GCP Professional Cloud Architect Flashcards
What are the General Purpose Machine Families?
E2, N2, N2D, N1
What are the benefits of general purpose machine types in GCP compute?
Best price to performance ratio
What are the Memory Optimized Machine Families?
M2 and M1
What are the compute optimized machine family designations
C2
How is the compute engine naming convention broken down?
e2-standard-2
Machine Type Family-Type of Workload-Number of CPU
What are the two types of compute engine Images?
Public (Maintained by google or open source sources)
Custom (created by you for your projects)
T or F:
Static IP can be switched to another VM instance in same project
True
Does a static IP address remain attached to a VM if you stop the instance?
Yes
T or F:
Are are billed for an Static IP when you are NOT using it?
Yes/True
What are ways to reduce the number of steps for creating a vm instances setting up a HTTP Server?
Startup Scripts
Instance Template
Custom Image
After Creating an Instance Template, can you update this?
No, you need to copy it, and then modify what you need, save this as the new template
Which of these is the preferred option to reduce the launch time of a VM instance?
- Startup Script
- Custom Image
Custom Image. This does not need to run any installation and would be built from a VM that already has been fully configured.
How can you avoid specifying all the VM instance details every time you create a VM?
Create an Instance Template
What does 2 in the Machine Type e2-standard-2 represent?
2 vCPU
What are the prerequisites to be able to create a VM instance?
- Project
- Billing Account
- Compute Engines APIs should be enabled
How do you get dedicated instances that are not shared with other customers?
“Sole Tenant nodes” in the compute engine console
How do you automate VM OS patching across many machines?
VM Manager/ OS Patch Management
How to prevent internet to a VM
Do not assign an external IP address
What are instance groups?
Group of VM instances managed as a single entity. Manage similar groups of VMs having a similar life cycle as one unit
What are the two types of instance groups?
Managed: Identical VMs created using template. Has auto scaling, auto healing, and managed releases
Unmanaged: Different configuration for VMs in same group: Does not offer previous features
Managed Instance Groups have what important features?
On instance Crash, MIG launches another instance
Auto scaling instance numbers
Add a LB to distrubute load
Create instances in multiple zones using Regional MIGs
Release new application versions without downtime
Rolling updates
Canary Deployment: Test new version with a group of instances before releasing it across all instances
What are Auto Scaling metrics?
CPU utilization
Load Balancer Utilization
Any other metric from Stack Driver
What is the Cool-down period in Auto Scaling?
How long to wait before looking at auto scaling metrics again
What are Scale In Controls?
Prevent sudden drop in number of VM instances
“don’t scale in by more that 10% or 3 instances in 5 minutes”
What is Autohealing?
Configure a health check with initial delay, before looking in on whether an instance needs to be replaced or not.
What is the difference between stateless and stateful MIG?
Stateless provides serving and batch processing.
Stateful is persistent data or configurations such as DBs or legacy apps
In updating MIG, what are the update tempos?
Update Immediately (Proactive)
Update when Instance group is resized (Opportunistic/Selective)
What is the Rolling Restart/Replace Upgrade Option in MIGs?
No change in template but replace/restart existing VMs
Can a MIG contain VMs created with different machine types?
No
Cloud Load Balancing has what important features?
- Health check, route to healthy instances
- Auto Scaling based on demand
- Global Load Balancing with Single Anycast IP
- Internal Load Balancing
What is a restriction of UDP load balancers?
They cannot be multi-regional
What are the 3 important configurations for Cloud Load Balancers?
What is the backend?
What are the host and path rules?
What is different then?
Does a Cloud Load Balancer require a certificate?
Yes
In Cloud Load Balancing, what is SSL Termination/Offloading?
If you’re using layer seven, this has HTTPS going to the LB, but continuing the request in HTTP to the backend service over Google internal network.
In Cloud Load Balancing, what is TLS Termination/Offloading?
If you’re using layer four, and you’re using security
This layer 4 traffic switches to regular traffic to the backend instead of keeping TLS the whole path.
In Cloud Load Balancer selection, if you need SSL offloading, what would you select?
SSL Proxy
In Cloud LB selection, if it’s global, or IPv6, what would you need to select?
TCP Proxy
In Cloud LB selection, if you need to preserve client IP addresses from end user, what would you select?
Network Load Balancer
In Cloud LB External HTTP features, what is the difference between a Proxy and a Pass Through?
Proxy load balancers get the request from a client and they transform it or make changes, sending a different request to the backend.
Pass-through, whatever request comes from the end user is sent out to the backend. So the client will be able to see all the details of the request, which is sent by the client as is.
In Cloud LB, what ports can External HTTP load balance on?
HTTP: 80 or 8080
HTTPS: 443
In Cloud Load balancing, what type of traffic is an SSL Proxy designed for?
Global, External, TCP traffic and an SSL offload
In Cloud LB, what are the two main points of an External Network TCP/UDP LB?
Regional, External, TCP or UDP, PASS THROUGH, and can listen on any port for services
In Cloud LB, what is a URL Map?
Designate URL specific format to route to specific back end services
In Cloud LB, if you want to use global routing, what is needed?
Premium Networking Tier
In Cloud LB, Standard Tier Networking, what is specific to the front end rule?
The IP address is going to be regional, only backends
What are the factors to consider when mentioning “Scalability?”
Growth in:
Users
Traffic,
Data Size
What is Vertical Scaling?
Deploying an application/database to bigger instance. Larger resources per individual instance.
What is Horizontal Scaling?
Deploying multiple instances of applications/DBs.
What dependency does Horizontal Scaling require?
Likely to need additional infrastructure such as Load Balancer
In Compute Engine, what is live migration?
Running instances is migrated to another host in the same zone.
In Compute Engine Live Migration, what is SUPPORTED?
Supported for instances with local SSDs
In Compute Engine Live Migration, what is UNSUPPORTED?
Not supported for GPUs and preemptible instances
In Compute Engine Live Migration, what is Availability Policy “On Host Maintenance?”
What should happen during periodic infra maintenance?
Migrate or Terminate?
In Compute Engine Features: GPUs are not supported on what machine types?
Shared Core or Mem Optimized machine types
Also cannot do Live Migration with a GPU attached
What are Sustained Use Discounts?
Automatic discounts for running VM instances for a significant portion of the billing month.
What does not apply to Sustained Use Discounts?
RESTRICTION: Does NOT apply on certain machine types (example: E2 and A2)
RESTRICTION: Does NOT apply to VMs created by App Engine flexible and Dataflow
What are Committed use discounts?
Workloads with predictable resource needs. Commit for 1 or 3 years. Up to 70% based on machine time.
What do Committed Use Discounts not apply to?
Does NOT apply to VMs created by App Engine flexible
and Dataflow
What is a Preemptible VM
Short-lived cheaper (up to 80%) compute instances.
Max time you can run one is 24 hours.
What are restrictions on Preemptible Instances?
NOT always available
NO SLA and CANNOT be migrated to regular VMs
NO Automatic Restarts
Free Tier credits not applicable
What are Spot VMs?
Latest Versions of Preemptible VMs.
Key difference is that Spot VM does not have a maximum run time.
What is GCloud?
Command line interface to interact with Google Cloud Resources
What Services have specific CLI tools?
Cloud Storage -gsutil
Cloud BigQuery - bq
Cloud Bigtable - cbt
Kubernetes - kubectl
What is the structure of the glcoud command structure?
gcloud GROUP SUBGROUP ACTION
EX: gcloud compute instances list
What are the important things to remember about using Cloud Shell?
Cloud Shell is backed by a VM instance (automatically provisioned by
Google Cloud when you launch Cloud Shell)
5 GB of free persistent disk storage is provided as your $HOME directory
Prepackaged with latest version of Cloud SDK, Docker etc
(Remember) Files in your home directory persist between sessions, instance is terminated if you are inactive for more than 20 minutes
After 120 days of inactivity, even your $HOME directory is deleted
What is IAAS
Infrastructure as a service.
Only using GCP for infrastructure.
You are responsible for:
Application Code and Runtime
Configuring load balancing
Auto scaling
OS upgrades and patches
Availability
What is PAAS?
Platform as a Service
In PAAS, what is the client responsible for?
Client is responsible for:
Configuration (of Application and Services)
Application code (if needed)
In PAAS, what is the provider responsible for?
OS (incl. upgrades and patches)
Application Runtime
Auto scaling
Availability & Load balancing etc..
What is App Engine used for?
Build highly scalable applications on a fully managed platform
using open and familiar languages and tools
PaaS, CaaS, Serverless
What is Cloud Functions used for?
Build event-driven applications using simple, single-purpose
functions.
FaaS, Serverless
What is Cloud Run used for?
Develop and deploy highly scalable containerized applications.
Does NOT need a cluster!
Caas (Serverless)
What languages does App Engine Support?
Go, Java, .NET, Node.js, PHP, Python, and Ruby
What features does App Engine have?
Auto LB
Auto Scale
Managed Platform updates
Application health Monitoring
Application versioning
Traffic Splitting
What are the different App Engine Environments?
Standard: Apps run in language specific sandboxes
What are the App Engine Restrictions on Java, Python, PHP, and Go on V1?
V1: OLD Versions
Restricted network access
Only allow white listed extensions and libraries
What are the App Engine restrictions on languages in V2?
V2: Newer Versions
No restrictions
What is App Engine Flexible?
- Application instances run within Docker containers
Makes use of Compute Engine virtual machines
Support ANY runtime (with built-in support for Python, Java, Node.js, Go,
Ruby, PHP, or .NET)
Provides access to background processes and local disks
In App Engine how many applications can you have per project?
One app per project
In App Engine, what does the Application Component Hierarchy contain?
Application > Service > Version
In App Engine, can you have multiple versions coexist in the same application structure?
Yes.
In App Engine, can you create traffic rules to dictate how much traffic goes to what version of service?
Yes, you can split this up in order to test out V2 of an application.
In App Engine, can your Scaling go to zero?
On Standard, Yes
On Flexible, No
In App Engine, which startup time is faster? Standard or Flexible?
Standard is Faster in instance startup time.
Standard = Seconds
Flexible = Minutes
In App Engine, which version supports Rapid Scaling?
Standard or Flexible?
Standard supports rapid scaling, this is due to the instance start-up time being in seconds instead of minutes as in Flexible.
In App Engine Flexible, what kind of disks are created?
Ephemeral Disks, not permanent storage
In App Engine, which version (Standard or Flexible) supports SSH for debugging?
Flexible
In App Engine, what is the default way to split traffic?
By IP Address
In App Engine, what are the 3 ways to split traffic?
IP Address
Random
Cookie
When working with G Kubernetes Engine, what is the command line prefix?
gcloud container
In GKE, what is the command to expose a cluster to the outside world?
kubectl expose deployment
What does GKE create in the background when you create a cluster?
Global Load Balancer
In GKE, what is the difference between Services, and Ingress?
Services are sets of pods with network endpoints and can be used for discovery and LB.
Ingresses are collections of rules for routing external HTTP(S) traffic to Services
In GKE, where do you configure access to resources like databases?
kubectl create configmap
Configmap is where these are stored
In GKE how do you add a password configuration?
kubectl create secret
In GKE, what is the Master Node’s (Control Plane) function?
It’s an API server and handles all communication for K8s cluster from nodes, and outside requests
In GKE, what component functions make a Master Node?
API Server
Scheduler (deciding placement of pods)
Control Manager - Manages deployments and replica sets
etcd - Distributed database storing the cluster state
In GKE what are worker nodes?
Components that run your pods
Kubelets, manages communication with the master node
in GKE, what are single zone clusters?
Single Zone - Single control plane, nodes running in the same zone.
In GKE, what are Multi-zonal clusters?
Multi-zonal - Single contro lplane but noeds are running in multiple zones
In GKE, what are Regional Clusters?
Regional cluster - replicas of the control pane run in multiple zones of a given region. Nodes also run in same zones where the control plane runs.
In GKE, what are Private Clusters?
Private Cluster - VPC native cluster nodes only ahve internal IP addresses
In GKE, what Alpha Clusters?
Alpha Clusters - Created with alpha APIs with early features. used to test new K8s Features
In GKE what is a pod?
It’s the smallest deployable unit in kubernetes
Pod contains one or more containers
In GKE, what are the resources all containers in a pod share?
Network
Storage
IP address
Ports
Volumes (Shared persistent disks)
IF A Pod status is “Unknown” what does that mean?
The Master is unable to find out the status of the pod
In GKE, what is a deployment?
Created for each microservice. These represent a microservice with all its releases.
In GKE, what is a Replica Set?
Ensures that specific number of pods are running for a specific microservice version
In GKE, what is an ingress?
The recommended approach for providing external access to services in the cluster.
In GKE, what does an ingress provide?
Provides Load Balanacing
Provides SSL Termination
Control Traffic by defining rules on the ingress resources
In GKE, what is a Container Registry?
You can secure your container images.
Analyze for vulnerabilities and enforce deployment policies.
If you want to keep your costs low and optimize your GKE implementation, what should you consider?
Consider Preemptible VMs,
Appropriate region,
Committed use discounts.
E2 machine types are cheaper than N1.
Choose the right environment to fit your workload type (Use
multiple node pools if needed).
In GKE if you want an efficient, completely auto scaling GKE solution, what should you consider?
Configure Horizontal Pod Autoscaler for deployments and
Cluster Autoscaler for node pools
In GKE if you want to execute untrusted third-party
code in Kubernetes Cluster, what should you do?
Create a new node pool with GKE Sandbox. Deploy
untrused code to Sandbox node pool.
In GKE, if your pod stays in “pending” status, what is the likely cause?
Probably Pod cannot be scheduled
onto a node(insufficient resources)
In GKE, if my pod stays waiting What is the likely cause?
Most probably failure to pull the docker image.
Permissions to pull or network access to the image repository
In GKE, if a pod becomes unhealthy. Which of these will identify and replace the pod?
ReplicaSet
In GKE, How do we store sensitive configuration (passwords) in Kubernetes?
Secrets
If you want to execute code when an event happens (Google Pub/Sub), what service would you use?
Cloud Functions
In Cloud Functions, what are you paying for when running the code?
Pay only for what you use
Number of invocations
Compute time of the invocations
Memory and CPU provisioned
In Cloud Functions what is the default Time out?
60 minutes
1 Hour
3600 seconds
In Cloud Functions, what are events triggered from?
Cloud Storage
Cloud Pub/Sub
HTTP POST/GET/DELETE/PUT/OPTIONS
What kind of scaling do Cloud Functions do?
Horizontal Scaling
What kind of work are Cloud Functions not ideal for?
Not ideal for long running processes
What is Cloud Run?
“Container to Production in Seconds”
Built on top of an open standard - Knative
Fully managed serverless platform for containerized applications
ZERO infrastructure management
Pay-per-use (For used CPU, Memory, Requests and Networking
What does Cloud Run for Anthos provide?
Provides the ability to run K8 clusters anywhere.
Cloud
Multi-Cloud
On Premises
In Cloud Functions Gen 1 how many requests can a Function Instance handle?
One at a time.
This means a new function instance will be spun up to handle each new request
In Cloud Functions Gen 2, how many request can a single Function Instance handle?
Can handle multiple requests at the same time.
Max = 1000 (One Thousand)
What are some best practices with Cloud Functions?
To avoid cold starts, set min no of instances (increases cost)
Minimize dependencies (loading dependencies increases initialization time)
Configure max no of instances (protect from abnormally high request
levels)
Use Cloud Endpoints (or Apigee or API gateway) for versioning
Use Cloud Run (& Cloud Functions gen 2) revisions for safer releases:
Configure which revisions should receive traffic and how much
You can rollback to a previous revision if needed
Use Secret Manager to securely store secrets (ex: API keys)
Use Individual Service Accounts for each function
Grant roles/cloudfunctions.invoker role to invoke a cloud function
Manage dependencies using your language specific tool (npm, pip,..)
What is “Data in Use” state?
Active data processed in non persistent state, such as data in RAM.
What is Symmetric Encryption?
Encryption algorithms use the same key for encryption and decryption
What is Cloud KMS?
Key Management Service
Create and manage cryptographic keys, symmetric and asymmetric
Control their use in your applications and GCP service
Allowed to store keys created on premises.
What is the difference between Block Storage and File Storage?
Block storage is like your HDD.
File storage are for files shared by multiple virtual servers
Block storage is also known as?
Persistent Disk, network block storage
What are the two different versions of Persistent Storage?
Zonal: Data replicated in one zone
Regional: Data Replicated in Multiple Zone
What are the two versions of Block Storage?
Persistent Disks
Local SSDs
