GCP Flashcards
1
Q
What does IAM stand for
A
Identity and Access Management
2
Q
IAM role types
A
- Primitive roles
- Predefined roles
- Custom roles
3
Q
Types of primitive roles
A
- Owner
- Editor
- Viewer
4
Q
Supported persistent disk types
A
- HDD
- SSD
- Local SSD
5
Q
Command: copy files to and from Cloud Storage
A
gsutil cp
6
Q
Service used for executing code in response to events
A
Cloud Functions
7
Q
Command: list Kubernetes services
A
kubectl get svc
8
Q
Command: run commands from inside a container that is running on Kubernetes
A
kubectl exec
9
Q
Command: create new service account
A
gcloud iam service-accounts create ...
10
Q
How to change an App Engine region
A
You cannot. Need to create a new project
11
Q
Computer choices
A
- Compute engine
- Kubernetes engine
- App engine
- Cloud functions
- Cloud run
- Anthos
12
Q
CIDR notation
A
used for specifying IP address ranges
13
Q
Fully managed NoSQL database, limited query syntax
A
Cloud Datastore
14
Q
Command: create Kubernetes cluster
A
gcloud container clusters create
15
Q
Load balancers available
A
- HTTP(S) load balancer
- SSL Proxy
- TCP Proxy
- Network TCP/UDP load balancer
- internal TCP/UDP load balancer
16
Q
Compute: manages app platform
A
App engine
17
Q
Compute: event-driven, server-less functions
A
Cloud functions
18
Q
Compute: server-less for containerised apps
A
Cloud run
19
Q
Compute: VM, GPU, TPU, disks
A
Compute engine
20
Q
Compute: manages Kubernetes/containers
A
Kubernetes engine
21
Q
Compute: enterprise hybrid/multi-cloud platform
A
Anthos
22
Q
Storage options
A
- Cloud storage
- Nearline
- Coldline
- Persistent disk
- Cloud filestore
23
Q
Database options
A
- cloud bigtable
- cloud datastore
- cloud filestore
- cloud memorystore
- cloud spanner
- cloud SQL
24
Q
Data & analytics options
A
- bigquery
- cloud dataflow
- cloud datalab
- cloud dataproc
- cloud pub/sub
25
Stackdriver options
1. debugger
2. error reporting
3. logging
4. monitoring
5. profiler
6. transparent SLIs
7. trace
26
Cloud IAM members
1. Google account
2. service account
3. Google group
4. G Suite domain
5. Cloud Identity domain
27
types of audit log for each project
1. admin activity
2. system events
3. data access
28
Key-value pairs of configuration data that are accessible from code running in a Cloud Function
environment variables
29
Way to enable point-in-time recovery for MySQL databases on Cloud SQL
enable binary logging
30
Command: list networks
`gcloud compute networks list`
31
Name of a point-in-time backup of a persistent disk
Snapshot
32
Way to ensure the nodes in a Kubernetes Engine cluster are running the latest version of Kubernetes
enable 'Automatic node upgrades' option
33
Cloud storage metadata key to set the MIME type
Content-Type
34
Mechanism that allows you to extract data from logs and track it
Custom logging metric
35
Command: interact with Cloud Storage
`gsutil`
36
Way to run Compute Engine instance based on templates
managed instances groups
37
Command: copy files to and from Cloud Storage
`gsutil cp`
38
Special account used for authenticating between difference services
service account
39
Mounted directories accessible from inside containers
volumes
40
App Engine feature that allows fast rollbacks, A/B testing, canary deployments
traffic splitting
41
common protocol and port used to connect to a Windows instance
RDP over port 3389
RDP: remote desktop protocol
42
Name of the Kubernetes Deployment that ensures a single instance of a pod will run on each node
DaemonSet
43
Templates that Deployment Manager supports
YAML, jinja, python
44
Service that allows you to run a MySQL or Postgres database
Cloud SQL
45
`kubectl` flag that allows you to specify the JSON path of properties in JSON output
`-o` along with the `jsonpath` value
ex: `kubectl get svc -o jsonpath`
46
Compute Services that directly support running Docker containers
1. Kubernetes engine
2. App engine (flexible environment)
3. Compute engine
4. Cloud functions
47
Billing export formats
1. BigQuery
2. File export JSON
3. File export csv
48
sparsely populated database
BigTable
49
Kubernetes resource that exposes deployments
service
50
interfaces for interacting with Google Cloud
- directly to the REST API
- cloud SDK
- client libraries
- console
51
Command: deploy a Cloud Function
`gcloud functions deploy`
52
Resource for storing sensitive information in Kubernetes
secrets
53
Command: create new Kubernetes Secret
`kubectl create secret`
54
Commonly paired database with App Engine
Cloud datastore
55
Command: add an IAM binding policy
`gcloud projects add-iam-policy-binding
56
Service that can ingest event streams. Commonly used with IoT
Pub/Sub
57
horizontally scalable SQL datapase
Cloud spanner
58
feature of Cloud Shell that allows you to browse to port 8080
web preview
59
Flag to use when deploying to app engine that will prevent the version from getting 100% of the traffic
`--no-promote`
60
open port 22 to the internet
`gcloud compute firewall-rules create --network $SERVICES_NETWORK --allow tcp:22`
61
Command: list gcloud configurations
`gcloud config configurations list`
62
mechanism that allow you to track custom information in code and save it to Stackdriver
custom monitoring metric
63
Command: set the CORS configuration on a bucket
`gcloud cors set ...`
64
service that supports monitoring, logging, and debugging
stackdriver
65
the flag to use that will allow you to determine the price of a bigQuery query without actually running the query
`dry-run`
66
name of Kubernetes controller that provides declarative updates for pods
deployments
67
App Engine app.yaml handler property that allows directories to be static
`static_dir`
68
Command: list the current configuration for gcloud
`glcoud config list`
69
one-click way to install common applications to Compute Engine instances
Cloud Launcher
70
Command: make a bucket
`gsutil mb gs://bucket-name/`
71
way to group different instances together
unmanaged instance groups
72
Command: list Kubernetes deployments
`kubectl get deployments`
73
available operating systems to use on a Kubernetes Engine node
COS (container-optomized) OS or Ubuntu
74
Command: update a Kubernetes deployment that was created with `kubectl create`
`kubectl apply`
75
Scaling modes supported by App Engine
Manual, Automatic
and Basic (only in standard environment)
76
type of short-lived, reduced price instance commonly used for batch processing
preemptible instances
77
feature that allows you to set the exact amount of memory and CPU
custom machine type
78
Load balancer used for TCP traffic with SSL offload
SSL Proxy
79
Command: deploy an App Engine application
`gcloud app deploy app.yaml`
80
Command: list subnets
`gcloud compute networks subnets list`
81
Common protocol and port used to connect to Linux instances
SSH port 22
82
Command: get Pod logs in Kubernetes
`kubectl get logs`
83
Types of App engine environments
standard and flexible
84
Command: create a Cloud Function
`gcloud functions deploy`
85
Fully manages version of Redis
cloud memorystore
86
downloadable key allowing code to authenticate against google cloud services
service account key
87
when creating firewall rules, the lower the number, the ___ the priority
higher
88
a way to analyze spending data
billing exports sent to bigquery
89
types of available roles
primitive (owner, editor, viewer), predefined, custom
90
Command: enable api
`gcloud services enable [ID]`
91
Command: list projects
`gcloud projects list`
92
Command: create a Deployment Manager deployment
`gcloud deployment-manager deployments create`
93
feature of Cloud Storage that allows object to be accessed temporarily
signed URLs
94
App Engine traffic can be split by
cookies, IP address, random
95
Command: update a Deployement Manager deployment
`gcloud deployment-manager deployments update`
96
Command: list buckets
`gsutil ls`
97
Meaning of 0.0.0.0/0
all IP addresses that exist
98
means of dynamically identifying instances to apply firewall rules
network tags
99
NoSQL's realtime database
firebase realtime database
100
where SSH keys for connecting to Compute Engine instances are stored
project or instance metadata
101
load balancer to use for global HTTP(S) traffic
HTTP(S) load balancer
102
tool that warns you when you're spending too much
billing alerts
103
feature that allows you to see all network traffic
flow logs
104
kubernetes concept that represents the smallest unit of deployment
pod
105
tool that helps estimate costs
pricing calculator
106
how to write to stackdriver logs from a cloud function
use the logging package or write to standard out
107
the load balancer to use for TCP traffic without SSL offload
TCP proxy
108
Command: create a new Spanner database
`gcloud spanner database create`
109
where do container images need to exist for kubernetes to work with them?
a container registry
110
key-value pairs that you can set and interact with in a Compute Engine instance
metadata
111
fully managed platform that supports running web applications inside a Docker container
app engine, flexible environment
112
Compute Engine metadata key that allows you to run code at startup
start-up script
113
Command: want to deploy a new instance that uses the centos 7 family. command to determine the family names
`gcloud compute images list`
114
load balancer for external TCP load balancer with SSL offload
SSL proxy
115
Which services for IoT solution, thousands of devices that need to send periodic time series data for processing
pub/sub, bigtable
116
Which database service for: product catalog of 500 products, no experience with SQL or schema migrations, want NoSQL option
cloud datastore
117
easiest way to ensure that the nodes in your kubernetes cluster are always up-to-date with the latest stable version of Kubernetes
enable the automatic node upgrades setting
118
You’ve found that your Linux server keeps running low on memory. It’s currently using 8 Gigs of memory, and you want to increase it to 16. What is the simplest way to do that?
Stop the instance and change the machine type.
119
use case for enabling flow logs
security team wants to audit network traffic inside your network
120
Command: deploy change to deployment created with `gcloud deployment-manager deployments create`
`gcloud deployment-manager deployments update`
121
Command: looking for the IP address of a specific instance that is running in your default zone.
`glcoud compute instances list` with `filter` and `format` flags
`jsonpath` is used with `kubectl`
122
Command: fastest way to switch to the correct configuration after running commands against the wrong project
`glcoud config configurations list`, then `gcloud config configurations activate`
123
You're running an n-tier application on Compute Engine with an Apache web server serving up web requests. You want to consolidate all of your logging into Stackdriver. What's the best approach to get the Apache logs into Stackdriver?
Install the Stackdriver monitoring and logging agents on the instance.
124
Command: simplest way to deploy keys of team's public SSH keys onto all of the instances of a particular project?
Add all of the keys into a file that's formatted according to the requirements. Use `gcloud compute project-into add-metadata` to upload the keys
125
Command: how to ensure there are always 4 idle instance? (running App Engine app with Autoscaling)
set the `min_idle_instances` property in app.yaml
126
Command: best way to generate a signed URL?
Create a service account and JSON key. USe `gsutil signrl -d 10m`, and pass the JSON key and bucket
10m for 10 minutes
127
Command: set default Compute Engine zone
`glcoud config set compute/zone us-east1-c`
128
What is require by Google Cloud in order to enable and use resources
Project. All resources belong to a project
129
Are Project ID globally unique
yes
130
Are project ID immutable
yes
131
Are project names unique
no
132
are project names mutable
yes
133
are project number globally unique
yes
134
are project number chosen by user
no, assigned by gcp
135
are project number immutable
yes
136
are folders required for projects
No, but they help group projects and policies.
137
Use cases for choosing pre-defined roles
1. lowers business risk of accidental or deliberate damage to vital data and systems
2. increases overall system and data security
3. finer granularity on permission is considered a best practice
4. using coarse permission may allow or cause users to violate regulations
138
Who can change the billing account for an existing proejct
owner on the project and a billing administrator on the destination billing account
139
who can manage billing accounts and add projects to them
billing administrator
140
Compute option: flexible, zero-ops platform for building apps
app engine
141
Compute option: virtual machines running in Google's global data centers
compute engine
142
Compute option: logical infrastructure powered by Kubernetes
Kubernetes engine
143
Database options: relational
Cloud SQL, Cloud spanner
144
database option: non-relational
cloud datastore, cloud bigtable
145
data storage option: object
cloud storage
146
data storage option: warehouse
bigquery
147
data storage: need fully managed MySQL and POstgreSQL database service
Cloud SQL
148
data storage: need scalable, fully managed enterprise data warehouse (EDW) with SQL and fast ad-hoc queries
BigQuery
149
data storage: need mission-critical, relational database service with transactional consistency, global scale, high availability
Cloud Spanner
150
data storage: need scalable, fully manage NoSQL wide-column database that is suitable for both low-latency single-point lookups and precalculated analytics
cloud BigTable
151
Cloud Storage classes, from cheapest to most expensive storage price
1. Coldline
2. Nearline
3. Regional
4. Multi-regional
152
Cloud Storage classes, from cheapest to most expensive retrieval price
1. Multi-regional
2. Regional
3. Nearline
4. Coldline
153
Cloud storage classes
1. Multi-regional
2. Regional
3. Nearline
4. Coldline
154
Cloud storage class: most frequently accessed
mutli-regional
155
Cloud storage class: accessed frequently within a region
regional
156
Cloud storage class: accessed less than once a month
nearline
157
Cloud storage calss: accessed less than once a year
coldline
158
Kubernetes controller ensures that a copy of a pod runs on nodes in the cluster, allowing for node management
Deployment
159
Disadvantages of using the App Engine standard environment
1. no custom runtimes
2. limited support for third-party binaries
3. limited ability to write to disk
160
Kubernetes controller uses desired state configuration and allows us to specify the number of pod instances running on a cluster
Deployment
161
Kubernetes nodes run services that allow pods to ___
communicate without using their individual IP address
162
Google Cloud Price Calculator can ...
1. allow us to determine areas to cut back
2. allow us to determine areas to rework codebase
3. ensures services are affordable to use at scale
163
Storage solution: suitable fro unstructured data
cloud storage
164
optimal compute solution when:
- workloads require high performance
- workloads that will use preemptible instances
- workloads requiring control of the operating system
Compute Engine
165
Storage solution:
- fully managed
- NoSQL database built on Cloud BigTable
Cloud Datastore
166
When to use unmanaged instance groups?
instances in the group need different configurations
167
Advantage of using flexible environment with App Engine
can customize the runtime
168
Advatages of App engine standard environment
1. managed runtimes
2. inexpensive
3. fast startup
