Google Cloud Certified Associate Cloud Engineer

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

A feature of Cloud Shell that allows you to browse to port 8080.

Web Preview

Where do container images need to exist for Kubernetes to work with them?

A container registry.

The command to list networks.

`gcloud compute networks list`

A service used to run web applications on a managed platform.

App Engine

A sparsely populated database.

Bigtable

Google's infrastructure as code service.

Deployment manager

Scaling modes supported by App Engine.

Manual, Automatic, and Basic* *Only with standard environments

You keep attempting to execute a command, and while there's no error being thrown, you suspect something is going wrong. You want to check out the gcloud logs. However, you can't recall in which directory they're located. Your script skills are not what they could be, so you can't rely on using those fancy command line skills. Which command could you run to show you where the log directory is located? A. google logs B. gcloud info C. gcloud logging D. gcloud

A. google logs Why is this incorrect? This isn't a command. gcloud info is the correct answer. B. gcloud info Why is this correct? This display gives details about the components, libraries, system details, and the log directory, as well as the last log file.

A tool that warns you when you're spending too much.

Billing Alerts

App Engine traffic can be split by:

IP address, Cookie, Random

Cloud functions should be written in an __________ way.

Idempotent

IAM stands for what?

Identity and Access Management

The load balancer to use with the following attributes: • Internal TCP traffic

Internal TCP Load Balancing

What is the purpose of this command: `gcloud iam service-accounts create...`

It creates a new service account.

Where SSH keys for connecting to Compute Engine instances are stored.

Project or Instance metadata.

Service that can ingest event streams. Commonly used with IoT.

Pub/Sub

Name of a point-in-time backup of a persistent disk.

Snapshots

Google's horizontally scalable SQL database.

Spanner

The load balancer to use with the following attributes: • External TCP traffic • No SSL offload • Global LB or IPv6

TCP Proxy

Mounted directories that are accessible from inside containers.

Volumes

Why can't Cloud Storage objects be changed?

They are immutable.

The meaning of this CIDR address range: 0.0.0.0/0

This represents all IP addresses that exist.

The App Engine feature that allows fast rollbacks, A/B testing, and canary deployments.

Traffic Splitting

Types of available roles.

Types of available roles. Primitive roles, predefined roles, and custom roles.

A way to group different instances together.

Unmanaged instance groups.

How to write to Stackdriver logs from a Cloud Function.

Use the logging package or write to standard out.

The format used for Kubernetes resource files.

YAML

The templates that Deployment Manager supports.

YAML, Jinja, and Python.

The Compute Engine metadata key that allows you to run code at startup.

startup-script

A common protocol and port used to connect to a Windows instance.

RDP over port 3389.

NoSQL's realtime database.

Firebase Realtime Database

A feature of Cloud Storage that allows objects to be accessed temporarily.

Signed URLs

Your engineers have asked you to set up a subnet with the largest IP address range possible. Which of the following ranges would work best? A. 0.0.0.0/0 B. 10.0.0.0/32 C. 192.168.0.0/16 D. 10.0.0.0/8

A. 0.0.0.0/0 Why is this incorrect? This represents every possible IP address, public and private. You can't use this for a subnet. D. 10.0.0.0/8 Why is this correct? This would result in a range of 10.0.0.0 - 10.255.255.255 resulting in 16,777,214 possible addresses.

You're attempting to set up a File based Billing Export. Which of the following components are required? A. A Cloud Storage bucket. B. A BigQuery dataset. C. A report prefix. D. A Budget and at least one alert.

A. A Cloud Storage bucket. Why is this correct? This is required in order to have a location for the files to be exported to. D. A Budget and at least one alert. Why is this incorrect? Budgets and alerts aren't connected to the export. This isn't required.

You have several users who need access to some very specific Google Cloud functionality. You'd like to follow the principle of least privilege. What's the best way to ensure these users can list Cloud Storage buckets, list BigQuery jobs, and list compute disks? A. Add the users to the viewer role. B. Use the Cloud Storage Bucket Viewer, BigQuery Job User, and Compute User predefined roles. C. Create a custom role for this job role, add the required permissions, and add the users to the role. D. Add the users to a group, apply the Cloud Storage Bucket Viewer, BigQuery Job User, and Compute User predefined roles.

A. Add the users to the viewer role. Why is this incorrect? This is far too permissive C. Create a custom role for this job role, add the required permissions, and add the users to the role. Why is this correct? This meets all the criteria. Using predefined roles would work, however, they'd be too permissive.

Your boss has asked you to onboard a new user and provide them with access to their team's project. What set of steps best describes what needs to happen? A. Add them as a member of the project, grant them the required roles, and sync the user back to G Suite. B. Add the user inside of G Suite, create a user group, and add them to that user group. C. Add the user inside of G Suite; sync from G Suite to the Active Directory using the Directory Sync util; add them as a member and grant them the required roles. D. Add the user inside of G Suite, add them as a member of the project, and grant them the required roles.

A. Add them as a member of the project, grant them the required roles, and sync the user back to G Suite. Why is this incorrect? Cloud IAM isn't an identity provider, and you can't sync from Cloud IAM to G Suite, that's not a real concept. D. Add the user inside of G Suite, add them as a member of the project, and grant them the required roles. Why is this correct? This assumes that the company is using G Suite. Given that, this set of steps would work well.

You've uploaded some static web assets to a public storage bucket for the developers. However, they're not able to see them in the browser due to what they called "CORS errors". What's the easiest way to resolve the errors for the developers? A. Advise the developers to adjust the CORS configuration inside their code. B. Use the gsutil cors set command to set the CORS configuration on the bucket. C. Use the gsutil set cors command to set the CORS configuration on the bucket. D. Use the gsutil set cors command to set the CORS configuration on the object.

A. Advise the developers to adjust the CORS configuration inside their code. Why is this incorrect? This won't resolve the issue. The problem needs to be addressed in Cloud Storage. B. Use the gsutil cors set command to set the CORS configuration on the bucket. Why is this correct? This is correct. You can set the CORS configuration on the bucket allowing the objects to be viewable from the required domains.

Which of the following is a valid use case for Flow Logs? A. Blocking instances from communicating over certain ports. B. Network forensics. C. Proxying SSL traffic. D. Serving as a UDP relay.

A. Blocking instances from communicating over certain ports. Why is this incorrect? Firewall rules will block communication. Flow logs track a sampling of network traffic showing which IP addresses interacted with which service and when. B. Network forensics. Why is this correct? This is something useful because flow logs will show which IP addresses interacted with which service and when.

Your team is developing a product catalog that allows end users to search and filter. The full catalog of products consists of about 500 products. The team doesn't have any experience with SQL, or schema migrations, so they're considering a NoSQL option. Which database service would work best? A. Cloud SQL B. Cloud Memorystore C. Bigtable D. Cloud Datastore

A. Cloud SQL Why is this incorrect? The scenario ruled out SQL. D. Cloud Datastore Why is this correct? Datastore can be queried, it's fully managed, and is a great option for catalog based applications. Datastore also supports a basic query/filter syntax.

Your developers have been thoroughly logging everything that happens in the API. The API allows end users to request the data as JSON, XML, CSV, and XLS. Supporting all of these formats is taking a lot of developer effort. Management would like to start tracking which options are used over the next month. Without modifying the code, what's the fastest way to be able to report on this data at the end of the month? A. Create a custom counter logging metric that uses a regex to extract the data format into a label. At the end of the month, use the metric viewer to see the group by the label. B. Create a log sink that filters for rows that mention the data format. Export that to BigQuery, and run a query at the end of the month. C. Create a custom monitoring metric in code and edit the API code to set the metric each time the API is called. D. Export the logs to excel, and search for the different fields.

A. Create a custom counter logging metric that uses a regex to extract the data format into a label. At the end of the month, use the metric viewer to see the group by the label. Why is this correct? This is a simple solution that only requires the metric to be created, and then Stackdriver will track each occurrence. D. Export the logs to excel, and search for the different fields. Why is this incorrect? This sounds simple, however, by the time you get the logs filtered and exported into a form Excel can use, you could have already created the logging metric.

You're running an n-tier application on Compute Engine with an Apache web server serving up web requests. You want to consolidate all of your logging into Stackdriver. What's the best approach to get the Apache logs into Stackdriver? A. Create a log sink and export it to Stackdriver. B. Stackdriver logs application data from all instances by default. C. Enable Stackdriver monitoring when creating the instance. D. Install the Stackdriver monitoring and logging agents on the instance.

A. Create a log sink and export it to Stackdriver. Why is this incorrect? This isn't how log sinks work. Sinks export logs from Stackdriver to other services. D. Install the Stackdriver monitoring and logging agents on the instance. Why is this correct? The agents know how to collect monitoring and logging data from Apache.

Your coworker created a deployment for your application container. You can see the deployment under Workloads in the console. They're out for the rest of the week, and your boss needs you to complete the setup by exposing the workload. What's the easiest way to do that? A. Create a new Service that points to the existing deployment. B. Create a new DaemonSet. C. Create a Global Load Balancer that points to the pod in the deployment. D. Create a Static IP Address Resource for the Deployment.

A. Create a new Service that points to the existing deployment. Why is this correct? A service is how we expose deployments. It's a persistent endpoint that we can interact with, and it will send the traffic over to the pods in the deployment. B. Create a new DaemonSet. Why is this incorrect? DaemonSets are used to ensure a copy of a pod is running on all (specified) nodes.

Your developers have created an application that needs to be able to make calls to Cloud Storage and BigQuery. The code is going to run inside a container and will run on Kubernetes Engine and on-premises. What's the best way for them to authenticate to the Google Cloud services? A. Create a service account, grant it the least viable privileges to the required services, generate and download a key. Use the key to authenticate inside the application. B. Use the default service account for App Engine which already has the required permissions. C. Use the default service account for Compute Engine which already has the required permissions. D. Create a service account, with editor permissions, generate and download a key. Use the key to authenticate inside the application.

A. Create a service account, grant it the least viable privileges to the required services, generate and download a key. Use the key to authenticate inside the application. Why is this correct? Service accounts are used for this very reason. Care needs to be taken with the key. However, this will work. B. Use the default service account for App Engine which already has the required permissions. Why is this incorrect? This would work, however, it violates the principle of least privilege. Also, it would still require a service account key for the on-premises code.

You're migrating an on-premises application to Google Cloud. The application uses a component that requires a licensing server. The license server has the IP address 10.28.0.10. You want to deploy the application without making any changes to the code or configuration. How should you go about deploying the application? A. Create a subnet with a CIDR range of 10.28.0.0/28. Reserve a static internal IP address of 10.28.0.10. Assign the static address to the license server instance. B. Create a subnet with a CIDR range of 10.28.0.0/28. Reserve a static external IP address of 10.28.0.10. Assign the static address to the license server instance. C. Create a subnet with a CIDR range of 10.28.0.0/10. Reserve a static external IP address of 10.28.0.10. Assign the static address to the license server instance. D. Create a subnet with a CIDR range of 10.28.0.0/29. Reserve a static internal IP address of 10.28.0.10. Assign the static address to the license server instance.

A. Create a subnet with a CIDR range of 10.28.0.0/28. Reserve a static internal IP address of 10.28.0.10. Assign the static address to the license server instance. Why is this correct? This would work. The CIDR range is large enough to include 10.28.0.10. B. Create a subnet with a CIDR range of 10.28.0.0/28. Reserve a static external IP address of 10.28.0.10. Assign the static address to the license server instance. Why is this incorrect? In this scenario, we need a static internal IP, not an external.

Your boss has asked you to set up something to perform monitoring and logging. The ideal solution would allow you to monitor your Google Cloud resources as well as a few different EC2 instances running inside AWS. Which option would meet the criteria with the least amount of work? A. Deploy a custom solution based on the ELK stack. B. Datadog C. Stackdriver D. AWS Cloudwatch

A. Deploy a custom solution based on the ELK stack. Why is this incorrect? This doesn't work in this scenario due to the amount of effort to set up and configure compared to Stackdriver. C. Stackdriver Why is this correct? Stackdriver is a part of Google Cloud, it offers support for AWS monitoring, and it doesn't require learning or paying for any third-party services.

Your team uses a third-party monitoring solution. They've asked you to deploy it to the nodes in your Kubernetes Engine Cluster. What's the best way to do that? A. Deploy the monitoring pod as a DaemonSet. B. Deploy the monitoring pod as a Deployment. C. Use Deployment Manager to deploy the monitoring solution. D. Connect to each node via SSH and install the monitoring solution.

A. Deploy the monitoring pod as a DaemonSet. Why is this correct? DaemonSets run a pod on each node in the cluster. Using a DaemonSet allows you to deploy your pod in the same way you deploy your other containers. This makes it easy to do without adding new tools. D. Connect to each node via SSH and install the monitoring solution. Why is this incorrect? This is more work than required, it's also not a very scalable solution. Using a DaemonSet will deploy the container (in a pod) to each node.

Your team has some new functionality that they want to roll out slowly so they can monitor for errors. The change contains some significant changes to the user interface. You've chosen to use traffic splitting to perform a canary deployment. You're going to start by rolling out the code to 15% of your users. How should you go about setting up traffic splitting? A. Deploy the new version. Split the traffic using an IP or cookie based distribution. B. Use the gcloud app deploy command with the distribution flag to deploy and split the traffic in one command. C. Deploy the new version using the no-promote flag. Split the traffic using a random distribution. D. Deploy the new version using the no-promote flag. Split the traffic using distribution.

A. Deploy the new version. Split the traffic using an IP or cookie based distribution. Why is this incorrect? This will work! However, by default when deploying applications the new version is promoted, so it will get 100% of the traffic. Using no-promote is important in this scenario. D. Deploy the new version using the no-promote flag. Split the traffic using distribution. Why is this correct? This will work. Cookie-based will allow for a level of persistence so if a user reloads the page, they'll see the version they're supposed to.

A few members of the dev team have been talking about testing a Google Cloud API they've never used before. They're curious to see what parameters are required and what the results of the API call will look like. They've asked you to set up a new project, grant them access, enable the API, and let them know when it's ready. What's the most efficient way to help the developers test the new API? A. Direct them to the API Explorer. B. Follow the developer's recommendation and set up a new project, grant them access, and enable the API. C. Help them to set up the Cloud SDK and use the gcloud command. D. Enable the API inside an existing project and grant them permissions.

A. Direct them to the API Explorer. Why is this correct? The API Explorer is likely the fastest and easiest way to test out an API. It doesn't require all of the additional effort that goes along with setting up APIs for production environments. B. Follow the developer's recommendation and set up a new project, grant them access, and enable the API. Why is this incorrect? This works, it's just not the easiest way to go about accomplishing the task.

Your team has been working towards using desired state configuration for your entire infrastructure, which is why they're excited to store the Kubernetes Deployments in YAML. You created a Kubernetes Deployment with the kubectl apply command and passed on a YAML file. You need to edit the number of replicas. What steps should you take to update the Deployment? A. Edit the number of replicas in the YAML file and rerun the kubectl apply. B. Edit the YAML and push it to Github so that the git triggers deploy the change. C. Disregard the YAML file. Use the kubectl scale command. D. Edit the number of replicas in the YAML file and run the kubectl set image command.

A. Edit the number of replicas in the YAML file and rerun the kubectl apply. Why is this correct? If you create a deployment with the kubectl create or apply commands, then you can update with kubectl apply -f file.yaml. C. Disregard the YAML file. Use the kubectl scale command. Why is this incorrect? The reason for using the YAML file is to have the desired state configuration. Don't just throw it away!

Your security team wants to be able to audit network traffic inside of your network. What's the best way to ensure they have access to the data they need? A. Enable flow logs. B. Disable flow logs. C. Add them to the Subnet Traffic Viewer role. D. Add a firewall capture filter.

A. Enable flow logs. Why is this correct? Using flow logs saves networking traffic to the logs, though it does generate a lot of data. B. Disable flow logs. Why is this incorrect? Using flow logs saves networking traffic to the logs. Enabling flow logs would give them what they need.

Your finance team is working with the engineering team to try and determine your spending for each service by day and month across all projects used by the billing account. What is the easiest and most flexible way to aggregate and analyze the data? A. Export the data for the billing account(s) involved to BigQuery; then use BigQuery to analyze the service data for the desired projects, by day and month. B. Export the data for the billing account(s) involved to a JSON File; use a Cloud Function to listen for a new file in the Storage bucket; code the function to analyze the service data for the desired projects, by day and month. C. Export the data for the billing account(s) to File, import the files into a SQL database; then use BigQuery to analyze the service data for the desired projects, by day and month. D. Use the built-in reports which already show this data.

A. Export the data for the billing account(s) involved to BigQuery; then use BigQuery to analyze the service data for the desired projects, by day and month. Why is this correct? You can export the data from the Billing Account to BigQuery. This will give you the data for all of the projects. Then you can start querying the data for patterns. B. Export the data for the billing account(s) involved to a JSON File; use a Cloud Function to listen for a new file in the Storage bucket; code the function to analyze the service data for the desired projects, by day and month. Why is this incorrect? This is possible, and it's fairly automated. Though it's a harder set up than with BigQuery, and it isn't as flexible since it requires a code change to edit the analysis.

Your manager needs you to test out the latest version of MS-SQL on a Windows instance. You've created the VM and need to connect into the instance. What steps should you follow to connect to the instance? A. Generate a Windows password in the console, then use a client capable of communicating via RDP and provide the credentials. B. Generate a Windows password in the console, then use the RDP button to connect in through the console. C. Connect in with your own RDP client using your Google Cloud username and password. D. From the console click the SSH button to automatically connect.

A. Generate a Windows password in the console, then use a client capable of communicating via RDP and provide the credentials. Why is this correct? Before connecting into a Windows instance you need to have a password generated. Then you can use any RDP client you want. There isn't an RDP client built into the console at the time this question was created. D. From the console click the SSH button to automatically connect. Why is this incorrect? Windows instances don't use SSH, at least by default. They use RDP.

You've been running App Engine applications in a Standard Environment for a few weeks. With several successful deployments, you've just deployed a broken version, and the developers have gone home for the day. What is the fastest way to get the site back into a functioning state? A. Have the developers fix the issue and deploy. B. Use the gcloud app rollback command. C. In the UI, click Traffic Splitting and direct 100% of the traffic to the previous version. D. In the UI, click the Rollback button on the versions page.

A. Have the developers fix the issue and deploy. Why is this incorrect? This is a good option. However, if the devs are not available per the question, then this isn't the fastest way. C. In the UI, click Traffic Splitting and direct 100% of the traffic to the previous version. Why is this correct? This is an easy way to roll the change back to a working version.

Your developers are trying to select the best compute service to run a static website. They have a dozen HTML pages, a few Javascript files, and some CSS. They need the site to be highly available for the few weeks it is running. They also have a limited budget. What is the best service to use to run the site? A. Kubernetes Engine B. Compute Engine C. Cloud Storage D. App Engine

A. Kubernetes Engine Why is this incorrect? This would cost more than Cloud Storage. C. Cloud Storage Why is this correct? A static website can be hosted with cloud storage for very little money.

You're using a self-serve Billing Account to pay for your 2 projects. Your billing threshold is set to $1000.00 and between the two projects you're spending roughly 50 dollars per day. It has been 18 days since you were last charged. Given the above data, when will you likely be charged next? A. On the first day of the next month. B. In 2 days when you'll hit your billing threshold. C. On the thirtieth day of the month. D. In 12 days, making it 30 days since the previous payment.

A. On the first day of the next month. Why is this incorrect? This could be correct if coincidentally the charge was made on the first day of the next month. However, it's not the intent of the scenario. With Self-serve, you pay when you hit the billing threshold or every 30 days; whichever happens first. Given the scenario assumes $50 per day, you'll hit the spending threshold in 2 more days. D. In 12 days, making it 30 days since the previous payment. Why is this correct? With Self-serve, you pay when you hit the billing threshold or every 30 days; whichever happens first. Given the scenario assumes $50 per day, you'll hit the spending threshold in 2 more days.

You've been asked to help onboard a new member of the big-data team. They need full access to BigQuery. Which type of role would be the most efficient to set up while following the principle of least privilege? A. Primitive Role B. Custom Role C. Managed Role D. Predefined Role

A. Primitive Role Why is this incorrect? Primitive roles are project-based and would be too permissive for this use case. D. Predefined Role Why is this correct? Predefined roles would work great for this use case because they're specific to resources. BigQuery has several predefined roles including a "BigQuery Admin" role.

Your team is working on designing an IoT solution. There are thousands of devices that need to send periodic time series data for processing. Which services should be used to ingest and store the data? A. Pub/Sub, Datastore B. Pub/Sub, Dataproc C. Dataproc, Bigtable D. Pub/Sub, Bigtable

A. Pub/Sub, Datastore Why is this incorrect? Bigtable is a better solution for high traffic - time series data. D. Pub/Sub, Bigtable Why is this correct? Pub/Sub is able to handle the ingestion, and BigTable is a great solution for time series data.

You've setup and tested several custom roles in your development project. What is the fastest way to create the same roles for your new production project? A. Recreate them in the new project. B. Use the gcloud iam copy roles command and set the destination project. C. In the UI, select the roles and click the Export button. D. Use the gcloud iam roles copy command and set the destination project.

A. Recreate them in the new project. Why is this incorrect? For one role, this may be faster. For several, this is likely slower. https://cloud.google.com/sdk/gcloud/reference/iam/roles/copy D. Use the gcloud iam roles copy command and set the destination project. Why is this correct? This is a fast way to copy existing roles, even across projects.

While looking at your application's source code in your private Github repo, you've noticed that a service account key has been committed to git. What steps should you take next? A. Revoke the key, remove the key from Git, purge the Git history to remove all traces of the file, ensure the key is added to the .gitignore file. B. Delete the project and create a new one. C. Do nothing. Git is fine for keys if the repo is private. D. Contact Google Cloud Support

A. Revoke the key, remove the key from Git, purge the Git history to remove all traces of the file, ensure the key is added to the .gitignore file. Why is this correct? This should do it. This is pretty common, so if it happens to you, don't beat yourself up about it. Just take steps to ensure it doesn't happen in the future. https://cloud.google.com/iam/docs/creating-managing-service-account-keys#deleting_service_account_keys D. Contact Google Cloud Support Why is this incorrect? This isn't required. This is something you're able to handle without Google support.

Your security team has been reluctant to move to the cloud because they don't have the level of network visibility they're used to. Which feature might help them to gain insights into your Google Cloud network? A. Routes B. Subnets C. Flow logs D. Firewall rules

A. Routes Why is this incorrect? Routes don't add to network visibility. C. Flow logs Why is this correct? Flow logs are great for gaining insights into what's happening on a network. They provide a sample of the flows to and from instances.

Your development team has asked you to set up an external TCP load balancer with SSL offload. Which load balancer should you use? A. SSL proxy B. HTTP load balancer C. TCP proxy D. HTTPS load balancer

A. SSL proxy Why is this correct? The SSL proxy meets all the criteria. D. HTTPS load balancer Why is this incorrect HTTP(s) is a higher level protocol than TCP. The best option is to use the SSL proxy.

You have a Linux server running on a custom network. There's an allow firewall rule with an IP filter of 0.0.0.0/0 with a protocol/port of tcp:22. The logs on the instance show a constant stream of attempts from different IP addresses, trying to connect via SSH. You suspect this is a brute force attack. How might you change the firewall rule to stop this from happening and still enable access for legit users? A. Stop the instance. B. Deny all traffic to port 22. C. Change the port that SSH is running on in the instance and change the port number in the firewall rule. D. Change the IP address range in the filter to only allow known IP addresses.

A. Stop the instance. Why is this incorrect? This would stop the attack, though, it would also prevent legit traffic. D. Change the IP address range in the filter to only allow known IP addresses Why is this correct? By using 0.0.0.0/0, you're opening the port to the internet. By whitelisting known IP addresses, it will block anyone not on the list.

After enabling the BigQuery export, you've noticed some additional expenses that you hadn't expected or included in your budget. What's the most likely reason for these additional expenses? A. The BigQuery costs are now included in your changes. B. You've underestimated the price of the services you're using. C. Google has increased their prices. D. Google charges $1.00 per day for billing exports.

A. The BigQuery costs are now included in your changes. Why is this correct? If all other charges are accounted for, this is likely the cause. C. Google has increased their prices. Why is this incorrect? This is possible, though, if the additional cost happened after enabling the BQ export, it's more likely that it is the cause.

You're looking for the IP address of a specific instance that is running in your default zone. Which command and flag(s) could you use to return just the IP address? A. The gcloud compute list along with the filter and format flags. B. The gcloud compute list along with the o flag and jsonpath value. C. The gcloud compute instances list along with the o flag and jsonpath value. D. The gcloud compute instances list along with the filter and format flags.

A. The gcloud compute list along with the filter and format flags. Why is this incorrect? The component to view an instance is named "instances". D. The gcloud compute instances list along with the filter and format flags. Why is this correct? This would allow you to zero in on just the properties you want.

You've been trying to deploy a container to Kubernetes; however, kubectl doesn't seem to be able to connect to the cluster. Of the following, what is the most likely cause and how can you fix it? A. The kubeconfig is missing the credentials. Run the gcloud container clusters get-credentials command. B. The firewall rules are preventing the connection. Open up the firewall rules to allow traffic to port 1337. C. The kubeconfig is missing the credentials. Run the gcloud container clusters auth login command. D. The firewall rules are preventing the connection. Open up the firewall rules to allow traffic to port 3682.

A. The kubeconfig is missing the credentials. Run the gcloud container clusters get-credentials command. Why is this correct? Kubectl doesn't know about a cluster. Using this command, you can get the cluster credentials and save them locally. C. The kubeconfig is missing the credentials. Run the gcloud container clusters auth login command. Why is this incorrect? The problem is likely related to the credentials missing inside kubeconfig. However, that command is fake and won't solve the problem.

You have a Cloud Storage bucket that needs to host static web assets. How do you make the bucket public? A. Trick question. Don't ever make a bucket public. B. Check the "make public" box in the UI. C. Set allUsers to have the Storage Object Viewer role. D. gsutil make-public gs://bucket-name

A. Trick question. Don't ever make a bucket public. Why is this incorrect? You might be a bit overzealous. Some buckets actually contain public data, and it's only private data we want to ensure isn't set to public. C. Set allUsers to have the Storage Object Viewer role. Why is this correct? This will make a bucket public.

Your team needs to set up a new Jenkins instance as quickly as possible. What's the best way to get it up- and-running? A. Use Google's Managed Jenkins Service. B. Deploy the jar file to a Compute Engine instance. C. Search the marketplace for Jenkins and install with Cloud Launcher. D. Create a Deployment Manager template and deploy it.

A. Use Google's Managed Jenkins Service. Why is this incorrect? This would be cool, but it's not currently a real service. C. Search the marketplace for Jenkins and install with Cloud Launcher. Why is this correct? This is a simple way to install common software.

You're using Stackdriver to set up some alerts. You want to reuse your existing REST-based notification tools that your ops team has created. You want the setup to be as simple as possible to configure and maintain. Which notification option would be the best option? A. Use a Slack bot to listen for messages posted by Google. B. Send it to an email account that is being polled by a custom process that can handle the notification. C. Send notifications via SMS and use a custom app to forward them to the REST API. D. Webhooks

A. Use a Slack bot to listen for messages posted by Google. Why is this incorrect? This is also possible, though, it's an additional layer that makes it more complicated than it needs to be. D. Webhooks Why is this correct? Webhooks would allow you to easily send the notification to an HTTP(S) endpoint. Given the above scenario, this is the best option for something custom.

Your company created an application that just went viral. Based on the current traffic, your team is expecting to need 12 Standard-2 instances to handle the traffic for next month. What's the easiest way to estimate how much that is going to cost? A. Use a billing alert. B. Contact Google Support. C. Export the billing logs to BigQuery for analysis. D. Use the price calculator.

A. Use a billing alert. Why is this incorrect? An alert only lets you know when you're going to exceed your budget. D. Use the price calculator. Why is this correct? This is a simple way to estimate the cost of Google Cloud resources.

You're working on setting up a cluster of virtual machines with GPUs to perform some 3D rendering for a customer. They're on a limited budget and are looking for ways to save money. What is the best solution for implementing this? A. Use an autoscaled managed instance group containing some preemptible instances. B. Use an unmanaged instance group with preemptible instances. C. Use App Engine with Flexible Environments. D. Use App Engine with Standard Environments.

A. Use an autoscaled managed instance group containing some preemptible instances. Why is this correct? An autoscaled managed instance group will make it easy to have instances added automatically. Using a preemptible instance will save cost. D. Use App Engine with Standard Environments. Why is this incorrect? Even if App Engine had support for GPUs, it's not really designed for HPC.

You have an App Engine application running in us- east1. You've noticed 90% of your traffic comes from the West Coast. You'd like to change the region. What's the best way to change the App Engine region? A. Use the gcloud app region set command and supply the name of the new region. B. Contact Google Cloud Support and request the change. C. From the console, under the App Engine page, click edit, and change the region drop-down. D. Create a new project and create an App Engine instance in us- west2.

A. Use the gcloud app region set command and supply the name of the new region. Why is this incorrect? There is currently no way to change the region of App Engine. D. Create a new project and create an App Engine instance in us- west2. Why is this correct? There is currently no way to change the region of App Engine.

You've seen some errors in the logs for a specific Deployment. You've narrowed the issue down to the Pod named "ad-generator" that is throwing the errors. Your engineers aren't able to reproduce the error in any other environment. They've told you that if they could just "connect into the container" for 5 minutes, they could figure out the root cause. What steps would allow them to run commands against the container? A. Use the kubectl exec -it ad-generator -- /bin/bash command to run a shell on that container. B. Use the kubectl exec -it -- /bin/bash command to run a shell on that container. C. Use the kubectl run command to run a shell on that container. D. Use the kubectl run ad-generator /bin/bash command to run a shell on that container.

A. Use the kubectl exec -it ad-generator -- /bin/bash command to run a shell on that container. Why is this correct? Assuming the container has the bash binary installed, this will work. C. Use the kubectl run command to run a shell on that container. Why is this incorrect? Run is used to create deployments on the cluster.

You have a 20 GB file that you need to securely share with some contractors. They need it as fast as possible. Which steps would get them the file quickly and securely? A. Using composite objects and parallel uploads to upload the file to Cloud Storage quickly. Then generate a signed URL and securely share it with the contractors. B. Set up a VPC with a custom subnet. Create a subnet tunnel. Upload the file to a network share. Grant the contractors temporary access. C. Upload the file to Bigtable using the bulk data import tool. Then provide the contractors with read access to the database. D. Upload the file to Cloud Storage. Grant the allAuthenticated users token view permissions.

A. Using composite objects and parallel uploads to upload the file to Cloud Storage quickly. Then generate a signed URL and securely share it with the contractors. Why is this correct? This will allow you to upload the file quickly by breaking it into smaller chunks and uploading them at the same time. The signed URL allows for secure temporary access to the object. D. Upload the file to Cloud Storage. Grant the allAuthenticated users token view permissions. Why is this incorrect? This is roughly the same as using the allUsers token. The difference being, this requires users to be logged into a Google account. The users don't need to exist as one of your IAM members.

You're using Deployment Manager to deploy your application to an autoscaled, managed instance group on Compute Engine. The application is a single binary, What is the fastest way to get the binary onto the instance, without introducing undue complexity? A. When creating the instance template use the startup script metadata key to bootstrap the application. B. Use a "golden image" that contains everything you need. C. When creating the instance template, use the startup script metadata key to install Ansible. Have the instance run the play-book at startup to install the application. D. Once the instance starts up, connect over SSH and install the application.

A. When creating the instance template use the startup script metadata key to bootstrap the application. Why is this correct? The startup script is a simple way to get your application bootstrapped without adding more tooling. B. Use a "golden image" that contains everything you need. Why is this incorrect? This is a common practice, and it's a great answer. It doesn't quite meet the complexity requirements for this question.

Which of the following is a valid use case for using a primitive role? A. When granting permission to a development project or to the development team. B. When there are more than 10 users. C. When creating a custom role requires more than 10 permissions. D. When granting permission to a production project, or to a third-party company.

A. When granting permission to a development project or to the development team. Why is this correct? This would meet Google's recommended use cases. B. When there are more than 10 users. Why is this incorrect? This isn't a real thing.

You recently created a budget with alerts for a new project 2 days ago. The budget is set for $500, and the new project only contains a single low traffic App Engine application. Unlike the other projects which are highly used production environments. You just received an email informing you that you've hit 50% of your budget. What is the most likely reason for this notification? A. You've experienced a billing glitch. B. You set the budget to use the billing account rather than the project. C. You've had a massive spike in App Engine traffic. D. You've underestimated the costs associated with App Engine, Datastore, or other used services.

A. You've experienced a billing glitch. Why is this incorrect? Possible, however, given the scenario, this isn't the most likely cause. B. You set the budget to use the billing account rather than the project. Why is this correct? You can set the budget to track against a billing account or project. If you intended to use the project, and accidentally used the billing account, that could cause this.

You've created a new Compute Engine instance in zone us-central1-b . When you tried to attach the GPU that you're data engineers requested, you're getting an error. What is the most likely cause of the error? A. Your instance isn't running with the correct scopes to allow GPUs. B. The GPU is not supported for your OS. C. Your instance isn't running with the default compute engine service account. D. The desired GPU doesn't exist in that zone.

A. Your instance isn't running with the correct scopes to allow GPUs. Why is this incorrect? This is just specific enough to sound like it could be a real answer. Sadly, this not a real thing. D. The desired GPU doesn't exist in that zone. Why is this correct? Not all GPUs exist in all regions.

You're about to deploy your team's App Engine application. They're using the Go runtime with a Standard Environment. Which command should you use to deploy the application? A. gcloud app deploy app.yaml B. gcloud app-engine apply app.yaml C. gcloud app apply app.yaml D. gcloud app-engine deploy app.yaml

A. gcloud app deploy app.yaml Why is this correct? Memorizing command on the CLI is boring, so well done! The configuration is contained in the app.yaml for most runtimes. Java uses app.xml . The command will also work without specifying the file if it's in the current working directory. C. gcloud app apply app.yaml Why is this incorrect? Apply is a command used a lot with kubectl. However, with App Engine, you use the deploy command.

Your developers are trying to connect to an Ubuntu server over SSH to diagnose some errors. However, the connection times out. Which command should help solve the problem? A. gcloud compute firewall-rules create "open-ssh" --network $NETWORK --allow tcp:22 B. gcloud compute firewall-rules create "open-ssh" C. gcloud compute firewall-rules create "open-ssh" --network $NETWORK --deny tcp:22 D. gcloud compute firewall-rules create "open-ssh" --network $NETWORK --allow tcp:3389

A. gcloud compute firewall-rules create "open-ssh" --network $NETWORK --allow tcp:22 Why is this correct? The assumption here is that port 22 for ssh is blocked by the firewall. This will open it up to the world. C. gcloud compute firewall-rules create "open-ssh" --network $NETWORK --deny tcp:22 Why is this incorrect? This creates a deny rule. The issue is likely that the port is already blocked, so this won't fix the problem.

You're attempting to remove the zone property from the Compute Engine service, that was set with the incorrect value. Which command would accomplish your task? A. gcloud config unset compute/zone B. gcloud config unset zone C. gcloud config configurations unset compute/zone D. gcloud unset compute/zone

A. gcloud config unset compute/zone Why is this correct? This would indeed unset the zone for compute engine. B. gcloud config unset zone Why is this incorrect? This command omits the compute part of the zone. It should be compute/zone . Without the compute/ prefix, the unset command assumes this is a core property.

You need to create a new development Kubernetes cluster with 4 nodes. The cluster will be named linux- academy-dev-cluster. Which of the following truncated commands will create a cluster? A. gcloud container clusters create linux-academy-dev- cluster --num-nodes 4 B. kubectl clusters create linux-academy-dev-cluster 4 C. kubectl clusters create linux-academy-dev-cluster --num-nodes 4 D. gcloud container clusters create linux-academy-dev-cluster 4

A. gcloud container clusters create linux-academy-dev- cluster --num-nodes 4 Why is this correct? This is the correct start of the command. There are some additional flags. C. kubectl clusters create linux-academy-dev-cluster --num-nodes 4 Why is this incorrect? kubectl isn't used to create clusters.

You've created a Pod using the kubectl run command. Now you're attempting to remove the Pod, and it keeps being recreated. Which command might help you as you attempt to remove the pod? A. gcloud container describe pods B. kubectl get pods C. kubectl get secrets D. kubectl get deployments

A. gcloud container describe pods Why is this incorrect? This is the combination of several commands and isn't real. D. kubectl get deployments Why is this correct? This would help to see the name of the deployment that the pod is running under so that you can delete the deployment.

You've run a command to start up 2 new instances. However, you do not see the instances in the console. What command(s) would help you to identify the cause of the problem? A. gcloud debug B. gcloud config list C. gcloud auth login D. gcloud info

A. gcloud debug Why is this incorrect? This isn't an actual command. At least, it wasn't when this was written. C. gcloud auth login Why is this incorrect? This will kick off the auth process and create an auth token. However, it won't help in this case.

Your team has chosen to use Deployment Manager to create the Compute Engine infrastructure for your application. You've already run the gcloud deployment-manager deployments create command to create the deployment. You've updated 2 resources in the template and need to deploy the change. What command should you use? A. gcloud deployment-manager resources apply B. gcloud deployment-manager deployments update C. gcloud deployment-manager resources update D. gcloud deployment-manager deployments apply

A. gcloud deployment-manager resources apply Why is this incorrect? The resources component exists, though, this isn't how you update a deployment. Also, the apply command is used with Kubernetes, though, not with DM. B. gcloud deployment-manager deployments update Why is this correct? Well done! This will update the deployment

You've created the code for a Cloud Function that will respond to HTTP triggers and return some data in JSON format. You have the code locally, it's tested and working. Which command can you use to create the function inside Google Cloud? A. gcloud functions deploy B. gcloud function create C. gcloud functions create D. gcloud function deploy

A. gcloud functions deploy Why is this correct? This command creates and deploys. D. gcloud function deploy Why is this incorrect? The component is "functions" with an "s" at the end.

You've finally been given a new laptop, but you need to install all of the tools you need. You already installed the Cloud SDK, but none of the commands seem to be working correctly. What step did you likely forget? A. gcloud init B. gcloud config_list C. gcloud application_init D. gcloud config list

A. gcloud init Why is this correct? Running gcloud init will kick off the authentication process as well as go through setting some default properties, such as the project. If you're not able to interact with your project after installing the SDK, you may have missed running the init process. D. gcloud config list Why is this incorrect? This might be useful for showing the current configuration. However, it won't resolve the issue.

You've been asked to add a new IAM member and grant them access to run some queries on BigQuery. Considering the principle of least privilege, which role should you assign? A. roles/bigquery.dataViewer and roles/bigquery.jobUser B. Project Editor C. roles/bigquery.admin D. roles/bigquery.dataOwner

A. roles/bigquery.dataViewer and roles/bigquery.jobUser Why is this correct? These should give enough access to run queries. B. Project Editor Why is this incorrect? This gives access to just about everything.

The command to create a Cloud Function.

`gcloud functions deploy`

The command to deploy a Cloud Function.

`gcloud functions deploy`

You've been tasked with getting all of your team's public SSH keys onto all of the instances of a particular project. You've collected them all. With the fewest steps possible, what is the simplest way to get the keys deployed? A. Add all of the keys into a file that's formatted according to the requirements. Use the gcloud compute instances add-metadata command to upload the keys to each instance B. Add all of the keys into a file that's formatted according to the requirements. Use the gcloud compute project-info add- metadata command to upload the keys. C. Use the gcloud compute ssh command to upload all the keys D. Format all of the keys as needed and then, using the user interface, upload each key one at a time.

B. Add all of the keys into a file that's formatted according to the requirements. Use the gcloud compute project-info add- metadata command to upload the keys. Why is this correct? This will upload the keys as project metadata which allows SSH access to the user's with uploaded keys D. Format all of the keys as needed and then, using the user interface, upload each key one at a time. Why is this incorrect? Possible, not the fewest steps though.

The command to copy files to and from Cloud Storage.

`gsutil cp`

You've just created a new Google Cloud account. You're eager to start working with resources such as App Engine and Cloud Storage. However, you know that resources have requirements. Which of the following is required by Google Cloud in order to enable and use resources? A. A Stackdriver account B. An Organization C. A Project D. A Folder

B. An Organization Why is this incorrect? While Organizations are recommended, they are optional. C. A Project Why is this correct? All resources belong to a project. Projects are isolated boxes for resources, enabling billing, managing collaborators, etc.

You've created a bucket to store some data archives for compliance. The data isn't likely to need to be viewed. However, you need to store it for at least 7 years. What is the best default storage class? A. Multi-regional B. Coldline C. Regional D. Nearline

B. Coldline Why is this correct? Coldline storage is an ideal storage class for archives. C. Regional Why is this incorrect? This is more expensive and available than required.

Your developers have some application metrics that they're tracking. They'd like to be able to create alerts based on these metrics. What steps need to happen in order to alert based on these metrics? A. In the UI create a new logging metric with the required filters, edit the application code to set the metric value when needed, and create an alert in Stackdriver based on the new metric. B. Create a custom monitoring metric in code, edit the application code to set the metric value when needed, create an alert in Stackdriver based on the new metric. C. Add the Stackdriver monitoring and logging agent to the instances running the code. D. Create a custom monitoring metric in code, in the UI create a matching logging metric, and create an alert in Stackdriver based on the new metric.

B. Create a custom monitoring metric in code, edit the application code to set the metric value when needed, create an alert in Stackdriver based on the new metric. Why is this correct? This will work. Developers can use one of Google's APIs to create and set custom metrics. D. Create a custom monitoring metric in code, in the UI create a matching logging metric, and create an alert in Stackdriver based on the new metric. Why is this incorrect? This is a mashup of using monitoring and logging metrics. This won't work.

30 minutes ago you created a log sink that exports all of your project audit logs to Cloud Storage. You can see in the log viewer that there are new records. However, you're not seeing them in your Storage Bucket. What is the most likely cause? A. Cloud Storage isn't a supported destination. B. Each log sink destination has its own time window for saving the data. C. The Cloud Storage Bucket doesn't have the correct permissions. D. You forgot to enable the sink inside the Cloud Storage UI.

B. Each log sink destination has its own time window for saving the data. Why is this correct? This is true. Cloud Storage can take a couple hours to persist the data. C. The Cloud Storage Bucket doesn't have the correct permissions. Why is this incorrect? If after several hours there's no data, then this may be the cause. At the 30 minute mark, this isn't the first thing to look at.

You have an App Engine application serving as your front-end. It's going to publish messages to Pub/Sub. The Pub/Sub API hasn't been enabled yet. What is the fastest way to enable the API? A. Use a service account to auto-enable the API. B. Enable the API in the Console. C. Application's in App Engine don't require external APIs to be enabled. D. The API will be enabled the first time the code attempts to access Pub/Sub.

B. Enable the API in the Console. Why is this correct? This is a simple way to enable APIs. D. The API will be enabled the first time the code attempts to access Pub/Sub. Why is this incorrect? APIs need to be enabled.

Regarding audit logs, which of the following is a Google recommended best practice? A. Export your audit logs to App Engine B. Export your audit logs to Pub/Sub. C. Flush your audit logs monthly so you can more easily notice security events. D. Export your audit logs to Cloud Storage and store them for a long period of time.

B. Export your audit logs to Pub/Sub. Why is this incorrect? If you have a need for this, then do it. However, in itself, it isn't a best practice. https://cloud.google.com/iam/docs/using-iam-securely D. Export your audit logs to Cloud Storage and store them for a long period of time. Why is this correct? Audit logs should always be backed up and stored securely for as long as is practical.

A member of the finance team informed you that one of the projects is using the old billing account. What steps should you take to resolve the problem? A. Go to the Project page; expand the Billing tile; select the Billing Account option; select the correct billing account and save. B. Go to the Billing page; view the list of projects; find the project in question and select Change billing account; select the correct billing account and save. C. Delete the project and recreate it with the correct billing account. D. Submit a support ticket requesting the change.

B. Go to the Billing page; view the list of projects; find the project in question and select Change billing account; select the correct billing account and save. Why is this correct? These steps would work. C. Delete the project and recreate it with the correct billing account. Why is this incorrect? Don't do this just to change a billing account. The console allows you to change the billing account.

You've been asked to add Martha Jones as a member of the "Production Storefront App" project; Using the email address [email protected] with the App Engine Admin role. You browse to the IAM page in the console and attempt to add her, however, you get the following error. "Email addresses and domains must be associated with an active Google Account or Google Apps account." What's the most likely cause for this error? A. Martha has already been added as a to this project as a different member. B. Martha has been denied access due to a policy on the Organization. C. Martha hasn't been added as a user inside the Company's G Suite account. D. Martha has an outstanding bill with Google and can't be added until the bill is paid.

B. Martha has been denied access due to a policy on the Organization. Why is this incorrect? This isn't something that's possible. C. Martha hasn't been added as a user inside the Company's G Suite account. Why is this correct? Google supports users who have a Gmail, or Google Groups account. They also support the users in your G Suite or Cloud Identity account. If Martha hasn't been added as a user inside G Suite, then IAM won't accept her email address.

Your boss has asked you to set up the CFO as a user inside Google Cloud. Before walking away, she said, "And obviously you know which role to assign him." Which role was she likely talking about, and why is it obvious? (Select one role and one reason) A. Reason: This role will ensure the CFO has full access to the project. B. Role: Billing Account Viewer C. Reason: This role will ensure the CFO has access to view the spending data. D. Role: Project Owner E. Role: Billing Account Admin F. Reason:: This role will ensure the CFO can perform any billing task that they may need.

B. Role: Billing Account Viewer Why is this correct? This is a good role for users who need to view the spending data but not make changes or create billable projects. This would be a good role for a CFO. C. Reason: This role will ensure the CFO has access to view the spending data. Why is this correct? Billing Account Viewer is a good role for users who need to view the spending data but not make changes or create billable projects. This would be a good role for a CFO. D. Role: Project Owner Why is this incorrect? This is far too permissive for someone who only needs access to financial data. F. Reason:: This role will ensure the CFO can perform any billing task that they may need. Why is this incorrect? This would work, but it is more permissive than likely required.

Your coworker has helped you set up several configurations for gcloud. You've noticed that you're running commands against the wrong project. Being new to the company, you haven't yet memorized any of the projects. With the fewest steps possible, what's the fastest way to switch to the correct configuration? A. Run gcloud configurations list followed by gcloud configurations activate . B. Run gcloud config list followed by gcloud config activate. C. Run gcloud config configurations list followed by gcloud config configurations activate. D. Re-authenticate with the gcloud auth login command and select the correct configurations on login.

B. Run gcloud config list followed by gcloud config activate. Why is this incorrect? This won't give you a list of all the configurations; also the second command isn't valid. C. Run gcloud config configurations list followed by gcloud config configurations activate. Why is this correct? This will allow you to list off the configurations and then activate the one you need.

Your company has hired a third-party analytics company to help find patterns in user data. Your development team has generated a file containing only the data they've requested; which includes personally identifiable information. What is the best way to share the data with the other company? A. Create a new user for the company and grant them access to the original data source for them to query. B. Send the file through email. C. Put the data on Cloud Storage and generate a signed URL that will expire in one hour, and securely share the URL. D. Put the data on Cloud Storage in a public bucket and securely share the URL.

B. Send the file through email. Why is this incorrect? This is a big no! Even if the customer is using encrypted email, don't risk letting sensitive data sit out on a contractor's personal devices. C. Put the data on Cloud Storage and generate a signed URL that will expire in one hour, and securely share the URL. Why is this correct? This will allow anyone with the URL to access the data for an hour.

You're working as a Cloud Engineer for a small company. The lead developer needs to create some new projects in order to get started with deploying the codebase. She tried to create a project and received an error. She messaged you on Slack to ask for help, though, she couldn't recall the exact error message. You checked and found that she does have Project Creator permissions. Keeping in mind the principle of least privilege, what is the best role to grant her so that she can create billable projects? A. The "Billing Account Administrator" role. B. The "Billing Account User" role. C. The "Project Owner" role. D. The "Billing Account Viewer" role.

B. The "Billing Account User" role. Why is this correct? The Billing Account User role combined with the Project Creator role would allow her to create a new billable project. C. The "Project Owner" role. Why is this incorrect? This would work. However, it's too permissive. Remember, the question uses the principle of least privilege as a requirement.

You've set up an instance inside your new network and subnet. Your firewall rules are set to target all instances in your network. You have the following firewall rules. NAME:deny-all | NETWORK:devnet | DIRECTION:INGRESS | PRIORITY:1000 | DENY:tcp:0- 65535,udp:0-6553 NAME:open-ssh | NETWORK:devnet | DIRECTION:INGRESS | PRIORITY:5000 | ALLOW:tcp:22 However, when you attempt to connect to your instance via SSH, your connection is timing out. What is the most likely cause? A. Your instance needs to be rebooted. B. The SSH key hasn't been uploaded to the instance. C. The firewall rule needs to be applied to the instance specifically. D. The deny rule overrides the allow rule.

B. The SSH key hasn't been uploaded to the instance. Why is this incorrect? There would be an error if the key wasn't uploaded. D. The deny rule overrides the allow rule. Why is this correct? The larger the number, the lower its priority.

You're using a Pub/Sub topic to publish disparate messages from an on-premises application. You're looking for a simple way to run some code every time a message is published. What is the simplest, lowest cost, and most CPU friendly solution? A. Use a scheduled task that starts an App Engine application to poll for changes. B. Use a scheduled Cloud Function to check the queue every minute. C. Deploy code to Compute Engine that polls for messages. D. Have Pub/Sub push messages to a Cloud Function.

B. Use a scheduled Cloud Function to check the queue every minute. Why is this incorrect? This is inefficient. Pub/Sub can push messages to a function. D. Have Pub/Sub push messages to a Cloud Function. Why is this correct? This ticks all the boxes. Simple, low cost, CPU friendly because it's not polling.

You have a simple web application that you're trying to deploy in a secure and inexpensive way. The application is running inside a Docker container on port 8080. Once the application is initially deployed, the developers are going to take ownership of future deployments. What is the best option for running the application? A. Use an App Engine Standard Environment. B. Use an App Engine Flexible Environment. C. Use an on-premises Kubernetes cluster. D. Use Kubernetes Engine.

B. Use an App Engine Flexible Environment. Why is this correct? Flexible environments are able to use a Dockerfile to create custom runtimes. They specifically run on port 8080. C. Use an on-premises Kubernetes cluster. Why is this incorrect? This probably doesn't meet the criteria of inexpensive, considering the amount of ops effort required to run a cluster. Also, most companies don't have the security expertise, especially around Kubernetes.

You've created a new firewall rule to allow incoming traffic on port 22, using a target tag of "dev-ssh". You tried to connect to one of your instances, and you're still unable to connect. What steps do you need to take to resolve the problem? A. Run the gcloud firewall-rules refresh command. B. Use source tags in place of the target tags. C. Reboot the instances for the firewall rule to take effect. D. Apply a network tag of "dev-ssh" to the instance you're trying to connect into and test again.

B. Use source tags in place of the target tags. Why is this incorrect? Source tags won't help in this scenario since we're connecting from the internet into an instance. D. Apply a network tag of "dev-ssh" to the instance you're trying to connect into and test again. Why is this correct? A target tag looks for instances with a matching network tag. If you haven't applied the tag to the network, you'll be unable to connect, unless another rule opens the port.

You've found that your Linux server keeps running low on memory. It's currently using 8 Gigs of memory, and you want to increase it to 16. What is the simplest way to do that? A. Use the gcloud compute add-memory command to increase the memory. B. Use the Linux memincr command to increase the memory. C. Stop the instance and change the machine type. D. Create a new instance with the correct amount of memory.

B. Use the Linux memincr command to increase the memory. Why is this incorrect? It's not possible to increase the memory from inside the instance and have Compute Engine know about it. Also, that memincr command is made up. C. Stop the instance and change the machine type. Why is this correct? This is a valid way to change the memory of an instance.

You're deploying an application to a Compute Engine instance, and it's going to need to make calls to read from Cloud Storage and Bigtable. You want to make sure you're following the principle of least privilege. What's the easiest way to ensure the code can authenticate to the required Google Cloud APIs? A. Create a new user account with the required roles. Store the credentials in Cloud Key Management Service and download them to the instance in code. B. Use the default Compute Engine service account and set its scopes. Let the code find the default service account using "Application Default Credentials". C. Create a new service account and key with the required limited permissions. Set the instance to use the new service account. Edit the code to use the service account key. D. Register the application with the Binary Registration Service and apply the required roles.

B. Use the default Compute Engine service account and set its scopes. Let the code find the default service account using "Application Default Credentials". Why is this correct? Simple and effective. C. Create a new service account and key with the required limited permissions. Set the instance to use the new service account. Edit the code to use the service account key. Why is this incorrect? This will allow you to run with limited permissions, though it's more work than needed.

You're in charge of setting up a Stackdriver account to monitor 3 separate projects. Which of the following is a Google best practice? A. Use the existing project with the least resources as the host project for the Stackdriver account. B. Use the existing project with the most resources as the host project for the Stackdriver account. C. Create a new, empty project to use as the host project for the Stackdriver account. D. Use one of the existing projects as the host project for the Stackdriver account.

B. Use the existing project with the most resources as the host project for the Stackdriver account. Why is this incorrect? This isn't a best practice for Google or anyone else. https://cloud.google.com/monitoring/accounts/ C. Create a new, empty project to use as the host project for the Stackdriver account. Why is this correct? This is Google's recommendation when monitoring multiple projects.

You need to connect to one of your Compute Engine instances using SSH. You've already authenticated gcloud, however, you don't have an SSH key deployed yet. In the fewest steps possible, what's the easiest way to connect to the app? A. Create a key with the ssh-keygen command. Upload the key to the instance. Run gcloud compute instances list to get the IP address of the instance, then use the ssh command. B. Use the gcloud compute ssh command. C. Create a key with the ssh-keygen command. Then use the gcloud compute ssh command. D. Run gcloud compute instances list to get the IP address of the instance, then use the ssh command.

B. Use the gcloud compute ssh command. Why is this correct? This will automatically upload a key for your and SSH into the instance. C. Create a key with the ssh-keygen command. Then use the gcloud compute ssh command. Why is this incorrect? This will automatically upload a key for you and SSH into the instance.

You've uploaded some PDFs to a public bucket. When users browse to the documents, they're downloaded rather than viewed in the browser. How can we ensure that the PDFs are viewed in the browser? A. This is a browser setting and not something that can be changed. B. Use the gsutil set file-type pdf command. C. Set the Content metadata for the object to "application/pdf". D. Set the Content-Type metadata for the object to "application/pdf"

B. Use the gsutil set file-type pdf command. Why is this incorrect? This isn't a real command. Browsers use the content-type header to determine how to render an asset. D. Set the Content-Type metadata for the object to "application/pdf" Why is this correct? This will ensure the browser views the object as a PDF.

You and your team have been working on a new application over the past couple weeks. While it's still in development, it's becoming a bit costly for your limited budget. The entire team had a meeting on Friday to talk about how to save money until you're able to launch. One of your team members suggested shutting down some services overnight and during the weekend. Though no official decision was made before leaving for the weekend, a junior team member sent out an email saying he found a solution to the problem. When arriving at the office on Monday, you find that your project is no longer in the drop-down inside the Console. What's the most likely reason for the missing project? A. The project was moved to another account. B. Your trial credits expired, and the project was removed. C. The engineer removed the project and attached all of the resources directly to the Organization. D. The engineer clicked the "shut down" link thinking it was like a light switch that he could toggle on and off.

B. Your trial credits expired, and the project was removed. Why is this incorrect? Google doesn't remove projects. If you have free credits and they expire, then you'll be billed based on whatever billing profile you've set up in your billing account. D. The engineer clicked the "shut down" link thinking it was like a light switch that he could toggle on and off. Why is this correct? The phrase "shut down" used in several areas of the Console could be confusing to engineers who are new to Google Cloud.

You need to help a developer install the App Engine Go extensions. However, you've forgotten the exact name of the component. Which command could you run to show all of the available options? A. gcloud config list B. gcloud component list C. gcloud config components list D. gcloud components list

B. gcloud component list Why is this incorrect? In this example the word component is singular. The actual command is plural: gcloud components list D. gcloud components list Why is this correct? This will show a table of all the components, and if they are installed or not.

You've installed the Cloud SDK natively on your Mac. You'd like to install the kubectl component. Which command would accomplish this? A. sudo apt-get install kubectl B. gcloud components install kubectl C. pip install kubectl D. brew install kubectl

B. gcloud components install kubectl Why is this correct? Well done! For Windows and Mac, you can use the built-in component manager. C. pip install kubectl Why is this incorrect? Pip isn't the correct tool for this job. Good try though.

You're attempting to deploy a new instance that uses the centos 7 family. You can't recall the exact name of the family. Which command could you use to determine the family names? A. gcloud compute instances list B. gcloud compute images show-families C. gcloud compute instances show-families D. gcloud compute images list

B. gcloud compute images show-families Why is this incorrect? show-families is not a real command. Use list to list off the images. D. gcloud compute images list Why is this correct? Family names are an attribute of images. This would list all the images and their family names.

You're attempting to set the default Compute Engine zone with the Cloud SDK. Which of the following commands would work? A. gcloud set compute/zone us-east1 B. gcloud set compute\zone us-east1 C. gcloud config set compute/zone us-east1 D. gcloud config set compute\zone us-east1

B. gcloud set compute\zone us-east1 Why is this incorrect? This is wrong on 2 accounts. First, it should be gcloud config set . Second, this would fail because it should be a forward slash and not a backslash. C. gcloud config set compute/zone us-east1 Why is this correct? This will work perfectly! Well done! :D

You're working on creating a script that can extract the IP address of a Kubernetes Service. Your coworker sent you a code snippet that they had saved. Which one is the best starting point for your code? A. kubectl get svc -o filtered- json='{.items[*].status.loadBalancer.ingress[0].ip}' B. kubectl get svc -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' C. kubectl get svc -o html D. kubectl get svc

B. kubectl get svc -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' Why is this correct? This uses the JSON path output to zero in on the property you need. C. kubectl get svc -o html Why is this incorrect? This isn't going to help you access what you need easily.

You're trying to create a new Compute Engine instance with the Cloud SDK using the create command from the compute group and the instances sub-group. You've forgotten some of the flags and want to look them up using the man pages. Which command will display the documentation you need? A. man compute_instances_create B. man gcloud-compute-instances-create C. man gcloud_compute_instances_create D. man gcloud compute instances create

B. man gcloud-compute-instances-create Why is this incorrect? This won't open up any man pages. The correct option would use underscores. C. man gcloud_compute_instances_create Why is this correct? To use the man pages directly, you can connect the component and the groups or commands with underscores. So this would map to the command: gcloud compute instances create

Command to make a bucket.

`gsutil mb gs://bucket-name/`

The binary to interact with Cloud Storage.

`gsutil`

Your data team is working on some new machine learning models. They're generating several files per day that they want to store in a regional bucket. They mostly focus on the files from the last week. However, they want to keep all the files just to base safe. With the fewest steps possible, what's the best way to lower the storage costs? A. Create a Cloud Function triggered when objects are added to a bucket. Look at the date on all the files and move it to nearline storage if it's older than a week. B. Create a Cloud Function triggered when objects are added to a bucket. Look at the date on all the files and move it to coldline storage if it's older than a week. C. Create a lifecycle policy to switch the objects older than a week to coldline storage. D. Create a lifecycle policy to switch the objects older than a week to nearline storage.

C. Create a lifecycle policy to switch the objects older than a week to coldline storage. Why is this incorrect? Since they "mostly" focus on newer files, that means they sometimes need to access the old files. Coldline isn't the best option in this case. D. Create a lifecycle policy to switch the objects older than a week to nearline storage. Why is this correct? This would work well, it would save them money on storage, and still be accessible if they need to access the files.

The development team needs a regional MySQL database with point-in-time recovery for a new proof- of-concept application. What's the most inexpensive way to enable point-in-time recovery? A. Replicate to a Cloud Spanner database. B. Create a read replica in the same region. C. Enable binary logging. D. Create hourly back-ups.

C. Enable binary logging. Why is this correct? Binary logging allows you to use point-in-time recovery. https://cloud.google.com/sql/docs/mysql/backup-recovery/restore D. Create hourly back-ups. Why is this incorrect? This doesn't meet the point-in-time criteria. Binary logging allows you to use point-in-time recovery.

You're trying to provide temporary access to some files in a Cloud Storage bucket. You want to limit the time that the files are available to 10 minutes. With the fewest steps possible, what is the best way to generate a signed URL? A. In the UI select the objects and click the Generate Signed URL button. B. Create a service account and JSON key. Use the gsutil signurl -t 10m command and pass in the JSON key and bucket. C. In the UI select the objects and click the "Sign With Key" button. D. Create a service account and JSON key. Use the gsutil signurl -d 10m command and pass in the JSON key and bucket.

C. In the UI select the objects and click the "Sign With Key" button. Why is this incorrect? This isn't a real thing. The CLI is the easiest option in this scenario. D. Create a service account and JSON key. Use the gsutil signurl -d 10m command and pass in the JSON key and bucket. Why is this correct? This is a quick way to generate the URL. This will create a signed URL that will expire in 10 minutes.

You're attempting to set up a new budget with some alerts. Your team lead asked you to use last months spending as a reference for the budget amount. What's the best way to configure this budget? A. Locate the spending data from the File export; use that as the budget amount. B. Locate the spending data from the BigQuery export; use that as the budget amount. C. Look at the spending data and locate the amount; use that as the budget amount. D. Use the "Last month's spend" option to allow Google Cloud to determine the budget amount.

C. Look at the spending data and locate the amount; use that as the budget amount. Why is this incorrect? This would work, but it isn't as dynamic as using the "Last month's spend" option. D. Use the "Last month's spend" option to allow Google Cloud to determine the budget amount. Why is this correct? This is likely the easiest option for this scenario.

You've created a new "Custom Role" for a specific new job role inside your company. The role consisted of several permissions; some had a status of "Supported" others a status of "Testing." The role has been working for weeks; however, some permissions recently stopped working. What is the most likely cause for this? A. The custom role has reached its expiration period. B. The latest Google applied updates reset all of the custom roles. C. One or more permissions with a status of "Testing" have changed. D. Your account has been compromised by hackers.

C. One or more permissions with a status of "Testing" have changed. Why is this correct? Google doesn't recommend using permissions marked with a status of "Testing." D. Your account has been compromised by hackers. Why is this incorrect? This is hypothetically possible. Though, based on the scenario, it's not all that likely. Also, hackers tend to try keeping noticeable changes to a minimum in order to avoid detection.

Your billing department has asked you to help them track spending against a specific billing account. They've indicated that they prefer to use Excel to create their reports so that they don't need to learn new tools. Which export option would work best for them? A. BigQuery Export B. File Export with JSON C. SQL Export D. File Export with CSV E. Download the monthly XLS report

C. SQL Export Why is this incorrect? This isn't an export option. Though, if it were, it would be an extra step. E. Download the monthly XLS report Why is this correct? This would likely be the easiest option for a team that wants to stick with the familiarity of Excel.

You've been running your App Engine app for a few weeks with Autoscaling, and it's been working well. However, your marketing team is planning on a massive campaign, and they expect a lot of burst traffic. How would you go about ensuring there are always 4 idle instances? A. Set the min_instances property in the app.yaml B. Switch to manual scaling and use the burst_traffic_protection property to True in the app.yaml. C. Set the min_idle_instances property in the app.yaml. D. Switch to manual scaling and use the idle_instance_count property in the app.yaml .

C. Set the min_idle_instances property in the app.yaml .

Your development team has asked for your help. They need a simple, reproducible way to create and terminate a new Compute Engine instance so that they can automate it as a part of their CI/CD process. What is the best option for accomplishing that? A. Show them how to use the Console to create and terminate instances. B. Recommend that they use the REST API to develop the functionality in the language of their choosing. C. Show them how to use the gcloud component of the Cloud SDK. D. Show them how to use a Docker container. Then they can get rid of the need for the VM.

C. Show them how to use the gcloud component of the Cloud SDK. Why is this correct? This would work well. It's simple to use, reproducible, and will work cross- platform. D. Show them how to use a Docker container. Then they can get rid of the need for the VM. Why is this incorrect? There's no evidence in this scenario that this is a viable strategy. Also, they'd still need to run that container somewhere. The Cloud SDK is the best option.

You have an autoscaled managed instance group that is set to scale based on CPU utilization of 60%. There are currently 3 instances in the instance group. You're connected to one of the instances and notice that the CPU usage is a 70%. However, the instance group isn't starting up another instance. What's the most likely reason? A. The autoscaler is disabled. B. The autoscaler takes 60 seconds before creating a new instance. C. The load balancer doesn't recognize the instance as healthy. D. The average CPU for the entire instance group is below 60%.

C. The load balancer doesn't recognize the instance as healthy. Why is this incorrect? The load balancer doesn't have any impact on this scenario. The autoscaler averages the CPU usage of the entire group, so one instance could be higher than the usage threshold. D. The average CPU for the entire instance group is below 60%. Why is this correct? The autoscaler averages the CPU usage of the entire group. so one instance could be higher than the usage threshold.

You're attempting to run the following command on your coworker's computer, and it throws an error "Invalid choice 'alpha'": $ gcloud alpha cloud-shell scp --help What is the most likely reason for this error? A. The cloud-shell command was moved from alpha to beta. B. The user account doesn't have permission to execute alpha commands. C. The project property is set to the wrong project. D. The alpha component isn't installed.

C. The project property is set to the wrong project. Why is this incorrect? That wouldn't explain the error. It appears that the alpha component wasn't installed. D. The alpha component isn't installed. Why is this correct? The alpha commands are added by installing the alpha component. If it's not installed, this is the type of error you might expect.

Your engineers need to pass database credentials to a Kubernetes Pod. The YAML they're using looks similar to the following: apiVersion: "extensions/v1beta1" kind: "Deployment" metadata: name: "products-service" namespace: "default" labels: app: "products-service" spec: replicas: 3 selector: matchLabels: app: "products-service" template: metadata: labels: app: "products-service" spec: containers: - name: "products" image: "gcr.io/find-seller-app-dev/products:latest" env: - name: "database_user" value: "admin" - name: "database_password" value: "TheB3stP@ssW0rd" What is Google's recommended best practice for working with sensitive information inside of Kubernetes? A. Store the credentials in a ConfigMap. B. Mount the credentials in a volume. C. Use an environment variable. D. Store the credentials in a Secret.

C. Use an environment variable. Why is this incorrect? This is doable; however, this answer is too generic to know if the credentials are actually secure. D. Store the credentials in a Secret. Why is this correct? Using a secret will keep the data secured and out of plain text.

Your team has been working on building a web application. The plan is to deploy to Kubernetes. You currently have a Dockerfile that works locally. How can you get the application deployed to Kubernetes? A. Use kubectl to push the convert the Dockerfile into a deployment. B. Use docker to create a container image, save the image to Cloud Storage, deploy the uploaded image to Kubernetes with kubectl C. Use kubectl apply to push the Dockerfile to Kubernetes. D. Use docker to create a container image, push it to the Google Container Registry, deploy the uploaded image to Kubernetes with kubectl.

C. Use kubectl apply to push the Dockerfile to Kubernetes. Why is this incorrect? Kubernetes works with container images, not Dockerfiles, and the images need to be in an accessible Container Registry. D. Use docker to create a container image, push it to the Google Container Registry, deploy the uploaded image to Kubernetes with kubectl. Why is this correct? Kubernetes works with container images, not Dockerfiles, and the images need to be in an accessible Container Registry. So this will work.

You have 3 Cloud Storage buckets that all store sensitive data. Which grantees should you audit to ensure that these buckets are not public? A. allUsers B. allAuthenticatedUsers C. publicUsers D. allUsers and allAuthenticatedUsers

C. publicUsers Why is this incorrect? This isn't a real grantee D. allUsers and allAuthenticatedUsers Why is this correct? Either of these tokens represents public users. allAuthenticatedUsers represents a user with a Google account. They don't need to be part of your organization. Neither token should be used to grant permissions unless the bucket is truly public.

Billing export formats.

CSV file, JSON file, BigQuery

Tool that exists in the Console allowing terminal access.

Cloud Shell

The compute services provided by Google Cloud.

Compute Engine, App Engine, Kubernetes Engine, and Cloud Functions.

The two available operating systems to use on a Kubernetes Engine node.

Container-Optimized OS (COS) or Ubuntu.

The Cloud Storage metadata key to set to the MIME (Multipurpose Internet Mail Extensions) type.

Content-Type

You're attempting to install the kubectl component on an Ubuntu server, though, you're getting an error. The error indicates that the component manager is disabled. What is the most likely cause for the error? A. The Cloud SDK was not installed with root permissions. B. The Cloud SDK was installed using apt. C. The Cloud SDK is using the wrong configuration. D. The Cloud SDK is running inside a Docker container.

Correct answer is B

You've been hired as a Cloud Engineer for a 2-year-old startup company. Recently they've had a bit of turn over, and several engineers have left the company to pursue different projects. Shortly after one of them leaves, it is found that a core project seems to have been deleted. What is the most likely cause for of the project's deletion? A. You've been the victim of the latest malware that deletes one project per hour until you pay them to stop. B. One of the engineers intentionally deleted the project out of spite. C. The project was created by one of the engineers and not attached to the organization. D. A failed attempt to pay the bill resulted in Google deleting the project.

Correct answer is C

Which of the following are considered components of the Cloud SDK? A. glist B. gcloud C. gcloud beta D. config E. gsutil F. gcloud alpha G. compute H. bq

Correct answers: B. gcloud C. gcloud beta E. gsutil F. gcloud alpha H. bq A. glist Why is this incorrect? This is not a thing. I made it up to trick you, and if you're reading this, then it worked. Muhahaha! :P D. config Why is this incorrect? This is a group of commands from the gcloud component. However, it's not its own component. G. compute Why is this incorrect? This is a group of commands from the gcloud component. However, it's not its own component.

A mechanism that allows you to extract data from logs and track it.

Custom logging metric.

A feature that allows you to set the exact amount of memory and CPU.

Custom machine type.

A mechanism that allows you to track custom information in code and save it to Stackdriver.

Custom monitoring metric.

The database commonly paired with App Engine.

Datastore

The way to enable point-in-time recovery for MySQL databases on Cloud SQL.

Enable binary logging

The identity providers that Cloud IAM can use.

G Suite, and Cloud Identity, Google Groups, Gmail accounts, Service Accounts

The load balancer to use with the following attributes: • Internal UDP traffic

Internal UDP Load Balancing

A way to run Compute Engine instance based on templates.

Managed Instance Groups

Command to update a Kubernetes deployment that was created with the `kubectl create` command.

`kubectl apply`

The load balancer to use with the following attributes: • External TCP traffic • No SSL offload • No global LB or IPv6 • Preserves client IPs

Network TCP Load Balancing

The load balancer to use with the following attributes: • External UDP traffic • No global LB or IPv6

Network UDP Load Balancing

Means of dynamically identifying instances to apply firewall rules.

Network tags

A Kubernetes concept that represents the smallest unit of deployment.

Pod

The command for creating a new Kubernetes Secret.

`kubectl create secret`

A common protocol and port used to connect to Linux instances.

SSH over port 22

The load balancer to use with the following attributes: • External TCP traffic • SSL offload

SSL Proxy

Command to run commands from inside a container that is running on Kubernetes.

`kubectl exec`

The command to list Kubernetes deployments.

`kubectl get deployments`

A downloadable key allowing code to authenticate against Google Cloud services.

Service Account Key

A special account used for authenticating between different services.

Service Accounts

Command to list Kubernetes services.

`kubectl get svc`

The App Engine, app.yaml handler property that allows directories to be static.

`static_dir`

Tool for live code debugging.

Stackdriver Debug - doesn't support all languages.

The types of App Engine environments.

Standard and Flexible

`gcloud-wide` flag to suppress interactive prompts.

`-q or --quiet`

A way to analyze spending data.

Billing Exports sent to BigQuery.

The thing that is attached to a project so that you can pay for resources.

Billing account

The name of the notation used for specifying IP address ranges.

CIDR notation

Fully managed NoSQL database with a limited query syntax.

Cloud Datastore

A service used for executing code in response to events.

Cloud Functions

When creating firewall rules, the lower the number the ______ the priority.

Higher

The name of the Kubernetes Controller that provides declarative updates for pods.

Deployments

The way to ensure the nodes in a Kubernetes Engine cluster are running the latest version of Kubernetes.

Enable the "Automatic node upgrades" option.

A feature that allows you to see all network traffic.

Flow logs

Supported persistent disk types.

HDD, SSD, and Local SSD.

The load balancer to use for global HTTP(S) traffic.

HTTP(S) load balancer

A type of short-lived, reduced price instance commonly used for batch processing.

Preemptible instances

A tool that helps estimate costs.

Pricing Calculator

A Kubernetes resource that exposes deployments.

Services

Compute Services that directly support running Docker containers.

- App Engine - Flexible Environments - Kubernetes - Compute Engine - Use COS to run a single container per instance - Cloud Functions - Not yet GA

Interfaces for interacting with Google Cloud.

- Directly to the REST API - Cloud SDK - Client libraries - Console

Key-value pairs of configuration data that are accessible from code running in a Cloud Function.

Environment variables

The purpose of this command: `gcloud compute firewall-rules create "a-firewall-rule" --network $SERVICES_NETWORK --allow tcp:22`

Open port 22 to the internet

The resource for storing sensitive information in Kubernetes.

Secrets

The flag to use that will allow you to determine the price of a BigQuery query without actually running the query.

The `dry-run` flag

The way to change an App Engine region.

You can't. You need to create a new project.

When using `gcloud compute ssh`, which flag shows the underlying SSH command?

`--dry-run`

Flag to use when deploying to app engine that will prevent the version from getting 100% of the traffic.

`--no-promote`

A `kubectl` flag that allows you to specify the JSON path of properties in JSON output.

`-o` along with the `jsonpath` value. `kubectl get svc -o jsonpath`

The command to deploy an App Engine application.

`gcloud app deploy app.yaml`

The command to list subnets.

`gcloud compute networks subnets list`

Command to list gcloud configurations.

`gcloud config configurations list`

The command to list the current configuration for `gcloud`.

`gcloud config list`

The command to create a Kubernetes Cluster.

`gcloud container clusters create`

The command to create a Deployment Manager deployment.

`gcloud deployment-manager deployments create`

The command to update a Deployment Manager deployment.

`gcloud deployment-manager deployments update`

The command to add an IAM binding policy.

`gcloud projects add-iam-policy-binding`

The command to list projects.

`gcloud projects list`

The command to enable an API.

`gcloud services enable [ID]`

The command to create a new Spanner database.

`gcloud spanner databases create`

The command to set the CORS configuration on a bucket.

`gsutil cors set...`

Command to list buckets.

`gsutil ls`

The command to get Pod logs in Kubernetes.

`kubectl get logs`

The service that allows you to run a MySQL or Postgres database.

Cloud SQL

A fully managed data warehouse.

BigQuery

The fully managed platform that supports running web applications inside a Docker container.

App Engine Flexible Enviroments

"One-click" way to install common applications to Compute Engine instances.

Cloud Launcher

The fully managed version of Redis.

Cloud Memorystore

The name of the Kubernetes Deployment that ensures a single instance of a pod will run on each node.

DaemonSet

Key-value pairs that you can set and interact with in a Compute Engine instance.

Metadata

Service that supports monitoring, logging, and debugging.

Stackdriver


Ensembles d'études connexes

Anatomy Ch. 11 Cardiovascular Multiple Choice

View Set

Lesson 7: Implementing Authentication Controls

View Set

Lesson 2 Study Guide: The Origins and Spread of Christianity

View Set

CPP MI Exam 3 practice questions

View Set

LearningCurve: 8b. Storing and Retrieving Memories

View Set

Lifespan Final Review Chapter 7 - 15

View Set