Udemy Notes P2

Question 1

What’s the flag to correctly verify you have all resource dependencies in a project before you deploy?

Answer 1

–preview

Question 2

What is Cloud Dataflow good for?

Answer 2

Fully managed service for real-time data processing, ideal for handling IoT devices. Good for transforming data compared to pub sub that just sends data

Question 3

What is Cloud Bigtable used for?

Answer 3

For storage that has high-throughput, low-latency NoSQL database optimized for time-series data

Question 4

What is Google’s Best Practice for IAM when deciding to assign users vs groups?

Answer 4

Always assign to Groups if possible when assigning to multiple people

Question 5

If you have two environments, one production and one development environment, what is the main worry with this and what should you do to prevent it?

Answer 5

The main worry is having both in the same environment where your commands affect both, so you should create 2 configurations using gcloud config

Write a script that sets configurations to active individually

Then for each, run gcloud compute instances list to get all the resources

Question 6

If you have a 7TB of data that you want to analyze, what should you do to be cost efficient?

Answer 6

You should reference the 7TB with BigQuery, this means we use BigQuery to analyze the 7TB without downloading or storing it which prevents spending a lot of money

Question 7

What is the point of a network tag in Google Cloud?

Answer 7

You use it so that you can apply firewall rules to the service/resource

Question 8

Can you copy a deployed application from one project to another in Google Cloud?

Answer 8

No

Question 9

When creating budget alerts for a project, should you use custom or default alerts?

Answer 9

Always use default alerts because you know they work and Google built these alerts to serve a lot of cases already

Question 10

When would you use Cloud Source Repositories?

Answer 10

When you are working on an app that requires some changes to improve performance because it serves as a git repo

Question 11

When should you assign storage admin vs storage object admin to someone?

Answer 11

Use storage object admin when you want to limit the access to individual objects while storage admin gives you full control

Question 12

If you need more nodes/pods and upgrades, but want 0 downtime, what should you do?

Answer 12

Create a new node pool then deploy those nodes/pods, that way you can use them for usage without disturbing the current set

Question 13

If you need to see who has access to what projects, whats the command you should look for?

Answer 13

gcloud projects get-iam-policy

Question 14

Q: How can internal-only GCE VMs access a file in Cloud Storage without allowing internet egress?

Answer 14

A: Enable Private Google Access on the VM subnet so the VMs can reach Google APIs (incl. GCS) over Google’s private network (no external IPs, no internet).

Question 15

What is the command to move projects between organizations?

Answer 15

projects.move

Question 16

If you have a US App Engine that runs your app and want to deploy your app to an Asian Cloud, what should you do and why?

Answer 16

Once you create an App Engine, you can’t change the region, and you can only create one per project

So for another region, you’ll have to create another GCP project

Question 17

If you need to have one instance on at all times and set your config to max/min 1, should you enable auto-scaling?

Answer 17

No, because there’s a chance it’ll decrease/increase

Question 18

What does gcloud iam roles list do?

Answer 18

Lists all the custom roles for a project/organization

Question 19

If you want to specially list the IAM roles for a specific project, what should you do?

Answer 19

• Navigate to the project and then to the IAM section in the GCP Console.
• Review the members and roles.

Question 20

What is Google Cloud’s Operation Suite?

Answer 20

Google Cloud’s built-in platform for monitoring, logging, alerting, tracing, profiling, and error reporting across cloud resources.

Question 21

If you want to see logs of what someone did, even admins, what should you check?

Answer 21

Google Cloud’s Operation Suite

Question 22

If you have an external user who needs access to a Cloud VM/resource who doesn’t have a Google account, what should you do?

Answer 22

You need them to generate an SSH key pair and add their public key to the VM

Question 23

If users are saying there’s a delay on loading up one of your VMs what should you do?

Answer 23

Have a set number of VMs ready to be used

Question 24

What is the best way to back up a Compute Engine VM’s entire disk daily and keep backups for 7 days with minimal setup?

Answer 24

Use daily scheduled persistent disk snapshots with a 7-day retention policy.

Question 25

What is Google Terraform?

Answer 25

A IaC, it is a prebuilt, re-useable template for creating cloud resources safely and consistently

Question 26

Why would you use Google Terraform for security?

Answer 26

Because these re-useable templates would already have the version control you want

Question 27

If you have multiple divisions all with different needs when it comes to policy, where should you apply the rules?

Answer 27

In the folder Not the organization because organization would be too broad. You need to do folders so you can better allocate specific rules and separate projects

Question 28

If you have accounts in your organization in the cloud and need to remove them based on domain, how would you do that?

Answer 28

You would need a policy in place in the organization and manually remove them to ensure you got them all

Question 29

Q: For a public, highly available web app on a MIG, what’s the Google-recommended setup?

Answer 29

A: Use HTTP(S) Load Balancing and create a public DNS A record pointing to the load balancer’s IP.

Question 30

What is an A Record?

Answer 30

An address record that points a domain directly to an IP address

Question 31

What is a CNAME?

Answer 31

Points a domain to another domain name, not an IP

Question 32

When would you use BigQuery over Cloud SQL and vice versa?

Answer 32

Use BigQuery for queries on large datasets where you need analytical work Use Cloud SQL for PostgreSQL services that need ACID compliant transactions. Good if you already know how to do SQL

Question 33

Does BigTable have SQL or NoSQL?

Answer 33

NoSQL

Question 34

Why would you use Firestore?

Answer 34

Need a NoSQL database for simplicity, auto-scaling, real-time updates and offline SDKs

Question 35

Your BigQuery just failed and received a quotaExceeded Error, what should you look at to resolve this?

Answer 35

Use the INFORMATION_SCHEMA to view metadata inside BigQuery Check Cloud Audit Logs for errors to understand the issue

Question 36

How do you expose a Cloud Run stateless app only on an internal IP to your VPC and on-prem with minimal ops?

Answer 36

Cloud Run + Private Service Connect (PSC)

Question 37

If you need to allow people to access data in the Cloud Spanner, what role should you grant them?

Answer 37

spanner.databaseUser

Question 38

When would you use Cloud Interconnect vs Cloud VPN to create a bridge between the VPC and your network?

Answer 38

Use Cloud VPN since its fast/secure and adds minimal maintenance/cost and good if you are just using a small amount of VMs Use Interconnect when you need A LOT of VMs

Question 39

Why wouldn't you use a static IP with GKE pods?

Answer 39

Because Pods change their IP all the time due to starting/stopping and restarting

Question 40

If you have pods in the backend and frontend and they need to communicate with each other, what should you do?

Answer 40

Create a service that groups your pods in the backend service and tell your frontend pods to communicate through that service

Question 41

If you have a docker container and don't want to care about administration/infrastructure, should you use Cloud run or GKE and why?

Answer 41

Use Cloud Run because Cloud run handles the infrastructure and doesn't need much human interaction to work. GKE will require more administration

Question 42

If you want to prevent error or malicious attack that would increase billing spikes by surprise, what should you do?

Answer 42

Set up quotas for the resources that your project will use. Don't set up budgets/alerts

Question 43

If you want to give a group/users the ability to view the entire organizational structure but not affect it in any way other than viewing it, what role would you give out?

Answer 43

roles/browser

Question 44

What would you check if a resource failed to start up? Then what would you check if an app failed to start up?

Answer 44

For a resource, check the deployment manager For an app, run gcloud config list that lists the configurations for the app

Question 45

If you need GPUs for running long-duration and non-restart able tasks on GKE, and want to ensure that you use a cost-efficient way, what should you do/not do?

Answer 45

You should enable auto-provisioning on the GKE cluster You should not set up a GPU instance with minimum pool size of 1 because then you are wasting money in case you aren't running anything

Question 46

What is Cloud CDN good for?

Answer 46

Helping improve website frontend performance and reduce latency for end users

Question 47

When people come to your website, they are met with a download PDF option when you want it to just display the PDF, how would you change that?

Answer 47

C. Set Content-Type metadata to application/pdf on the PDF file objects.

Question 48

You want to give your analysts access to BigQuery and don't want them to accidentally delete anything. What should you do?

Answer 48

Create a custom role by removing delete permissions and add users to the group, and then add the group to the custom role

Question 49

If you want to increase the memory of a VM from 4 to 8, what should you do?

Answer 49

D. Stop the VM, increase the memory to 8 GB, and start the VM.

Question 50

If you have a third party that wants access to your BigQuery, what should you do?

Answer 50

Ask the third party to create a service account in their project and grant that service account access to the BigQuery Dataset in your project

Question 51

If you have a new version for a program running on Cloud Run, and you want to test an updated version, what should you do?

Answer 51

- Create a new revision with the updated version of the app. - Split traffic between this version and the current one.

Question 52

You have a quiz website that uses UDP, how should you configure your VMs to serve your users?

Answer 52

Configure an external network load balancer in front of the application servers

Question 53

Why wouldn't you use HTTP(s) load balancer for UDP?

Answer 53

HTTP(s) is designed to operate over TCP not UDP

Question 54

If you have a auditor checking to see who had access to data resources, what should you do to stay compliant?

Answer 54

Turn on data access logs for the buckets that want to be audited, then build a query in the log viewer that filters on cloud storage

Question 55

Your team has a Docker image ready for your new app and you want to run it on Google Kubernetes Engine (GKE) with proper scaling and management. What should you do? A. Upload the image to Cloud Storage and create a Kubernetes Service referencing the image B. Upload the image to Cloud Storage and create a Kubernetes Deployment referencing the image C. Upload the image to Artifact Registry and create a Kubernetes Service referencing the image D. Upload the image to Artifact Registry and create a Kubernetes Deployment referencing the image

Answer 55

Answer: D Why: GKE pulls container images from a container registry (Artifact Registry/Container Registry), not Cloud Storage. A Deployment manages pods (replicas, rollouts, rollbacks). A Service only exposes pods on the network; it doesn’t deploy them. Thus: push image → Artifact Registry, then create a Deployment (optionally add a Service to expose it).

Question 56

Your team has a Docker image ready. You want to deploy it on Google Kubernetes Engine so it can scale and be managed. What should you do?

Answer 56

D. Push the image to Artifact Registry and deploy with a Deployment (then add a Service only if you need to expose it).

Question 57

Your e-commerce site’s Managed Instance Group is alerting that instance creation failed. What should you do to fix it?

Answer 57

A. Fix the instance template and remove any name conflicts with existing PDs.

Question 58

You need a hands-off, reliable way to get new scans from an on-prem server into Cloud Storage continuously.

Answer 58

C. Use gsutil -m rsync -r /local/dir gs://bucket/path (or gcloud storage rsync) and schedule with cron/Task Scheduler.

Question 59

You have the JSON private key for a Service Account and want to run gcloud commands as that SA. What’s the next step?

Answer 59

B. gcloud auth activate-service-account --key-file /path/sa.json

Question 60

When you have a database password, where should you store it?

Answer 60

In a Secret object then modify the YAML file to populate the DB_PASSWORD

Question 61

If you have a issue with the current version of an App on App Engine, what should you do to route traffic back to the previous version?

Answer 61

In the App Engine console, route 100% of the traffic to the previous version

Question 62

What is Google Cloud Directory Sync?

Answer 62

Google Cloud Directory Sync (GCDS) is a free Google tool that automatically syncs your organization’s user and group information from an external directory

Question 63

If you want to create a VM with 96 vCPUs, what should you set the machine type as?

Answer 63

type n1-standard-96

Question 64

What is the simplest way to connect to an instance of SQL server on Compute Engine?

Answer 64

- Set up the Windows Username/Password in GCP console - Confirm that a firewall rule for port 3389 is in place - Click the RDP button in the GCP console to log in using those credentials

Question 65

If you move storage from Main to Coldline in 90 days then need to set a schedule to move it to Archive after a year, should you set it as 275 or 365?

Answer 65

365

Question 66

You've been tasked with deploying a newly built containerized application in GKE, the app has been containerized using a Dockerfile, what steps should you follow to make sure its successful?

Answer 66

Create a docker image from the dockerfile then upload it to container registry Then create a deployment YAML file to point to the image. Use GKE to create the deployment with the file

Question 67

If you have two projects in the same organization that need to talk to each other, what should you do?

Answer 67

Verify that both are in the organization then share the VPC from one project and allow the Compute Engine Instance in the other project to use that shared VPC

Question 68

If you want to manage together resources with similar access and permission settings, how should you approach this?

Answer 68

Use folders to group resources that share common IAM policies

Question 69

If you want to avoid Public IP addresses when you need to SSH into a Compute Engine instance, what should you do?

Answer 69

Configure Cloud Identity-Aware Proxy for SSH and TCP resources

Question 70

What is Cloud Identity-Aware Proxy?

Answer 70

It is a Google Cloud Service that controls who can access your app or VM. It sits in front of your network to make sure no one from the public gets in A Security gate

Question 71

If you need to traffic split between two versions, should you use cloud run or app engine and why?

Answer 71

Cloud run, it allows for traffic splitting between versions App engine can't do granular splitting, and splits for applications that are different versions not the same service

Question 72

If there's an issue with the cloud firewall due to unexpected changes (assume Shadow IT) what should you do?

Answer 72

Use cloud logging filters to create log-based metrics for firewall and instance actions Monitor the changes and set up reasonable alerts

Question 73

If you want to stop manually putting in the zone you are located in with your Gcloud codes, what should you do?

Answer 73

Set the Europe-west1-d zone as the default zone using the gcloud config

Question 74

What does active/passive routing do?

Answer 74

Only allows for one tunnel active at a time, this prevents the creation of extra tunnels during failover.

Question 75

How would you make sure only projects for your marketing team are billed for the marketing team?

Answer 75

1. Verify that you are assigned the Billing Administrator IAM role for SwiftMedia's Google Cloud Project related to the Marketing department. 2. Link the new project for AdWave to a Marketing Billing Account.

Question 76

What is essential for RDP?

Answer 76

A windows Username and password

Question 77

How can you RDP into a VM instance?

Answer 77

Just click the RDP button

Question 78

Explain the standard way to deploy a GKE application

Answer 78

Create a Docker image from the dockerfile and upload to CONTAINER REGISTRY Create a Deployment YAML file to point to that image. Use kubectl to create the deployment with that file