Cloud Architect Study Set
Error 502
Bad Gateway
Error 400
Bad Request
Error 403
Forbidden - Permission Issue
503
Service Unavailable
Unit Test
A unit test is a test within a single method.
IAM permissions are represented with which syntax? A. <service>.<resource>.<verb> B. <resource>.<verb> C. <resource>.<service>.<verb> D. <service>.<verb>
A. <service>.<resource>.<verb> For Example: pubsub.subscriptions.consume.
Which of the following statements about Google Cloud Client Libraries are accurate? A. Cloud Client Libraries are available in all programming languages. B. Cloud Client Libraries are helpful because they support a language's natural conventions and styles. C. Cloud Client Libraries are the latest and recommended approach to making requests to the server. D. Cloud Client Libraries handle low-level communication, retry logic, and authentication.
B. Cloud Client Libraries are helpful because they support a language's natural conventions and styles. C. Cloud Client Libraries are the latest and recommended approach to making requests to the server. D. Cloud Client Libraries handle low-level communication, retry logic, and authentication.
Your application will create and save a thumbnail of an image every time the user initiates an upload. What execution environment should you consider? A. App Engine flexible environment B. Google Compute Engine C. Google Kubernetes Engine D. Google Cloud Functions
D. Google Cloud Functions
Your application executes parallel data processing pipelines to analyze IoT manufacturing data. Which would be the ideal execution environment for your application? A. Cloud Dataflow B. Google Compute Engine C. Google Cloud Functions D. App Engine Standard
A. Cloud Dataflow
Google App Engine Flexible
App Engine flexible environment allows you to customize the runtime and even the operating system of your virtual machine using Dockerfiles. - basically autoscale an arbitrary docker Container w/o having to stand up a whole Kubernetes cluster.
What tools does the Google Cloud SDK include? A. bq, gsutil, Client Libraries B. bq, gsutil, gcloud C. gRPC, gsutil, Client Libraries D. Gcloud, gsutil, Client Libraries
B. B. bq, gsutil, gcloud
Which one of the following statements about Cloud Datastore is accurate? A. Cloud Datastore supports referential integrity. B. Cloud Datastore supports atomic transactions. C. Cloud Datastore supports analytics queries. D. Cloud Datastore supports complex joins with multiple inequality filters.
B. Cloud Datastore supports atomic transactions.
Your application requires highly customized VMs for specialized applications that have specific operating system requirements. Which execution environment should you consider? A. App Engine flexible environment B. Google Compute Engine C. Google Kubernetes Engine D. Cloud Functions
B. Google Compute Engine - Compute Engine enables you to create highly customized VMs for specialized applications that have unique compute or operating system requirements.
Your application uses network protocols other than HTTP/S, and the application is run partially on-premises and partially in the cloud. What execution environment should you consider? A. App Engine flexible environment B. Google Compute Engine C. Google Kubernetes Engine (previously known as Google Container Engine) D. Cloud Functions
C. Google Kubernetes Engine (previously known as Google Container Engine)
Your customer is moving their storage product to Google Cloud Storage (GCS). The data contains personally identifiable information (PII) and sensitive customer information. What security strategy should you use for GCS? A. Use signed URLs to generate time bound access to objects. B. Grant IAM read-only access to users, and use default ACLs on the bucket. C. Grant no Google Cloud Identity and Access Management (Cloud IAM) roles to users, and use granular ACLs on the bucket. D. Create randomized bucket and object names. Enable public access, but only provide specific file URLs to people who do not have Google accounts and need access.
C. Grant no Google Cloud Identity and Access Management (Cloud IAM) roles to users, and use granular ACLs on the bucket. - This grants the least privilege required to access the data and minimizes the risk of accidentally granting access to the wrong people.
Which of the following bucket names are valid? A. MyFavoriteBucket B. surprise! C. vanilla-bucket D. bucket_for_my_web_app
C. vanilla-bucket D. bucket_for_my_web_app A bucket name can contain lowercase alphanumeric characters, hyphens, and underscores. It can contain dots (.) if it forms a valid domain name with a top-level domain (such as .com).Bucket names must start and end with an alphanumeric character
Cloud Endpoints
Create, deploy, protect, monitor, analyze and serve APIs
You receive the following error code from a Cloud Datastore request: INTERNAL. What action should you take? A. Retry using exponential backoff. B. Retry the request until it succeeds. C. Retry only if the problem is fixed. D. Retry only once.
D. Retry only once.
You've deployed an API using Cloud Endpoints. You want to give users the ability to enable your service in their own Cloud project and invoke its API. For the majority of use cases, what IAM role should you assign to them? A. Service Controller B. Service Editor C. Service Owner D. Service Consumer
D. Service Consumer
Key Testing Ideals
Establish a strong testing culture by documenting all reported bugs as test cases. If every bug is converted into a test, each test is supposed to initially fail because the bug hasn't yet been fixed. As engineers fix the bugs, the software passes testing and you're on the road to developing a comprehensive regression test suite. Set up a testing infrastructure. The foundation for a strong testing infrastructure is a versioned source control system that tracks every change to the codebase. Once source control is in place, add a continuous build system that builds the software and runs tests every time code is submitted. [Google] found it optimal if the build system notifies engineers the moment a change breaks a software project.
Cloud OIT Core
Fully managed service that allows you to easily and securely connect, manage, and ingest data from millions of globally dispersed devices
Error 504
Gateway Timeout
What is GCPs CI/CD pipeline Deployment stack?
Google Cloud Source Repositories provides a Git version controlled development environment. Google Cloud Container Builder builds docker images from source repositories like Google Cloud Source Repositories. Finally, Google Container Engine can run and manage your docker containers received from Jenkin's deployment pipeline.
Load Balancing
HTTP(S) SSL Proxy TCP Proxy (only specific ports allowed) External Load Balancers must talk to VMs via their public IP address. This also requires instance groups in order to serve traffic.
High CPU Machine Types GCE
High-CPU machine types are ideal for tasks that require more vCPUs relative to system memory. High-CPU machine types have 0.90 GB of system memory per vCPU.
High-Mem Machine Types GCE
High-memory machine types are ideal for tasks that require more system memory relative to vCPUs. High-memory machine types have 6.50GB of system memory per vCPU.
GCE Images
Image contains the OS and the boot loader. Think about the MacOS custom image that google loads onto your machine compared to a snapshot of your machine. Snapshots are primarily targeting backup and disaster recovery scenarios, they are cheaper, easier to create (can often be uploaded without stopping the VM). They are meant for frequent regular upload, and rare downloads. Images are primarily meant for boot disk creation. They optimized for multiple downloads of the same data over and over. If the same image downloaded many times, subsequent to the first download the following downloads are going to be very fast (even for large images).
The Four Golden Signals: Latency, Traffic, Errors, Saturation
Latency - The time it takes to service a request Traffic - How much demand is being placed on your system Errors - Rate of requests that fail Saturation - How "full" your service is. A measure of your system fraction, emphasizing the resources that are most constrained (e.g., in a memory-constrained system, show memory; in an I/O-constrained system, show I/O).
Subnets are for Managing resources .
Networks have no IP range, so subnetworks don't need to fit into an IP address hierarchy. Instead, Subnetworks can be used to group and manage resources. They can represent departments, business functions, or systems.
Error 404
Not found - unable to locate resources
Ideal Network for Availability
One Project -> One Network -> One Region -> One Subnet -> Multiple Zones. This is increased availability due to multiple zones and simplified security due to single subnet.
Error 500
Server Error - Misconfiguration
Standard Machine Types GCE
Standard machine types are suitable for tasks that have a balance of CPU and memory needs. Standard machine types have 3.75 GB of system memory per vCPU.
Error 401
Unauthorized
Migrating on-Prem Web Application
We probably will want some low latency high bandwidth interconnect for the application tier to talk back to the database tier if the database tier will remain on-prem
What is the gcloud command to list compute instances?
gcloud compute instances list
CI/CD Pipeline
source repository -> container registry trigger -> container builder -> container registry -> cloud pubsub -> GCE (Jenkins)
functional test
tests many methods in a system. This can make up a number of different functions
Local SSD
tied to the actual machine. Faster IOPS but ephemeral
How would you gracefully shutdown a Preemptible VM?
with a shutdown script that can terminate a checkpoint file to GCS for retrieval
For what types of applications should you consider an execution environment other than Cloud Functions? A. Applications that have a large and complex codebase. B. Applications that are written in a programming framework other than Node.js C. Applications that are written in the Node.js programming framework D. Applications that are light-weight microservices
A. Applications that have a large and complex codebase. B. Applications that are written in a programming framework other than Node.js
Creating Snapshots of Disks in GCE
A snapshot reflects the contents of a persistent disk in a concrete instant in time. An image is the same thing, but includes an operating system and boot loader and can be used to boot an instance. Snapshots are primarily targeting backup and disaster recovery scenarios, they are cheaper, easier to create (can often be uploaded without stopping the VM). They are meant for frequent regular upload, and rare downloads.
Bastion Host
A Bastion Host should be used when you want a user(s) to SSH or RDP into the private server. This is better known as a jump box
NAT Gateway Host isolation
A NAT should be used when you only need to allow outgoing traffic to get updates (while blocking all incoming traffic except for the data coming back from update request).
What is a container
-Write once, run (almost) anywhere -A container creates a single "package" of everything needed (the dependencies) to run the application. However, the application will probably have external dependencies such as a database. -Support consistency across development, testing, and production environments -Loose coupling between application and operating system layers -Much simpler to migrate workloads between on-premises and cloud environments -Support agile development and operations -If you want to do microservices, you're going to be using containers
Managed Instance Group
A managed instance group contains identical instances that you can manage as a single entity. Managed instance groups support autoscaling, load balancing, rolling updates, autohealing and more Managed instance groups are intended to support stateless applications that aren't dependent on the specific state of the underlying VM instances to run. This allows for features like autoscaling and autohealing, where the managed instance group can delete and recreate instances automatically. In addition, if an instance is deleted from a managed instance group because of a user action, as part of autohealing, or because of infrastructure maintenance when the instance is not set to live migrate, the instance group will automatically recreate the instance with a new root persistent disk.
Which of the following statements about a Container Builder, Container Registry, and Deployment Manager are true? Select Two A. Cloud Container Builder and Deployment Manager enable you to treat infrastructure as code. B. You cannot mix and match tool chains. For example, you cannot use Container Builder and Container Registry with Spinnaker. C. You can use Deployment Manager to set up virtual machine instances on-premise. D. Build triggers can be helpful when building a continuous integration and delivery pipeline using Container Builder and Container Registry.
A. Cloud Container Builder and Deployment Manager enable you to treat infrastructure as code. B. Build triggers can be helpful when building a continuous integration and delivery pipeline using Container Builder and Container Registry
Which of the following statements about continuous integration and delivery are accurate? Select two. A. Continuous integration is a developer workflow in which developers frequently pull from the master and commit their changes into a feature branch in a source code repository. B. To benefit from continuous integration and delivery developers must use GitHub. C. Continuous delivery is a workflow that is triggered when changes are pushed to the master repository. D. If all tests pass, builds generated from continuous integration in a feature branch can be released on a production environment.
A. Continuous integration is a developer workflow in which developers frequently pull from the master and commit their changes into a feature branch in a source code repository. C. Continuous delivery is a workflow that is triggered when changes are pushed to the master repository.
You have a very large database that you are primarily using for queries in a business intelligence application. You want to move the data to a fully-managed solution. Which data storage option is ideal for such use cases? A. Google BigQuery B. Cloud Storage C. Cloud Datastore D. Cloud Bigtable
A. Google BigQuery
You need to reduce the impact of unplanned rollbacks of erroneous production deployments in your company's web hosting platform. Improvement to the QA processes accomplished an 80% reduction. Which additional two approaches can you take to further reduce the impact of rollbacks? (Choose two) A. Introduce a green-blue deployment model. B. Fragment the monolithic platform into microservices. C. Remove the QA environment. Start executing canary releases. D. Remove the platform's dependency on relational database systems. E. Replace the platform's relational database systems with a NoSQL database.
A. Introduce a green-blue deployment model.- Allows for extensive testing of the application in the green environment before sending traffic to it. Typically the two environments are identical otherwise which gives the highest level of testing assurance. B. Fragment the monolithic platform into microservices.- Allows for smaller, more incremental rollouts of updates (each microservice can be updated individually) which will reduce the likelihood of an error in each rollout.
What best practices can you apply when creating a Cloud Datastore entity with a numeric key? Choose all that are correct (3 correct answers) . A. Let Cloud Datastore automatically assign the numeric ID for the key. B. When creating keys manually, get a block of IDs using the allocateIds() method. C. Avoid built-in indexes because they create hotspots. D. Always create keys with string IDs. E. Avoid sequential numbering of keys.
A. Let Cloud Datastore automatically assign the numeric ID for the key. B. When creating keys manually, get a block of IDs using the allocateIds() method. E. Avoid sequential numbering of keys.
Your company plans to migrate a multi-petabyte data set to the cloud. The data set must be available 24hrs a day. Your business analysts have experience only with using a SQL interface. How should you store the data to optimize it for ease of analysis? A. Load data into Google BigQuery. B. Insert data into Google Cloud SQL. C. Put flat files into Google Cloud Storage. D. Stream data into Google Cloud Datastore.
A. Load data into Google BigQuery. -BigQuery is the only of these Google products that supports an SQL interface and a high enough SLA (99.9%) to make it readily available. Cloud Storage does not have an SQL interface.
You need to design a social application to reach a much broader audience than before. You want to achieve scalability, reliability, and security. Select two best practices that you can implement to build scalable, more secure, and highly available applications? A. Manage your application's code and environment by using a code repository and a dependency management system. B. Design for loose coupling between application components. C. Avoid caching to minimize the number of services that your application depends on. D. Develop a highly secure user management system that you can rely on.
A. Manage your application's code and environment by using a code repository and a dependency management system. - Managing code and dependencies will enable you to track changes to your source code and set up systems for continuous integration and delivery. B. Design for loose coupling between application components - Design application components so that they are loosely coupled at runtime. Tightly coupled components can make an application less resilient to failures, spikes in traffic, and changes to services.
or future phases, Dress4Win is looking at options to deploy data analytics to the Google Cloud. Which option meets their business and technical requirements? Sparq Shop A. Run current jobs from the current technical environment on Google Cloud Dataproc. B. Review all current data jobs. Identify the most critical jobs and create Google BigQuery tables to store and query data. C. Review all current data jobs. Identify the most critical jobs and develop Google Cloud Dataflow pipelines to process data. D. Deploy a Hadoop/Spark cluster to Google Compute Engine virtual machines. Move current jobs from the current technical environment and run them on the Hadoop/Spark cluster.
A. Run current jobs from the current technical environment on Google Cloud Dataproc. - There is no requirement to migrate the current jobs to a different technology. Using managed services where possible is a requirement. Using Google Cloud Dataproc allows the current jobs to be executed within Google Cloud Platform on a managed services offering.
You want to set up monitoring for your mission-critical application. What signals should you monitor in your dashboards? A. Saturation, Latency, Traffic, Errors B. Saturation, Latency, Throttling, Errors C. Contrast, Latency, Traffic, Errors D. Security, Latency, Throttling, Errors
A. Saturation, Latency, Traffic, Errors
What are some uses for the API Explorer? Choose all that are correct (3 correct answers). A. Search for services and methods. B. View details about the API request and response. C. Execute API request in a programming language of your choice. D. Execute an API method with some test parameter values.
A. Search for services and methods. B. View details about the API request and response. D. Execute an API method with some test parameter values.
A restaurant in your neighborhood wants to put up a website that displays a menu, restaurant hours, and location on a map. You want to help set up the website. What is the best way to host the website on Google Cloud Platform? A. Serve the website's content from a Cloud Storage bucket. B. Serve the website's content from a Cloud Storage table. C. Serve the website's content from an application server running on a Compute Engine instance. D .Server the website's content from a web server running on a Compute Engine instance.
A. Serve the website's content from a Cloud Storage bucket.
Review the following Container Builder build configuration file. Which of the following statements accurately describes the build steps in this configuration? steps: - name: gcr.io/cloud-builders/git args: ['clone', 'https://github.com/GoogleCloudPlatform/cloud-builders'] env: ['PROJECT_ROOT=hello'] - name: gcr.io/cloud-builders/docker args: ['build', '-t', 'gcr.io/my-project-id/myimage', '.'] A. There are two steps. The rst step clones a GitHub repository. The second step builds a Docker image based on the contents of the repository. B. The build conguration le is invalid because the two steps are independent and don't share the same working directory. C. The build conguration le is invalid because Docker cannot build contents of a GiHub repository D. There are two steps. The rst step creates a repository called cloud-builders on GitHub. The second step creates a cloud-native application image for that repository.
A. There are two steps. The rst step clones a GitHub repository. The second step builds a Docker image based on the contents of the repository.
Your company collects and stores security camera footage in Google Cloud Storage. Within the first 30 days, footage is processed regularly for threat detection, object detection, trend analysis, and suspicious behavior detection. You want to minimize the cost of storing all the data. How should you store the videos? A. Use Google Cloud Regional Storage for the first 30 days, and then move to Coldline Storage. B. Use Google Cloud Nearline Storage for the first 30 days, and then move to Coldline Storage. C. Use Google Cloud Regional Storage for the first 30 days, and then move to Nearline Storage. D. Use Google Cloud Regional Storage for the first 30 days, and then move to Google Persistent Disk.
A. Use Google Cloud Regional Storage for the first 30 days, and then move to Coldline Storage. - Since the data is accessed frequently within the first 30 days, using Google Cloud Regional Storage will enable the most cost-effective solution for storing and accessing the data. For videos older than 30 days, Google Cloud Coldline Storage offers the most cost-effective solution since it won't be accessed.
Your expense report application allows users to submit multiple expenses in a single report. You want to add each expense as a separate entity in Cloud Datastore. How can you reduce latency when adding expenses to Cloud Datastore? A. Use a batch operation to add multiple entities in one request. B. Use automatically generated keys with numeric IDs. C. Use composite indexes to store and index multiple entities. D. Avoid built-in indexes for fast inserts.
A. Use a batch operation to add multiple entities in one request.
Your company's architecture is spread across multiple regions. You want to automatically and simultaneously deploy new code to each Google Container Engine cluster. Which method should you use? A. Use an automation tool, such as Jenkins. B. Change the clusters to activate federated mode. C. Use Parallel SSH with Google Cloud Shell and kubectl. C. Use Parallel SSH with Google Cloud Shell and kubectl.
A. Use an automation tool, such as Jenkins. - This meets the criteria of doing this automatically and simultaneously.
Your code throws errors because the actual response from a Google Cloud API is not what you expect. You want to quickly find the response values for a set of test parameter values. How can you execute the API with minimal effort to determine the response data? A. Use the API Explorer to invoke the API with test parameter values. B. Use the API Explorer to execute a snippet of your code with test parameter values. C. Use the API Explorer to run the equivalent gcloud command. D. Invoke the unit test for your code with test parameter values.
A. Use the API Explorer to invoke the API with test parameter values.
imports: - path: vm_template.jinja resources: - name: my-vm type: vm_template.jinja properties: zone: us-central1-a startup-script: | #!/bin/bash python -m SimpleHTTPServer 8080
A. Web server will be launched and serving traffic at port 8080 B. The deployment conguration launches a Google Compute Engine instance. C. The "zone" property is passed to the template.
What are the benefits of monitoring your application? Select three. A. You can analyze long-term trends in performance. B. You can compare results over time or between experimental configurations. C. You can prevent showstopper issues. D. You can create performance tests as needed. E. You can raise alerts when something is broken or about to be broken.
A. You can analyze long-term trends in performance. - When you monitor your application you can analyze long-term performance trends, compare results over time or between experimental configurations, raise alerts when something is broken or about to be broken, and perform ad hoc retrospective analysis of issues. B. B. You can compare results over time or between experimental configurations. - When you monitor your application you can analyze long-term performance trends, compare results over time or between experimental configurations, raise alerts when something is broken or about to be broken, and perform ad hoc retrospective analysis of issues. E. You can raise alerts when something is broken or about to be broken. - When you monitor your application you can analyze long-term performance trends, compare results over time or between experimental configurations, raise alerts when something is broken or about to be broken, and perform ad hoc retrospective analysis of issues.
What are the advantages of hosting static websites on Google Cloud Storage? A. You get automatic scaling with no additional effort. B. You don't need to set up and run a Compute Engine instance. C. Cloud Storage automatically authenticates users. D. Cloud Storage supports cross-origin resource sharing (CORS).
A. You get automatic scaling with no additional effort. B. You don't need to set up and run a Compute Engine instance.
You are tasked with designing a disaster recovery system in your organization. You need to make sure that all applications recover and become available as quickly as possible. What storage class is ideal for storing backups of your data?
Coldline
Instance Template GCE
An instance template is an API resource that you can use to create VM instances and managed instance groups. Instance templates define the machine type, boot disk image or container image, zone, labels, and other instance properties. You can then use an instance template to create a managed instance group or to create individual VM instances. Instance templates are a convenient way to save a VM instance's configuration so you can use it later to create new VM instances or groups of VM instances.
Your customer is moving their corporate applications to Google Cloud Platform. The security team wants detailed visibility of all projects in the organization. You provision the Google Cloud Resource Manager and set up yourself as the org admin. Which Google Cloud Identity and Access Management (Cloud IAM) roles should you give to the security team? A. Org viewer, project owner B. Org viewer, project viewer C. Org admin, project browser D. Project owner, network admin
Answer B gives the security team read only access to everything your company produces, anything else gives them the ability to, accidentally or otherwise, change things. This is better than Org Admin which is sometimes also the security team since this is designed around least privileged access models
What is the programming framework used with Cloud Dataflow? A. Apache Mesos B. Apache Beam SDK C. Google Cloud SDK D. Google Cloud Client Libraries
B. Apache Beam SDK - Cloud Dataflow supports fast, simplified pipeline development by using expressive Java and Python APIs in the Apache Beam SDK.
Identify three key aspects of a sound architecture for a continuous integration and delivery (CI / CD) system. A. Docker container images are stored in Cloud Storage for easy versioning and retrieval. B. Canary deployments can help catch unexpected issues before they affect a large number of users in production. C. Developers can also build container images on their laptops and deploy to the development environment. D. When a developer commits code into the code repository, a continuous integration tool such as Jenkins builds a container image for the application. E. Builds are tested in the development environment and canary deployment before promoting to the production deployment.
B. Canary deployments can help catch unexpected issues before they affect a large number of users in production. D. When a developer commits code into the code repository, a continuous integration tool such as Jenkins builds a container image for the application E. Builds are tested in the development environment and canary deployment before promoting to the production deployment.
Your company is building a large-scale web application. Each team is responsible for its own service component of the application and wants to manage its own individual projects. You want each service to communicate with the others over RFC1918 address space. What should you do? A. Deploy each service into a single project within the same VPC B. Configure Shared VPC, and add each project as a service of the Shared VPC project. C. Configure each service to communicate with the others over HTTPS protocol. D. Configure a global load balancer for each project, and communicate between each service using the global load balancer IP addresses.
B. Configure Shared VPC, and add each project as a service of the Shared VPC project. -Using a shared VPC allows each team to individually manage their own application resources, while enabling each application to communicate between each other securely over RFC1918 address space
What is the primary use case for Deployment Manager? A. Deployment Manager enables you to build Docker images. B. Deployment Manager enables you to stand up Google Cloud Platform infrastructure. You can treat infrastructure as code. C. Deployment Manager enables you to stand up multi-cloud resources. D. Deployment Manager templates can be tested locally before deploying infrastructure on Google Cloud Platform.
B. Deployment Manager enables you to stand up Google Cloud Platform infrastructure. You can treat infrastructure as code.
A recent software update to an e-commerce website running on Google Cloud has caused the website to crash for several hours. The CTO decides that all critical changes must now have a back-out/roll-back plan. The website is deployed on hundreds of virtual machines (VMs), and critical changes are frequent. Which two actions should you take to implement the back-out/roll-back plan? (Choose two) A. Create a Nearline copy for the website static data files stored in Google Cloud Storage. B. Enable object versioning on the website's static data files stored in Google Cloud Storage. C. Use managed instance groups with the "update-instances" command when starting a rolling update. D. Enable Google Cloud Deployment Manager (CDM) on the project, and define each change with a new CDM template. E. Create a snapshot of each VM prior to an update, and recover the VM from the snapshot in case of a new version failure.
B. Enable object versioning on the website's static data files stored in Google Cloud Storage. - This is a seamless way to ensure the last known good version of the static content is always available. C. Use managed instance groups with the "update-instances" command when starting a rolling update. - This allows for easy management of the VMs and lets GCE take care of updating each instance.
Which of the following statements about Cloud Datastore entities are accurate? A. Entities of the same kind must have the same properties. B. Entity keys can have manually generated numeric ids. C. Entities can specify foreign key relationships. D. Entities of the same kind can have different properties.
B. Entity keys can have manually generated numeric ids. D. Entities of the same kind can have different properties.
Use ________ to authenticate your applications when invoking Google APIs because they belong to your application or VM instance, not to an individual user. A. IAM Roles B. Service Accounts C. Policies D. Keys
B. Service Accounts
Review the following gsutil command. What is the result when the command is executed? A. The command creates a bucket called "regional" in the "us-central1" location under an existing bucket called "parent-bucket". B. The command creates a bucket called "parent-bucket" in the "us-central1" location with "regional" storage class. C. The command modifies a bucket called "parent-bucket" and changes properties to "us-central1" location and "regional" storage class. D. The command modifies a bucket called "parent-bucket" or creates the bucket if it does not already exist.
B. The command creates a bucket called "parent-bucket" in the "us-central1" location with "regional" storage class.
The Dress4Win developers are evaluating using Google Cloud Platform. They have identified some applications that can easily move to Google App Engine Flexible Environment. The developers will deploy their code using the Google Cloud SDK tools. Which two of their stated technical requirements does this solution meet? (Choose 2). A. Encrypt data on the wire and at rest. B. Use managed services whenever possible. C. Identify production services that can migrate to the cloud to save capacity. D. Support failover of the production environment to the cloud during an emergency. E. Evaluate and choose an automation framework for provisioning resources in the cloud. F. Support multiple VPN connections between the production data center and the cloud environment
B. Use managed services whenever possible. E. Evaluate and choose an automation framework for provisioning resources in the cloud. - Using managed services whenever possible is a requirement met by using Google App Engine Flexible Environment. Using the Google Cloud SDK allows for provisioning and management of Google Cloud Platform resources including Google App Engine Flexible Environment.
How can Container Builder and Container Registry help you build a continuous integration and delivery pipeline? Select three. A. You can install Container Builder on Google Kubernetes Engine. Kubernetes Engine will autoscale depending on the number of builds. B. With Container Builder, the artifacts produced by each build step are persisted in the /workspace folder and can be used by the following build step. C. Container Builder is a fully managed service. You do not need to download all build tools and container images to a build machine or manage build infrastructure. D. When you commit code to a repository, you must start a build manually using the gcloud command. E. By using Container Registry and Container Builder, you can create build pipelines that are automatically triggered when you commit code to a repository.
B. With Container Builder, the artifacts produced by each build step are persisted in the /workspace folder and can be used by the following build step. C. Container Builder is a fully managed service. You do not need to download all build tools and container images to a build machine or manage build infrastructure. E. By using Container Registry and Container Builder, you can create build pipelines that are automatically triggered when you commit code to a repository.
After a few minor releases, certain aspects of your application seem to be running slower than before in production. What is the best way to detect performance issues earlier in the release cycle? A. You can avoid making changes to time-sensitive code. B. You can add performance tests to your test suite. C. You can add time measurements around new code to detect slowness. D. You can plan for additional CPU and memory resources.
B. You can add performance tests to your test suite.
Blue Green Deployments
Blue-green deployment is a technique that reduces downtime and risk by running two identical production environments called Blue and Green. At any time, only one of the environments is live, with the live environment serving all production traffic. For this example, Blue is currently live and Green is idle.
You've updated your API backend. The changes are not backward compatible and will break consumers of your current API. What approach would best serve your customers? A .Notify customers of the loss of backwards compatibility and deploy the updated version of your API. B. Disable the original version of your API and deploy an update. C. Deploy two versions of your Cloud Endpoints API by creating a separate API configuration for each version.
C. Deploy two versions of your Cloud Endpoints API by creating a separate API configuration for each version.
Which of the following statements is true? A. You can review data compliance and sovereignty requirements after you see the source of user traffic at launch. B. It is better to re-architect legacy applications in one big release so that engineering teams can focus on new applications. C. For transient network errors, applications should implement retry logic with exponential backoff and fail gracefully if the errors persist. D. When rolling out builds to the production environment, consider performing canary testing to catch any Easter eggs (hidden messages and jokes) that developers may have hidden in the code.
C. For transient network errors, applications should implement retry logic with exponential backoff and fail gracefully if the errors persist. - When accessing services and resources in a distributed system, applications need to be resilient to temporary and long-lasting errors.
You have a mission-critical application that is accessed globally. You must make sure that your application is able to serve traffic reliably. What is the best way to check if your application is ready to serve traffic? A. Ask your testing team to run the system tests every day. B. Write a cron job to ping your application's home page every minute. C. Implement a health-check endpoint for each service. D. Set up monitoring dashboards that your global support team can look at 24 x 7.
C. Implement a health-check endpoint for each service. - The endpoint handler should check the health of all dependencies and infrastructure components required for the service to function properly.
Your company wants to reduce cost on infrequently accessed data by moving it to the cloud. The data will still be accessed approximately once a month to refresh historical charts. In addition, data older than 5 years is no longer needed. How should you store and manage the data? A. In Google Cloud Storage and stored in a Multi-Regional bucket. Set an Object Lifecycle Management policy to delete data older than 5 years. B. In Google Cloud Storage and stored in a Multi-Regional bucket. Set an Object Lifecycle Management policy to change the storage class to Coldline for data older than 5 years. C. In Google Cloud Storage and stored in a Nearline bucket. Set an Object Lifecycle Management policy to delete data older than 5 years. D. In Google Cloud Storage and stored in a Nearline bucket. Set an Object Lifecycle Management policy to change the storage class to Coldline for data older than 5 years.
C. In Google Cloud Storage and stored in a Nearline bucket. Set an Object Lifecycle Management policy to delete data older than 5 years. - The access pattern fits Nearline storage class requirements and Nearline is a more cost-effective storage approach than Multi-Regional. The object lifecycle management policy to delete data is correct versus changing the storage class to Coldline.
A lead software engineer tells you that his new application design uses websockets and HTTP sessions that are not distributed across the web servers. You want to help him ensure his application will run properly on Google Cloud Platform. What should you do? A. Help the engineer to convert his websocket code to use HTTP streaming. B. Review the encryption requirements for websocket connections with the security team. C. Meet with the cloud operations team and the engineer to discuss load balancer options. D. Help the engineer redesign the application to use a distributed user session service that does not rely on websockets and HTTP sessions.
C. Meet with the cloud operations team and the engineer to discuss load balancer options. - The HTTP(S) load balancer in GCP handles websocket traffic natively. Backends that use WebSocket to communicate with clients can use the HTTP(S) load balancer as a front end, for scale and availability
Users are encountering errors in your application. You want to view the stack trace to determine where the error occurred. What service would help you view the error? A. Stackdriver Trace B. Stackdriver Monitoring C. Stackdriver Error Reporting D. Stackdriver Logging
C. Stackdriver Error Reporting - Error Reporting displays errors that have occurred in your applications. You can view the stack trace to determine where the error occurred.
What happens when an application is a monolith application? (Pick two) A. The layers of this application can be scaled independently. B. The application has a microservices-based architecture because the code is divided into a UI layer, business logic layer, and data access layer. C. The application will require longer development and QAcycles as the system grows in features and complexity. D. The layers of the application are loosely coupled. E. The application is monolithic because all layers need to be deployed as a single unit.
C. The application will require longer development and QAcycles as the system grows in features and complexity. E. The application is monolithic because all layers need to be deployed as a single unit.
Before transferring data to you, a third-party breaks up each large data file into 15 small chunks because of network bandwidth issues. You want to use Google BigQuery to directly query Cloud Storage data. What is the best way to combine the chunks into a single file? A. Ask third-party to use truncated exponential backoff to failed upload of a large file. B. Use the "gsutil -m" command to perform a multi-threaded/multi-processing to transfer chunks as a single unit. C. Use the "gsutil compose" command to build a composite object from smaller chunks. D. Use strongly consistent reads and writes to ensure accuracy of file transfer.
C. Use the "gsutil compose" command to build a composite object from smaller chunks.
You can execute the gRPC calls for Cloud Datastore and Cloud Pub/Sub in series. A. You can use the REST API for Cloud Datastore and Cloud Pub/Sub instead of gRPC APIs. B. You can query data in a batch operation instead of querying for individual orders. C. You can execute the gRPC calls for Cloud Datastore and Cloud Pub/Sub in parallel. D.You can execute the gRPC calls for Cloud Datastore and Cloud Pub/Sub in series.
C. You can execute the gRPC calls for Cloud Datastore and Cloud Pub/Sub in parallel.
Canary Deployments
Canary deployments are a pattern for rolling out releases to a subset of users or servers. The idea is to first deploy the change to a small subset of servers, test it, and then roll the change out to the rest of the servers
Unmanaged Instance Groups
Unmanaged instance groups are collections of instances that are not necessarily identical and do not share a common instance template. You can use unmanaged instance groups to accommodate your pre-existing configurations for load balancing tasks. However, you should always use managed instance groups unless your applications require you to group instances together that are not identical.
You are building a banking application that is expected to have a very large number of users across the world. When users make a deposit, they want to see the result of this deposit reflected immediately when they view their balance. What data storage option is ideal for storing account balance information for users? A. Cloud Firestore for Firebase is ideal because it enables you to develop a mobile app later. B. Cloud Bigtable is ideal because it supports low-latency read/write access. C. Cloud SQL is ideal because it is a relational database that supports transactions. D. Cloud Spanner is ideal because it supports strongly consistency reads in addition to horizontal scalability, low latency, and high throughput.
D. Cloud Spanner is ideal because it supports strongly consistency reads in addition to horizontal scalability, low latency, and high throughput.
Google App Engine Standard
Google's PaaS offering - just write your code and deploy it anywhere. Google handles a number of behind the scenes things for you if you choose to deploy your application on top of app engine.
You want to make a copy of a production Linux virtual machine in the US-Central region. You want to manage and replace the copy easily if there are changes on the production virtual machine. You will deploy the copy as a new instance in a different project in the US-East region. What steps must you take? A. Use the Linux dd and netcat commands to copy and stream the root disk contents to a new virtual machine instance in the US-East region. B. Create a snapshot of the root disk and select the snapshot as the root disk when you create a new virtual machine instance in the US-East region. C. Create an image file from the root disk with Linux dd command, create a new disk from the image file, and use it to create a new virtual machine instance in the US-East region. D. Create a snapshot of the root disk, create an image file in Google Cloud Storage from the snapshot, and create a new virtual machine instance in the US-East region using the image file for the root disk.
D. Create a snapshot of the root disk, create an image file in Google Cloud Storage from the snapshot, and create a new virtual machine instance in the US-East region using the image file for the root disk. -This approach meets all of the requirements, it is easy to do and works cross project and cross region. You can just create a snapshot of the root disk without creating an image from it because snapshots are limited to the project in which they are taken.
You are running an application in Google App Engine that is serving production traffic. You want to deploy a risky but necessary change to the application. It could take down your service if not properly coded. During development of the application, you realized that it can only be properly tested by live user traffic. How should you test the feature? A. Deploy the new application version temporarily, and then roll it back. B. Create a second project with the new app in isolation, and onboard users. C. Set up a second Google App Engine service, and then update a subset of clients to hit the new service. D. Deploy a new version of the application, and use traffic splitting to send a small percentage of traffic to it.
D. Deploy a new version of the application, and use traffic splitting to send a small percentage of traffic to it. - Deploying a new version without assigning it as the default version will not create downtime for the application. Using traffic splitting allows for easily redirecting a small amount of traffic to the new version and can also be quickly reverted without application downtime.
Which of the following is considered a best practice when developing cloud-native applications? A. Store external dependencies such as JAR files or external packages in your code repository to avoid confusion. B. Store and manage log files alongside the application for quick troubleshooting in case of errors. C. Using the Worker pattern, develop workers that share state to reduce data storage costs. D. Implement API gateways to make backend functionality available to consumer applications.
D. Implement API gateways to make backend functionality available to consumer applications. - Apigee - API gateway for legacy applications
One of the microservices in your application has an intermittent performance problem. You have not observed the problem when it occurs but when it does, it triggers a particular burst of log lines. You want to debug a machine while the problem is occurring. What should you do? A. Log into one of the machines running the microservice and wait for the log storm. B. In the Stackdriver Error Reporting dashboard, look for a pattern in the times the problem occurs. C. Configure your microservice to send traces to Stackdriver Trace so you can find what is taking so long. D. Set up a log metric in Stackdriver Logging, and then set up an alert to notify you when the number of log lines increases past a threshold.
D. Set up a log metric in Stackdriver Logging, and then set up an alert to notify you when the number of log lines increases past a threshold. - Since you know that there is a burst of log lines you can set up a metric that identifies those lines. Stackdriver will also allow you to set up a text, email or messaging alert that can notify promptly when the error is detected so you can hop onto the system to debug.
You want to stream logs into Stackdriver Logging from third-party applications running on Compute Engine instances. What service should you consider A. Stackdriver Trace B. Stackdriver Debugger C. Stackdriver Error Reporting D. Stackdriver Logging Agent
D. Stackdriver Logging Agent - You can install Stackdriver Logging Agent on Compute Engine and Amazon EC2 instances to stream logs from third-party applications into Stackdriver Logging.
Dress4Win wants to do penetration security scanning on the test and development environments deployed to the cloud. The scanning should be performed from an end user perspective as much as possible. How should they conduct the penetration testing? A. Notify Google to begin conducting regular penetration security scanning on behalf of Dress4Win. B. Deploy the security scanners into the cloud environments and conduct penetration testing within each environment. C. Use the on-premises scanners to conduct penetration testing on the cloud environments routing traffic over the VPN. D. Use the on-premises scanners to conduct penetration testing on the cloud environments routing traffic over the public internet.
D. Use the on-premises scanners to conduct penetration testing on the cloud environments routing traffic over the public internet. - Having the scanners be located outside the cloud environment will best emulate end user penetration testing. Using the public internet to access the environments best emulates end user traffic.
Google Cloud Nearline Storage
Designed for access less than once per month. Second cheapest tier of storage
IAM members can be of what types? A. Google account or group B. Service account C. Google group D. G Suite or Cloud Identity domain E. All types listed
E. All types listed
Google Cloud Coldline Storage
Fast and highly durable but accessed less than once a year. Cheapest tier of storage
What GCP product allows the synchronization of data across regions? A. Google Cloud SQL B. Google Cloud Bigtable C. Google Cloud Storage D. Google Cloud Datastore
Google Cloud Storage -Google Cloud Storage supports Multi-Regional buckets that synchronize data across regions automatically.
GKE
Sits in-between IaaS and PaaS Deploying Kubernetes on your own is entirely possible but not easy Decouples operational and development concerns GKE manages and maintains logging, health management, and monitoring of the GKE cluster(s) Most importantly, GKE provides a method to easily update the Kubernetes cluster(s) Hands-on: Leverage Coursera/Qwiklabs for basic understanding of the CLI commands and flags for creating and managing clusters. An additional option would be to run through this blog post to deploy a three tier web application to GKE.
Global Network
Networks are global and span all available Regions. As new Regions come online, new Subnetworks become available if using Auto Networks. Networks have no IP address range, but Subnetworks do Auto and Custom Networks Auto - GCP creates the subnetworks, firewall rules, and routes for you. Auto Networks can be changed to Custom Networks but not the reverse. Custom - You define your own subnet works, firewall rules, and routes. Public IP addresses are decoupled from VMs. They are mapped to Internal IP addresses via the SDN
Shared VPC
Shared VPC allows an organization to connect resources from multiple projects to a common VPC network, so that they can communicate with each other securely and efficiently using internal IPs from that network. When you use Shared VPC, you designate a project as a host project and attach one or more other service projects to it. The VPC networks in the host project are called Shared VPC networks.
Stackdriver Debugger
Stackdriver Debugger connects your application's production data to your source code by inspecting the state of your application at any code location in production without stopping or slowing down your requests.
Stackdriver Error Reporting
Stackdriver Error Reporting analyzes and aggregates the errors in your cloud applications. Notifies you when new errors are detected.
Stackdriver Logging
Stackdriver Logging provides you with the ability to filter, search, and view logs from your cloud and open source application services. Allows you to define metrics based on log contents that are incorporated into dashboards and alerts. Enables you to export logs to BigQuery, Google Cloud Storage, and Pub/Sub.
Stackdriver Monitoring
Stackdriver Monitoring provides endpoint checks to web applications and other internet-accessible services running on your cloud environment. You can configure uptime checks associated with URLs, groups, or resources, such as instances and load balancers.
Stackdriver Trace
Stackdriver Trace provides latency sampling and reporting for Google App Engine, including per-URL statistics and latency distributions.
Subnets
Subnetworks can extend across Zones in the same Region One VM and an alternate VM can be on the same Subnetwork in different Zones A single Firewall Rule can apply to both VMs even though they are in different Zones
Persistent Disk
Survives after the disk is terminated. Lower Iops but better consistency
Google Cloud Multi Regional Storage
most expensive tier of storage but is optimized for geo redundancy and end-user latency.
Startup Scripts
Use startup scripts to perform any action on your VM after boot such as installing software, running updates, turning on/off services, and anything else you can script.From GCS - in Metadata section specify startup-script-url as the metadata key and gs://path/to/bucket/and/file as the value (No size limit on script) . Consider when to use startup scripts via custom images. If you are pulling the same static content every time then custom images might be the preferred path.
Migrating MySQL Database
requires a database migration plan that includes replicating data well ahead of switchover. For Example, a peering connecting that replicates to a failover replica, like Cloud SQL that can eventually be promoted to the master node. There should be a planned switchover date to the cloud database that includes a small period of downtime to maintain ACID transactions
Google Cloud Regional Storage
use this when you need local access to data and supports high-frequency analytics workloads
