It is high time to test your knowledge on what you have learned. Here are four mock exams to help you. Good luck!
Mock test one
Company X needs to keep their data available for auditing purposes for 5 years. They don't plan to access this storage more than once a year. Which storage option should they choose?
Google Cloud Bigtable
Google Cloud Multi-Regional Storage
Google Cloud Archive Storage
Google Cloud Nearline Storage
Google Cloud BigQuery
Company X wants to choose a proper storage system for IoT sensor data. There are 2,000 sensors that send temperature data every second. Company X would like to perform further analysis of the accumulated data. Please select the most appropriate choice:
Google Cloud Bigtable
Google Cloud Datastore
Google Cloud Spanner
Google Cloud SQL
You have deployed a virtual machine instance to GCP in project X. Specific configuration and software have been installed on this instance. In order to share this image with other teams that only have access to project Z, what would you advise?
Create a snapshot. Use the snapshot to create a custom image. Share the image with the other projects.
Create a snapshot and store it on Google storage.
Use a third-party tool to perform a file-level backup of the instance. Copy the image to Google storage. Import the image to project Z.
Use Google Transfer Services.
Company X is looking to analyze data. They are using a hybrid cloud mixture of on-premises and GCP infrastructure and need to analyze both stream and batch data. Select the appropriate GCP service that will allow them to achieve this requirement:
Google Cloud Dataproc
Google Cloud BigQuery
Google Cloud Compute Engine and Apache Airflow
Google Cloud Dataflow
Company X is using Hadoop to analyze data. They are using a hybrid cloud mixture of on-premises and GCP infrastructure. They want to move the data analysis to GCP, but they want to migrate it with minimal effort. Which service should they use?
Google Cloud Dataproc
Google Cloud Dataflow
Google Cloud Composer
Google Compute Engine
Customer X is storing data on Google Datastore. They are using a hybrid cloud mixture of on-premises and GCP infrastructure. Applications on both platforms are needed to access Datastore. Which solution should be used to enable access?
Use Google-managed keys for GCP instances. Use user-managed keys for on-premises instances.
Use Google-managed keys for all instances.
Use Google-managed keys for GCP instances. Use Firebase authentication for on-premises instances.
Use Google-managed keys for GCP instances. Use a third-party tool for on-premises instances.
Company X is using GCP with a number of configured projects. They have special requirements vis-à-vis billing visibility and management. Based on the following statement, select the appropriate answer: A CTO should be able to control the budget for different projects, while a project manager should be able to see billing information for their project only.
Set the billing administrator role to the CTO for all the projects that they manage. Set the billing viewer role to the project manager for their project.
Set the billing administrator role to the program manager for a random project. Set the billing viewer role to the project manager for their project.
Set the billing administrator role to the program and project managers.
Set the owner role to the program and project managers.
You are monitoring a service with uptime checks. The services are reported as unavailable from different GCP regions. You know that the service is up and running. How can you solve the monitoring issues?
Download the source IPs from the uptime check console and create an ingress firewall rule for the service.
Download the source IPs from the uptime check console and create an egress firewall rule for the service.
Use a third-party tool, outside GCP, to create the uptime checks.
Install Cloud operations monitoring agents on all instances that are hosting the service.
Company X is looking to create a development and production environment in GCP. What would be the best practice to separate those environments?
Create two separate projects for each environment. Give the development team access to the development project only. Give the operation team access to production only.
Create two separate projects for each environment. Give the development team and the production team access to both projects.
Create one project and two VPCs. Give the development team and the production team access to that project.
Create two separate Google accounts for each team.
Company X wants to perform an analysis of data coming from sensors. The data can arrive out of order. You need to make sure that the data is in the correct order. Which services should be used to minimize the effort?
IoT Core, Pub/Sub, and Dataflow
IoT Core, Pub/Sub, and Dataproc
IoT Core, Pub/Sub, and Google Kubernetes Engine (GKE)
IoT Core, Pub/Subs, and GCE
Company X has deployed an application using App Engine. They want to release a new version of that application to production. They want to test that application on only one set of users. What is the most appropriate solution?
Deploy a new version of the application. Use traffic splitting to redirect part of the requests to the new version.
Deploy the application to a separate project and direct the user to use a new URL to connect to it.
Migrate the application to GKE and use blue-green deployment.
Migrate the application to GKE and use rolling updates.
Company X is using the App Engine flexible environment. They have deployed a new version of the application. The application crashed. The code is stored in GitHub. How would the fastest recovery be performed?
Delete the new application and deploy a new application from GitHub.
Roll back the application to a previous release.
Split the traffic between the old and new releases, 10% to 90%.
Open a ticket with GCP support to roll back the application to the previous release.
Company X is using Google Cloud's operations suite to monitor their GCP environment. They want to store the logs and be able to analyze them. What would be the best solution for them?
Create a sink to Pub/Sub.
Create a sink to Spanner.
Create a sink to BigQuery.
Create a sink to Bigtable.
Company X is using a GKE cluster. You wish to increase the number of nodes in the cluster. What would be the most appropriate command to run?
Run the gcloud container clusters increase command to change the number of nodes.
Run the gcloud container clusters resize command to change the number of nodes.
Run the kubectl container cluster scale command to change the number of nodes.
Run the gcloud container cluster resize command to change the number of nodes.
Company X wants to migrate their MySQL database to the cloud. They would like to use managed services. Select the most appropriate choice.
Use a Compute Engine instance and deploy MySQL.
Use a App Engine instance and deploy MySQL.
Use Cloud SQL.
Use Cloud Spanner.
Company X is creating an application that will analyze the comments on their Facebook profiles. They want to use the easiest way to analyze whether there are any negative comments. Which service should they use?
TensorFlow
Google AutoML
Google ML Engine
The Natural Language API
Company X wants to leverage ML in order to estimate the cost of the materials, based on past data. What type of model should they use?
Regression
Classification
Multi-class classification model
Company X wants to set alerts for project budgets. What is the best way to achieve this?
Create budget alerts with the desired percentage.
Create a ticket with Google Support to set hard quotas.
Create a cron job to check the billing and send an email if a threshold is exceeded.
Set a limit on credit cards that are attached to the account.
Company X wants to store data in Cloud Storage. The data will be accessed once every quarter. After a year, the data will be archived. What is the most cost-effective solution?
Store the data in a multi-regional bucket. Set the auto-archiving policy to 365 days.
Store the data in a regional bucket. Set the auto-archiving policy to 365 days.
Store the data in a Nearline bucket. Set the object life cycle policy to move the data to the Archive bucket after 365 days.
Store the data in the Nearline bucket. Create a cron job to move the data to the Archive bucket after 365 days.
Company X wants to set up a static website. What is the fastest and most cost-effective solution?
Use Cloud Launcher to deploy Apache Server.
Use App Engine with a predefined web server.
Use Cloud Compute Engine and a startup script to install Apache Server.
Use Cloud Storage to host content.
Mock test two
Company X wants a standardized re-deployable Hadoop cluster, with options that a managed service doesn't offer. Which solution would be best suited?
A Cloud API
Deployment Manager
Dataflow
TensorFlow
Company X is looking to connect their backend platform to a managed NoSQL database service. There is an expectation that the databases could grow into PB scale. As an architect, they ask you which is the best GCP service to fit these requirements without needing to refactor any applications. What is the best fit?
MySQL
Bigtable
Firebase
Redis
Select the different types of service accounts (choose three):
User-managed
Automated
Google-managed
G Suite
Google APIs
Company X has two projects, separated by different VPCs that need to be able to communicate with one another. Which network service allows this?
VPC peering
Cloud Load Balancing
Dedicated Interconnect
VPN
Company X is looking to use containers in the cloud. They want to continue to be developer-focused and have a code-first strategy. What is the best solution?
App Engine standard
Containers on Compute Engine
Cloud Run
App Engine flexible
Your IT manager is looking at cloud vendor data storage services. His DBA has informed him that the principal requirements are strong consistency and high availability, with the potential to grow to PB scale. What is the best storage solution?
Cloud SQL
Cloud Storage
Cloud Datastore
Cloud Spanner
Company X needs to be PCI-compliant. Which combination of GCP services would help to meet these requirements?
Cloud Monitoring, Cloud Trace, and Cloud Spanner
Cloud Monitoring, Cloud Logging, and BigQuery
Cloud Error Reporting, Cloud Debugger, and Datastore
Cloud Tagging, Cloud Trace, and BigQuery
A storage engineer for Company X needs to migrate data from his AWS S3 bucket to his GCP storage bucket. What is the best solution for this?
Storage Transfer Service
Transfer Appliance
Online transfer
BigQuery data transfer
A company web page is serving users all over the globe. They want to make sure that users will always get content in the most efficient manner, regardless of where they are located. Which load-balancing solution would best fit these requirements?
Network Load Balancing
Internal Load Balancing
HTTP(S) Load Balancing
TCP Proxy Load Balancing
Company X is looking to the cloud to achieve autoscaling. They wish to deploy over multiple zones in a standardized manner, while also benefiting from load balancing. What GCP service best suits this scenario?
Deployment Manager
Managed instance groups
Google Compute Engine manager
Instance fleet
You are creating new firewall rules and wish to identify specific targets according to their use, for example, a web server. Which filter should you use?
Zones
Network tags
Instance groups
Targets
You have deployed an instance into the same VPC as already-existing instances. When you try to use SSH to connect to the external IP address, the connection is refused. Why might this be?
The firewall rule to allow SSH is restricted to internal traffic only.
There is no external IP allocated to the instance.
You do not have the correct custom Identity and Access Management (IAM) role to initiate SSH.
You should use the Google API for external SSH.
At the moment, your IT department is seeing lots of bugs reported whenever a new software update is released for the company's internal timesheet application. These bugs were not spotted during QA. You have been asked to design a new strategy that will keep the bugs to a minimum and regain confidence in the IT department. Which option best suits this scenario?
Advise that you should only deploy updates once per year.
Deploy only part of the update to production.
Perform the tests more times during QA.
Use canary deployment methods.
Your company is looking to connect its onsite networks to a GCP VPC in order to dynamically exchange routes between each site. Which service would you advise?
Cloud Router
Cloud Interconnect
External peering
Cloud DNS
You plan to connect VPC networks using VPC peering. What network mode is best suited?
Auto mode networks
VPC VPN networks
Custom mode
Sub-networking mode
You have been tasked with researching different methods to extend your on-premises network to your GCP VPC network. You are reminded by your manager that your network bandwidth is 1 Gbps. What would be the best option?
Dedicated Interconnect
Partner Interconnect
VPC Interconnect
VPN Interconnect
Company X wants to extend their data center to the cloud. You have been hired as an external consultant to advise on the best hybrid connectivity option. They advise you that they need access to private compute resources on GCP but are not worried about encryption at the application level. What option best corresponds to their needs?
Cloud VPN
Partner Interconnect
Direct Peering
Carrier Peering
You want to serve all of your content with low latency, worldwide. Which GCP service should you use?
Cloud CDN
Cloud VPN
Google CloudFront
Cloud Endpoints
You wish to load balance your systems based on incoming ports. What load balancing concept should you use?
Network Load Balancing
TCP Load Balancing
HTTP(S) Load Balancing
SSL Proxy Load balancing
You are looking to allow access to publish messages to a Cloud Pub/Sub topic. Your security team reminds you that you should be as granular as possible. Which type of IAM role should you use?
Primitive role
Predefined role
Custom role
Policy-based role
Topic role
Mock test three
You build a container image using the Cloud Build service. You want to access information such as the Google Cloud project where their image is built. What is the recommended way to do it?
Use substitutions in your build config file to substitute specific variables at build time.
Run a gcloud command in your build.
Run an API call to get the information.
It is not possible to access this information.
You are running a web application on a Linux distribution. You want to completely remove the overhead of patching the operating system. Which option best suits your requirements?
Containerize the application and use managed base images.
Make the VMs read-only.
Use an Alpine (stripped-down) image for your VMs.
Use Google's OS patching service.
You are tasked with containerizing a classic LAMP application. What would be the best practice you should follow (choose two options)?
Package a single app per container.
Package all apps into a single container.
Remove unnecessary tools.
Use public images.
You moved your application to GKE and want to see how the application reacts to faults caused by a single microservice not being available. What is the easiest way to do this?
Write a script that will randomly kill microservices.
Enable Istio on the GKE cluster and use fault injection.
Deploy the application from a YAML file that was edited to remove the code related to the microservice you want to test.
Move the microservice to a GCE VM and power off the VM during the tests.
You are adding a new feature to your application and decided to use Cloud Functions. Your application is on a GCE VM running within a VPC. The Cloud Function needs direct network access to that VM. How can this be achieved?
Use private services access.
User Serverless VPC Access.
Use Private Google Access.
Use Private Service Connect for Google APIs.
You want to scale your Managed Instance Group (MIG) based on a custom metric you created. Which option suits your requirements?
Create a Cloud schedule and Cloud function to query the metric and then scale the MIG.
Create a Cloud operations suite alert to trigger the scale out event.
Set up your MIG to export the custom metric from all VMs in the group.
Custom metrics are not supported by MIGs.
You want to measure how well your web application hosted on a GKE cluster is performing. Which option best suits your needs?
Periodically perform a survey of customer satisfaction among the users.
Create Cloud Monitoring health checks.
Use a third-party SaaS solution to perform periodic checks of HTTP 400 responses.
Define and set SLIs and SLOs using Cloud Monitoring.
You want to make sure only authenticated and authorized users can access your application running on a GKE cluster. What is the Google-recommended design?
Create a frontend container with proprietary authentication and an authorization mechanism.
Use Identity-Aware Proxy and GKE Ingress.
Move your application to Cloud Run and set up authorization.
Integrate your application with Active Directory using LDAP.
You want to securely connect to your GCE VMs using RDP and SSH from the public internet. What is the best practice?
Use IAP TCP forwarding.
Set a public IP address on all the VMs.
Use VPN tunnel to the VM.
Install a third-party remote desktop tool on the VMs.
Your company is located in one of the European countries where the GCP region is available. You will be serving customers from that country. You want to make sure you don't allow the deployment of resources outside of that GCP region. How can this be achieved?
Use organization policies.
Disable other regions from the Google Console in the Admin menu.
Disable other regions using the gcloud regions disallow command.
Disable other regions in the billing account settings.
As per the CIS Benchmarks, you want to disallow some VMs to use external IP addresses. How can this be achieved?
Use organization policies.
Set metadata on the GCP project.
Configure VPC as private.
Configure the subnet as private.
You want your cloud-native application to be able to access GCP services in a secure way. What is the Google-recommended way to do it?
Store the Google service account tokens in Kubernetes Secrets.
Store the Google service account tokens in the container image.
Store the Google service account tokens in a private container registry.
Use Workload Identity.
You are planning to deploy a landing zone for your new customer. The customer wants to make sure that there is a clear separation of duties between the Network and Compute teams. Which architecture will you use?
Shared VPC in a single-host project and multiple service projects
Single VPC per project
Single VPC and multiple-project with VPC peering to that single project
Single VPC and multiple-project with VPN tunnels to that single project
You want to run your application in containers and be able to move it across your hybrid and multi-cloud landscape. By default, the application will run in GCP. You want to make sure that the application will scale automatically. Which service should you choose?
Google Compute Engine
Google App Engine
Google Cloud Run
Google Cloud Functions
You are running your cloud-native workloads in a hybrid environment with GKE and an on-premises Kubernetes cluster. You want to make sure the Kubernetes clusters are configured in a unified way. How can this be achieved?
Apply Kubernetes ConfigMaps on each of the clusters.
Attach your on-premises clusters to Anthos and use Config Management.
Install Istio on all your clusters and use CRDs.
Install Config Connector on all your clusters and use CRDs.
You are designing a cloud-native application that will store data that needs to be queried by other applications running in Google Cloud. You decided to use Cloud Run. What is the best storage option?
Store the data on a GCS bucket.
Move the app to GKE instead and use PVC.
Connect from Cloud Run to the Cloud SQL service.
Cloud Run does not allow you to store persistent data.
You want to load-balance user traffic between Cloud Run services running in two GCP regions. What is the Google-recommended practice?
Use serverless Network Endpoint Groups (NEGs) and the External HTTP(S) load balancer.
Use Anthos Service Mesh.
Use Anthos ingress.
Use a multi-cluster service.
You are developing an in-house application and want the application to send the logs to Cloud Logging. Which option best suits your needs?
Install a custom Fluentd agent on your instances.
Configure the Cloud Logging agent to include your application logs.
Create a cron job and script that will call the Cloud Logging API to send the logs periodically.
It is not possible to collect custom logs with the Cloud Logging agent.
You want to distribute user traffic between services that run on different Anthos GKE clusters. Which option best suits your needs?
Use a multi-cluster service.
Use Anthos Multi Cluster Ingress.
Use a third-party ingress running on a separate GKE cluster.
Use a Network Load Balancer.
You have deployed a new revision of your application to Cloud Run. You see that the change made in the new revision contains a bug in the interface. You want to revert to the previous revision as quickly as possible. Select the correct way to do this:
SSH to the container and change the code.
Use the MANAGE TRAFFIC function to set that previous revision's traffic percentage to 100.
Revert the changes in the code, build a new container image, and deploy a new revision.
Delete the service and redeploy it with the container image used for previous revision.
Mock test four
OS Login can be enabled and disabled by setting metadata values at which level (select all that count)?
VM
Project
Organization
Folder
As a security analyst, you are looking for the ability to define fine-grained attribute-based access control for projects and resources. Which service offers this ability?
Access Context Manager
Cloud Armor
Organization Policy Service
Data Loss Prevention
A storage admin has provided you with information regarding a new Cloud Storage bucket that you requested. You use Cloud Shell to set a retention period of 1 month, but receive an error similar to the following: 400 cannot be set for a bucket that has a retention policy. What is the most likely issue?
Buckets only support a retention period in seconds.
You do not have full permissions on the bucket.
The bucket has versioning enabled.
The bucket is using a customer-managed encryption key.
You have created and modified a persistent boot disk and are required to save the state for creating new instances. What does GCP offer to assist you?
Instance templates
Local SSDs
Public images
Custom images
You wish to create a BigQuery table. What source options are available (select all that are applicable)?
Upload
Empty table
Google Cloud Storage
Cloud Spanner
Bigtable
Pub/Sub event
You want to use off-the-shelf templates to deploy GCP resources. A colleague recommended the Cloud Foundation Toolkit (CFT). What does this provide (select all that are applicable)?
Templates for Deployment Manager
Access to Cloud Shell with ct and bq installed
Templates for Terraform
Templates for Cloud Formation
You currently run your enterprise applications on VMware on-premises. You want them to run in Google Cloud as soon as possible. What service can assist you?
Cloud Migration Services
Creating an Interconnect network and performing vMotion
Migrate for Compute Engine
Cloud operations suite
You have been given the responsibility to design a highly available solution that will securely connect your on-premises network to your VPC network. What service should you look to utilize?
Cloud VPC
Cloud Routing
HA Tunneling
HA VPN
You currently have access to Compute Engine instances that are dedicated to hosting only your project's VMs, but you have been asked whether there is any way to reduce the cost. During your investigation, you notice that not all the VMs are using all their resources. What can you look into in more detail to assist in reducing the cost?
Shared responsibility model
Overcommitting CPU on sole-tenant VMs
Migrate to an HPC-ready VM instance
Overcommitting memory on a sole-tenant VM
You are required to move disk data across to a different project. What is the correct procedure?
Create a backup of the disk in project A, create a new disk in project B based on the backed-up disk, and attach a new disk to the instance in project B.
Back up the VM in project A, sync the VM to project B, and power on the backup in project B.
Create a snapshot of the disk in project A, edit the snapshot configuration to point towards project b, and edit the instance in project B to consume the snapshot.
Create a snapshot of the disk in project A, create a new disk in project B based on the snapshot, and attach a new disk to the instance in project B.
Your company is looking for a solution to transform lightweight data as it arrives and store it as structured data. What services could best fit this scenario?
Cloud Storage, Cloud Run, and BigQuery
Pub/Sub, Dataflow, and Bigtable
Cloud Storage, BigQuery, and Cloud Run
Dataflow, Pub/Sub, and Bigtable
You are creating a new project for some developers. You wish to restrict them from deploying resources to a particular location. What IAM feature should you use?
Workload Identity
Labels
Resource retention policies
Organizational policies
You are setting up a new dataset in BigQuery and want to optimize storage. One of your colleagues states it would be nice to remove unneeded tables and partitions. What should you set?
Table expiration
Table deletion policies
Query optimization policy
Dataset expiration
You have been asked to investigate a hybrid connectivity solution that matches the following requirements:
Low latency
Highly available
Large-data transfers
Which service best fits your needs?
Interconnect
Peering
VPC
VPN
You are required to migrate TBs of data from your on-premises machines to an existing cloud storage bucket. You want to perform this in a single transfer. What is the most suited service?
Cloud Storage Transfer Service
Transfer Appliance
BigQuery Data Transfer Service
Cloud Storage Transfer appliance
You have been tasked with setting up replication in Cloud SQL. You have been told the main requirement is to improve read performance by making replicas available closer to your application's region. Which type of replication should you choose?
HA read replicas
Cross-region read replicas
External read replicas
Multi-region read replicas
You have a latency-sensitive application using Bigtable and want to prevent imbalanced traffic among the nodes in the cluster. What is the recommendation from Google to achieve this?
Ensure your cluster has Bigtable QPS enabled.
Ensure your cluster runs at less than 50% memory usage.
Ensure your cluster runs at less than 50% CPU load.
Ensure your cluster has Bigtable GPS disabled.
You are developing a software service in GCP backends and want to expose the API to be consumed only by other developers that you trust. Which service best fits your needs?
Apigee
Cloud APIs service
Cloud Endpoints
GKE
You are looking for a Google service where you can import source code from Cloud Storage and then produce a container image. Which service fits your needs?
Cloud Run
Cloud Pipelines
Cloud CI/CD
Cloud Build
Which hybrid connectivity service uses BGP for your VPC networks?
Cloud Router
Cloud Interconnect
Cloud Network Connectivity Center
Cloud
Answers to mock test one
C: Archive storage is the most cost-effective option. For more information, refer to https://cloud.google.com/storage/.
A: Bigtable is a petabyte-scale, fully managed NoSQL database service for large analytical and operational workloads. It is ideal for ad technology, financial technology, and IoT. For more information, refer to https://cloud.google.com/bigtable/.
D: "Cloud Dataflow is a fully managed service for transforming and enriching data in stream (https://cloud.google.com/solutions/big-data/stream-analytics/) (real-time) and batch (historical) modes with equal reliability and expressiveness – no more complex workarounds or compromises needed. And with its serverless approach to resource provisioning and management, you have access to virtually limitless capacity to solve your biggest data processing challenges, while paying only for what you use." For more information, refer to https://cloud.google.com/dataflow/:
A: Cloud Dataproc is a fast, easy-to-use, fully managed cloud service for running Apache Spark and Apache Hadoop clusters in a simpler, more cost-efficient way. For more information, refer to https://cloud.google.com/dataproc/:
"Your use of uptime checks is affected by any firewalls protecting your service:
If the resource you are checking isn't publicly available, you must configure the resource's firewall to permit incoming traffic from the uptime check servers. Refer to Getting uptime-check IP addresses at https://cloud.google.com/monitoring/uptime-checks/using-uptime-checks#get-ips to download a list of the IP addresses.
If the resource you are checking doesn't have an external IP address, uptime checks are unable to reach it."
A: Dataflow will accommodate the processing of late data. Dataflow is a managed Apache Beam service.
However, data isn't always guaranteed to arrive in a pipeline chronologically or at predictable intervals. Beam tracks a watermark, which is the system's notion of when all data in a certain window can be expected to have arrived in the pipeline. Once the watermark progresses past the end of a window, any further element that arrives with a timestamp in that window is considered late data. For more information, refer to https://beam.apache.org/documentation/programming-guide/.
B: The fastest way is to roll back the application.
"We don't want to mess around with our code; we need to fix this right now. Users are upset! Go back to the list of versions and check the box next to the version that was deployed first. Now, click the MAKE DEFAULT button located above the list. Traffic immediately switches over to the stable version. Crisis averted!
That was easy.
You can now delete the buggy version by checking the box next to the version and then clicking the DELETE button located above the list."
C: "Cloud SQL is a fully managed database service that makes it easy to set up, maintain, manage, and administer your relational PostgreSQL and MySQL databases in the cloud." For more information, refer to https://cloud.google.com/sql/.
D: Sentiment analysis inspects the given text and identifies the prevailing emotional opinion within the text, especially with a view to determining a writer's attitude as positive, negative, or neutral. For more information, refer to https://cloud.google.com/natural-language/docs/analyzing-sentiment.
A: "You can apply budget alerts to either a billing account or a project, and you can set the budget alert at a specific amount or match it to the previous month's spend. The alerts will be sent to billing administrators and billing account users when spending exceeds a percentage of your budget." For more information, refer to https://cloud.google.com/billing/docs/how-to/budgets.
A: VPC peering allows connectivity across two VPC networks, regardless of whether or not they belong to the same project. For more information, refer to https://cloud.google.com/vpc/docs/using-vpc-peering.
D: Cloud Spanner can scale into PT of data and fits the requirements for high availability and strong consistency. For more information, refer to https://cloud.google.com/spanner/.
B: Tags that are put onto GCE instances can also be used to determine the firewall rule on both inbound and outbound rules. If a web server is applied to a VM and added to the firewall rule, then it will be impacted. For more information, refer to https://cloud.google.com/vpc/docs/firewalls.
A: Cloud VPN satisfies requirements. If application-level encryption is needed, then Partner Interconnect or Direct Interconnect should be considered. If there is a requirement to connect to G Suite, then Carrier Peering should be considered. For more information, refer to https://cloud.google.com/hybrid-connectivity/.
A: Cloud Content Delivery Network caches in numerous locations around the world, thereby yielding reduced latency. For more information, refer to https://cloud.google.com/cdn/docs/overview.
A: "Substitutions are helpful for variables whose value isn't known until build time, or to reuse an existing build request with different variable values. Cloud Build provides built-in substitutions or you can define your own substitutions. Use substitutions in your build's steps and images to resolve their values at build time." For more information, refer to https://cloud.google.com/build/docs/configuring-builds/substitute-variable-values.
A and C: "When you start working with containers, it's a common mistake to treat them as virtual machines that can run many different things simultaneously. A container can work this way but doing so reduces most of the advantages of the container model. Because a container is designed to have the same life cycle as the app it hosts, each of your containers should contain only one app." "To protect your apps from attackers, try to reduce the attack surface of your app by removing any unnecessary tools. For example, remove utilities like netcat, which you can use to create a reverse shell inside your system. If netcat is not in the container, the attacker has to find another way."
For more information, refer to https://cloud.google.com/architecture/best-practices-for-building-containers.
B: Istio allows you to inject faults to test the resiliency of your application.
B: "Serverless VPC Access enables you to connect from a serverless environment on Google Cloud (Cloud Run, Cloud Functions, or the App Engine standard environment) directly to your VPC network. This connection makes it possible for your serverless environment to access Compute Engine VM instances, Memorystore instances, and any other resources with an internal IP address."
C: "You can create custom metrics using Cloud Monitoring and write your own monitoring data to the Monitoring service. This gives you side-by-side access to standard Google Cloud data and your custom monitoring data, with a familiar data structure and consistent query syntax. If you have a custom metric, you can choose to scale based on the data from these metrics."
B: When an application or resource is protected by IAP, it can only be accessed through the proxy by members (https://cloud.google.com/iam/docs/overview#concepts_related_identity), also known as users, who have the correct Identity and Access Management (IAM) role (https://cloud.google.com/iam/docs/understanding-roles). When you grant a user access to an application or resource by IAP, they're subject to the fine-grained access controls implemented by the product in use without requiring a VPN. When a user tries to access an IAP-secured resource, IAP performs authentication and authorization checks.
D: Workload Identity is the recommended way to access Google Cloud services from applications running within GKE, due to its improved security properties and manageability. For information about alternative ways to access Google Cloud APIs from GKE, refer to https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity.
A: "Shared VPC lets organization administrators delegate administrative responsibilities, such as creating and managing instances, to Service Project Admins while maintaining centralized control over network resources such as subnets, routes, and firewalls." For more information, refer to https://cloud.google.com/vpc/docs/shared-vpc.
C: Knative provides an open API and runtime environment that enables you to run your serverless workloads anywhere you choose – fully managed on Google Cloud, on Anthos on Google Kubernetes Engine (GKE), or on your own Kubernetes cluster. Knative makes it easy to start with Cloud Run and later move to Cloud Run for Anthos, or start in your own Kubernetes cluster and migrate to Cloud Run in the future. By using Knative as the underlying platform, you can move your workloads freely across platforms, while significantly reducing the switching costs. For more information, refer to https://cloud.google.com/knative.
B: "With Anthos Config Management, you can create a common configuration across all your infrastructure, including custom policies, and apply it both on-premises and across clouds. Anthos Config Management evaluates changes and rolls them out to all Kubernetes clusters so that your desired state is always reflected."
C: Cloud SQL is a fully managed database service that helps you set up, maintain, manage, and administer your relational databases in the cloud. For more information, refer to https://cloud.google.com/sql/docs/mysql/connect-run.
"If a backend service contains several NEGs, the load balancer balances traffic by forwarding requests to the serverless NEG in the closest available region. However, backend services can only contain one serverless NEG per region. To make your Cloud Run service available from multiple regions, you will need to set up cross-region routing. You should be able to use a single URL scheme that works anywhere in the world yet serves user requests from the region closest to the user. If the closest region is unavailable or is short on capacity, the request will be routed to a different region."
B: Besides the list of default logs (https://cloud.google.com/logging/docs/agent/default-logs) that the Logging agent streams by default, you can customize the Logging agent to send additional logs to Logging or to adjust agent settings by adding input configurations.
B: "Multi Cluster Ingress (MCI) is a cloud-hosted multi-cluster Ingress controller for Anthos GKE clusters. It's a Google-hosted service that supports deploying shared load balancing resources across clusters and across regions." For more information, refer tohttps://cloud.google.com/kubernetes-engine/docs/concepts/multi-cluster-ingress.
B: Cloud Run allows you to specify which revisions should receive traffic and to specify traffic percentages that are received by a revision. This feature allows you to roll back to a previous revision, gradually roll out a revision, and split traffic between multiple revisions.
A, B, C, and E are all applicable selections when creating a BigQuery table:
Figure 19.5 – BigQuery options
A and C: For more information, refer to https://cloud.google.com/foundation-toolkit. The Cloud Foundation Toolkit (CFT) offers templates for both Deployment Manager and Terraform.
A: "Lightweight" is the keyword here. Lightweight data transformation is a use case for Cloud Run. Cloud Run transforms lightweight data as it arrives and stores it as unstructured data. In this example, a file can be uploaded to Cloud Storage, and an event is triggered and delivered to a Cloud Run service. Data is then structured and stored in a BigQuery table. As answer A is the only option that mentions Cloud Run, this is the correct answer. For more information, refer to https://cloud.google.com/run.
A: For more information, refer to https://cloud.google.com/bigquery/docs/best-practices-storage. Setting a table expiration time on our Big Query table will delete data when the time is exceeded. This option is useful if you need access to only the most recent data. It is also useful if you are experimenting with data and do not need to preserve it.
B: For more information, refer to https://cloud.google.com/bigtable/docs/performance. This capacity also provides a buffer for traffic spikes or key-access hotspots, which can cause imbalanced traffic among nodes in the cluster.
C: For more information, refer to https://cloud.google.com/endpoints. Cloud Endpoints lets us develop APIs on any GCP backend and then share our APIs with other developers.
D: For more information, refer to https://cloud.google.com/build/docs/overview. Cloud Build can import from various sources and deliver artifacts as part of a serverless CI/CD pipeline.