Google Certified Associate Cloud Engineer (ACE)
You have some *files in Cloud Storage that you have to access daily* now. However, *within about 30 days, you will not need to have access more than once a year*. Then, after a year, you will not need those files any longer. What should you do to keep costs at a minimum?
Create an *object lifecycle policy* where it will move your files from standard to archive after 30 days then delete after 1 year. You should create an object lifecycle policy where it will move your files from standard to archive after 30 days and then delete after 235 days. access daily = STANDARD access once a year = ARCHIVE delete
You are looking to have a group of nodes in your cluster all stacked with the same configuration. How can you accomplish this?
Deploy a node pool for your cluster. A node pool is a group of nodes within a cluster that all have the same configuration. Node pools use a NodeConfig specification
You are setting up a plan to deploy a VPC for your organization. You want to be able to capture traffic in and out of your network. How would you do this?
Deploy the VPC and enable flow logs. *With flow logs, you can capture traffic in and out of your network.*
E2
E2 instances are the best for cost-optimized, balanced, or scaled-out optimized machine types that are great for web apps serving small-to-medium databases, microservices, media, and virtual desktops.
You want to deploy a cluster that is able to *scale out depending on the pods needed* for the customer's load. How would you accomplish this? --*NEED MORE PODS*
Enable *horizontal scaling* for your pods. Since we are talking about adding more pods and not more compute resources for the pods then enable horizontal scaling for your pods is correct *HORIZONTAL* = add more pods *VERTICAL* = add more compute resources such as CPU and memory capacity *SCALING IS NOT AUTOMATIC*
Your team has manually created a custom mode VPC network and subnets. They have resources using all available IP addresses and want to increase the size of the subnets. How should they do this?
Expand the primary IPv4 range of the existing subnets by modifying their subnet masks
Which hierarchy level within the GCP Organization provides isolation boundaries between projects and the ability to group projects?
FOLDERS --Folders provide isolation boundaries *between projects and the ability to group projects*. organization >> folder >> projects/ group projects >> datasets >> tables/views --folders hold projects and group projects
You have some VMs you need to spin up for testing. Your boss stated that they need to be *cost-optimized*. Which machine family can provide the most suitable machine types for your environment?
General-purpose --best option for testing or cost optimization scenarios --E2, N2, N2D, N1 machine types (Scenarios: Web and app serving, small databases, microservices, media, and virtual desktops)
Which service is needed to create a managed instance group?
INSTANCE TEMPLATE --You need an instance template to create a managed instance group.
Subnet Mask = 255.255.0.0/16 Expanded range of the subnet: 255.0.0.0/8
IPv4 255. 0. 0. 0 1 2 3 4 4 bytes
M1
M1 instances are for Medium sized databases.
You need to set up an environment that is optimized for cost-optimized, balanced, or scaled-out optimized machine types that are great for web apps serving small-to-medium databases, microservices, media, and virtual desktops. What are the best machine types below for this scenario?
N2 M1 E2 --General Purpose --Cost optimized, balance, and scalable --Web and app serving, SM databases, microservices, media, and virtual desktops
N2
N2 instances are the best for cost-optimized, balanced, or scaled-out optimized machine types that are great for web apps serving small-to-medium databases, microservices, media, and virtual desktops.
Which role has all viewer and editor permissions, plus the ability to manage roles, permissions, and billing?
OWNER --Owner roles have all viewer and editor permissions, plus the ability to manage roles, permissions, and billing.
Your company is looking to upload data in BigQuery, but is not sure what types of data it can receive. After doing some research, which ways did you find that you can upload data into BigQuery?
Parquet JSON CSV --these are all file types Ways to Load Data (File Types) · Avro · CSV file · JSON file · ORC · Parquet · Firestore
You need to estimate the cost of using 3 Compute Engine instances in your infrastructure. Which service should you use?
Pricing Calculator --The Pricing Calculator is the best way to estimate cost in GCP.
SSO Authentication
SSO allows you to use Cloud Identity or Google Workspace account to use the *single sign-on service*. This does not use any key pairs
You want to test an application on Compute Engine Instances. You don't care about having them stop on short notice, and you also want to have the best possible pricing. What solution best satisfies these requirements?
Serve your app using Preemptible VMs. --Preemptible VMs are good for when you're after the best possible pricing, have a flexible workload, and do not mind them being stopped on short notice. --cheap
Organization Policy Administrator
The Organization Policy Administrator is the role that you need to create organizational policies.
What are the 3 service accounts that can interact with Google?
The three types of service accounts that can interact with GCP services are: 1. user-managed service accounts 2. default service accounts 3. Google-managed service accounts
You want to use an entity that follows the principle of least privilege and has multiple roles defined per service for assigning permissions. What is the best solution?
Use a *predefined role* -Predefined roles follow the principle of least privilege, and multiple roles are defined per service to provide selections when assigning permissions.
You have an application you would like to deploy. But first, you want to ensure that you use cost-optimized VMs that you can build with the amount of memory and vCPU power that *fits your business needs*. What should you do?
Use custom machine types so you can optimize your VM. Custom machine types are cost-optimized VMs that you can build with the amount of memory and vCPU power that fits your business needs.
You have a solution that *you want to deploy quickly*. However, you don't want to spend a lot of time configuring the VM, and you would like to have something all ready to go. What should you do?
Use the Cloud Marketplace to deploy your service as quickly as possible. -lets you quickly deploy functional software packages that run on Google Cloud. -online storefront operated by a cloud service provider -gives access to applications, services, and solutions
*COMMAND LANGUAGES* FOR MODIFYING CODE
VI = screen-oriented text editor originally created for the Unix operating system VIM = open-source, screen-based text editor program (BETTER QUALITY) CLOUD SHELL
You want to take a look at record admin activity within your account. What should you do?
View the Audit Logs in Cloud Logging --Audit logs helps you view administrative tasks and activities in your environment. (Admin Activity)
You have an environment set up for your web-facing application. You want to be able to *distribute traffic amongst your VMs within the same region*. How can you accomplish this?
You can use a *TCP/UDP network load balancer* that will be able to handle traffic evenly to your VMs. To distribute traffic amongst your VMs within the same region, use Google Cloud external TCP/UDP Network Load Balancing as a regional, pass-through load balancer.
Google Kubernetes Engine
can deploy Stateless, Stateful, Batch, and Daemon workloads.
Your company needs to understand the *types of instances offered through GCP* to make the best decision for their business needs. Choose the 3 types of instances that will need to be previewed.
compute engine instances offered through GCP: 1. *Predefined VMs* --premade and quick 2. *Custom machine types* --cost optimized 3. *Spot VMs* --cheap and lower quality
DATAPROC
fully managed and highly scalable service for running Apache Spark --Manages service for *processing large datasets* --Services: Hadoop, MapReduce, ApacheSpark, Pig, HiVE managed Spark and Hadoop service that lets you take advantage of *open-source data tools for batch processing, querying, streaming, and machine learning*
See what Applications have been deployed
gcloud app browse *Search for specific application version* gcloud app browse -v <Version_ID>
Initialize the App Engine application
gcloud app create
Deploy an Application
gcloud app deploy python-docs-samples/appengine/standard_python3/hello_world/
SETTING A PROJECT IN COMMAND LINE
gcloud config set project
Clone a GitHub repository (repo)
git clone https://github.com/GoogleCloudPlatform/python-docs-samplesterm-77
M2
high-memory optimized machine type medium-to-large databases
Instance Groups
let you provide multi-zone deployed instances with auto healing and auto updating!
GCP ORGANIZATION HIERARCHY
organization >> Schwab folder >>> sandbox project >> DEV/QA/PROD resources >>> BigQuery / Cloud Storage
Cloud Marketplace is where solutions are deployed quickly.
pay as you go
Machine Image -- Compute Engine
stores all configuration, metadata, permissions and data from multiple disks of a VM instance
You increase the size of subnets by setting the prefix length to a smaller number of the primary IPv4 -- the prefix-length specifies a range of devices. It is expressed as a slash (/), followed by an integer between 1 through 128 ex. /16
subnet mask is used to divide an IP address into two parts. One part identifies the host (computer), the other part identifies the network --by reducing the range, the IP Address is divided into less parts, allowing for the subnet size to increase
Send traffic to Instances Check if both of your servers are serving the application traffic to your end users.
while true; do curl -m1 IP_ADDRESS; done
gcloud app browse -v <versionid>
will allow you to see the specific link to test with a specific version in App Engine.
Ways to Load Data (File Types)
· Avro · CSV file · JSON file · ORC · Parquet · Firestore
Instance Automation Script
#! /bin/bash sudo apt-get update sudo apt-get install apache2 -y sudo service apache2 restart echo '<!doctypehtml><html><body><h1>acloud1</h1></body></html>' | tee /var/www/html/index.html
What is the correct format of user-managed service account emails?
'SA_NAME@PROJECT_ID.iam.gserviceaccount.com' service_account_name@project_id.iam.gserviceaccount.com *[email protected]* is the correct format of user-managed service account emails. ex. sae-cdwp-cid-tdm-dev@cs-sh-gcp-ext-svc-acct-sbx7379.iam.gserviceaccount.com Service Account Name = sae-cdwp-cid-tdm-dev ProjectID = cs-sh-gcp-ext-svc-acct-sbx7379
What is a role in an IAM policy?
*A role is a group of permissions* that allow identity management administrators to assign access to GCP resources.
You have a project that you need to move to a different billing account, but you realize you don't have the permissions to do so. What roles do you need to successfully complete your mission?
*Billing Account Admin* AND *PROJECT OWNER* To move your project to a different billing account, you must be a billing administrator and the project owner.
*FLOW LOGS*
*CAPTURE TRAFFIC IN AND OUT OF THE NETWORK* --internal and external --*traffic movement* --Cloud Operations is only internal
Your team wants to use a tool for IAM that gives users easy access to apps with single sign-on and manages multi-factor authentication. Which service is the best option to present to your team?
*Cloud Identity* Cloud Identity gives users easy access to apps with *single sign-on (SSO)* and manages *multi-factor authentication* --Identity as a Service (IDaaS) solution --manages users and groups
Your team wants to set up an organization in GCP, similar to how they had Active Directory. What is the best way to do this?
*Cloud Identity/Workspaces* --manages organizational users and groups. It is *Google's version of Active Directory.*
When creating multiple instances in an instance group, your team needs to be able to handle and *distribute traffic evenly between those instances*. What service can they use to do this?
*Cloud Load Balancing* --distributes traffic between instances
Your boss has asked you to look into services or platforms, so that they can *run a Python app through a serverless environment* to *containerize and scale the applications*. What could be the best solution?
*Cloud Run* is a fully-managed *serverless* platform that you can deploy scalable containerized applications. --kubernetes is NOT serverless
After talking to your supervisors, they came up with the idea of using Apache Spark. However, they need a service that can process and handle Apache Spark applications. Which services can you propose as the solution?
*Cloud Storage* You can use Cloud Storage and BigQuery to process Apache Spark applications *Dataproc* You can use Dataproc to process Apache Spark applications. Selected *BigQuery* You can use BigQuery to process Apache Spark applications.
What is the best machine type for intense workloads for AI/ML?
*Compute Optimized* -- Compute intensive workloads such as AI/ML, gaming, and web servicing --C2 machine type
You have a monitoring agent deployed on your instances, and *you want to monitor your application and certain custom metrics*. What should you do?
*Create a custom metric to monitor your application.* --Custom metrics let you capture application-specific data or client-side system data. *Find your application in the monitoring workspace and create a dashboard.* --Creating a dashboard will let you view and analyze data from different sources in the same context, so you can create a custom dashboard that displays data about your application as well as custom metric data. monitoring agent ex. Cloud Ops
You need to add an account that has an email address associated with it and can interact with Google Cloud. Which is the best option?
*Create a member account.* A member account is best. This means that any email address that is associated with a Google account can be an identity and can interact with Google Cloud.
You need to quickly find a *managed data processing service* that can help you enable fast, simplified streaming *data pipeline* development with *lower data latency*. Which service is your best solution?
*DATAFLOW* Dataflow is a managed data processing service that can help you enable fast, simplified streaming *data pipeline development* with lower data latency. --Serverless stream and batch processing service --cannot handle Apache Spark
You need a managed Spark and Hadoop service that lets you take advantage of open-source data tools for batch processing, querying, streaming, and machine learning. Which service is the best solution?
*Dataproc* Cloud Dataproc is a managed Spark and Hadoop --Manages service for processing large datasets --Services: Hadoop, MapReduce, ApacheSpark, Pig, Hive
MACHINE TYPES
*E type* = general process, day-to-day, COST OPTIMIZED · Ex. e2-mico *M type* = memory optimized *N type* = general purpose, balanced price for performance *C type* = compute optimized · Micro = most cost efficient *A type* = accelerator optimized
You are looking to connect to an on-premises network using IPsec within a single region, allowing you to use 2 interfaces and choose 2 external IP addresses. Which service would you use?
*HA VPN (High Availability)* -HAS 2 INTERFACES & 2 IP ADDRESSES -1 REGION -99.99% SLA service availability (SLA = service level agreement; guarantees full service 100% of the time)
You have some code in a Cloud Source Repository that you need to modify, but you do not want to use the typical VI or VIM method. What is the best way to modify your code within Google Cloud?
*Initialize the Cloud Shell, pull down the code from the CSR, and then use the Cloud Shell Editor* The Cloud Shell Editor is a Built in editor that allows you to browse, view, and edit files in your shell, this would be the best solution to modify code within GCP
You need to *deploy instances into multiple zones, but you also need to configure them to auto heal and auto update*. When presenting a solution to the team, which one would you pick?
*Instance Groups* Instance Groups let you provide multi-zone deployed instances with auto healing and auto updating! 1. A collection of virtual machines that can be managed by a single entity 2. A home base for deploying each existing VMs ==> scalable 3. Self-healing and auto-updating --If a VM fails to launch GCP will launch another instance to take its place --assumes an instance template already exists
Your team needs you to create a collection of virtual machines that have the same configurations and can scale in event response. Which service can you use?
*Instance group* (collection of virtual machine instances ran as a single entity)
What machine type best fits your plan to launch instances served for high-memory databases, analytics, and Microsoft SQL Server Databases?
*M2* M2 are are high-*memory optimized* machine types for medium-to-large in-memory databases, analytics, and Microsoft SQL Server Databases.
What is known as the root node or the parent resource in the Google Cloud resource hierarchy?
*ORGANIZATION* The organization is the root node or the parent resource in the Google Cloud resource hierarchy. organization >> Schwab folder >>> sandbox project >> DEV/QA/PROD resources >>> BigQuery / Cloud Storage
Your team needs you to build an architecture that can handle an enterprise *messaging system* that allows services to communicate asynchronously, with latencies on the order of 100 milliseconds. Which service is the best solution?
*Pub/Sub*
Which service offers virtual private networking that can help *host an entire organization*?
*VPC* (Virtual Private Cloud) --offers virtual private networking that can help host an entire organization
Create a Compute Engine Instance in Cloud Shell
*gcloud compute instances create* t1 t2 t3 --project=planning-and-261-a1734c01 --zone=us-east1-b --machine-type=e2-micro -preemptible 1. create/name 3 instances (t1 t2 t3) 2. set the project (planning-and-261-a1734c01) 3. set the zone (us-east1-b) 4. set the machine type (e2-micro -preemptible)
System Event
--Generated by google --log entries for Google Cloud actions that modify the configuration of resources
Data Access
--When you access data --user-driven API calls that create, modify, or read user-provided resource data.
Admin Activity
--record when users create VM instances or change IAM permissions.
Policy Denied
--recorded when a Google Cloud service denies access to a user or service account because of a security policy violation --USED BY THE GCP LOG EXPLORER which views, retrieves, and analyzes data
IAM ROLES = a collection of permissions
1. *BASIC/PRIMITIVE ROLES* --Owner, Editor, and Viewer. 2. *PREDEFINED ROLES* --Predefined Roles give *granular access* to specific Google Cloud resources and prevent unwanted access to other resources. --principal of lease privilege (YOU CAN ASSIGN PRIVILLEGES) 3. *CUSTOM ROLES* --Roles that you create to tailor permissions to the needs of your organization
MACHINE TYPES :
1. *General Purpose* (hooptie to get from point A to point B) -- *Cost optimized*, balance, and scalable --Web and app serving, SM databases, microservices, media, and virtual desktops --*E2, N2, N2D, N1* machine types 2. *Memory Optimized* (a bus, a large load) --*High memory optimized* --ML databases, analytics, and MS SQL Server Databases --*M2* and *M1* machine types 3. *Compute Optimized* (have a basic car but need more power so you get a monster truck) --Compute intensive workloads such as AI/ML, gaming, and web servicing --*C2* machine type 4. *Accelerator Optimized* (sleek sports car, Lamborghini, expensive) --High performance --Parallel computing and APIs --*A2* machine types
You are doing research on how to interact with services using service accounts. Which type of service accounts can interact with GCP services?
1. *Google-managed service accounts* Google creates and manages these service accounts for many Google Cloud services. 2. *User-managed service accounts* You create user-managed service accounts in your project using the IAM API, the Cloud console, or the Google Cloud CLI. 3. *Default service accounts* When you enable or use Google Cloud services, they create user-managed service accounts (known as default service accounts) that enable the service to deploy jobs that can access other Google Cloud resources.
What are the 2 types of VPNs offered through Google Cloud?
1. *HA VPN* (High Availability) --· 2 interfaces & 2 external IP addresses. --on-prem 2. *CLASSIC VPN* --· 1 interface & 1 IP address.
CLOUD STORAGES 4 CLASSES
1. *Standard* = frequently access data that is *stored for a brief period of time (short-term)* 2. *Nearline* = low cost, highly durable, good for *frequently accessed data (once a month/stored for at least 30 days)* 3. *Coldline* = like nearline but accessed less frequently, *access once a quarter* 4. *Archive* = online backup and disaster recovery, *access about once a year (long-term)*
What is required in order to create a VPN tunnel?
1. *VPN CLOUD GATEWAY* --network access/entry point 2. *CUSTOMER GATEWAY* --your side of the connection VPN Tunnel = encrypted network connection over a public network
4 Different Types of Cloud Audit Logs
1. Admin Activity 2. Data Access 3. System Event 4. Policy Denied
In order to create custom roles, you need to...
1. Be an IAM Role Admin 2. Be an Owner 3. Be an Organization Role Admin
You have viewed the logs from your VM inside Logs Explorer, but now you need to analyze the logs for better use for your customers. What should you do?
1. Check the logs in Logs Explorer; you can do your own analysis there. 2. Create a sink from Cloud Logging to BigQuery to export logs for analysis.
Your team has designated you to find the best way to *control access to your VMs*. Which methods should you choose?
1. Create custom *SSH keys* and upload them to the VM you want to maintain a connection to, and routinely rotate those keys. 2. Create a *firewall rule* that will only allow certain IPs to connect. (SSH = Secure Shell = access credentials key)
What type of keys are used by the Service Account Credentials API?
1. Google-Managed Keys 2. User-Managed Keys
Which of the following are components of an IAM policy?
1. PRINICPALS --a service account/google *user account*/group with an email address 2. ROLES --collection of permissions *When you grant a role to a principal, you grant all the permissions that the role contains.* 3. POLICIES --collection of roles that bind one or more principals (users) to individual roles. *When you want to define who (principal) has what type of access (role) on a resource*
APP ENGINE ENVIRONMENTS
1. Standard --runtime limitation (preconfigured runtime) --uses Google containers (runs in snadbox) --auto scales servers 2. Flexible --no runtime limitation --uses Docker containers --websocket support & background process support
What are 2 ways you can you deploy an instance group?
1. Through the Cloud Shell (Command-line) 2. Through the GCP console (the website) *instance group = collection of virtual machine instances that are managed as a single entity*
You need to use an IAM service that uses key pairs for authentication and can be Google managed or user managed. Which service is the best solution?
A *service account* uses *key pairs for authentication* and can be Google managed or user managed.
You are tasked with assigning a role that has a *Viewer, Editor, or Owner* and allows *read, edit, and full access on GCP resources*. Which type of role would you assign to fit this description?
BASIC ROLES --Basic roles have a Viewer, Editor, or Owner and allow read, edit, and full access on GCP resources.
You are responsible for modernizing your *data warehouse by providing a serverless*, highly scalable, and cost-effective option. Which service is the best solution?
BIGQUERY BigQuery is a serverless, highly scalable data warehouse that is cost-effective as well.
BigQuery supports which storage classes in Cloud Storage?
COLDLINE AND STANDARD Cloud Storage Classes for Loading Data · Standard · Nearline · Coldline · Archive
You need a service that you can easily scale and use to deliver high-quality applications to your end users anywhere around the world. Which service is the best solution?
COMPUTE ENGINE -create and run virtual machines -deliver high quality applications to your end users anywhere around the world.
You need a hosting and computing service that allows you to host, run, and scale VMs on GCP. Which option is the best solution?
COMPUTE ENGINE --hosting & computing service --host, run, & scale VMs
You need to *deploy instances into multiple zones, but you also need to configure them to auto heal and auto update*. What resource would you use?
Compute Engine --involves using an instance template and group
What services below can be used in a VPC to scale your application to customers?
Compute Engine Google Kubernetes Engine
What is the difference between Compute Engine and Kubernetes?
Compute Engine = are the virtual machines running Kubernetes = deploys and manages containerized workloads across VMs (tool) (the juggling act)
Your team wants to be able to interact with other services in GCP, but your boss isn't sure how to do this. What would be the best solution?
Create a service account --a resource that can be used to interact with other resources.
