Gcp¶
150 cards β π’ 38 easy | π‘ 74 medium | π΄ 38 hard
π’ Easy (38)¶
1. What is Cloud Datastore?
Show answer
Cloud Datastore is a schemaless NoSQL datastore in Google's cloud. Applications can use Datastore to query your data with SQL-like queries that support filtering and sorting. Datastore replicates data across multiple datacenters, which provides a high level of read/write availability.2. List and explain the enterprise security capabilities provided by Anthos
Show answer
* Control plane security - GCP manages and maintains the K8s control plane out of the box. The user can secure the api-server by using master authorized networks and private clusters. These allow the user to disable access on the public IP address by assigning a private IP address to the master.3. What is private service connect ?
Show answer
Private Service Connect enables secure and private connectivity between a customer's Virtual Private Cloud (VPC) network and a service provider's network. It allows organizations to consume managed services while keeping the traffic private.4. What is spectrum access system ?
Show answer
Spectrum Access System refers to the system managing shared access to spectrum frequencies. It enables dynamic spectrum sharing for communication services, optimizing the utilization of available spectrum resources.5. What is TensorFlow Extended (TFX)?
Show answer
TFX is an end-to-end platform for deploying production ML pipelines. It's designed to enable the orchestration of ML workflows, ensuring scalability and reproducibility. TFX provides:* Data Ingestion and Validation: Integrates data from various sources and validates its quality.
6. What is capacity planner in GCP ?
Show answer
Capacity Planner in GCP is a tool that assists in estimating the necessary resources for running workloads on Google Cloud. It helps in planning the required capacity of compute, storage, and other resources based on expected usage.7. What are sheilded VMs ?
Show answer
Shielded VMs in Google Cloud Platform provide a higher level of protection against various threats to the integrity of your VMs. They're hardened virtual machines that offer a defense against boot and kernel-level attacks.Key aspects of Shielded VMs:
8. What is Google Transfer Appliance?
Show answer
It's a physical storage solution for transferring large amounts of data to GCP. This appliance is useful when transferring large datasets that might be impractical to move over the internet due to their size and latency constraints.9. True or False? All GCP services are available in all regions zones
Show answer
False. You can see [here](https://cloud.google.com/about/locations) which products/services available in each region.10. List the labels of an instance called "instance-1"
Show answer
`gcloud compute instances describe instance-1 --format "yaml(labels)"`11. How to list all regions?
Show answer
`gcloud compute regions list`12. What is Anthos Service Mesh?
Show answer
* It is a suite of tools that assist in monitoring and managing deployed services on Anthos of all shapes and sizes whether running in cloud, hybrid or multi-cloud environments. It leverages the APIs and core components from Istio, a highly configurable and open-source service mesh platform.13. True or False? A resource has to be associated with at least one project
Show answer
True. You can't have resources associate with no projects.14. What is Cloud IoT Edge in GCP?
Show answer
Cloud IoT Edge extends Google Cloud's capabilities to the edge for IoT devices, enabling edge computing by providing a framework to run IoT applications and machine learning models directly on IoT devices. It enables local data processing and analysis, reducing latency and optimizing bandwidth usage.15. What is BigQuery Omni in GCP?
Show answer
BigQuery Omni allows users to analyze data across multiple clouds within a single pane of glass. It allows users to analyze and gain insights from data stored in multiple clouds, enabling seamless data processing and analytics.16. What is Bigtable in GCP?
Show answer
Cloud Bigtable is a NoSQL database service for handling large analytical and operational workloads at scale.* Scalability and Performance: Bigtable is designed for high scalability and performance, capable of handling petabytes of data with low latency.
17. What is Google Cloud Code and how does it help Kubernetes development?
Show answer
It is a set of tools to help developers write, run and debug GCP kubernetes based applications. It provides built-in support for rapid iteration, debugging and running applications in development and production K8s environments.18. What is Google Anthos and what multi-cloud capabilities does it provide?
Show answer
It is a managed application platform for organisations like enterprises that require quick modernisation and certain levelsof consistency for their legacy applications in a hybrid or multicloud world. From this explanation the core ideas can be drawn from these statements;
19. What is profiler in GCP ? How is it useful ?
Show answer
Profiler in GCP is a tool for identifying performance bottlenecks in applications. It analyzes code execution and provides insights into performance issues, helping developers optimize and fine-tune their applications.20. What is Identity Platform ?
Show answer
Google Cloud Identity Platform is an authentication service that allows developers to easily integrate authentication and identity services into their applications. It supports multiple identity providers, enabling user authentication and management.21. True or False? In a project, you can have one or more organizations
Show answer
False. It's quite the opposite. First there is an organization and under organization you can have one or more folder with one or more projects.22. True or False? Each GCP region is designed to be completely isolated from the other GCP regions
Show answer
True. GCP regions are isolated from each other. Each region has independent infrastructure, and data doesn't replicate across regions unless explicitly configured.23. What is Cloud Trace in GCP?
Show answer
Cloud Trace is a distributed tracing system for generating latency reports. It provides detailed information about how long it takes for a request to travel through various components of a distributed application, allowing for performance improvements and troubleshooting.24. What is Dialogflow in GCP?
Show answer
Dialogflow is a natural language understanding platform for building conversational applications. It enables developers to design and deploy conversational interfaces, supporting multiple platforms and languages, facilitating natural and rich interactions with users.25. What are the components of the managed control plane of Anthos Service Mesh?
Show answer
1. Traffic Director - it is GCP's fully managed service mesh traffic control plane, responsible for translating Istio API objects into configuration information for the distributed proxies, as well as directing service mesh ingress and egress traffic26. True or False? Project name has to be globally unique
Show answer
True. GCP project names must be globally unique across all of Google Cloud. Project IDs (used in APIs) are also globally unique.27. List some Cloud Run for Anthos use cases
Show answer
As it does not support stateful applications or sticky sessions, it is suitable for running stateless applications such as:* Machine learning model predictions e.g Tensorflow serving containers
* API gateways, API middleware, web front ends and Microservices
* Event handlers, ETL
28. What is Cloud Storage Transfer Service?
Show answer
It's a service for transferring large amounts of data from other cloud providers or on-premises to GCP storage. It allows seamless and secure transfers while handling the complexities of large-scale data migration.29. What is Island Mode configuration with regards to networking in Anthos GKE deployed on-prem?
Show answer
* This is when pods can directly talk to each other within a cluster, but cannot be reached from outside the cluster thus forming an "island" within the network that is not connected to the external network.30. What is Google Kubernetes Engine (GKE) and what does it provide?
Show answer
* It is the managed kubernetes service on GCP for deploying, managing and scaling containerised applications using Google infrastructure.31. What is Cloud Run for Anthos?
Show answer
It is part of the Anthos stack that brings a serverless container experience to Anthos, offering a high-level platform experience on top of K8s clusters. It is built with Knative, an open-source operator for K8s that brings serverless application serving and eventing capabilities.32. List and explain three high-level out of the box autoscaling primitives offered by Cloud Run for Anthos that do not exist in K8s natively
Show answer
* Rapid, request-based autoscaling - default autoscalers monitor request metrics which allows Cloud Run for Anthos to handle spiky traffic patterns smoothly33. What are labels in Kubernetes and how are they used for organization?
Show answer
You can think about labels in GCP as sticky notes that you attach to different GCP resources. That makes it easier for example, to search for specific resources (like applying the label called "web-app" and search for all the resources that are related somehow to "web-app")34. What is the primary computing environment for Anthos to easily manage workload deployment?
Show answer
* Google Kubernetes Engine (GKE)35. What are network tags and how are they different from labels?
Show answer
As the name suggests, network tags can be applied only to network resources.While labels don't affect the resources on which they are applied, network tags do affect resources (e.g. firewall access and networking routes)
36. What does the following command do? gcloud deployment-manager deployments create
Show answer
Deployment Manager creates a new deployment.37. List possible use cases of traffic controls that can be implemented within Anthos Service Mesh
Show answer
* Traffic splitting across differing service versions for canary or A/B testing* Circuit breaking to prevent cascading failures
* Fault injection to help build resilient and fault-tolerant deployments
* HTTP header-based traffic steering between individual services or versions
38. What are GCP's strategies for Disaster Recovery (DR)?
Show answer
GCP provides redundancy, backup, and geo-distribution features to ensure DR.* Regional Redundancy: GCP's infrastructure is designed for data redundancy across multiple regions, ensuring availability even in case of regional outages.
π‘ Medium (74)¶
1. What all types of databases are suppported by GCP ?
Show answer
AlloyDB, BigTable, Firestore, MemoryStore, Spanner, SQL2. What are usecases of IAP ?
Show answer
Identity-Aware Proxy (IAP) is a GCP service that provides centralized access management for GCP resources. Use cases for IAP include:Secure Remote Access: Allows employees or users to securely access resources from anywhere without a VPN.
Web Application Protection: Protects web applications from unauthorized access.
Granular Access Control: Enables fine-grained access control based on user identity rather than network location.
3. Explain Global Load Balancer.
Show answer
It's a load balancing service distributing internet traffic across multiple regions to optimize service availability. It provides:* Global Presence: It offers a single anycast IP address for routing traffic to the nearest healthy instance, improving latency and service availability.
4. Explain TensorFlow on GCP.
Show answer
TensorFlow is an open-source machine learning platform, and GCP provides infrastructure and services to leverage TensorFlow efficiently.Key features:
* High-Performance Computing: GCP offers powerful compute resources to train and deploy TensorFlow models.
5. What is workload identity federation ?
Show answer
Workload Identity Federation extends the capabilities of Workload Identity, enabling workloads to use external identity providers for authentication and authorization. It allows users to integrate their own identity systems with Google Cloud, enabling seamless and secure access to GCP resources based on their existing identity infrastructure.6. What are NFS shares ?
Show answer
NFS (Network File System) shares allow multiple instances to access and share a common file system over a network. It's a distributed file system protocol that enables a client to access files over a network as if they were on its local disks. In GCP, NFS shares can be set up using Google Cloud Filestore, providing high-performance, fully managed NFS file servers to store and access data for applications that need shared file systems.7. What is concept of shared VPC in GCP, also how do you setup a shared VPC ?
Show answer
Shared VPC (Virtual Private Cloud) is a network resource that allows an organization to connect multiple projects to a common VPC network. This centralizes network management and administration while allowing resources from different projects to communicate securely within the same virtual network. It simplifies network setup, aids in resource sharing, and centralizes governance and security policies.8. Remove the label "env" from an instance called "instance-1"
Show answer
`gcloud compute instances update instance-1 --remove-labels env`9. What is Cloud IoT Core in GCP?
Show answer
Cloud IoT Core is a fully managed service for securely connecting, managing, and ingesting data from globally dispersed devices. Cloud IoT Core is a fully managed service that allows you to securely connect, manage, and ingest data from globally dispersed IoT devices. It offers a robust infrastructure to handle IoT device management and enables easy integration with other GCP services for data analysis and insights.10. What is Cloud Load Balancing?
Show answer
It's a service for distributing incoming network traffic across multiple resources, ensuring high availability and reliability. Offers various load balancing options: global (for HTTP(S) and TCP/SSL traffic), internal (for internal traffic within VPC), and network (for non-HTTP/S traffic). Automatically scales resources based on traffic demands.11. What are Committed Use Discounts (CUDs) on GCP?
Show answer
CUDs are cost-saving commitments for specified compute resources over a term. When committing to use specific virtual machine instances or other resources for a one- or three-year term, Google offers discounted pricing compared to pay-as-you-go pricing. These discounts are beneficial for workloads that have predictable and steady resource consumption.12. Explain Google Cloud SQL.
Show answer
It's a fully managed relational database service supporting MySQL, PostgreSQL, and SQL Server. Provides automated backups, replication, and patches. Ideal for applications needing relational databases without the hassle of managing them.13. What is Google Compute Engine (GCE)?
Show answer
GCE is an Infrastructure as a Service (IaaS) offering by GCP, providing scalable virtual machines to run workloads. Users can select configurations for CPUs, memory, and storage, and have full control over the software running on these VMs. GCE allows users to create, start, stop, and manage instances, providing a flexible and on-demand computing infrastructure within Google Cloud.14. Describe Google Cloud VPN.
Show answer
Cloud VPN allows secure connections between an on-premises network and GCP using IPsec VPN protocols.* Secure Connectivity: Cloud VPN establishes an encrypted IPsec tunnel between the on-premises network and GCP. This ensures secure communication over the public internet.
15. What is Cloud Run in GCP?
Show answer
Cloud Run is a fully managed serverless platform for building and running containerized applications. Notable features include:* Portability: Supports containerized applications built on any language or framework.
* Automatic Scaling: Scales up or down in response to traffic.
* Pay-for-Usage Model: Charges are based on actual resource usage.
16. What is Cloud Spanner, and how is it different from other databases?
Show answer
Cloud Spanner is a globally distributed, horizontally scalable database designed for mission-critical applications with strong consistency and SQL support. It combines the benefits of relational databases with the scalability of NoSQL databases. It can automatically scale both storage and compute resources. The Data is replicated across multiple regions for high availability and low latency. It also maintains strong consistency with ACID properties for transactions.17. What is a RISK Manager ?
Show answer
In the context of GCP, Risk Manager is a tool that allows organizations to identify and manage various types of risks associated with their GCP environment. It enables continuous risk assessment, monitoring, and response by providing insights into vulnerabilities, compliance issues, and threats. Risk Manager helps in creating a risk-aware culture by centralizing risk management activities and streamlining risk mitigation processes.18. Explain each of the above databases types.
Show answer
1. AlloyDBAlloyDB is Google's scalable, distributed, in-memory database. It combines the benefits of traditional relational databases with the scale and performance of NoSQL databases, ideal for high-throughput transactional applications.
2. BigTable
19. Explain Multi-Regional Storage in GCP.
Show answer
Multi-Regional Storage offers high availability and low latency access to frequently accessed data across multiple regions. It is suitable for workloads requiring quick and reliable access to data, providing redundancy and fast access to data across different geographic regions.20. What are flow logs? Where are they enabled?
Show answer
VPC Flow Logs records a sample of network flows sent from and received by VM instances, including instances used as Google Kubernetes Engine nodes. These logs can be used for network monitoring, forensics, real-time security analysis, and expense optimization.Enable Flow Logs
1. Open VPC Network in GCP Console
2. Click the name of the subnet
3. Click EDIT button
4. Set Flow Logs to On
5. Click Save
21. How does Cloud Run for Anthos simplify operations?
Show answer
Platform teams in organisations that wish to offer developers additional tools to test, deploy and run applications can use Knative to enhance this experience on Anthos as Cloud Run. Below are some of the benefits;22. What considerations to take when choosing an GCP region for running a new application?
Show answer
* Services Availability: not all service (and all their features) are available in every region* Reduced latency: deploy application in a region that is close to customers
23. Explain Google Kubernetes Engine (GKE).
Show answer
GKE is a managed Kubernetes service for deploying, managing, and scaling containerized applications using Kubernetes.Features that sets it apart:
* Automated Operations: Manages the Kubernetes infrastructure, including upgrades and node provisioning.
24. What is Binary Authorization ?
Show answer
Binary Authorization is a GCP security feature that enforces deployment policies by validating container images before they're deployed to a Kubernetes engine. It ensures that only trusted and authorized container images are allowed to run in the Kubernetes environment. Binary Authorization uses attestations and signatures to verify that images meet specific criteria, such as being signed by a trusted authority or adhering to certain security and compliance standards, enhancing the security of t25. What is Google Cloud CDN (Content Delivery Network)?
Show answer
Google Cloud CDN is a distributed edge caching service for delivering content closer to users for lower latency and better performance.* Content Caching and Distribution: Cloud CDN caches web content at Google's globally distributed edge caches. This allows users to access content from a nearby edge location, reducing latency.
26. Explain roles and permissions
Show answer
Role is an encapsulation of set of permissions. For example an "owner" role has more than 3000 assigned permissions to the different components and services of GCP.27. What is Secure Boot and how does it protect the boot process?
Show answer
Secure Boot is a component of Shielded VMs and is a UEFI feature that ensures the system boots only with signed and verified code, guaranteeing that the operating system and bootloader haven't been tampered with. This prevents the loading of unauthorized firmware and helps protect against boot-level malware or rootkits.28. What are os policies ? or How can you perform automatic patch management in GCP ? or How do you ensure a certain package in installed on all incoming VMs?
Show answer
OS Policies in GCP enable administrators to define and enforce policies on operating systems across VM instances. This includes automatically managing OS patches, updating packages, and enforcing configurations to ensure consistency and security compliance across the infrastructure. Through OS policies, administrators can define rules for automatic patch management, ensuring that specific packages are installed or updated on all incoming VMs as they are provisioned.29. What is Cloud Identity-Aware Proxy (IAP)?
Show answer
IAP is a service that controls access to web applications running on GCP. It allows access to applications based on a user's identity and context, rather than the traditional method of using a VPN.IAP offers:
* Context-Aware Access: It considers user identity and context, such as device security status and geographic location, to grant access.
30. What is Customer-Supplied Encryption Key (CSEK)?
Show answer
It's a feature allowing customers to manage their encryption keys used for data at rest in GCP services.Key Points:
* Customer Control: Customers generate and manage their encryption keys outside of GCP.
* Data Encryption: Customers can use these keys to encrypt their data before storing it in GCP services.
Use Case:
CSEK enables customers to maintain control over their data encryption keys, ensuring an additional layer of security and compliance for sensitive data stored in GCP.
31. Describe Edge AI in GCP.
Show answer
Edge AI enables running ML models on edge devices to process data locally. GCP provides tools and services for deploying machine learning models to edge devices, allowing real-time processing and decision-making at the edge.32. Describe Google Cloud Armor.
Show answer
Cloud Armor is a DDoS and application defense service providing security against web-based threats. It offers customizable defenses to secure internet-facing applications. Key features include:* DDoS Protection: Defends against volumetric and protocol-based DDoS attacks.
33. What is Google Cloud Disaster Recovery (DR)?
Show answer
It's a set of strategies and services to recover critical systems and data in case of a disaster. GCP offers various features and capabilities to facilitate disaster recovery planning, such as data replication, failover mechanisms, and geographic redundancy. By leveraging GCP's distributed infrastructure and data replication services, organizations can design and implement robust disaster recovery plans to ensure business continuity in case of unexpected disruptions.34. What is VPC Service Controls ?
Show answer
VPC Service Controls is a GCP security feature allowing the restriction of data access between Google-managed services and the resources within a Virtual Private Cloud (VPC). It establishes a security perimeter around GCP resources, enabling organizations to define a security perimeter around APIs and services to prevent data exfiltration, maintaining data integrity and compliance. It ensures that sensitive data remains within the organization's specified boundaries even in the case of breaches.35. What are sole-tenant-nodes ?
Show answer
Sole-Tenant Nodes are physical Compute Engine servers dedicated to a single user or organization. They offer the advantage of complete control over instance placement on the host hardware. This is beneficial for workloads that require specific hardware configurations, security, or compliance requirements that necessitate dedicated resources.36. Can you deploy Anthos on AWS?
Show answer
* Yes, Anthos on AWS is now GA. For more read [here](https://cloud.google.com/anthos/gke/docs/aws)37. Describe GCP's approach to GDPR compliance.
Show answer
GCP offers features to assist customers in their GDPR compliance efforts by providing tools for data protection and control. GCP has designed its services to help customers comply with GDPR. Here's how GCP approaches GDPR compliance:38. Create an instance with the following properties:
Show answer
`gcloud compute instances create instance-1 --labels app=web,env=dev --machine-type=e2-micro`39. What is Async Replication ?
Show answer
Async Replication, in the context of databases or storage systems, refers to an asynchronous method of data replication. It involves copying and synchronizing data from a source to a destination in a non-blocking manner. The replication process doesnβt require immediate confirmation of data synchronization and can continue independently, potentially leading to a small delay in data consistency between the source and destination.40. Which load balancing options are available?
Show answer
* Networking load balancing for L4 and HTTP(S) Load Balancing for L7 which are both managed services that do not requireadditional configuration.
* Ingress for Anthos which allows the ability to deploy a load balancer that serves an application across multiple clusters
on GKE
41. What is Cloud Functions?
Show answer
It's a serverless platform for building and deploying event-driven, scalable functions.Key Features:
* Event-Based Triggers: Executes code in response to various events from GCP services or HTTP requests.
* Automatic Scaling: Automatically scales based on the load and triggers, ensuring cost efficiency.
Use Cases:
It's ideal for building lightweight applications, handling microservices, and automating workflows that react to specific events or triggers.
42. Tell me what do you know about GCP networking
Show answer
Virtual Private Cloud(VPC) network is a virtual version of physical network, implemented in Google's internal Network. VPC is a global resource in GCP.Subnetworks(subnets) are regional resources, ie., subnets can be created withinin regions.
VPC are created in 2 modes,
43. What are service accounts in GCP?
Show answer
Service accounts represent non-human users and are used to authenticate and authorize calls to GCP APIs. They act as non-human users and are designed to authenticate the code running in these environments. Service accounts can be assigned specific roles and permissions to access GCP resources securely, allowing fine-grained control over what services can do within the GCP ecosystem.44. How does Anthos handle the control plane and node components for GKE?
Show answer
On GCP the kubernetes api-server is the only control plane component exposed to customers whilst compute engine managesinstances in the project.
45. How does Anthos Config Management help?
Show answer
It follows common modern software development practices which makes cluster configuration, management and policy changes auditable, revertable, and versionable easily enforcing IT governance and unifying resource management in an organisation.46. What is Cloud Interconnect?
Show answer
It's a service for connecting on-premises networks to GCP through dedicated and high-speed connections. It enables:* Fast and Reliable Connectivity: Direct connections with high bandwidth for better performance and reliability.
* Hybrid Cloud Solutions: Facilitates hybrid cloud solutions by extending on-premises networks into GCP.
* Reduced Latency: Helps in reducing latency and improving data transfer speeds.
47. How can workloads deployed on Anthos GKE on-prem clusters securely connect to Google Cloud services?
Show answer
* Google Cloud Virtual Private Network (Cloud VPN) - this is for secure networking* Google Cloud Key Management Service (Cloud KMS) - for key management
48. What is cloud function ?
Show answer
Cloud Functions is Google Cloud's serverless execution environment, allowing developers to deploy individual functions that automatically scale based on the triggered events. It enables the execution of code in response to various events within GCP or external triggers without managing the underlying infrastructure. Developers can write functions in Node.js, Python, Go, and other supported languages, making it ideal for event-driven, lightweight applications, and microservices.49. What is VMware Enginer offering of GCP ?
Show answer
The VMware Engine is a fully managed VMware environment on GCP that allows enterprises to migrate and run their VMware workloads natively in the cloud. It provides a consistent infrastructure and operational experience for organizations already using VMware, enabling them to seamlessly extend their on-premises VMware environment to GCP without needing to re-architect applications. It offers a familiar environment while taking advantage of GCP's scalability, reliability, and global reach.50. What is packet mirroring in GCP ?
Show answer
Packet Mirroring in GCP is a feature that allows you to capture and mirror network traffic for inspection and analysis. It copies and forwards specific packets to a collector destination for detailed examination, aiding in security monitoring, debugging, and analysis. By duplicating network traffic, you can inspect and analyze data without disrupting the live traffic flow, enhancing security and troubleshooting capabilities.51. What is web security scanner in GCP ?
Show answer
Web Security Scanner is a GCP service that helps identify security vulnerabilities in web applications. It analyzes web applications for common security vulnerabilities, including cross-site scripting (XSS), mixed content, and outdated libraries. The scanner performs automated and manual tests on web applications, providing detailed reports on identified vulnerabilities and recommended fixes.52. What network tags are used for?
Show answer
Network tags allow you to apply firewall rules and routes to a specific instance or set of instances: You make a firewall rule applicable to specific instances by using target tags and source tags.53. What is Google Anthos?
Show answer
Anthos is a platform for managing applications across hybrid and multi-cloud environments. Anthos allows organizations to build and manage modern, cloud-native applications and workloads that run on GCP, on-premises, or other cloud platforms. It provides a consistent platform for application development, enabling operations across different environments with centralized management, security, and scalability.54. What is Identity-Aware Proxy (IAP) in GCP?
Show answer
IAP is a GCP service that provides a central authentication and authorization service for applications running on GCP. It allows you to control access to web applications by verifying the identity of users and checking their permission levels before granting access. With IAP, you can secure access to your applications based on user identity and access policies without requiring a VPN.55. Explain Cloud Monitoring in GCP.
Show answer
Cloud Monitoring provides visibility into the performance, uptime, and overall health of cloud resources. It provides insights through dashboards, alerts, and other tools, helping users monitor, troubleshoot, and optimize their cloud-based systems.56. What is Access Context Manager in GCP ?
Show answer
Access Context Manager provides centralized access control for GCP resources by defining fine-grained, attribute-based access control policies. It allows administrators to set policies based on various contextual attributes like IP address, device security status, location, and time, ensuring access to resources is granted only when specific criteria are met.57. How does Anthos Service Mesh help?
Show answer
Tool and technology integration that makes up Anthos service mesh delivers significant operational benefits to Anthos environments, with minimal additional overhead such as follows:58. What is Cloud Data Loss Prevention (DLP) in GCP?
Show answer
Cloud DLP is a service for scanning, classifying, and redacting sensitive data across GCP services.It offers:* Data Inspection and Classification: Identifies sensitive data within GCP storage services.
* Redaction and Anonymization: Allows for redacting or anonymizing sensitive data to protect privacy and confidentiality.
* Policy Enforcement: Defines and enforces data loss prevention policies.
59. Describe Google Virtual Private Cloud (VPC).
Show answer
It's a global private network providing a virtual networking environment that allows users to connect GCP resources to each other and to the internet along with offering control over IP ranges, subnets, and network policies. It also enables custom network topologies and network security configurations.60. List the technical components that make up Anthos
Show answer
* Infrastructure management - Google Kubernetes Engine (GKE)* Cluster management - GKE, Ingress for Anthos
* Service management - Anthos Service Mesh
* Policy enforcement - Anthos Config Management, Anthos Enterprise Data Protection, Policy Controller
* Application deployment - CI/CD tools like Cloud Build, GitLab
* Application development - Cloud Code
61. What is Stackdriver in GCP?
Show answer
Stackdriver is a monitoring, logging, and diagnostics service, providing insights into applications on GCP. It includes:* Monitoring: Real-time performance metrics and uptime monitoring for applications and infrastructure.
* Logging: Centralized log management and analysis across applications and systems.
* Error Reporting: Insights into application errors and exceptions for debugging and improvement.
62. How do you list buckets?
Show answer
Two ways to do that:$ gsutil ls
$ gcloud alpha storage ls
63. What are organisation policies ?
Show answer
Organization Policies in Google Cloud Platform (GCP) are a set of rules and constraints that an organization administrator can define and enforce across the entire organization's GCP resources. These policies help control and govern the behavior of the resources within the organization. They can include restrictions on resource creation, configuration settings, and access control rules, ensuring compliance with regulatory requirements and organizational standards.64. Update a label to "app=db" for the instance called "instance-1"
Show answer
`gcloud compute instances update instance-1 --update-labels app=db`65. Explain Google Cloud Storage classes and their use cases.
Show answer
Storage classes include Standard, Nearline, Coldline, and Archive, each optimized for different access frequencies and costs.* Standard: General-purpose storage for frequently accessed data.
* Nearline: Low-cost storage for data accessed less frequently, with a 30-day minimum storage duration.
66. How do Organisation Policies differ from OS Policies ?
Show answer
Organization Policies: Focus on defining and enforcing rules and constraints across an entire organization's GCP resources. They are applied at the organizational level, controlling behaviors and settings at a broad scale. These are applied at Org Level i.e the scope is Organisation and Projects.67. How does GCP ensure data security?
Show answer
GCP employs multiple layers of security, including encryption at rest and in transit, IAM, and compliance certifications.* Encryption: Data in transit and at rest is encrypted using strong encryption protocols.
68. What is Istio in GCP?
Show answer
Istio is an open-source service mesh that helps control the flow of traffic between services. It provides a uniform way to connect, manage, and secure microservices, offering features like traffic management, security, and observability. Istio's key functionalities include service discovery, load balancing, traffic control, authentication, and observability, allowing developers to have fine-grained control over their service interactions.69. Explain the Cloud Migration Service on GCP.
Show answer
The service helps move on-premises workloads to GCP efficiently and securely. The service offers tools, methodologies, and best practices to streamline the migration process.70. Can you provide some examples to labels usage in GCP?
Show answer
* Location (cost center)* Project (or environment, folder, etc.)
* Service type
* Service owner
* Application type
* Application owner
71. What Compute metadata key allows you to run code at startup?
Show answer
`startup-script` β a Compute Engine metadata key whose value is a shell script that runs automatically when the VM boots. Set it via `--metadata startup-script='#!/bin/bash ...'` or point to a Cloud Storage file with `startup-script-url`.72. What are source repositories in GCP ?
Show answer
Google Cloud Source Repositories is a version control service that makes it easy for teams to collaborate on code. It provides a scalable, fully featured, Git-based repository for source code, allowing developers to manage and track changes across teams or even organizations. It integrates seamlessly with other GCP tools, facilitating CI/CD workflows, code review, and collaboration.73. What is BeyondCorp Enterprise product of GCP ?
Show answer
BeyondCorp Enterprise is Google's modern security model designed to enable secure access to applications, resources, and data without a traditional VPN. It's based on zero trust principles, eliminating the concept of a trusted internal network and ensuring every access request is authenticated, authorized, and encrypted. It provides continuous and adaptive access control, considering various factors, like device security posture, location, and context, for granting or denying access.74. What is workload identity ?
Show answer
Workload Identity in GCP is a feature that allows Google Cloud workloads, such as applications or services running on Google Cloud, to assume identities in a secure and granular manner. It allows these workloads to access other Google Cloud resources based on defined permissions, without the need for service account keys, ensuring a more secure and manageable environment.π΄ Hard (38)¶
1. Explain Google Cloud Trace.
Show answer
Cloud Trace is a performance monitoring tool for understanding and optimizing latency in applications. It provides:* Performance Insights: Traces the latency of requests across different services to identify performance bottlenecks.
* Request Analysis: Helps understand the performance of individual requests and their paths through distributed systems.
* Debugging and Optimization: Helps in debugging and optimizing the performance of applications.
2. Explain AI Platform in GCP.
Show answer
AI Platform provides a comprehensive set of ML services for building, deploying, and managing models. It supports various tasks, such as data preprocessing, model training, and model deployment at scale. AI Platform provides a collaborative environment for data scientists and machine learning engineers to develop and operationalize ML models.3. Explain Google Data Studio.
Show answer
Data Studio is a free business intelligence and data visualization tool that turns data into informative reports and dashboards.It allows users to create customizable, informative reports and dashboards using various data sources. Key features include:
* Data Connectivity: Connects to a wide range of data sources.
* Interactive Dashboards: Enables the creation of interactive and visually appealing reports.
* Collaboration: Supports sharing and collaboration on reports within teams.
4. Explain Resource Manager in GCP.
Show answer
GCP Resource Manager is a hierarchical organization tool for managing and governing resources. It allows organizations to organize and manage their GCP resources, projects, and services, offering centralized control over resource allocation, permissions, and organization policies. It provides a clear view of resource usage and access control, enabling consistent and efficient management across an organization's GCP projects.5. Explain Google Cloud Billing Catalog.
Show answer
It's a catalog that enables Google Cloud customers to access and download detailed billing data. It's a comprehensive, detailed breakdown of charges and costs incurred while using GCP services. This catalog is accessible through the GCP Billing Console and includes information on the usage and pricing of all services utilized by an organization. It helps users track and analyze their spending across various GCP products and services, allowing for better cost management and planning.6. Describe Identity and Access Management (IAM) in GCP.
Show answer
IAM manages access control for GCP resources, allowing setting granular permissions for users and services.Key Aspects:
* Principle of Least Privilege: Grants only necessary permissions to entities based on their roles.
* Resource Hierarchy: Manages permissions across organizations, folders, and projects.
7. Describe Edge TPU in GCP.
Show answer
Edge TPU is Google's purpose-built ASIC designed to run machine learning (ML) models for edge devices. It's optimized for running TensorFlow Lite models for efficient machine learning tasks on edge devices. Edge TPUs enable low-latency, high-throughput, and power-efficient machine learning inference on devices, such as IoT devices or local servers, without the need for continuous cloud connectivity.8. Describe the two main components of Anthos Service Mesh
Show answer
1. Data plane - it consists of a set of distributed proxies that mediate all inbound and outbound network traffic between individual services which are configured using a centralised control plane and an open API2. Control plane - is a fully managed offering outside of Anthos GKE clusters to simplify management overhead and ensure highest possible availability.
9. How does Google Cloud Key Management Service (KMS) work?
Show answer
KMS is a cryptographic key management service allowing the creation, storage, and management of cryptographic keys for use by other GCP services.* Key Creation and Management: KMS enables the generation, rotation, and destruction of encryption keys. Customers have control over these keys and can manage their lifecycle.
10. Describe Google Cloud Dataflow.
Show answer
Cloud Dataflow is a fully managed service for stream and batch processing. It enables users to create data pipelines for transforming and enriching data, supporting real-time processing as well as processing of large datasets. It integrates with various data sources and other GCP services, providing a flexible and scalable data processing platform.11. How do you enables logging for GCP resources ?
Show answer
GCP provides Stackdriver Logging, which enables you to store, search, analyze, monitor, and alert on log data and events from GCP resources. It's the central logging solution for GCP, allowing you to collect logs from various services, such as Compute Engine, Kubernetes Engine, Cloud Storage, and more. You can enable logging at the project, folder, or organization level, and then configure which logs to collect and analyze using advanced filters and queries.12. Explain each of the following
Show answer
GCP regions are data centers hosted across different geographical locations worldwide.Within each region, there are multiple isolated locations known as Zones. Each zone is one or more data-centers with redundant network and connectivity and power supply. Multiple zones ensure high availability in case one of them goes down
13. Differentiate between Preemptible VMs and Standard VMs.
Show answer
Standard VMs:* These are regular, long-lived virtual machine instances.
* Offered at standard pricing.
* Ideal for workloads requiring continuous availability without interruption.
* Guaranteed to run until manually stopped or terminated by the user.
Preemptible VMs:
* Short-lived and cost-effective instances.
14. How does GCP handle data governance and compliance requirements?
Show answer
GCP provides a range of compliance certifications and features for meeting data governance requirements. It provides tools and controls for data classification, access controls, encryption, and auditing to meet industry-specific compliance standards. GCP services such as Cloud IAM, Data Loss Prevention (DLP), and security tools assist in ensuring compliance with regulations and organizational policies.15. How does GCP handle compliance with various regulations?
Show answer
GCP maintains a robust compliance program, aligning with global standards and regulations, ensuring that the platform meets strict standards set by different industries and regions. GCP maintains a wide array of certifications, including SOC 1, 2, and 3, ISO 27001, PCI DSS, HIPAA, and GDPR compliance. Here's how GCP handles compliance:16. Describe GCP Workload Identity.
Show answer
Workload Identity allows users to access GCP services from within workloads without requiring service account keys. It allows a higher level of security by associating service accounts with Google-managed service accounts, eliminating the need to manage service account keys explicitly. This feature streamlines the management of service account keys and enhances security by reducing the surface area for potential key exposure.17. Explain Cloud Functions
Show answer
Google Cloud Functions is a serverless execution environment for building and connecting cloud services. With Cloud Functions you write simple, single-purpose functions that are attached to events emitted from your cloud infrastructure and services. Your function is triggered when an event being watched is fired.18. Explain Anthos Config Management
Show answer
It is a core component of the Anthos stack which provides platform, service and security operators with a single, unified approach to multi-cluster management that spans both on-premises and cloud environments. It closely follows K8s best practices, favoring declarative approaches over imperative operations, and actively monitors cluster state and applies the desired state as defined in Git. It includes three key components as follows:19. What do you understand by Chronicle ?
Show answer
Chronicle is Google's cybersecurity intelligence platform that leverages massive data analysis and machine learning to detect and mitigate cybersecurity threats. It is designed to handle large-scale data with the use of Google's infrastructure, enabling security analysts to detect and understand threats. Chronicle helps in identifying security incidents across an organization's entire digital infrastructure and provides a comprehensive view of threats.20. Describe GCP Cost Explorer.
Show answer
Cost Explorer is a tool to visualize, understand, and manage GCP spending.* Cost Tracking: Users can track and analyze their spending based on different GCP services, projects, and timeframes.
* Forecasting: It offers the ability to forecast future spending based on historical data and trends.
* Budget Management: Users can set budgets and receive alerts when spending exceeds defined thresholds.
21. What's the difference between Container Registry and Artifact Registry ?
Show answer
Container Registry: Google Container Registry is a private container image registry. It's specifically designed to store, manage, and secure Docker container images, making them available for use in GCP. These images are commonly used with services like Google Kubernetes Engine (GKE) and other container-based solutions.22. What role does Dataproc has in analytics ?
Show answer
Google Cloud Dataproc is a managed Hadoop and Spark service. It's primarily used for big data processing and analytics. Dataproc simplifies the process of deploying and managing clusters, making it easier to run Spark and Hadoop jobs. It's beneficial for tasks like ETL (Extract, Transform, Load), machine learning, data exploration, and batch processing. Dataproc provides a scalable, cost-effective way to process large datasets.23. Describe Traffic Director in GCP.
Show answer
Traffic Director is a managed control plane for service mesh. It allows for global traffic management in a multi-cluster, multi-region, and multi-platform scenario. Traffic Director enables traffic routing, traffic shaping, and resiliency across services within a service mesh by using global load balancing and advanced traffic management policies. It's a critical component for high-performance, scalable, and reliable service-to-service communication in distributed architectures.24. How does GCP provide cost management and optimization?
Show answer
GCP offers cost management tools like Cost Explorer, Budgets, and Rightsizing Recommendations for cost monitoring and optimization. Moreover, budgeting tools enable setting spending limits and alerts. GCP also offers sustained use discounts and committed use discounts for predictable workloads. Additionally, organizations can leverage predefined cost-saving recommendations and custom reports for better insights and decisions regarding resource allocation and usage.25. Explain resources hierarchy in GCP
Show answer
OrganizationFolder
Project
Resources
* Organizations - Company
* Folder - usually for departments, teams, products, etc.
* Project - can be different projects or same project but different environments (dev, staging, production)
* Resources - actual GCP services (Compute, App engine, Storage, etc.)
26. What was the need of reCAPTCHA enterprise ? How do you use it ? How does it work?
Show answer
reCAPTCHA Enterprise is designed to protect websites and applications from abusive activities, such as fraud, spam, and other forms of automated abuse. The need arose due to increasing instances of online abuse by bots, impacting user experience and security. It uses adaptive risk analysis to distinguish between human and automated interactions, providing frictionless user experiences while protecting against malicious activities.27. Describe Google Cloud Functions.
Show answer
Cloud Functions is a serverless execution environment for building and connecting cloud services.Key aspects include:
* Event-Driven Computing: Executes code in response to events from various GCP services.
* Pay-as-You-Go Model: Users are charged only for the time their functions run.
* Support for Multiple Languages: Allows development in languages like Node.js, Python, and Go.
28. Describe Google Kubernetes Engine (GKE) Autopilot.
Show answer
Autopilot is a managed environment for GKE that automates operational tasks for managing and scaling the Kubernetes cluster. It includes:* Automated Cluster Management: Manages resources, scaling, and optimization of clusters.
* Improved Security: Adheres to best practices and provides automatic updates for security patches.
* Simplified Experience: Reduces the complexities of managing and maintaining Kubernetes clusters.
29. Explain Google Cloud Dataproc.
Show answer
Dataproc is a fast, easy-to-use, fully managed cloud service for running Apache Spark and Hadoop clusters.* Managed Clusters: Dataproc allows users to create, manage, and scale clusters quickly and easily.
* Cost Efficiency: It provides a flexible and cost-effective solution by charging users only for the resources used.
30. How do we do ssh using IAP ?
Show answer
Secure Shell (SSH) using IAP involves setting up IAP to allow SSH connections to virtual machine instances without needing to expose them to the public internet. You can grant users or groups the necessary permissions to connect to the VM instance using SSH. This setup involves configuring IAP access, ensuring the user has the required permissions to connect via SSH, and establishing SSH connections through the GCP Console or the gcloud command-line tool.31. What is Google BigQuery and when would you use it for analytics?
Show answer
BigQuery is a serverless, highly scalable, and cost-effective data warehouse for analyzing big data.Key Aspects:
* Performance: Offers fast query execution on large datasets with high concurrency.
* Managed Service: No infrastructure management required; Google handles scaling and maintenance.
Use Cases:
BigQuery is ideal for interactive analysis, ad-hoc querying, and generating insights from large and complex datasets.
32. How does Security Command Center works ? or What is Security Command Center ?
Show answer
Security Command Center (SCC) is a GCP service designed for centralized security risk and compliance monitoring. It provides comprehensive visibility into your GCP environment by collecting, analyzing, and alerting on security data from GCP services. SCC continuously monitors and aggregates security-oriented telemetry, including findings from various GCP services and third-party partners.33. Describe Cloud Spanner in GCP.
Show answer
Cloud Spanner is a globally distributed, horizontally scalable database designed for global applications. It combines the benefits of relational databases with horizontal scalability and global distribution, making it suitable for mission-critical applications requiring high consistency and scalability.34. Explain Anthos on GCP.
Show answer
Anthos is a hybrid and multi-cloud platform enabling workload management across various environments. Key features include:* Modernization: It allows modernization of existing applications and development of new cloud-native apps.
* Uniform Management: Anthos offers a consistent way to manage different types of infrastructure, whether on-premises or across multiple clouds.
* Security and Compliance: Provides security and compliance across hybrid and multi-cloud environments.
35. When do you use CloudRun ?
Show answer
Cloud Run is a fully managed compute platform that enables developers to deploy containerized applications quickly. It's ideal in scenarios where you have containerized applications or microservices and need a serverless architecture. Cloud Run abstracts infrastructure management and automatically scales based on incoming traffic.36. Difference between the above two ?
Show answer
Workload Identity: Allows GCP workloads to assume identities in a secure manner for accessing GCP resources without using service account keys.Workload Identity Federation: Expands the capabilities of Workload Identity by allowing integration with external identity providers, enabling a broader range of identity systems for accessing GCP resources securely.
37. Explain Google Cloud AutoML.
Show answer
AutoML is a suite of machine learning products for developers with limited ML expertise to train high-quality models. It provides tools for building high-quality custom machine learning models with minimal coding. AutoML includes:* AutoML Vision: Enables the creation of custom image recognition models.
* AutoML Natural Language: Allows the training of custom text analysis models.
* AutoML Tables: Supports building predictive models for structured data without requiring deep ML expertise.
38. Explain Google Cloud Backup.