Professional Cloud Architect Flashcards
1
Q
What is a GCP Service that handles streaming and batch data?
A
Cloud DataFlow
2
Q
What does DLP stand for and how is it used?
A
Data Loss Prevention and it is used to sanitize data and remove sensitive information
3
Q
App Engine is what type of service?
A
PAAS Platform as a Service
4
Q
Compute Engine (GCE) is what type of service?
A
IAAS Infrastructure as a Service
5
Q
What are the FireStore Components?
A
Field
Collection Group
Document
Document ID
6
Q
What are the Cloud DataStore Components?
A
Kind
Entity
Property
Key
7
Q
If a Compute Engine Application exists in a single VPC across three regions and your application must communicate over VPN to your company’s on-premise network then how many VPN Gateways are required?
A
3 Cloud VPN gateways are required.
Cloud VPN Gateways are bound to a single region.
Create a Cloud VPN Gateway in each region
8
Q
What type of migration model does Dress4Win state in their business requirements?
A
Lift and Shift
9
Q
What are the 5 sequential steps for cloud migration?
A
1 Assess 2 Pilot 3 Move Data 4 Move Applications 5 Cloudify & Optimize
10
Q
Dynamic Routing uses a _________ to automatically discover new subnet routes
A
Cloud Router
11
Q
The 4 layers of the GCP Cloud Resource Hierarchy
A
1 Organization
2 Folders
3 Projects
4 Resources
12
Q
Which network interconnect method connects your network to a GCP VPC over a public internet encrypted tunnel?
A
Cloud VPN
13
Q
Command to create a new storage bucket
A
gsutil mb -l {location} -c {storage class} gs://BucketName
14
Q
Cloud Router uses this protocol to handle dynamic routing between locations
A
BGP Border Gateway Protocol
15
Q
Where can you export Stackdriver logs to (not counting customer locations)
A
1 Cloud Storage
2 Cloud Pub/Sub
3 BigQuery
16
Q
What is the max speed of a single Cloud VPN tunnel (non-peered)
A
1.5 Gbps
17
Q
Every load balancer must have a ___ and a ____
A
Frontend || Backend
18
Q
Role necessary to link a project to a billing account
A
Billing Account User
19
Q
How many VPN tunnels can you create in a single Cloud VPN gateway
A
8
20
Q
What is the default, implied status of all egress traffic in a VPC firewall
A
Allow All
21
Q
Google Cloud Storage holds what type of data?
A
Unstructured
22
Q
This service is required to setup dynamic routing over a Cloud VPN Service
A
Cloud Router
23
Q
Where does Cloud Dataaprep load data from?
A
Cloud Storage and BigQuery
24
Q
The two methods of permissions for Google Cloud Storage
A
1 IAM: Identity and Access management
2 ACL: Access control list
25
This database service is ideal for low-latency storage of time-series data
Cloud BigTable
26
Relational Databases
Cloud SQL
| Cloud Spanner
27
Non-Relational Databases
Cloud DataStore
Cloud FireStore
Cloud BigTable
28
DataWareHouse
BigQuery
29
This managed database is a no-ops petabyte-scale data warehouse that queries data in standard SQL Format
Big Query
30
Retention period for data access logs
30 days
31
______ Roles apply to the entire project.
Primitive
32
An HTTP load balancer can forward traffic by ____ and ____
location
| content
33
Which GCP load balancers are multi-regional in scope?
1 HTTP Load Balancer
2 TCP Proxy
3 SSL Proxy
34
VPC subnets can exist in more than one _____
zone (in the same region)
35
Which connection protocol does the Cloud VPN service use?
IPSEC
36
This IAM member allows public/anonymous access to a resource
allUsers
37
Google account type for members of an organization WITHOUT access to Google apps
Cloud Identity Domain
38
What type of managed database is ideal for web and mobile applications?
Cloud DataStore
39
More lightweight container image option to run on GKE
Alpine Linux
40
The name for the modular components of a Cloud Deployment Manager Configuration
Templates
41
GCP Service for Providing a 'single pane of glass' for monitoring resources and alerts across projects in AWS
StackDriver Monitoring
42
VPC firewall rules are applied on a per-instance basis
True
43
What layer of the Cloud Resource Hierarchy are chargeable resources hosted in?
Projects
44
Which networking interconnect option connects your business directly to Google, but not directly to GCP VPC?
Peering
45
The 3 Primitive Roles and the types of access they give:
1 Owner: Full Project Access (Billing and Assigning IAM Roles)
2 Editor: Full Access minus- Billing and IAM access
3 Viewer: View only
46
Google account type for a collection of individual Google Accounts
Google Groups
47
When to use Dataproc over Data Flow
When using Hadoop/Spark workflows
48
Another term for mapping Cloud Identity to Active Directory to duplicate account information.
Federation
49
What is a pod on GKE?
Smallest deployable unit. Contains one or more containers that run on nodes
50
The three IAM Role Types
1 Primitive
2 Predefined
3 Custom
51
Two format options for Cloud Deployment Manager template files
Jinja
| Python
52
The five (non-beta) Stackdriver services
1) . Logging
2) . Trace
3) . Monitoring
4) . Error Reporting
5) . Debug
53
Cloud Storage can act as a block-level SAN replacement (True/False)
False; you would need to use a persistent disk for a direct SAN replacement
54
The two Memcache service levels
1 Dedicated
| 2 Shared
55
GCP service for asynchronous messaging, used for streaming data ingest
Cloud Pub/Sub
56
In a Shared VPC network, the ____ project hosts the VPC components, and the ___ project uses hosted VPC resources
Host
| Service
57
This managed database is ideal for NoSQL purposes, is NoOps in setup/maintenance, and is ideal for mobile save game state
Cloud DataStore
58
What is a service account?
1 Assigned to an application or a server
2 Authenticated with a service account key
3 Both a member and a resource
59
How to easily apply VPC firewall rules to individual instances instead of the entire network
Network Tags
60
Admin Activity Logs are ____ by default
Enabled
61
When are un-managed instance groups useful?
Migrating grouped servers to the cloud with minimal disruption in workflow
62
____ provides a direct physical connection to connect your on-premises network to a Google Cloud VPC network.
Cloud Interconnect
63
How to optimize your CDN cache performance:
Configure Cache Hit Ratio
64
Collection of statements that define who has access to what resource on GCP
IAM Policy
65
This application is required to configure a Cloud Storage bucket as a mounted disk on a GCE instance.
Google Cloud Storage Fuse (gcs-fuse)
66
a managed instance group is created from an ____
Instance Template
67
Permissions for working with VPC networks fall under this service.
Compute Engine
68
What are the 5 load balancer options in GCP
1) Internal
2) Network
3) HTTP(s)
4) TCP Proxy
5) SSL Proxy
69
How to add subnets in other regions to the same VPC network:
No configuration necessary
70
What are the two database structure formats we discussed in this course?
Relational (SQL) || Non-Relational (NoSQL)
71
An export in Stackdriver Logging requires what components to setup?
A filter to select log entries
A destination to export filtered logs
Sink: Select which filtered logs to send to which destination
72
Format of Deployment Manager configuration files
YAML format
73
GCP's service that is build on Apache Beam, used for processing both batch and streaming data
Cloud DataFlow
74
Retention period for admin activity logs
400 days
75
This type of disk is directly connected to a GCE instance and must be set up on instance creation
Local SSD
76
Where can billing data be exported?
1 Cloud Storage
| 2 Big Query
77
Which are the benefits of quotas?
Protection of unexpected spikes in resource usage
| Prevent runaway consumption due to error or malicious intent
78
What could be the cause if an Instance Group VMs keep restarting every minute?
1 Failing Health Check
| 2 Configure the firewall to allow proper access to instance group VM's (subnet, tag) from load balancer IP
79
MountKirk Games is looking to migrate how many environments to the cloud?
(2) environments different storage for each service
1 Game BackEnd on Google Cloud Compute Engine (GCE)
2 Analytics
80
What would fulfill the MountKirk technical requirement for "connecting a trans-actional database service to manage user profiles and game state"?
Cloud Datastore - NoSQL transactional database - perfect for game user-profiles and game states
81
What would fulfill the MountKirk technical requirement "Store game activity in a timeseries database service for future analysis"?
Store in BigQuery
BigQuery vs BigTable
BigQuery a lot more managed
No requirement for low latency analytics response time (Big Table)
BigQuery has a response measured in seconds, scales efficiently
BigQuery reading from BigTable possible response as well
82
What would fulfill the MountKirk technical requirement "As the System scales, ensure that data is not lost due to processing backlogs. "?
1 HTTP Load Balancer- Automatically scales to meet demand
2 Managed Instance Groups - also auto-scales
3 Pub/Sub - Buffers late/slow data
83
What would fulfill the MountKirk technical requirement "Run hardened Linux Distro"?
Managed Instance groups with custom images
84
What would fulfill the MountKirk technical requirement "Process incoming (streaming) data on the fly directly from the game servers?
```
Connect services (stackdriver logs metrics, gce game serverss) with Pub/Sub
Process with DataFlow
```
85
What would fulfill the MountKirk technical requirement "Process data that arrives late because of slow mobile networks" ?
Pub/Sub: Scales and Buffers messages
| DataFlow: Accounts for late/out of order data
86
What would fulfill the MountKirk technical requirement "Allow queries to access at least 10 TB of historical data."?
BigQuery - SQL Queries against data
87
What would fulfill the MountKirk technical requirement "Process files that are regulary uploaded by users' mobile devices. ?
Upload to Cloud Storage
| Process via DataFlow
88
What would fulfill the Dress4Win technical requirement equivalent of "MySQL"?
DataCenter >> GCP
MySQL >> Cloud SQL (Lift . Shift)
5TB >> 10 TB Size Limit
Single Region - no global footprint requirement
Migration -
1 Create replica server managed by Cloud SQL
2 Once replica is synced: Update applications to point to replica
3 Promote replica to stand-alone instance
89
What would fulfill the Dress4Win technical requirement "Redis 3 server Cluster" ?
Two options
1) Run Redis server on Compute Engine
2) Use new Memorystore managed Redis database
90
What would fulfill the Dress4Win technical requirement "40 Web Application servers providing micro-services based APIs and static content. "Tomcat - Java", "Nginx", "4 core CPUs","32 GB of RAM"?
The existing environment has lots of idle time
- Managed instance groups - autoscaling using custom machine types (Fits Lift . Shift)
Alternatively - can re-architect for GKE/GAE for microservices deployments for future phases
91
What would fulfill the Dress4Win technical requirement "20 Apache Hadoop/Spark servers:"?
Cloud Dataproc connecting to Cloud Storage
92
What would fulfill the Dress4Win technical requirement "3 RabbitMQ servers for messaging, social notifications, and events:"?
Pub/Sub likely replacement
| Can also deploy same environment on Compute engine instance group (lift and shift)
93
What would fulfill the Dress4Win technical requirement "Jenkins, monitoring, bastion hosts, security scanners"?
No managed service equivalents
Use GCE instances - custom machine types
Think about using the Market Place as well
94
What would fulfill the Dress4Win technical requirement "iSCSI for VM hosts/Fiber channel SAN - Backup for MySQL databases" ?
SAN/iSCSI requires block storage
| Persistent disks working in a SAN Cluster
95
What would fulfill the Dress4Win technical requirement "NAS - image storage, logs, backups"?
Cloud Storage - direct replacement
Infinite scale in a single bucket
Persistent also an option
96
What would fulfill the TerramEarth business requirement "Decrease unplanned vehicle downtime to less than 1 week"?
Convert to 100% cellular connectivity
97
What would fulfill the TerramEarth business requirement "Support the dealer network with more data on how their customers use their equipment to better position new products and services"?
Share insights with Data Studio
98
What would fulfill the TerramEarth business requirement "Have the ability to partner with different companies -- especially with seed and fertilizer suppliers in the fast-growing agricultural business -- to create compelling joint offerings for their customers"?
- Share insights with Data Studio
- BigQuery / ML analytics to predict customer needs
- Tech lead will enable partnerships
99
What would fulfill the TerramEarth technical requirement "expand beyond a single datacenter to decrease latency to American midwest and east coast"?
Multi-regional/global services
100
What would fulfill the TerramEarth technical requirement "create a backup strategy"?
Regular BigQuery Exports to Cloud Storage
101
What would fulfill the TerramEarth technical requirement "Increase the security of data transfer from equipment to the datacenter"?
- Cloud Endpoints - manage and protect APIs
- Cloud IoT Core - also managed security
- Customer supplied encryption keys
102
What would fulfill the TerramEarth technical requirement "Improve data warehouse"?
- Cloud dataflow - transform incoming streaming data to the preferred format
- Alternatively, stage in Cloud Storage, clean with Cloud Dataprep, and run job backed by DataFlow into BigQuery
103
What would fulfill the TerramEarth technical requirement "Use Customer and equipment data to anticipate customer needs"?
Pair BigQuery with machine learning services for predictive analytics
104
_______ provides visual notebooks for working with BigQuery/Cloud ML Engine data for ML/analytics?
Datalab
105
What does CSEKs stand for?
Customer-supplied encryption keys
106
What does CMEK stand for?
Customer-managed encryption keys
107
What is a use case for a .boto file?
use a .boto configuration file to supply the customer_managed encryption key, then use gsutil to upload the files
108
______ works with Global HTTP(s) Load Balancers to Deliver defense against ddos attacks.
Cloud Armor
109
_________ will allow vms on your subnet to access GCP resources
Private Google Access
110
Resources not hosted on GCP should use a _____
CSEK Custome Service Encryption key for authentication
111
Subnets are ________ resources
Regional
112
An IAM Policy Consists of a ____________
List of Bindings
113
What role gives you permission to set up a Shared VPC
Shared VPC Admin Role
114
Based on MountKirk Games' technical requirements, what GCP services/infrastructure will they use to host their game backend?
Managed Instance Group on Compute Engine
115
What is Google Container Engine?
GKE Google Container Engine is the older naming convention of the container orchestration Google Kubernetes
116
What does the HTTP status Error response 401?
Unauthorized
117
You want to enable your running Google Kubernetes cluster to scale as demand for your application changes. What should you do?
Update the existing Kubernetes Engine Cluster with the following command; "gcloud container clusters update CLUSTER_NAME --enable-autoscaling --min-nodes=1 --max-nodes=10"
118
Your company places a high value on being responsive and meeting customer needs quickly. Their primary business objectives are release speed and agility. You want to reduce the chance of security errors being accidentally introduced. Which two actions can you take?
1) Use source code security analyzers as part of the CI/CD pipeline
2) . Run a vulnerability security scanner as part of your continuous-integration - delivery (CI/CD) pipeline
119
What are 2 characteristics of GCP VPC subnets?
1) . Each subnet can span at least 2 Availability Zones to provide a high-availability environment.
2) . By default, all subnets can route between each other, whether they are private or public
120
What is the minimum CIDR size for a subnet?
/29
121
Which of TerramEarth's legacy enterprise processes in their existing data centers would experience significant change as a result of increased Google Cloud Platform adoption?
Capacity planning, utilization measurement, data center expansion
122
You have a mission-critical database running on an instance on Google Compute Engine. You need to automate a database backup once per day to another disk. The database must remain fully operational and functional and can have no downtime. How can you best perform an automated backup of the database with minimal downtime and minimal costs?
Use a cron job to schedule your application to backup the database to another persistent disk.
123
Once a month Terram Earth's vehicles are serviced and the data is downloaded from the maintenance port. the data analysts would want to query this huge data collected from these vehicles and analyze the overall condition of the vehicles. Terram Earth's management is looking at a solution which cost-effective and would scale for future requirements.
Load the data from Cloud Storage to BigQuery and run queries on BigQuery
124
Your company's architecture is shown in the diagram. You want to automatically and simultaneously deploy new code to each Google Container Engine cluster. Which method should you use?
Use an automation tool, such as Jenkins
125
BigQuery Best practices for controlling cost
1) . Avoid SELECT * Query only the columns that you need
2) . Use the --dry_run flag in the CLI before running queries, preview them to estimate costs
3) . If possible, partition your BigQuery tables by date
126
The security team has disabled external SSH access into production virtual machines in GCP. The operations team needs to remotely manage the VMs and other resources. What can they do?
Grant the operations team access to use Google Cloud Shell
127
Dress4Win has asked you to recommend machine types they should deploy their application servers t. How should you proceed?
Recommend that Dress4Win deploy into production with the smallest instances available, monitor them over time, and scale the machine type up until the desired performance is reached.
128
What is Google's continuous integration solution?
Cloud Build
129
Kubernetes Engine offers integrated support for two types of ________ for a publicly accessible application:
Cloud Load Balancing
130
URL maps are used with the following Google Cloud products:
1) . External HTTP(S) Load Balancing
2) . Internal HTTP(S) Load Balancing
3) . Traffic Director
131
Your customer is moving an existing corporate application from an on-premises data center to the Google Cloud Platform. The business owner requires minimal user disruption. There are strict security team requirements for storing passwords. What authentication strategy should they use?
Federate authentication via SAML 2.0 to the existing Identity Provider
132
You write a Python script to connect to Google BigQuery from a Google Compute Engine virtual machine. The script is printing errors that it cannot connect to BigQuery. What should you do to fix the script?
Run your script on a new virtual machine with the BigQuery access scope enable.
"The error is most like caused by the access scope issue. When a new instance is created you have the Compute Engine default service account but most services like access including BigQuery is not enabled."
133
AS part of migrating plans to the cloud, Dress4Win wants to set up a managed logging and monitoring system so they can understand and manage workload based on the traffic spikes and patterns.
They want to ensure that:
- The infrastructure can be notified when it needs to scale up and down to handle the daily workload
- Their administrators are notified automatically when their application reports errors
- They can filter their aggregated logs down to debug one piece of the application across many hosts.
Which Google StackDriver features should they use?
Monitoring, Logging, Debug, Error Report
134
You work in a small company where everyone should be able to view the resources of a specific project. You want to grant them access following Google's recommended practices. What should you do?
Create a new Google Group and add all users to the group. Use "gcloud projects add-iam-policy-binding" with the Project Viewer role and Group email address
135
One of your primary business objectives is being able to trust the data stored in your application. You want to log all changes to the application data. How can you design your logging system to verify the authenticity of your logs?
Digitally sign each timestamp and log entry and store the signature.
"To verify the authenticity of your logs if they are tampered or forged, you can use certain algorithms to generate digest by hashing each timestamp or log entry and then digitally sign the digest with a private key to generate a signature. Anybody with your public key can verify that signature to confirm that it was made with your private key and they can tell if the timestamp or log entry was modified.
You can put the signature files into a folder separate from the log files. This separation enables you to enforce granular security policies.
136
Mountkrik is setting up its backend platform for a new game. They expect the new game to become popular once it is released. The platform must adhere to their technical requirements. Please select the Google Cloud Services that would fulfill all their requirements.
Managed Instance Group with Auto Scaling enabled, Cloud Datastore BigQuery, DataFlow
1. Dynamically scale up or down based on game activity (Managed Instance Group w/ Autoscaling)
2. Connect to a transactional database service to manage user profiles and game state (Cloud Datastore because Cloud Datastore is good for user profiles that deliver a customized experience based on the user's past activities and preferences(gaming).
3. Store game activity in a time-series database server for future analysis (BigQuery is good for time-series data unless it is specified for 'low-latency', BigTable would be a better fit
4. As the system scales, ensure that data is not lost due to processing backlogs (Dataflow can handle late-arriving data and out of order data)
5. Run hardened Linux distro (Managed Instance Group with Hardened Linux Distribution)
137
How are subnetworks different than the legacy networks?
Each subnetwork controls the IP address range used for instances that are allocated to that subnetwork
138
What is the command to use multi-threaded uploads?
gsutil -m cp -r dir gs://my-bucket
139
You have a collection of media files over 5GB each that you need to migrate to Google Cloud Storage. The files are in your on-premises data center. What migration method can you use to help speed up the transfer process?
Use parallel uploads to break the file into smaller chunks then transfer it simultaneously.
gsutil -o GSUtil:parallel_composite_upload_threshold=150M cp bigfile gs:///yourbucket
140
What are the flags to start a recursive upload?
The -R and -r options are synonymous. It causes directories, buckets, and bucket subdirectories to be copied recursively.
141
What are two business risks of migrating to Cloud Deployment Manager?
1) . Cloud Deployment Manager only supports the automation of Google Cloud Resources.
2) . Cloud Deployment Manager can be used to permanently delete cloud resources
142
Dress4Win wants to do penetration security scanning on the test and development environment deployed to the cloud. The scanning should be performed from an end-user perspective as much as possible. How should they conduct penetration testing?
Use the on-premises scanners to conduct penetration testing on the cloud environments routing traffic over the public internet.
143
Mountkirk Games wants you to design their new testing strategy. How should the test coverage differ from their existing backends on the other platforms?
Tests should include directly testing the Google Cloud Platform (GCP) Infrastructure
144
Your company collects and stores security camera footage in Google Cloud Storage. Within the first 30 days, the footage is processed regularly for threat detection, object detection, trend analysis, and suspicious behavior detection. You want to minimize the cost of storing all the data. How should you store the videos?
Use Google Cloud Regional Storage for the first 30 days, and then move to Coldline Storage.
145
A production database virtual machine on Google Compute Engine has an ext4-formatted persistent disk for data files. The database is about to run out of storage space. How can you remediate the problem with the least amount of downtime?
In the Cloud Platform Console, increase the size of the persistent disk and use the resize2fs command in Linux.
146
What is the command to resize a GCE disk?
gcloud compute disks resize [DISK_NAME] --size [DISK_SIZE]
147
You are migrating your existing data center environment to Google Cloud Platform. You have 1 petabyte Storage Area Network (SAN) that needs to be migrated. What GCP service will this data map to?
Persistent Disk
SAN data uses block storage, which will map directly to a persistent disk on GCP for equivalent storage.
148
What type of storage does a SAN map to in GCP?
Persistent Disk
149
What type of storage does a NAS map to in GCP
Persistent Disk or Cloud Storage
150
Your company plans to host a large donation website on Google Cloud Platform. You anticipate a large and undetermined amount of traffic that will create many database writes. To be certain that you do not drop any writes to a database hosted on GCP. Which service should you use with managed service?
Cloud Pub/Sub for capturing the writes and draining the queue to write to the database.
151
Dress4Win has end-to-end tests covering 100% of their endpoints. They want to ensure that the move to the cloud does not introduce any new bugs. Which additional testing methods should the developers employ to prevent an outage?
They should add additional unit tests and production scale load tests on their cloud staging environment
152
Your development team has installed a new Linux kernel module on the batch servers in Google Compute Engine (GCE) virtual machines (VMs) to speed up the nightly batch process. Two days after the installation, 50% of the batch servers failed the nightly batch run. You want to collect details on the failure to pass back to the development team. Which three actions should you take? Choose 3 answers
1) . Identify whether a live migration event of the failed server occurred, using the activity log.
2) . Use gcloud or Cloud Console to connect to the serial console and observe the logs
3) . Adjust the Google Stackdriver timeline to match the failure time and observe the batch server metrics.
153
Your company runs several databases on a single MySQL instance. They need to take backups of a specific database at regular intervals. The backup activity needs to complete as quickly as possible and cannot be allowed to impact disk performance. How should you configure the storage?
Mount a Local SSD volume as the backup location. After the backup is complete, use gsutil to move the backup to Google Cloud Storage.
154
You have created a Kubernetes engine cluster named 'mycluster'. You've realized that you need to change the machine type for the cluster from n-standard-1 to n1-standard-4. What is the command to make this change?
You must create a new node pool in the same cluster and migrate the workload to the new pool.
"you cannot change the machine type for an individual node pool after creation. You need to create a new node pool and migrate your workload over"
155
Every server in the payment-processing application network sends its logs to Stackdriver Monitoring and Stackdriver Logging, using _____________ servers to securely transmit the log data.
Squid Proxy
156
You want to optimize the performance of an accurate, real-time, weather-charting application. The data comes from 50,000 sensors sending 10 readings a second, in the format of a timestamp and sensor reading. Where should you store the data?
Google Cloud Bigtable
- A scalable, fully-managed NoSQL Wide-column database that is suitable for both real-time access and analytics workloads
- Low-latency read/write access
- High-throughput analytics
157
You need to take streaming data from thousands of Internet of Things (IoT) devices, ingest it, run it through a pipeline, and store it for analysis. You want to run SQL queries against your data for analysis. What services in which order should you use for this task?
Cloud Pub/Sub, Cloud Dataflow, BigQuery
158
Your company has developed a series of LAMP stack applications, that are required to be scalable and fast and that are often updated by the IT teams. Which of the following actions allow you to facilitate the process of managing the various configurations in production, staging, and development ?
1) . Create deployments using Deployment manager
2) . Use Labels for your Resources
3) . Organize Resources according to your standard and setup/reuse configurations and templates
4) . Use references, template properties, and outputs
159
You have been asked to setup up a Disaster Recovery solution for a non-critical Database Server with multiple disks. The application can be stopped for hours without creating major issues. The data must be recovered at the beginning of the last day. The solution must be simple and inexpensive. What would you advise?
Custom Image, Regional SSD persistent disks, and daily snapshots stored to Cloud Storage
160
You have several Python apps in App Engine Standard. You want to start experience continuous deployment but you want to handle the process in the best way possible. You need to deploy a new release for two apps: myapp-a and myapp-b.
myapp-a has some deeply tested updates regarding the bugs. The main requirement is that the transition to the new version which is myapp-b, has to be smooth and without any disruptions.
myapp-b has new features and updates and you want to do an A / B testing, introducting the new version for only 50% of the traffic.
What are the correct and best commands to executed?
1) gcloud app services set-traffic myapp-b splits 1=.5 2=.5 by cookie
2) Add warmup and issue; gcloud app services set-traffic myapp-a --splits 2=1 --migrate
161
Your team is developing a social engagement app in Node.js on App Engine Flexible Edition. Among the various features required, there is an online chat between related and connected users. Which of the following functions should you use or activate to accomplish what is required?
1) Session Affinity
| 2) Websocket
162
An e-commerce system is operating in an "App Engine Flex" with Node.js and has to perform many operations while registering orders. You have been asked to find a way to "decouple the service" with a procedure that will send an e-mail to the customer with an order confirmation, at the end.
"Use Cloud Task and define an appropriate worker server"
163
You have a Cloud Function that sometimes fails because of an error that is still not well identified. The error happens randomly, sometimes it occurs and sometimes it doesn't. Is there a method to minimize the effect while the developers are looking for the solution?
Use the Retry failure option
164
In your organization, you have 2 projects: projA and projB. You have never created a VPC in your projects. Which network configuration do you actually have?
1) A Global default VPC
2) . A route for Internet connection and a route for each subnet/region
3) . A set of firewall, with incoming traffic from outside networks that are blocked
165
You created a new development environment project and you don't want to manage a Network. So, you delete the default network because it may consume unwanted resources. What is most likely expected to happen?
1) . You cannot create a VM
2) You are free to create Cloud Functions
3) You may create a Storage Bucked
Any compute operations require a network
Serverless technologies are free from infrastructure. So no server NO NETWORK
166
A ______ should be used when you only need to allow outgoing traffic to get updates (while blocking all incoming traffic except for the data coming back from update request).
NAT
167
A _______should be used when you want a user(s) to SSH or RDP into the private server.
Bastion host
168
_________ are instances that sit within your public subnet and are typically accessed using SSH or RDP. It acts as a ‘jump’ server, allowing you to use SSH or RDP to login to other instance in a private subnet
Bastion Hosts
169
___ instance is, like a bastion host, lives in your public subnet. A ___ instance, however, allows your private instances outgoing connectivity to the Internet, while at the same time blocking inbound traffic from the Internet.
NAT
170
The ___ __ can detect and extract text from images. There are two annotation features that support optical character recognition (OCR):
TEXT_DETECTION detects and extracts text from any image
DOCUMENT_TEXT_DETECTION also extracts text from an image, but the response is optimized for dense text and documents. The JSON includes page, block, paragraph, word, and break information.
VISION API
171
Your team has created a set of applications that will run in GKE clusters. IT management wants to activate and standardize a simple but effective security system. You have prepared a list of possibilities and features that you can use. You realize that some choices must be discarded because they are not safe enough or even wrong. Which solutions would you recommend?
1) . In the cluster, the nodes will be assigned on internal RFC 1918 IP addresses only
2) . Use Service Accounts and store the keys as a Kubernetes secret
3) . Use WorkLoad identity
172
_______ _______, is the new way for GKE applications to authenticate and consume other Google Cloud services.
Workload Identity
173
_________ ______ Let's user inspect the state of an application, at any code location, without stopping or slowing down the running app. It has a user interface similar to that of the popular Chrome Devtools
StackDriver Debugger
174
You are a consultant for a client company and the management wants to migrate its systems to the cloud. The customer is concerned about cost control. They send you communication with a series of hypotheses and questions that you must solve. Which of the required possibilities are correct?
1) Is it possible to create separate budgets for projects and resources?
2) Is it possible to have notifications?
3) Is there a way to have a programmatic interface?
175
You're reviewing an application that sometimes executes some SQL queries with unacceptable response times. You need to find a way to scale the problem and identify the causes. Which of the following methods would you suggest?
Use Stackdriver Logs and set up a metric
YOu can set a metric that accurately identifies the log lines related to queries. You can also create an alert that can promptly alert you when the problem is displayed, so you can review all the related logs and information at the right time.
176
Dress4Win business is growing strongly. The management wants to accelerate cloud migration in the most convenient and scalable way. They did a test with GCE and it went well. Now they also want to evaluate GKE before making the final decision in order to optimize the price/performance ratio. What actions would you recommend for this general test?
- Use Cloud SQL mySQL Service
- Setup a Pod for the Application Server and start using Cloud Build
- Us DB Server with high availability
177
Dress4Win 2 Support failover of the production environment to cloud during an emergency. After several tests, you are developing the final plan for Disaster Recovery and hot failover of the on-premises production environment on the Cloud. You have planned network, storage, and infrastructure.
Which of the following actions would be in your final plan?
- Prepare a custom image of the DB server stopping the instance
- Configure replication between your on-premises database server and the Cloud DB
- Setup the Cloud VPN and DNS
178
TerramEearth is in the process of creating a faster transmission of the gzip CSV files. It has deployed 5g devices in their vehicles with the goal of achieving an unplanned vehicle downtime to a minimum.
You are planning to:
- Acquire directly files, from vehicles or from the services points, to the Cloud
- Transform and get statistical figures immediately
- Store everything in the Data Warehouse and in the Data Lake in the most suite way
- Use the current work routines, whenever possible
Which of the following steps contains your solution?
- Pub/Sub
- Cloud Dataflow
- Cloud Storage
- Big Query
179
You have been asked to select the storage system for the click-data of your company's large portfolio of websites. This data is streamed in from a custom website analytics package at a typical rate of 6,000 clicks per minute, with bursts of up to 8,5000 clicks per second. It must be stored for future analysis by your data science and user experience teams.
Which storage infrastructure should you choose?
Google Cloud Bigtable
- The reason is the data is in IoT nature and it will be used for analytics.
180
Over time, you've created 5 snapshots of a single instance. To save space you delete snapshots number 3 and 4.
What has happened to the fifth snapshot?
- The data from both snapshots 3 and 4 necessary for continuance are transferred to snapshot 5
181
One of your clients is using customer-managed encryption, which of the following statements are true when you are applying a customer-managed encryption key to an object.
- the encryption key is used to encrypt the object's data
- the encryption key is used to encrypt the object's CRC32C checksum
- the encryption key is used to encrypt the object's MD5 hash
"The remaining metadata for the object, including the object's name, is encrypted using standard server-side keys.
182
What permission allows read access to read custom images from GCE engine?
- compute.images.useReadOnly (permission)
183
What role allows access to custom images from GCE?
- roles/compute.imageUser (role)
184
What role allows access to snapshots from GCE?
- roles/compute.StorageAdmin (role)
185
What permission allows read access to snapshots from GCE?
- roles/compute.snapshots.useReadOnly (permission)
186
What role allows for disk access from GCE?
- roles/compute.StorageAdmin (role)
187
What roles allow read access for disks from GCE?
- compute.disks.useReadOnly (permission)
188
You need to regularly create disk-level backups of the root disk of a critical instance. These backups need to be able to be converted into new instances that can be used in different projects. How should you do this?
- Create snapshots, turn the snapshot into a custom image, and share the image across projects
- Create snapshots and share them to other projects
189
Your company has decided to build a backup replica of their on-premises user authentication PostgresSQL database on Google Cloud Platform. The database is 4 TB, and large updates are frequent. Replication requires RFC1918 private address space. Which networking approach would be the best choice?
- Google Cloud Dedicated Interconnect
- Google Cloud Partner Interconnect
"The database is 4TB, and large updates are frequent" makes DI/PI a suitable solution"
190
You are using DataFlow to ingest a large amount of data and later you send the data to Bigquery for Analysis, but you realize the data is dirty, what would be the best choice to use to clean the data in the stream with a serverless approach?
- Fetch the data from Bigquery and create one more pipeline, clean data from DataFlow and send it back to BigQuery
191
You have a long-running job that one of your employees has permissions to start. You don't want that job to be terminated when the employee who last started that job leaves the company. What would be the best way to address the concern in this scenario?
- Create a service account.
- Grant the Service Account User Permission to the employees who needs to start the job.
Also, provide "Compute Instance Admin" permission to that service account.
192
Your company is using Bigquery for data analysis, many users have access to this service and the data set, you would want to know which user has run what query, what would be the best way to get the required information?
Go to the "Query history" it has information about what a user has run what query.
193
A power generation company is looking to use the Google Cloud platform to monitor a power station. They have installed several IoT sensors in the power station like temperature sensors, smoke detectors, motion detectors, etc. Sensor data will be continuously streamed to the cloud. There it has to be handled by different components for real-time monitoring and alerts, analysis, and performance improvement.
What Google Cloud Architecture would serve this purpose?
Cloud IoT Core receives data from IoT devices, Cloud IoT core transforms and redirects requests to a Cloud Pub/Subtopic. After the data is stored in Cloud Pub/Sub, it is retrieved by a streaming job running in Cloud Dataflow that transforms the data and sends it to Big Query for analysis
Cloud IoT >> Cloud Pub/Sub >> Cloud Dataflow >> BigQuery
194
Using the principle of least privilege and allowing for maximum automation, what steps can you take to store audit logs for long-term access and to allow access for external auditors' view?
- Generate a signed URL to the Stackdriver export destination for auditors to access
- Export audit logs to Cloud Storage via an export sink
195
MountKirk Games needs to build out their streaming data analytics pipeline to feed from their game backend application. What GCP services in which order will achieve this?
Cloud Pub/Sub - Cloud Dataflow - BigQuery
196
___ ________ ______ create a security perimeter around data stored in API-based GCP services such as Google Cloud Storage, BigQuery, and Bigtable. This helps mitigate data exfiltration risks stemming from stolen identities, IAM policy misconfigurations, malicious insiders, and compromised virtual machines.
VPC Service Controls
197
You are helping the QA team roll out a new load-testing tool to test the scalability of your primary cloud services that run on Google Compute Engine with Cloud Bigtable.
What three requirements should they include?
- Instrument the load-testing tool and the target services with detailed logging metrics collection
- Create a separate Google Cloud Project to use for the load-testing environment
- Ensure that the load tests validate the performance of Cloud Bigtable
198
Your company places a high value on being responsive and meeting customer needs quickly. Their primary business objectives are release speed and agility.
You want to reduce the chance of security errors being accidentally introduced. Which two actions can you take?
- Use source code security analyzers as part of the CI/CD pipeline.
- Run a vulnerability security scanner as part of your continuous-integration / continuous - delivery (CI/CD) pipeline.
199
You have a mission-critical database running on an instance on Google Compute Engine. You need to automate a database backup once per day to another disk. The database must remain fully operational and functional and can have no downtime. How can you best perform an automated backup of the database with minimal downtime and minimal costs?
- Use a cron job to schedule your application to backup the database to another persistent disk
200
To speed up data retrieval, more vehicles will be upgraded to cellular connections and be able to transmit data to the ETL process. The current FTP process is error-prone and restarts the data transfer from the start of the file when connections fail, which happens often. You want to improve the reliability of the solution and minimize data transfer time on cellular connections. What should you do?
Directly transfer the files to a different "Google Cloud Regional bucket" location in US, EU, and Asia using Google APIs over HTTP(S).
Run the ETL process to retrieve the data from each Regional Bucket.
201
Ensure the following requirements are met.
- Provide the ability for real-time analytics of the inbound biometric data
- Ensure processing of the biometric data is highly durable, elastic and parallel
- The results of the analytic processing should be persisted for "data mining"
Utilize Cloud Pub/Sub to collect the inbound sensor data, analyze the data with DataFlow and save the results to BigQuery
-
- BigQuery = Data mining features
202
Your infrastructure runs on another cloud and includes a set of multi-TB enterprise databases that are backed up nightly both on-premises and also to the cloud. You need to create a redundant backup to Google Cloud. You are responsible for performing "scheduled monthly disaster recovery drills". You want to create a cost-effective solution. What should you do?
- Use Storage Transfer Service to transfer the offsite backup files to a Cloud Storage Nearline storage bucket as a final destination
"Regular data transfers, so you should use the storage transfer service"
"Transfer appliance more for one -time bulk"
203
- Do not run out of storage/disk space
- Keep average CPU usage under 80%
- Keep replication lab under 60 seconds
1 - Enable the automatic storage increase feature for your Cloud SQL instance.
2 - Create an alert in Stackdriver when CPU usage exceeds 80% and change the instance type reduce CPU usage
3 - Create an alert in Stackdriver for replication lag and shard the database to reduce replication time.
204
You have a website hosted on App Engine. After a recent update, you are receiving reports that some portions of the site take up to 20 seconds to load. The slow loading times occurred after the recent update. Which two actions should you perform to troubleshoot?
Rollback to a previous version of your app using the version management feature in App Engine
Use Stackdriver Trace and Logging to troubleshoot latency issues with you website and diagnose in a testing environment
205
When would you use Storage Transfer Service for migrating data?
- Transfer from an on-premises location to Google Cloud Storage
-- Transfer from AWS S3 bucket to Google Cloud Storage bucket.
- Transfer from publicly-available web resource to Google Cloud Storage bucket.
206
_______.______._______ permissions is needed to create the transfer and __________.__________._______ permissions is needed on the target dataset.
- bigquery.transers.update
| - bigquery.datasets.update
207
The _____.______ predefined Cloud IAM role includes _________.________._______ and _______.________.________ permissions
- bigquery.admin
- bigquery.transfers.update
- bigquery.datasets.update
208
What does the error code 429 mean?
Too Many Requests
209
What is the flag used for GCE to make the VM preemptible?
--preemptible
210
If you using a preemptible machine and you want to use a shutdown script; how would you do this?
Under Management >>> Metadata enter in "shutdown-script-url" << and then for the value use a url cloud bucket name for best practice
gs://learning-gcp-229815/shutdown.sh
211
Your company has developed a series of LAMP stack applications, that are required to be scalable and fast and that are often updated by the IT teams. Which of the following actions allow you to facilitate the process of managing the various configurations in production, staging, and development? (4)
- Create deployments using Deployment Manager
- Use Labels for your Resources
- Organize Resources according to your standard and setup/reuse configurations and templates
- Use References, template properties, and outputs
212
Your team has created a set of applications that will run in GCP. IT management wants to activate and standardize a simple but effective security system.
You have prepared a list of possibilities and features that you can use. You realize that some choices must be discarded because they are not safe enough or even wrong.
What solutions would you, recommend at the end?
- Service Accounts related to your applications
- Service Accounts related to your VMs
- Service Accounts related to your K8s Clusters
213
Cloud DataStore
- User Profiles
- Game State
- A scalable, fully-managed NoSQL document Database for your web and mobile applications
214
Cloud BigTable
- High-throughput analytics
- Native time series
- Geospatial datasets
- Low-latency read/write access
215
RTO
Recovery Time Objective
- Maximum acceptable length of time that your application can be offline
216
RPO
Recovery Point Objective
- Maximum acceptable length of time during which data might be lost from your application due to a major incident
217
Your company is using BigQuery for data analysis, many users have access to this service and the data set, you want to know which user has run what query, what would be the best way to get the required information?
Go to Query history it has information about which user has run what query.
218
Horizontally scalable transactional DB
Cloud Spanner
219
Access to audit logs and perform analytics using SQL
Stackdriver Logging + BigQuery
220
Health-check is failing
Check Firewall rule(s)
221
Scale down to Zero Web Application
App Engine Standard
222
How Compute Engine can access BigQuery?
Access Scope (Default Service Account) OR IAM (Custom Service Account)
223
Analyst knows SQL
BigQuery
224
A managed instance group spreads and balances workloads across ____ zones in a region by default.
3
225
_______________ improve your application availability by spreading your instances across three zones.
Regional managed groups
226
A ___________ image is a baked image has everything set and tested and is ready for production use.
Golden
227
3 Cloud Pub/Sub Use Cases
- Balancing workloads in network clusters
- Refreshing distributed caches
- Implementing asynchronous workflows
228
Connection draining delays the termination of an instance until existing connections are closed. Which of the following are also true about connection draining?
- Minimizes interruption for users
- New connections to the instance are prevented
- Instance preserves existing sessions until they end OR a designate timeout is reached (1 to 3600 seconds)
229
Google Cloud Platform has several unique and innovative benefits when it comes to billing and resource control. What are these benefits? (3)
- Sub-hour billing (Billed for 10 minutes and thereafter every minute on VMs)
- Sustained-use discounts
- Compute Engine custom machine types
230
Your customer has decided to run Windows in GCS and the customer also likes to use Powershell. What detail about scripts should you notify them of about with Windows?
A startup script is specified through the metadata server
231
What is the name of the two "Managed" Instance Group types that are supported in GCP?
- Managed Instance Group (Zonal)
| - Managed Instance Group (Regional)
232
A ____ __________ ______ provides a single global IP address for an application.
global forwarding rule
233
What are the two benefits for developers to use Cloud Endpoints?
- Exposes an API for front-end client for mobile or web-application to make use of cloud-based application services
- Frees developers from writing a wrapper to access App Engine resources from a mobile or web client
234
Google Cloud Deployment Manager allows you to create and manage cloud resources with simple templates. What are some other features?
Repeatable Deployment Process, Declarative Language, Parallel Deployment, Schema Files
235
Which specific object can you specify but also GCP can specify?
Project ID
236
Cloud DNS pricing includes a monthly charge per zone plus usage costs based on
Query Traffic
237
With Continous ________, revisions are deployed to a production environment automatically without explicit approval from a developer, making the entire software release process automated
Deployment
238
______ ________ is a DevOps software development practice where code changes are automatically built, tested, and prepared for release to production.
Continuous delivery
239
What are three benefits of using DevOps in a Production Environment?
- Automate Software Releases
- Improve Developer Productivity
- Find Bugs Quicker
240
_____ ___ enables integration with other tools such as compression and partial resource request/reply (access to specific fields in the data) so you don't have to transfer the whole object to get a tiny part of it. There is no Python API for Cloud Storage.
JSON API
241
What would be some reasons to use GCP platforms Transfer Appliance?
- It would take more than 1 week to transfer data
| - If you have more than 60TB of data
242
Google recommends using the "____", technique which is an iterative interrogation technique to help identify the root cause of a problem and get past the apparent surface cause. What is the technique named?
"5 Whys"
243
What are 2 facts of Cloud SQL?
- Cloud SQL is limited to a maximum of 10 TB of data processing
- Cloud SQL will scale up to 4,000 concurrent connections.
244
What are the two ways to isolate microservices in GCP?
Service Isolation/Project Isolation
245
What is the name of the design process that Google uses?
12 Factor Design
246
Measuring helps ensure:
- Making Design Choices
- Testing and Validation
- Monitoring
247
What is the name of the design process Google uses?
12 Factor Design
248
What are some disadvantages of Microservices?
- Management overhead
- Isolation
- Resource overhead
249
_____ are a concept that comes from user experience (UX) design and originated in marketing and represents the user and groups goals and behaviors.
User personas
250
Terramearth Case Study
Your primary goal is to increase the operating efficiency of all 20 million cellular and unconnected vehicles in the field. How can you accomplish this goal?
Capture all operating data, train machine learning models that identify ideal operations, and "run locally" to make operational adjustments automatically
251
Your company wants to control IAM policies for different departments. the departments must be independent from each other, however, you want to centrally manage the IAM policies for each individual department. How should you approach this?
Use a single Organization with a Folder for each department.
This is the best structure to use. One single organization for the entire company. Organize departments inside folders inside of the single organization. You can then apply a single IAM policy to the single department folder, which will be applied to any projects or subfolders inside of it.
252
compute.xpnAdmin
Shared VPC Admin
* Organization level role
* Configure Shared VPC
* Associate service projects with host projects
* Grant Network User Role
253
compute.networkUser
NetworkUser
* Project level role
* Create resources to use shared VPC
* Discover shared VPC assets
* Requires project admin role (Project Owner, Editor, Compute Engine Admin)
254
Sharing and moving images requires ________ _______ ______ _____
Compute Engine Image User role
* Example: User in Project A wants to use images from Project B
* User in Project A must have Compute Engine Image User role granted for project B
* Role grants access to all images in project
*For managed instance groups, Project A service account must be granted role to Project B
255
How do you set a new project from google cloud cli?
gcloud config set project
256
Retrieve IAM policy and download in YAML format
gcloud projects get-iam-policy (project_id) > [filename].yaml
257
Update IAM Policy from file
gcloud projects set-iam-policy (project_id) [filename].yaml
258
Add a single binding
gcloud projects add-iam-policy-binding (project_id) --member user:bob@gmail.com --role roles/editor
259
Instance Template = ________
Global
260
Instance Group = ______
Regional
261
Cloud Functions scale down to _
0
262
Set default region
gcloud config set compute/region us-central1
263
Set default zone
gcloud config set compute/zone us-central1-a
264
The application reliability team at your company has added a debug feature to their backend service to send all server events to Google Cloud Storage for eventual analysis.
The event records are at least 50 KB and at most 15 MB and are expected to peak at 3,000 events per second. You want to minimize data loss. Which process should you implement?
Append metadata to the file body. Compress individual files. Name files with a random prefix pattern. Save files to one bucket.
