GCP Associate Cloud Engineer (ACE) Prep
What command do you use with BigQuery to determine how many bytes are read by a query?
"bq query --dry_run" to determine the number of bytes read by the query
What is the GCP Data Transfer Appliance?
A rackable, high-capacity storage server to physically ship data to put in Google Cloud Storage. Ingest only, not a way to avoid egress charges. 100 TB or 480 TB.
Predefined 'Connect Admin' Role (e.g., Apigee Connect Admin)?
Admin of Apigee Connect
Predefined 'Creator' Role (e.g., Apigee API Creator)?
Creator of Apigee resources
What is the Cloud Speech API?
Global service. Does Automatic Speech Recognition (ASR) to turn spoken word audio files into text. Pre-trained ML model for recognizing speech in 110+ languages/variants. Accepts pre-recorded or real-time audio and can stream results back in real-time. Enables voice command-and-control and transcribing user microphone dictations. Handles noisy source audio. Can filter inappropriate content in some languages. Accepts contextual hints: words and names that will likely be spoken.
What is the Cloud Vision API?
Global service. Example of a pre-trained model. Classifies images into categories, detects objects/faces & finds/reads printed text. Similar to AWS Rekognition service. Pre-trained ML model to analyze images and discover their contents. Classifies images into 1000's for categories (e.g., sailboat, lion). You can upload images or point to ones stored in GCS.
What is the GCP Virtual Private Cloud (VPC)?
Regional & Global service. Global IPv4 unicast Software-Defined Network (SDN) for GCP resources. Similar to Amazon's VPC. Automatic mode is easy. Custom mode allows you to configure subnets (each with a private IP range), routes, firewalls, VPNs, Border Gateway Protocals (BGPs), etc. VPC is global and subnets are regional (not zonal). Can be shared across multiple projects in the same organization and peered with other VPCs. Can enable private (internal IP) access to some GCP services (e.g., BQ, GCS).
What is Cloud Load Balancer (CLB)?
Regional & Global service. High-performance, scalable traffic distribution integrated with autoscaling & Cloud CDN. Similar to AWS Elastic Load Balancing. Part of a software defined network (SDN) that naturally handles spikes without any prewarming; no instances or devices. Regional Network Load Balancer: health checks, round robin and session affinity. The forwarding rules are based on IP, protocal (TCP / UDP) and optionally the port. Global load balancers have multi-region failover for HTTP(S), SSL Proxy and TCP Proxy.
What is the Cloud Interconnect service?
Regional & Multi-Regional service. Provides options for connecting external networks to Google's network.
Is Cloud Datastore a Zonal, Regional, Multi-Regional or Global service?
Regional & Multi-Regional. Managed & autoscaled NoSQL DB with indexes, queries and ACID transaction support. Similar to AWS DynamoDB. No joins or aggregates and must line up with the indexes. NOT, OR, and NOT EQUALS (<>, !=) operations not natively supported.
What is Cloud VPN?
Regional service. IPsec VPN to connect to VPC via public internet for low-volume data connections. Similar to Amazon VPN. Used for persistent, static connections between gateways (i.e., not for a dynamic client). Encrypted link to VPC (as opposed to Dedicated Interconnect), into one subnet. Supports both static and dynamic routing.
What does 'Unicast IP' mean?
There is only one unique device in the world that can handle a certain piece of network traffic; send it there.
Which VPC load balancer provides global, layer 4 load balancing of non-SSL TCP traffic & is supported on specific port numbers? Also can provide IPV6 termination.
Global TCP Proxy
What is the Cloud Natural Language API?
Global service. Analyzes text for sentiment, intent and content classification and extracts info about it. Pre-trained ML model for understanding what text means, so you can act on it. Syntax analysis extracts tokens/sentences, parts of speech & dependency trees. Entity analysis finds people, places, things, etc., labels them and links to Wikipedia. Analysis for sentiment and entity sentiment detect +/- feelings & strength of feelings. Content classification puts each document into one of 700+ predefined categories.
Predefined 'Account User' Role (e.g., Billing Account User)?
Provides access to associate projects with billing accounts.
Predefined 'Job User' Role (e.g., BigQuery Job User)?
Provides permissions to run jobs, including queries, within the project. This role can check the existence of all jobs, enumerate their own jobs, and cancel their own jobs.
What command do you use to add a node to a Kubernetes cluster?
Use "gcloud container clusters resize" with the desired number of nodes.
What does "Anycast IP" mean?
There are multiple devices that could handle a certain piece of network traffic; send it to any one- but ideally the closest.
What are the two appropriate types of GCP data storage / database for relational (structured columns & rows) data?
Cloud SQL (fully managed, good for web, structured frameworks & OLTP) & Cloud Spanner (good for RDBMS+scale, HA, HTAP, mission critical, transactional consistency, global scale). Adtech, Financial Svcs, Global Supply Chain.
What is the appropriate type of GCP data storage for object data storage / database as binary large objects (blobs)?
Cloud Storage (good for binary or object data, such as images, binary media and backups)
What is Google Domains service?
Global service. Google's registrar for domain names. Similar to AWS Route 53. Private 'Whois' records. Built-in DNS or custom nameservers.
What is Cloud Job Discovery?
Global service. Helps career sites, company job boards, etc. to improve engagement & conversation. Pre-trained ML model to help job seekers search job posting databases.
What is Cloud Content Delivery Network (CDN)?
Global service. Low-latency content delivery based on HTTP(S) CLB & integrates with GCE & GCS. Similar to Amazon CloudFront. Supports HTTP/2 and HTTPS, but no custom origins (GCP only).
What is Cloud DNS service?
Global service. Scalable, reliable and managed authoritative Domain Name Service (DNS) service. 100% uptime guarantee. Supports public and private managed zones.
What is the Cloud Translation API?
Global service. Translate text among 100s languages; optionally auto-detects source language. Pre-trained ML model for recognizing and translating semantics, not just syntax. Can let people support multi-regional clients in non-native languages (even two-way communication). To use, send plain text or HTML and receive translation back.
What is GCP Storage Transfer Service?
Global. Copies objects for you, so you don't need to set up a machine to do it. Destination is always a Google Cloud Storage bucket. Source can be AWS S3, HTTP/HTTPS endpoint or another GCS bucket. Can be a one-time or scheduled recurring transfer.
What programming languages does Google Cloud Functions Support?
Node.js, Python, Java and Go. Known as 'Serverless' or Functions as a Service (FaaS). Similar to AWS Lambda service.
What are the three GCP primitive roles (existed before Cloud IAM)?
Owner, Editor and Viewer. These roles are concentric; that is, the Owner role includes the permissions in the Editor role, and the Editor role includes the permissions in the Viewer role.
Is GCP App Engine a PaaS, IaaS or SaaS service?
PaaS. It is similar to AWS' Elastic Beanstalk.
What permissions does the Primitive Viewer role include?
Permissions for read-only actions that do not affect state, such as viewing (but not modifying) existing resources or data.
What command do you use to set a default project?
Use the "gcloud config set project" command to set the default project.
What command do you use to set a default region?
"gcloud config set compute/region <insert region>"
You work in a small company where everyone should be able to view all resources of a specific project. You want to grant them access following Google's recommended practices. What should you do?
. Create a new Google Group and add all users to the group. Use "gcloud projects add-iam-policy-binding" with the Project Viewer role and Group email address.
Predefined 'Connect Agent' Role (e.g., Apigee Connect Agent)?
Ability to set up Apigee Connect agent between external clusters and Google.
Predefined 'Viewer' Role (e.g., Access Approval Viewer)?
Ability to view access approval requests and configuration.
Is Cloud Firestore a Zonal, Regional, Multi-Regional or Global service?
Multi-Regional. NoSQL document stores with ~real-time client updates via managed websockets. Has collections -> documents -> contained data.
Predefined 'Analytics Agent' Role (e.g., Apigee Analytics Agent)?
Curated set of permissions for Apigee Universal Data Collection Agent to manage analytics for an Apigee Organization
Predefined 'Synchronizer Manager' Role (e.g., Apigee Synchronizer Manager)?
Curated set of permissions for a Synchronizer to manage environments in an Apigee Organization
Is BigQuery a Zonal, Regional, Multi-Regional or Global service?
Multi-Regional. Serverless column-store data warehouse for analytics using SQL. Scales internally, so it can scan TB in seconds and PB in minutes. Most similar to AWS Athena (and some similarities to Redshift). Supports streaming inserts.
If you want to deploy an update to your application on App Engine with the ability to roll back as quickly as possible if it fails, what should you do?
Deploy the update as a new version. Migrate traffic from the current version to the new version.
Predefined 'Manager Editor' Role (e.g., Access Context Manager Editor)?
Edit access to policies. Create, edit, and change access levels and access zones.
How do you create an export for Logs Viewer?
In summary, you export logs by creating one or more sinks that include a logs query and an export destination. As Cloud Logging receives new log entries, they are compared against each sink. If a log entry matches a sink's query, then a copy of the log entry is written to the export destination.
You want to find out who in your organization has Owner access to a project called "my-project".What should you do?
In the Google Cloud Platform Console, go to the IAM page for your project and apply the filter "Role:Owner".
What is the Big Data Lifecycle?
Ingest (e.g., Compute Engine)->Store (e.g., Cloud Storage)->Process & Analyze (e.g., BigQuery)->Explore & Visualize (e.g., Cloud Datalab)
What is the preferred approach for managing a policy tied to a particular resource?
Prefer "add-iam-policy-binding" & "remove-iam-policy-binding" rather than "get-aim-policy", edit, then "set-iam-policy."
What are the three types of Cloud IAM roles?
Primitive, Predefined and Custom
Predefined 'Manager Reader' Role (e.g., Access Context Manager Reader)?
Read access to policies, access levels, and access zones.
What is the Static IP service?
Regional & Global service. Reserve static IP addresses in projects and assign them to resources. Like AWS Elastic IP Address. Two types: Regional IPs used for GCE instances & Network Load Balancers and Global IPs used for global load balancers: HTTP(S), SSL Proxy and TCP proxy.
Are Google Cloud Functions a Zonal, Regional, Multi-Regional or Global service?
Regional.
What is the format for setting permissions?
Service.Resource.Verb
Predefined 'Account Viewer' Role (e.g., Billing Account Viewer)?
View billing account cost information and transactions
Predefined 'Ready Only Admin' Role (e.g., Apigee Read-only Admin)?
Viewer of all Apigee resources
Is Google Compute Engine (GCE) a Zonal, Regional, Multi-Regional or Global service?
Zonal.
Is Persistent Disk a Zonal, Regional, Multi-Regional or Global service?
Zonal. Flexible, block-based network-attached storage that is the boot disk for every GCE instance. Data encrypted in transit and at rest. Compares to AWS EBS. Snapshots of Persistent Disks are available Globally. Can mount to multiple instances IF all are read-only.
Is Cloud Bigtable a Zonal, Regional, Multi-Regional or Global service?
Zonal. Low latency & high throughput NoSQL DB for larger operational & analytical apps. Wide-column stores NoSQL DB (like AWS DynamoDB & Cassandra). Integrates with Hadoop, Dataflow and Dataproc. Storage autoscales, but processing nodes must be scaled manually.
What does a policy do in GCP?
It binds Members to Roles for some scope of Resources. It answers "Who can do what to which thing(s)?"
What is a member in GCP?
A Google identity tied to an email address.
Predefined 'Approver' Role (e.g., Access Approval Approver)?
Ability to view or act on access approval requests and view configuration
Predefined 'Deployer' Role (e.g., Apigee Deployer)?
Deployer of Apigee resources
Is GCP App Engine a Zonal, Regional, Multi-Regional or Global service?
Regional.
Is Google Cloud Storage a Zonal, Regional, Multi-Regional or Global service?
Regional & Multi-Regional. This is similar to Amazon S3 & Amazon Glacier (depending on the tier). Designed for 11 9's of durability. Strongly consistent (even for overwrite PUTs and DELETEs). Integrated site hosting & CDN.
What is Dedicated Interconnect?
A Regional & Multi-Regional service. Direct physical link between VPC and on-prem for high-volume data connections. Like AWS Direct-Connect. VLAN attachment is private connection to VPC in one region; no public GCP APIs. Region chosen from those supported by a particular Interconnect Location. Links are private but not encrypted; can layer your own encryption.
What is the Cloud Pub/Sub?
A Global service. An infinitely-scalable at-least-once messaging for ingestion, decoupling, etc. Similar to the combination of AWS SNS & SQS. Global by default: Publish & consume from anywhere, whtih consistent latency. Messages can be up to 10MB and undelivered ones are stored for 7 days- but no dead letter queue (DLQ). Push mode delivers to HTTPS endpoint & succeeds on HTTP succeeds on HTTP success status code. Slow-start algorithm ramps up on success and backs off & retries on failures. Pull mode delivers messages to requesting clients (and makes invisible to the other clients) and waits for ACK to delete. Lets clients set rate of consumption, and supports batching and long-polling.
What is Cloud Internet of Things (IoT) Core?
A Global service. Fully-managed service to connect, manage and ingest data from IoT devices globally. Device Manager handles device identity, authentication, config and control. Protocol Bridge publishes incoming telemetry to Cloud Pub/Sub for processing. It connects securely using IoT industry-standard MQTT or HTTPS protocols. Certificate Authority (CA) signed certificates can be used to verify device ownership on the first connect. Two-way device communication enables configuration & firmware updates. Device shadows enable querying & making control changes while the devices are offline.
What is a role?
A collection of permissions to use or manage GCP resources.
Predefined 'Configuration Editor' Role (e.g., Access Approval Config Editor)?
Ability update the Access Approval configuration
Predefined 'Read Session User' Role (e.g., BigQuery Read Session User)?
Access to create and use read sessions
Is Google Kubernetes Engine (GKE) a Zonal, Regional, Multi-Regional or Global service?
Regional (but creates VMs in specific zones).
What permissions does the Primitive Owner role include?
All editor permissions and permissions for the following actions: -Manage roles and permissions for a project and all resources within the project. -Set up billing for a project. Note: -Granting the owner role at a resource level, such as a Pub/Sub topic, doesn't grant the owner role on the parent project. -Granting the owner role at the organization level doesn't allow you to update the organization's metadata. However, it allows you to modify projects and other resources under that organization. -You can only add owners to a project using the Cloud Console (not the cloud IAM API or gcloud command).
What permissions does the Primitive Editor role include?
All viewer permissions, plus permissions for actions that modify state, such as changing existing resources. Note: While the roles/editor role contains permissions to create and delete resources for most Google Cloud services, some services do not include these permissions.
What is the appropriate type of GCP storage for a data storage / data warehouse?
BigQuery (enterprise data warehouse used for analytics & dashboards). OLAP workloads up to one petabyte, big data exploration & processing
What is the most performant storage option to work with IoT and time series data?
Cloud Bigtable
What are the two appropriate types of GCP data storage / database for non-relational (may need to change the format of data over time) data?
Cloud Datastore (good for hierarchical, mobile, web ) & Cloud Bigtable (heavy read + write, events, fully managed, No-SQL wide-column database) Suitable for both low-latency single-point lookups and precalculated analytics. IoT, Finance, Adtech, Geospatial datasets, Graphs
How can you enable logging for Google Kubernetes Engine (GKE)?
Google Kubernetes Engine (GKE) includes native integration with Cloud Monitoring and Cloud Logging. When you create a GKE cluster, Kubernetes Engine Monitoring is enabled by default and provides a monitoring dashboard specifically tailored for Kubernetes. With Kubernetes Engine Monitoring, you can control whether or not Cloud Logging collects application logs.
Which VPC load balancer provides regional load balancing of traffic (TCP, UDP) inside a VPC & is used for internal tiers of multi-tier applications?
Regional Internal
You want to create a new role for your colleagues that will apply to all current and future projects created in your organization. The role should have the permissions of the BigQuery Job User and Cloud Bigtable User roles. You want to follow Google's recommended practices. How should you create the new role?
For your organization, in the Google Cloud Platform Console under Roles, select both roles and combine them into a new custom role.
Predefined 'Organization Admin' Role (e.g., Apigee Organization Admin)?
Full access to all apigee resource features
Predefined 'Manager Admin' Role (e.g., Access Context Manager Admin)?
Full access to policies, access levels, and access zones
Which VPC load balancer provides global, layer 7 load balancing & can route different URLs to different back ends? Also can provide IPV6 termination.
Global HTTP(s)
Which VPC load balancer provides global, layer 4 load balancing of non-HTTPS SSL traffic based on load & is supported on specific port numbers? Also can provide IPV6 termination.
Global SSL Proxy
What is Dialogflow?
Global service. Build conversational interfaces for websites, mobile apps, messaging, IOT devices (chatbots). Pre-trained ML model and service for accepting, parsing, lexing input and responding. Similar to Amazon Lex service. Enables useful chatbots and other natural user interactions with your custom code. Train it to identify custom entity types by providing a small dataset of examples or choose from 30+ pre-built agents (car, currency, dates) as a starting template.
What programming languages does GCP App Engine Support?
Java, Node.js, Python, Php and Go. You can also use App Engine 'Flex mode' to support containers and almost any language.
Which VPC load balancer provides regional load balancing of any traffic (TCP, UDP) & is supported on any port numbers?
Regional
What is the Cloud Video Intelligence API?
Regional & Global service. Annotates videos in GCS (or directly uploaded) with info about what they contain. Pre-trained ML model for video scene analysis and subject identification. Enables you to search a video catalog the same way you search text documents. Can do Label Detection (entities w/in video), Shot Change Detection (detect scene change) and Safe Search Detection (detect adult content).
What is CDN Interconnect?
Regional & Multi-Regional service. Provides direct, low-latency connectivity to certain CDN providers, with cheaper egress rates. For external CDNs (Akamai, Cloudflare, Fastly, etc)), not Google's CDN service. Works for both pull and push cache fills. Contact CDN provider to set up for GCP project and which regions. Free to enable, then pay less for the egress you configured.
What is the Cloud Machine Learning (ML) Engine?
Regional service. Massively scalable managed service for training ML models & making predictions. Similar to AWS SageMaker. Based on TensorFlow. Enables apps/devs to use TensorFlow on datasets of any size; endless use cases. Integrates with: GCS/BQ, Cloud Datalab (dev), Cloud Dataflow (preprocessing). Supports online & batch predictions, prioritizing latency (online) & job time (batch). Also, download models & make predictions anywhere: desktop, mobile, own servers. HyperTune automatically tunes model hyperparameters to avoid manual tweaking. Training: pay per hour to train your model depending on chosen cluster capabilities (ML training units). Prediction: pay per provisioned node-hour plus by prediction request volume made.
What is Cloud Router?
Regional service. Provides dynamic routing (BGP) for hybrid networks linking GCP VPCs to external networks. Works with Cloud VPN and Dedicated Interconnect. Automatically learns subnets in VPC and announces them to your on-prem network.
Is Cloud Spanner a Zonal, Regional, Multi-Regional or Global service?
Regional, Multi-Regional, Global. The "first horizontally scalable, strongly consistent, relational database service." Can scale from 1 to 100s or 1000s of nodes. One node is actually a server at each replication location.
Is Cloud SQL a Zonal, Regional, Multi-Regional or Global service?
Regional. Supports MySQL & PostgreSQL databases. Compares to Amazon RDS.
You need to verify the assigned permissions in a custom IAM role. What should you do?
Use the GCP Console, IAM section to view the information.
Predefined 'Metadata Viewer' Role (e.g., BigQuery Metadata Viewer)?
When applied at the project or organization level, metadataViewer provides permissions to: -List all datasets and read metadata for all datasets in the project. -List all tables and views and read metadata for all tables and views in the project. Additional roles are necessary to allow the running of jobs.
Predefined 'Owner' Role (e.g., BigQuery Data Owner)?
When applied to a dataset, dataOwner provides permissions to: -Read, update, and delete the dataset. -Create, update, get, and delete the dataset's tables. When applied at the project or organization level, this role can also create new datasets.
Predefined 'Data Viewer' Role (e.g., BigQuery Data Viewer)?
When applied to a dataset, dataViewer provides permissions to: -Read the dataset's metadata and to list tables in the dataset. -Read data and metadata from the dataset's tables. When applied at the project or organization level, this role can also enumerate all datasets in the project. Additional roles, however, are necessary to allow the running of jobs.
Is Local SSD a Zonal, Regional, Multi-Regional or Global service?
Zonal (connected to a specific GCE instance). Data will be lost if the instance is shut down (on purpose or by accident), but can survive a Live Migration. Data encrypted at rest.
Is Cloud Filestore a Zonal, Regional, Multi-Regional or Global service?
Zonal. File-based storage system. Compares to AWS Elastic File System (EFS). Primary use case is application migration to the cloud ("lift and shift").
Is Firebase Realtime DB a Zonal, Regional, Multi-Regional or Global service?
Zonal. NoSQL document stores with ~real-time client updates via managed websockets. Is a single (potentially huge) JSON doc, located only in the central US. Free tier (Spark), flat tier (Flame), or usage-based pricing (Blaze).
What is the syntax of a gcloud command?
gcloud <global flags> <service/product> <group/area> <command> <flags> <parameters>
What command do you use to create a GCP project?
gcloud config set project <project-id>
What command line tool do you use to set configurations that are used by "gsutil" and "bq"?
gcloud config. Also, gsutil is an equivalent to "gcloud storage" while "bq" is equivalent to "gcloud bigquery"
What command do you use to determine if one or more permissions are included in a primitive, predefined or custom role?
gcloud iam roles describe