Study Guide, Glossary Flashcards
Google Cloud Certified Professional Cloud Architect Study Guide, 2nd Edition by Dan Sullivan
1
Q
A test designed to show a client that the features of a system or application meet their business needs.
A
acceptance test
2
Q
Rules that authorize users to perform operations on objects and systems.
A
access controls
3
Q
Methods of software development that stress incremental and iterative development.
A
agile methodologies
4
Q
Automated notifications in response to events detected in time-series metric data, logs, or other monitoring data.
A
alerting
5
Q
GCP’s PaaS for building and deploying web applications in a serverless environment.
A
App Engine
6
Q
A feature of an application that accepts pro-grammatic requests or data.
A
application programming interface (API)
7
Q
A class of Cloud Storage that provides long-term storage for objects that need to be accessed less than once per year.
A
Archive storage
8
Q
Service calls that do not wait for an operation to complete before returning.
A
asynchronous calls
9
Q
The process of reviewing the structure and configuration of systems often to determine compliance with policy or regulations.
A
auditing
10
Q
An automated response to a problem with a health check.
A
autohealing
11
Q
The automated process of adding or removing instances based on workload.
A
autoscaling
12
Q
A fraction of time that services are functioning correctly and accessible to users.
A
availability
13
Q
Roles in GCP that existed prior to IAM.
A
basic roles
14
Q
A petabyte-scale data warehousing and analytics service managed by GCP that uses tables to organize data and SQL as the query language.
A
BigQuery
15
Q
A deployment strategy that uses two identically configured environments.
A
Blue/Green deployment
16
Q
The ability to use a license you have already purchased to run an application in the cloud.
A
bring-your-own-license (BYOL)
17
Q
A structure for grouping objects in Cloud Storage.
A
bucket
18
Q
The process of planning for a large-scale service disruption, such as extreme weather or long-term power outages.
A
business continuity planning
19
Q
When a small portion of a systems workload is routed to a new version of the software, allowing developers and administrators to test code under production conditions without exposing all users to new code.
A
canary deployment
20
Q
When a failure causes a falling domino effect of distributed system failures, one after the other.
A
cascading failure
21
Q
The practice of introducing random failures into a system to under-stand the consequences of those failures better and identifying unanticipated failure modes.
A
chaos engineering
22
Q
A US federal law that requires the US Federal Trade Commission to define and enforce regulations regarding children’s online privacy.
A
Children’s Online Privacy Protection Act (COPPA)
23
Q
A design pattern that uses an object that monitors the results of a function or service call.
A
Circuit Breaker pattern
24
Q
A wide-column, NoSQL database for high-volume writes and low-latency reads (less than 10 ms).
A
Cloud Bigtable
25
A GCP service that provides software building services and is integrated with other GCP services, such as Cloud Source Repository.
Cloud Build
26
A managed service for processing streaming and batch data sets using Java, SQL, and Python APIs.
Cloud Dataflow
27
A managed service providing Apache Hadoop and Apache Spark platforms.
Cloud Dataproc
28
A serverless, managed NoSQL document database used for storing, syn-chronizing, and querying mobile and web application data.
Cloud Firestore
29
A serverless, event-driven computing service for executing functions in response to events within the cloud.
Cloud Functions
30
A GCP identity-as-a-service (IdaaS) offering that allows for centralized identity management.
Cloud Identity
31
Network connectivity between on-premises infrastructure and Google's infrastructure.
Cloud Interconnect
32
A managed service in GCP that enables customers to generate and store keys in GCP.
Cloud KMS
33
A managed service providing Redis and Memcached memory caching that implements submillisecond data access.
Cloud Memorystore
34
A set of services for monitoring, logging, tracing, and debugging infrastructure and applications in GCP and other platforms.
Cloud Operations
35
A managed message queue for implementing stream and event processing applications, which can write messages to topics or subscribe to topics to receive messages.
Cloud Pub/Sub
36
GCP's version control system and source code repository based on Git.
Cloud Source Repository
37
A managed, horizontally scalable, global relational database designed for distributed applications requiring strong consistency.
Cloud Spanner
38
A managed service providing MySQL, SQL Server, and PostgreSQL databases.
Cloud SQL
39
An object storage service providing web access to scalable storage.
Cloud Storage
40
An open source adapter that allows users to mount Cloud Storage buckets as simulated filesystems on Linux and macOS platforms.
Cloud Storage FUSE
41
A GCP service that provides VPNs between GCP and on-premises networks.
Cloud VPN
42
A class of Cloud Storage that provides long-term storage for objects that need to be accessed less than once per 90 days.
Coldline storage
43
Software that is purchased instead of built in-house.
commercial off-the-shelf (COTS) product
44
The infrastructure-as-a-service (IaaS) offering of GCP.
Compute Engine
45
A package of application code, operating system, and dependencies that can run in a container runtime, such as Docker or containerd.
container
46
A global network of servers with distributed points of presence across the globe.
content delivery network (CDN)
47
The process of incorporating code into a baseline of software, testing it, and, if the code passes tests, releasing it for use.
continuous integration/continuous delivery (CI/CD)
48
A role defined by GCP users and assigned a set of permissions needed to enable entities with the role to perform tasks.
custom roles
49
A key management model where keys are generated and kept on premises and used by GCP services to encrypt the customer's data.
customer-supplied keys
50
A key associated with a chunk of data, used to encrypt and decrypt that chunk of data.
data encryption key (DEK)
51
The state of accuracy and consistency of data over its entire lifecycle.
data integrity
52
The use of multiple security measures to protect data and systems.
defense in depth
53
Documentation designed for software engineers who will be working with code.
developer documentation
54
The practice of combining the responsibilities of software development and IT operations.
DevOps
55
A process of change in businesses as they adopt information technologies to develop new products, improve customer service, optimize operations, and make other major improvements enabled by technology.
digital transformation
56
A network connection type where information does not travel over the public internet when going from on-premises systems to Google Cloud.
Dedicated Interconnect
57
A form of network peering that allows customers to connect their networks to a Google network point of access.
direct peering
58
The practice of recovering data and services after a large-scale outage or loss of data.
disaster recovery (DR)
59
A measurement given as a percentage that describes the likelihood that a stored object will be retrievable in the future.
durability
60
The process of encoding data in a way that yields a coded version of data that cannot practically be converted back to the original form without a key.
encryption
61
Encryption of data when stored on persistent storage, such as a disk or SSD drive.
encryption at rest
62
Encryption of data during transmission, such as over a network.
encryption in motion/transit
63
The practice of encrypting data encryption keys with a second encryption key, known as a key encryption key.
envelope encryption
64
Notifications provided by an alert system that do not warrant intervention.
false alerts
65
A deployment method that allows developers to release new capabilities and features selectively to users, without having to deploy software updates.
feature flags
66
A firewall configuration that allows or denies traffic.
firewall rules
67
A regulation that standardizes privacy protections across the European Union (EU), grants controls to individuals over their private information, and specifies security practices required for organizations holding private information of EU citizens.
General Data Protection Regulation (GDPR)
68
A high-capacity storage device that enables users to transfer and securely ship data to a Google upload and then the data is uploaded to Google Cloud Storage.
Google Transfer Appliance
69
A service that allows for the transfer of data from an HTTP/S location, an AWS S3 bucket, or a Cloud Storage bucket to a Cloud Storage bucket.
Google Transfer Service
70
A set of Google accounts and service accounts with an associated email address.
group
71
A multithreaded command-line utility used to transfer on-premises data to Google Cloud and perform other operations on Cloud Storage.
gsutil
72
A US federal act that extended the application of HIPAA to business associates of healthcare providers and insurers.
Health Information Technology for Economic and Clinical Health (HITECH)
73
A federal law in the United States that protects individuals' healthcare information.
Health Insurance Portability and Accountability Act (HIPAA)
74
The continuous operations of a system at sufficient capacity to meet the demands of ongoing workloads.
high availability
75
A global load balancer available in GCP.
HTTP/S load balancer
76
A cloud is considered to have a hybrid network if it is made up of some combination of an on-premises data center and clouds such as GCP.
hybrid-cloud networking
77
An entity that represents a person or other agent that performs actions on a GCP resource.
identity
78
A GCP service for implementing fine-grained access controls on resources.
Identity and Access Management (IAM)
79
A software service that manages user identities across a system.
identity-as-a-service (IDaaS)
80
A disruption that causes a service to be degraded or unavailable due to single or multiple failures and errors.
incident
81
A type of cloud service that provides compute, storage, and networking services.
infrastructure-as-a-service (IaaS)
82
An object that controls external access to services running in a Kubernetes cluster.
Ingress
83
A measurement of the read and write operations per second for a given storage device.
input/output operations per second (IOPS)
84
Clusters of VMs that are managed as a single unit.
instance groups
85
A file specifying the configuration of a managed instance group.
instance template
86
The testing of a combination of units.
integration tests
87
A TCP and UDP load balancer accessible only to internal virtual resources.
Internal TCP/UDP load balancer
88
A set of IT service management practices for coordinating IT activities with business goals and strategies.
ITIL
89
An open source software automation tool for running software builds.
Jenkins
90
A JSON object that is used for security and authorization during transactions between two systems.
JSON Web Token (JWT)
91
The encryption key that secures the data encryption key in the envelope method of encryption.
key encryption key (KEK)
92
Metrics that provide information about how well a business or organization is achieving an important or key objective.
key performance indicators (KPIs)
93
The primary node agent that runs on each node in Kubernetes.
kubelet
94
An open source platform initially developed by Google that provides container orchestration services, including deployment and autoscaling functionality.
Kubernetes
95
Organized groups of pods that create a functioning version of an application.
Kubernetes deployments
96
A managed Kubernetes service offered by Google on GCP.
Kubernetes Engine
97
The practice of granting only the minimal set of permissions needed to perform a duty.
least privilege
98
Moves VMs to other physical servers when there is a problem with the servers they are running on or scheduled maintenance has to occur.
live migration
99
The process of distributing workload across a set of servers.
load balancing
100
A stress test that is meant to show how a particular system will perform under a defined set of conditions.
load testing
101
The process of recording information about events that occur during processing.
logging
102
A configuration of a Compute Engine VM that includes a number of vCPUs and memory.
machine type
103
The process of keeping software running and up-to-date with business requirements.
maintenance
104
A group of VM instances with the same configuration, which is defined in a managed instance group template.
managed instance groups
105
GCP products that do not require users of the services to perform common configuration, monitoring, and maintenance operations.
managed services
106
An open source caching system available as a managed service in Cloud Memorystore.
Memcached
107
A measure of some aspect of performance of a compute, storage, or network resource.
metrics
108
A collection of lightweight software services that specialize in carrying out a small number of functions.
microservices
109
The process of collecting metrics, events, and metadata from applications, VMs, and other GCP resources.
monitoring
110
A cloud network composed of two or more public clouds.
multicloud network
111
Stores replicas of objects in multiple regions, therefore mitigating the risks of regional outages.
multiregional storage
112
A class of Cloud Storage that stores objects for archival storage that is accessed less than once a month.
Nearline storage
113
The time required for a packet of data to be transmitted over a network from a source to a destination.
network latency
114
A network configuration that allows for routing between networks.
network peering
115
A type of load balancer that provides regional, non-proxied load balancing.
Network TCP/UDP load balancer
116
A group of several types of nonrelational databases, including document databases, such as Firestore and wide-column databases, like Bigtable.
NoSQL
117
Facilitates developing code to interface with a relational database; most often used when an app is built using object-oriented design.
object-relational mapping (ORM)
118
A storage system that manages data as objects, such as files.
object storage
119
Instructions used by system administrators and DevOps engineers to deploy and maintain system operations.
operations documentation
120
A networking practice that sends information over a partner's network, not the public internet.
Partner Interconnect
121
The process of simulating an attack on an information system to gain insights into potential vulnerabilities.
penetration testing
122
A grant to perform some action on a resource.
permission
123
A durable block storage system for GCP.
persistent storage
124
A service that provides a platform for developing and managing applications without the need to maintain the software infrastructure behind it.
platform-as-a-service (PaaS)
125
A low-level compute abstraction that supports containers in Kubernetes.
pods
126
A set of statements that define a combination of users and their roles.
policy
127
Groups of projects and programs that collectively implement the strategy of a business or organization.
portfolios
128
The analysis of a system failure and the response to it after it has happened.
post-mortem analysis
129
A role defined in IAM that has the minimal set of permissions required to carry out the task for which the role was created.
predefined role
130
A low-cost VM with a lifespan of less than 24 hours.
preemptible virtual machine
131
A service offered by Google that routes account traffic on the Google network instead of routing some traffic over the public internet.
Premium Tier network service
132
A review and analysis of a previously completed project or sprint.
project post-mortem
133
Allows a service to request and read a message from the topic using Cloud Pub/Sub.
pull subscription
134
Allows message data to be sent by HTTP POST request to a push endpoint URL using Cloud Pub/Sub.
push subscription
135
A formal plan of action for restoring normal business functions after a loss of information or an outage.
recovery plan
136
The time in which a service should be restored after a loss of information or an outage.
recovery time objective
137
An open source caching system.
Redis
138
The practice of deploying multiple entities, such as VMs and disks, so that loss of one does not cause a loss of service.
redundancy
139
Stores multiple copies of an object in multiple zones in a single region.
regional storage
140
A test designed to ensure that bugs that have been corrected in the past are not reintroduced to the system.
regression test
141
Highly structured data stores that are designed to store data in a way that minimizes the risk of data anomalies and to support a comprehensive query language.
relational databases
142
The practice of deploying code and configuration changes to environments, such as production, test, staging, and development environments.
release management
143
A measure of the probability that a service will continue to function under some load for a period of time.
reliability
144
The set of organization, folders, and projects that are used to group and structure GCP resources.
resource hierarchy
145
Entities that exist in the Google Cloud platform and can be accessed by users.
resources
146
Resource-oriented APIs that use HTTP requests.
REST APIs
147
A retention policy uses the Bucket Lock feature of Cloud Storage buckets to enforce object retention.
retention policies
148
Measures the value, or return, of making an investment.
return on investment (ROI)
149
A set of permissions that allows users and service accounts with that role to perform the specified actions.
role
150
An incremental updating of a group of servers.
rolling deployment
151
Documentation that provides instructions on how to set up and run a service or application.
runbook
152
A US federal law designed to protect the public from fraudulent accounting practices in publicly traded companies.
Sarbanes-Oxley Act (SOX)
153
The ability of a service to adapt its infrastructure to the load of the system.
scalability
154
Software that plays an integral part in protecting information in a system.
safety-critical software
155
The practice of limiting the responsibilities of a single individual to prevent the person from successfully acting alone in a way detrimental to the organization.
separation of duties
156
A type of identity that is associated with applications and instances for the purpose of assigning roles.
service account
157
An agreement between a provider of a service and a customer using the service.
service-level agreement (SLA)
158
A metric that reflects how well a service-level objective is being met.
service-level indicators (SLIs)
159
An agreed-upon target for a measurable attribute of a service that is specified in a service-level agreement.
service-level objectives (SLOs)
160
VPCs within a single organization that can share resources.
Shared VPCs
161
VM instances with enhanced security controls, such as secure boot.
Shielded VMs
162
A series of steps that software engineers follow to create, deploy, and maintain complicated software systems.
software development lifecycle (SDLC)
163
Ensures that VMs run on physical servers with other VMs from the same project.
sole tenancy
164
A load balancer that terminates SSL (TLS) connections and then routes traffic to VMs in the load-balanced cluster.
SSL Proxy load balancer
165
A service offered by Google that routes account traffic on the public internet instead of routing it on Google's internal network.
Standard Tier
166
Service calls that wait for the operation to complete before returning, such as most credit card purchases.
synchronous calls
167
An open source tool supporting infrastructure-as-code.
Terraform
168
A kind of development process that incorporates testing early in the development process.
test-driven development
169
The combination of all expenses related to maintaining a service or component.
total cost of ownership (TCO)
170
The time remaining before an object is deleted.
time to live (TTL)
171
A set of metrics recorded with a time stamp.
time series
172
A database designed to handle time-series data, such as streaming metrics created by a monitoring system.
time-series database
173
The process of testing the smallest unit of testable code for bugs.
unit test
174
A set of VMs that may not be identical and are not created from an instance template.
unmanaged instance groups
175
Documents that explain how to use an application.
user documentation
176
The ability of a system to increase its available resources by moving to hardware with more computational power, such as greater CPU power or more memory.
vertical scalability
177
A software implementation of an emulated physical server.
virtual machine (VM)
178
A logical organization of cloud resources isolated from other resources on the same cloud.
virtual private cloud (VPC)
179
A virtual module for storing encryption keys and other secure information.
Virtual Trusted Platform Module (vTPM)
