home > research > flashcards > google-cloud-engineer-ace-drill (2024-08-14)

Google Cloud Engineer Ace

Google Cloud Engineer Ace

Table of Contents

Google Cloud Platform Fundamentals

GCP Compute Services   drill google_cloud_engineer_ace

What are the main compute services offered by Google Cloud Platform?

Answer

  1. Compute Engine (VMs)
  2. Google Kubernetes Engine (GKE)
  3. App Engine
  4. Cloud Functions
  5. Cloud Run

GCP Storage Services   drill google_cloud_engineer_ace

List the primary storage services in Google Cloud Platform.

Answer

  1. Cloud Storage
  2. Cloud SQL
  3. Cloud Spanner
  4. Cloud Bigtable
  5. Cloud Firestore
  6. Cloud Memorystore

GCP Networking   drill google_cloud_engineer_ace

What are the key networking services and concepts in GCP?

Answer

  1. Virtual Private Cloud (VPC)
  2. Cloud Load Balancing
  3. Cloud CDN
  4. Cloud DNS
  5. Cloud VPN
  6. Cloud Interconnect
  7. Network Service Tiers

GCP IAM   drill google_cloud_engineer_ace

Explain the main components of Google Cloud Identity and Access Management (IAM).

Answer

  1. Resources: The GCP services and objects that can be accessed
  2. Permissions: Granular access control to resources
  3. Roles: Collections of permissions
  4. Members: Users, groups, service accounts, or domains
  5. Policies: Bindings of members to roles for specific resources

GCP Monitoring and Logging   drill google_cloud_engineer_ace

What are the primary services for monitoring and logging in GCP?

Answer

  1. Cloud Monitoring
  2. Cloud Logging
  3. Error Reporting
  4. Cloud Trace
  5. Cloud Debugger
  6. Cloud Profiler

Compute Engine

Compute Engine Instance Types   drill google_cloud_engineer_ace

What are the main types of Compute Engine instances?

Answer

  1. General-purpose (N1, N2, E2)
  2. Compute-optimized (C2)
  3. Memory-optimized (M1, M2)
  4. GPU instances
  5. Sole-tenant nodes

Compute Engine Pricing Models   drill google_cloud_engineer_ace

Describe the different pricing models available for Compute Engine instances.

Answer

  1. On-demand pricing: Pay for what you use, billed by the second
  2. Preemptible VMs: Low-cost, short-lived compute instances
  3. Committed use discounts: Discounted prices for committing to a usage term
  4. Sustained use discounts: Automatic discounts for running instances for a significant portion of the billing month
  5. Spot VMs: Flexible, lower-cost option for fault-tolerant workloads

Google Kubernetes Engine (GKE)

GKE Cluster Types   drill google_cloud_engineer_ace

What are the main types of GKE clusters?

Answer

  1. Standard clusters: Fully managed Kubernetes clusters
  2. Autopilot clusters: Hands-off, fully managed clusters with optimized node provisioning
  3. Private clusters: Clusters with private networking and limited public access
  4. Multi-zonal clusters: Clusters spread across multiple zones in a region
  5. Regional clusters: High-availability clusters spread across multiple zones in a region

GKE Networking   drill google_cloud_engineer_ace

Explain the networking options available for GKE clusters.

Answer

  1. VPC-native clusters: Use alias IP addresses for pods and services
  2. Routes-based clusters: Use custom static routes for pod networking
  3. Network policies: Kubernetes network policies for controlling traffic between pods
  4. Ingress and egress control: Manage incoming and outgoing traffic to the cluster
  5. Service mesh integration: Support for Istio and other service mesh technologies

App Engine

App Engine Environments   drill google_cloud_engineer_ace

What are the two environments available in App Engine, and how do they differ?

Answer

  1. Standard Environment:
    • Runs in a sandbox
    • Supports specific versions of programming languages
    • Faster instance startup
    • Free daily usage quota
  2. Flexible Environment:
    • Runs in Docker containers
    • Supports any programming language
    • More control over the runtime environment
    • Access to write to local disk
    • Can use third-party binaries

App Engine Scaling Types   drill google_cloud_engineer_ace

Describe the different scaling types available in App Engine.

Answer

  1. Automatic scaling: Automatically adds or removes instances based on traffic
  2. Basic scaling: Allows instances to be shut down when not in use
  3. Manual scaling: Specifies a fixed number of instances to run

Cloud Storage

Cloud Storage Classes   drill google_cloud_engineer_ace

List and briefly describe the storage classes available in Google Cloud Storage.

Answer

  1. Standard: Frequently accessed data, highest availability
  2. Nearline: Infrequently accessed data (once per month), lower cost
  3. Coldline: Rarely accessed data (once per quarter), very low cost
  4. Archive: Data archiving and disaster recovery, lowest cost

Cloud Storage Features   drill google_cloud_engineer_ace

What are some key features of Google Cloud Storage?

Answer

  1. Object versioning
  2. Lifecycle management
  3. Object change notification
  4. Data encryption (client-side and server-side)
  5. Access control (IAM and ACLs)
  6. Object hold and retention policies
  7. Multi-regional and dual-regional storage options
  8. Strong consistency

Networking

VPC Peering vs VPN   drill google_cloud_engineer_ace

Compare VPC Peering and Cloud VPN in Google Cloud Platform.

Answer

VPC Peering:

  • Connects two VPC networks
  • Traffic stays on Google's network
  • Lower latency and higher bandwidth
  • No encryption of traffic
  • Does not require external IP addresses

Cloud VPN:

  • Connects on-premises network to GCP VPC
  • Traffic goes over the public internet
  • Encrypted using IPsec
  • Requires external IP addresses
  • Can connect different cloud providers

Load Balancing Types   drill google_cloud_engineer_ace

What are the main types of load balancers available in GCP?

Answer

  1. HTTP(S) Load Balancing (Global)
  2. SSL Proxy Load Balancing (Global)
  3. TCP Proxy Load Balancing (Global)
  4. Network Load Balancing (Regional)
  5. Internal TCP/UDP Load Balancing (Regional)
  6. Internal HTTP(S) Load Balancing (Regional)

Security

Cloud Security Scanner   drill google_cloud_engineer_ace

What is Cloud Security Scanner and what does it do?

Answer

Cloud Security Scanner is an automated vulnerability scanning service for App Engine, Compute Engine, and Google Kubernetes Engine applications. It identifies security vulnerabilities such as:

  • Cross-site scripting (XSS)
  • Flash injection
  • Mixed content (HTTPS/HTTP)
  • Outdated/insecure libraries
  • Insecure use of cryptography algorithms

Cloud Armor   drill google_cloud_engineer_ace

Explain the purpose and features of Google Cloud Armor.

Answer

Google Cloud Armor is a web application firewall (WAF) and DDoS protection service. Key features include:

  • Pre-configured rules to protect against common vulnerabilities (e.g., SQL injection, cross-site scripting)
  • Custom rules using Cloud Armor security policies
  • IP address allow/deny lists
  • Geographic-based access control
  • Integration with HTTP(S) Load Balancing
  • Protection against layer 3-7 DDoS attacks
  • Adaptive protection using machine learning

Author: Jason Walsh

j@wal.sh

Last Updated: 2024-08-14 06:08:50