Annette's Notes

Question 1

Highest Level access that a user can have?

Answer 1

Super Administrator

Question 2

What would you assign someone who needs organization level access?

Answer 2

Organization Admionistrator

Question 3

Project ID vs Project Name vs Project Number

Answer 3

Project ID is chosen by you, cannot be changed

Project Name - display name, can be changed

Project Number - Assigned by GCP

Question 4

What does Cloud Identity tell the cloud?

Answer 4

Authentication - who the user is

Question 5

What does Cloud IAM tell the cloud?

Answer 5

What the user can do - authorization

Question 6

What is Cloud Trace?

Answer 6

Distributed Tracing for latency analysis

Question 7

What is Cloud Profiler?

Answer 7

Application performance profiling to optimize CPU and Memory Usage

Question 8

What is Managed Service for Prometheus?

Answer 8

Managed, scalable version of the open-source Prometheus monitoring tool

Question 9

Are APIs disabled by default and how would you enable them?

Answer 9

They are disabled by default
You need to enable them per project

Question 10

Do projects need to be linked to a billing account to be active?

Answer 10

Yes they do before you even use anything

Question 11

What allows you to manage service accounts but their keys?

Answer 11

Service Account Admin

Question 12

Which cloud service should you use to set up alerts based on log events?

Answer 12

Cloud Monitoring

Question 13

Which logging solution is best suited for aggregating and analyzing logs from multiple google cloud projects?

Answer 13

Log Analytics in Cloud Logging

Question 14

Does Compute Engine support direct region change? How would you create an image and deploy it to a new regiong?

Answer 14

No, you would need to create the instance and deploy it in that new region

Question 15

Which network type automatically creates subnets for each region?

Answer 15

Auto mode VPC

Question 16

How can you assign temporary roles to a user?

Answer 16

Use IAM conditions

Question 17

What is the maximum memory allocation of 8 GB per container?

Answer 17

8 GB

Question 18

What is the default subnet mast for a google cloud auto mode VPC?

Answer 18

/20

Question 19

If you need to create a private google kubernetes engine cluster, what should you do?

Answer 19

Set –enable-private-nodes when creating the cluster

Question 20

Which tool helps you diagnose and troubleshoot network connectivity in google cloud?

Answer 20

VPC flow logs since it can record network traffic details

Question 21

How do you connect on-prem to the cloud in a secure and fast manner?

Answer 21

Use cloud interconnect

Question 22

When you need to allow a VM access to Cloud Storage Securely, what should you use?

Answer 22

User-managed service account because then you have full control

Question 23

How can you deploy a google cloud function using the gcloud CLI?

Answer 23

gcloud functions deploy my-function –trigger-http –runtime=nodejs18

Question 24

Which command allows you to connect to a GKE cluster from your local machine?

Answer 24

gcloud container clusters get-credentials <cluster-name></cluster-name>

Question 25

What is the default service type when deploying a Kubernetes Service in GKE?

Answer 25

ClusterIP

Question 26

You need to configure a VM instance to use a specific GPU model, what must you do?

Answer 26

Choose a GPU supported zone and add a GPU accelerator

Question 27

You want to ensure that traffic from your compute engine instances to the internet always goes through a specific external IP, what should you use?

Answer 27

Static External IP

Question 28

Which gcloud command is used to set a default project for all operations?

Answer 28

gcloud config set project

Question 29

Which features allows Google Cloud Services to access each other without using long-lived credentials?

Answer 29

Workload Identity federation They are short-lived automatically rotated tokens

Question 30

Which google cloud service allows storing and managing sensitive data like API keys securely?

Answer 30

Secret Manager

Question 31

A developer needs to access a database secret stored in secret manager. Which IAM role should t hey have?

Answer 31

Secret manager secret accessor

Question 32

Which google cloud service allows you to take snapshots of persistent disks?

Answer 32

Compute Engine

Question 33

What is the main benefit of using a blue-green deployment strategy?

Answer 33

Ensures zero downtime updates Blue = live, green = new version

Question 34

How can you make a cloud run service publicly accessible?

Answer 34

Set IAM policy to allUsers with Cloud Run Invoker role

Question 35

What is the default behavior of a firewall rule with priority 1000 in Google Cloud?

Answer 35

Allows all outbound traffic

Question 36

You are setting up PostgreSQL database in GCP and need automatic backups, which service should you use?

Answer 36

Cloud SQL

Question 37

What is Workload Identity Federation?

Answer 37

It is a service that runs outside the given cloud environment to allow non-human workloads running outside to authenticate to the cloud

Question 38

Whats the command to list all active service accounts in a google cloud project?

Answer 38

gcloud iam-service-accounts list