed NoSQL document database used for storing, syn-chronizing, and querying mobile and web application data.
Cloud Firestore
A serverless, event-driven computing service for executing functions in response to events within the cloud.
Cloud Functions
A GCP identity-as-a-service (IdaaS) offering that allows for centralized identity management.
Cloud Identity
Network connectivity between on-premises infrastructure and Google’s infrastructure.
Cloud Interconnect
A managed service in GCP that enables customers to generate and store keys in GCP.
Cloud KMS
A managed service providing Redis and Memcached memory caching that implements submillisecond data access.
Cloud Memorystore
A set of services for monitoring, logging, tracing, and debugging infrastructure and applications in GCP and other platforms.
Cloud Operations
A managed message queue for implementing stream and event processing applications, which can write messages to topics or subscribe to topics to receive messages.
Cloud Pub/Sub
GCP’s version control system and source code repository based on Git.
Cloud Source Repository
A managed, horizontally scalable, global relational database designed for distributed applications requiring strong consistency.
Cloud Spanner
A managed service providing MySQL, SQL Server, and PostgreSQL databases.
Cloud SQL
An object storage service providing web access to scalable storage.
Cloud Storage
An open source adapter that allows users to mount Cloud Storage buckets as simulated filesystems on Linux and macOS platforms.
Cloud Storage FUSE
A GCP service that provides VPNs between GCP and on-premises networks.
Cloud VPN
A class of Cloud Storage that provides long-term storage for objects that need to be accessed less than once per 90 days.
Coldline storage
Software that is purchased instead of built in-house.
commercial off-the-shelf (COTS) product
The infrastructure-as-a-service (IaaS) offering of GCP.
Compute Engine
A package of application code, operating system, and dependencies that can run in a container runtime, such as Docker or containerd.
container
A global network of servers with distributed points of presence across the globe.
content delivery network (CDN)
The process of incorporating code into a baseline of software, testing it, and, if the code passes tests, releasing it for use.
continuous integration/continuous delivery (CI/CD)
A role defined by GCP users and assigned a set of permissions needed to enable entities with the role to perform tasks.
custom roles
A key management model where keys are generated and kept on premises and used by GCP services to encrypt the customer’s data.
customer-supplied keys
A key associated with a chunk of data, used to encrypt and decrypt that chunk of data.
data encryption key (DEK)
The state of accuracy and consistency of data over its entire lifecycle.
data integrity
The use of multiple security measures to protect data and systems.
defense in depth
Documentation designed for software engineers who will be working with code.
developer documentation
The practice of combining the responsibilities of software development and IT operations.
DevOps
A process of change in businesses as they adopt information technologies to develop new products, improve customer service, optimize operations, and make other major improvements enabled by technology.
digital transformation
A network connection type where information does not travel over the public internet when going from on-premises systems to Google Cloud.
Dedicated Interconnect
A form of network peering that allows customers to connect their networks to a Google network point of access.
direct peering
The practice of recovering data and services after a large-scale outage or loss of data.
disaster recovery (DR)
A measurement given as a percentage that describes the likelihood that a stored object will be retrievable in the future.
durability
The process of encoding data in a way that yields a coded version of data that cannot practically be converted back to the original form without a key.
encryption
Encryption of data when stored on persistent storage, such as a disk or SSD drive.
encryption at rest
Encryption of data during transmission, such as over a network.
encryption in motion/transit
The practice of encrypting data encryption keys with a second encryption key, known as a key encryption key.
envelope encryption
Notifications provided by an alert system that do not warrant intervention.
false alerts
A deployment method that allows developers to release new capabilities and features selectively to users, without having to deploy software updates.
feature flags
A firewall configuration that allows or denies traffic.
firewall rules
A regulation that standardizes privacy protections across the European Union (EU), grants controls to individuals over their private information, and specifies security practices required for organizations holding private information of EU citizens.
General Data Protection Regulation (GDPR)
A high-capacity storage device that enables users to transfer and securely ship data to a Google upload and then the data is uploaded to Google Cloud Storage.
Google Transfer Appliance
A service that allows for the transfer of data from an HTTP/S location, an AWS S3 bucket, or a Cloud Storage bucket to a Cloud Storage bucket.
Google Transfer Service
A set of Google accounts and service accounts with an associated email address.
group
A multithreaded command-line utility used to transfer on-premises data to Google Cloud and perform other operations on Cloud Storage.
gsutil
A US federal act that extended the application of HIPAA to business associates of healthcare providers and insurers.
Health Information Technology for Economic and Clinical Health (HITECH)
A federal law in the United States that protects individuals’ healthcare information.
Health Insurance Portability and Accountability Act (HIPAA)
The continuous operations of a system at sufficient capacity to meet the demands of ongoing workloads.
high availability
A global load balancer available in GCP.
HTTP/S load balancer
A cloud is considered to have a hybrid network if it is made up of some combination of an on-premises data center and clouds such as GCP.
hybrid-cloud networking
An entity that represents a person or other agent that performs actions on a GCP resource.
identity
A GCP service for implementing fine-grained access controls on resources.
Identity and Access Management (IAM)
A software service that manages user identities across a system.
identity-as-a-service (IDaaS)
A disruption that causes a service to be degraded or unavailable due to single or multiple failures and errors.
incident
A type of cloud service that provides compute, storage, and networking services.
infrastructure-as-a-service (IaaS)
An object that controls external access to services running in a Kubernetes cluster.
Ingress
A measurement of the read and write operations per second for a given storage device.
input/output operations per second (IOPS)
Clusters of VMs that are managed as a single unit.
instance groups
A file specifying the configuration of a managed instance group.
instance template
The testing of a combination of units.
integration tests
A TCP and UDP load balancer accessible only to internal virtual resources.
Internal TCP/UDP load balancer
A set of IT service management practices for coordinating IT activities with business goals and strategies.
ITIL
An open source software automation tool for running software builds.
Jenkins
A JSON object that is used for security and authorization during transactions between two systems.
JSON Web Token (JWT)
The encryption key that secures the data encryption key in the envelope method of encryption.
key encryption key (KEK)
Metrics that provide information about how well a business or organization is achieving an important or key objective.
key performance indicators (KPIs)
The primary node agent that runs on each node in Kubernetes.
kubelet
An open source platform initially developed by Google that provides container orchestration services, including deployment and autoscaling functionality.
Kubernetes
Organized groups of pods that create a functioning version of an application.
Kubernetes deployments
A managed Kubernetes service offered by Google on GCP.
Kubernetes Engine
The practice of granting only the minimal set of permissions needed to perform a duty.
least privilege
Moves VMs to other physical servers when there is a problem with the servers they are running on or scheduled maintenance has to occur.
live migration
The process of distributing workload across a set of servers.
load balancing
A stress test that is meant to show how a particular system will perform under a defined set of conditions.
load testing
The process of recording information about events that occur during processing.
logging
A configuration of a Compute Engine VM that includes a number of vCPUs and memory.
machine type
The process of keeping software running and up-to-date with business requirements.
maintenance
A group of VM instances with the same configuration, which is defined in a managed instance group template.
managed instance groups
GCP products that do not require users of the services to perform common configuration, monitoring, and maintenance operations.
managed services
An open source caching system available as a managed service in Cloud Memorystore.
Memcached
A measure of some aspect of performance of a compute, storage, or network resource.
metrics
A collection of lightweight software services that specialize in carrying out a small number of functions.
microservices
The process of collecting metrics, events, and metadata from applications, VMs, and other GCP resources.
monitoring
A cloud network composed of two or more public clouds.
multicloud network
Stores replicas of objects in multiple regions, therefore mitigating the risks of regional outages.
multiregional storage
A class of Cloud Storage that stores objects for archival storage that is accessed less than once a month.
Nearline storage
The time required for a packet of data to be transmitted over a network from a source to a destination.
network latency
A network configuration that allows for routing between networks.
network peering
A type of load balancer that provides regional, non-proxied load balancing.
Network TCP/UDP load balancer
A group of several types of nonrelational databases, including document databases, such as Firestore and wide-column databases, like Bigtable.
NoSQL
Facilitates developing code to interface with a relational database; most often used when an app is built using object-oriented design.
object-relational mapping (ORM)
A storage system that manages data as objects, such as files.
object storage
Instructions used by system administrators and DevOps engineers to deploy and maintain system operations.
operations documentation
A networking practice that sends information over a partner’s network, not the public internet.
Partner Interconnect
The process of simulating an attack on an information system to gain insights into potential vulnerabilities.
penetration testing
A grant to perform some action on a resource.
permission
A durable block storage system for GCP.
persistent storage
A service that provides a platform for developing and managing applications without the need to maintain the software infrastructure behind it.
platform-as-a-service (PaaS)
A low-level compute abstraction that supports containers in Kubernetes.
pods
A set of statements that define a combination of users and their roles.
policy
Groups of projects and programs that collectively implement the strategy of a business or organization.
portfolios
The analysis of a system failure and the response to it after it has happened.
post-mortem analysis
A role defined in IAM that has the minimal set of permissions required to carry out the task for which the role was created.
predefined role
A low-cost VM with a lifespan of less than 24 hours.
preemptible virtual machine
A service offered by Google that routes account traffic on the Google network instead of routing some traffic over the public internet.
Premium Tier network service
A review and analysis of a previously completed project or sprint.
project post-mortem
Allows a service to request and read a message from the topic using Cloud Pub/Sub.
pull subscription
Allows message data to be sent by HTTP POST request to a push endpoint URL using Cloud Pub/Sub.
push subscription
A formal plan of action for restoring normal business functions after a loss of information or an outage.
recovery plan
The time in which a service should be restored after a loss of information or an outage.
recovery time objective
An open source caching system.
Redis
The practice of deploying multiple entities, such as VMs and disks, so that loss of one does not cause a loss of service.
redundancy
Stores multiple copies of an object in multiple zones in a single region.
regional storage
A test designed to ensure that bugs that have been corrected in the past are not reintroduced to the system.
regression test
Highly structured data stores that are designed to store data in a way that minimizes the risk of data anomalies and to support a comprehensive query language.
relational databases
The practice of deploying code and configuration changes to environments, such as production, test, staging, and development environments.
release management
A measure of the probability that a service will continue to function under some load for a period of time.
reliability
The set of organization, folders, and projects that are used to group and structure GCP resources.
resource hierarchy
Entities that exist in the Google Cloud platform and can be accessed by users.
resources
Resource-oriented APIs that use HTTP requests.
REST APIs
A retention policy uses the Bucket Lock feature of Cloud Storage buckets to enforce object retention.
retention policies
Measures the value, or return, of making an investment.
return on investment (ROI)
A set of permissions that allows users and service accounts with that role to perform the specified actions.
role
An incremental updating of a group of servers.
rolling deployment
Documentation that provides instructions on how to set up and run a service or application.
runbook
A US federal law designed to protect the public from fraudulent accounting practices in publicly traded companies.
Sarbanes-Oxley Act (SOX)
The ability of a service to adapt its infrastructure to the load of the system.
scalability
Software that plays an integral part in protecting information in a system.
safety-critical software
The practice of limiting the responsibilities of a single individual to prevent the person from successfully acting alone in a way detrimental to the organization.
separation of duties
A type of identity that is associated with applications and instances for the purpose of assigning roles.
service account
An agreement between a provider of a service and a customer using the service.
service-level agreement (SLA)
A metric that reflects how well a service-level objective is being met.
service-level indicators (SLIs)
An agreed-upon target for a measurable attribute of a service that is specified in a service-level agreement.
service-level objectives (SLOs)
VPCs within a single organization that can share resources.
Shared VPCs
VM instances with enhanced security controls, such as secure boot.
Shielded VMs
A series of steps that software engineers follow to create, deploy, and maintain complicated software systems.
software development lifecycle (SDLC)
Ensures that VMs run on physical servers with other VMs from the same project.
sole tenancy
A load balancer that terminates SSL (TLS) connections and then routes traffic to VMs in the load-balanced cluster.
SSL Proxy load balancer
A service offered by Google that routes account traffic on the public internet instead of routing it on Google’s internal network.
Standard Tier
Service calls that wait for the operation to complete before returning, such as most credit card purchases.
synchronous calls
An open source tool supporting infrastructure-as-code.
Terraform
A kind of development process that incorporates testing early in the development process.
test-driven development
The combination of all expenses related to maintaining a service or component.
total cost of ownership (TCO)
The time remaining before an object is deleted.
time to live (TTL)
A set of metrics recorded with a time stamp.
time series
A database designed to handle time-series data, such as streaming metrics created by a monitoring system.
time-series database
The process of testing the smallest unit of testable code for bugs.
unit test
A set of VMs that may not be identical and are not created from an instance template.
unmanaged instance groups
Documents that explain how to use an application.
user documentation
The ability of a system to increase its available resources by moving to hardware with more computational power, such as greater CPU power or more memory.
vertical scalability
A software implementation of an emulated physical server.
virtual machine (VM)
A logical organization of cloud resources isolated from other resources on the same cloud.
virtual private cloud (VPC)
A virtual module for storing encryption keys and other secure information.
Virtual Trusted Platform Module (vTPM)
