1. Signed URL is a method of granting temporary access to cloud storage/object via a link
2. How long all non-admin activity logs are kept - 7 days (Basic tier), 30 days (Premium tier)
3. What kind of access is preferred on GCS buckets - IAM Roles, to control access at the object level ACL permissions would come handy
4. VPN routing options - Dynamic BGP based, Route based, Policy based
5. If the object versioning is enabled, when the object is deleted, the deleted object is archived
6. What are the available file formats for exporting billing info to cloud storage - csv,json
7. Service accounts are the non-human IAM account, used for programmatic and application access on GCP resources
8. Environments that Stackdriver can natively monitor are - GCP and AWS
9. Persistent disks (Standard and SSD) and Local SSD
10. Method for automatically applying conditions on cloud storage buckets for deletion and changing storage class is Lifecycle management
11. Organization owner is a role that is given to G-Suite Super admin
12. gsutil is the CLI utility used to manage GCS operations
13. Purpose of -r option in gsutl commands is to apply recursively
14. Length of time admin activity logs are kept - 400 days
15. Primary method of organization on GCP is Projects
16. 5 Stackdriver suite products - Monitoring, Logging, Debugging, Error reporting, Tracing
17. Stackdriver product to find latency and slowdowns in your application - Stackdriver Trace
18. Is it possible to export past data when creating new stackdriver logging export - No
19. Lifecycle Management actions - Set storage class, Delete
20. Are data access logs enabled by default - No
21. Object lifecycle management conditions - Age, Created before, Matches storage class, number of version, is live
22. Which IAM role can create projects and attach project to existing billing account - Project creator, Billing account user
23.Best practice for separating production and development environments - Each environment shall have dedicated project with its user having restricted to only that project resources.
24. Means of managing permissions on GCP - IAM
25. Organization forms the root node for GCP resources higher level than projects
26. Compute service than automatically enables Stackdriver trace, debug and error reporting is App Engine
27. Stackdriver auditlog types - admin log, data access log
28. Labels are key-value pair to identify or tag GCP resources
29. Versions of a Cloud storage bucket are identified by generation number
30. Snapshots can be taken while VM is running, used to backup and restore, cannot shared outside the project, image can created out of snapshot - where as images can be created when VM is stopped, used to create VMs of that image, can be shared across the projects
31. What is needed to dynamically route over Cloud VPN with Cloud router vs Static routes - You need BGP IP for routers on both sides
32. Purpose of -m option in gsutil commands is to initiate multi-threaded operation intended
33. Soft limits on resources you can use on GCP are called Quotas
34. Compute Engine method of backing up running instance - Snapshots
35. Mechanism for creating Stackdriver logging export - Sink
36. CLI command to start most command line interactions on GCP is gcloud ...
37. Method of directly connecting your office network to GCP - dedicated interconnect
38. Speed of Cloud VPN connection - 1.5GPS per tunnel
39. Can you export past data when creating a new billing export - No
40. IAM Roles to give for IT security team to have visibility of organization/projects without giving them too much permission are Project viewer or Organization viewer
41. IAM tool of grouping projects together and able to apply single IAM policy to multiple projects at once - Folders
42. Best practices for assigning organization administrator IAM role - Assign this role to more than one person
43. Method of giving only just enough permissions for a user/service account to do their job is 'Principle of least privilege'
44. Stackdriver product to help find and resolve errors in application code - Stackdriver debug and error reporting
45. Highest level of access for a GCP organization - Organization admin
46. Export locations for Stackdriver logs - GCS, BigQuery, pub/sub, custom locations
47. Where billing information can be exported to - GCS, BigQuery
48. Cloud storage security method applied to individual objects - ACL permissions
49. How Stackdriver premium tier charges based on resource usage - By log agent installed per resource
50. Admin activity logs are enabled by default - Yes
51. Stackdriver product to create metrics for performance - Stackdriver monitoring
52. Labels are used to identify resources with key-value pair, labels would not affect operations; Tags are attached to control firewall aspects and routes (network operations), Tags affect the network operations.
53. GCS bucket storage classes are - Regional, Multi-regional, Nearline, Coldline
54. Method of connecting GCP over public internet - Cloud VPN
55. When log into VM instance through SSH you would log in as compute engine service account
56. IAM parent policies overrule Child's restrictive policy
57. IAM roles are of three types - primitive (broad level at project level ex. editor, viewer), predefined (granular at the resource level ex. compute engine admin, storage admin), and custom role
58. Labels can be applied any GCP resource
59. IAM defines who can to do what on which resource
60. IAM role has permissions and is assigned to project member
61. Cloud storage lifecycle management's rule is formed by action and condition
62. Admin activity log - create/modify configuration or metadata, enabled by default, no charge; Data access log - create/modify user provided data, disabled by default, charge depends on the size of the logs
63. Sequence of CI/CD pipeline for container services - Container repository, Container builder, Container registry, Jenkins, GKE
64. Best practice for stackdriver logging - Search for specific values using filter, use advanced search
65. Types of logs written by default for GCE in Stackdriver logging are Activity, Activity_log
2. How long all non-admin activity logs are kept - 7 days (Basic tier), 30 days (Premium tier)
3. What kind of access is preferred on GCS buckets - IAM Roles, to control access at the object level ACL permissions would come handy
4. VPN routing options - Dynamic BGP based, Route based, Policy based
5. If the object versioning is enabled, when the object is deleted, the deleted object is archived
6. What are the available file formats for exporting billing info to cloud storage - csv,json
7. Service accounts are the non-human IAM account, used for programmatic and application access on GCP resources
8. Environments that Stackdriver can natively monitor are - GCP and AWS
9. Persistent disks (Standard and SSD) and Local SSD
10. Method for automatically applying conditions on cloud storage buckets for deletion and changing storage class is Lifecycle management
11. Organization owner is a role that is given to G-Suite Super admin
12. gsutil is the CLI utility used to manage GCS operations
13. Purpose of -r option in gsutl commands is to apply recursively
14. Length of time admin activity logs are kept - 400 days
15. Primary method of organization on GCP is Projects
16. 5 Stackdriver suite products - Monitoring, Logging, Debugging, Error reporting, Tracing
17. Stackdriver product to find latency and slowdowns in your application - Stackdriver Trace
18. Is it possible to export past data when creating new stackdriver logging export - No
19. Lifecycle Management actions - Set storage class, Delete
20. Are data access logs enabled by default - No
21. Object lifecycle management conditions - Age, Created before, Matches storage class, number of version, is live
22. Which IAM role can create projects and attach project to existing billing account - Project creator, Billing account user
23.Best practice for separating production and development environments - Each environment shall have dedicated project with its user having restricted to only that project resources.
24. Means of managing permissions on GCP - IAM
25. Organization forms the root node for GCP resources higher level than projects
26. Compute service than automatically enables Stackdriver trace, debug and error reporting is App Engine
27. Stackdriver auditlog types - admin log, data access log
28. Labels are key-value pair to identify or tag GCP resources
29. Versions of a Cloud storage bucket are identified by generation number
30. Snapshots can be taken while VM is running, used to backup and restore, cannot shared outside the project, image can created out of snapshot - where as images can be created when VM is stopped, used to create VMs of that image, can be shared across the projects
31. What is needed to dynamically route over Cloud VPN with Cloud router vs Static routes - You need BGP IP for routers on both sides
32. Purpose of -m option in gsutil commands is to initiate multi-threaded operation intended
33. Soft limits on resources you can use on GCP are called Quotas
34. Compute Engine method of backing up running instance - Snapshots
35. Mechanism for creating Stackdriver logging export - Sink
36. CLI command to start most command line interactions on GCP is gcloud ...
37. Method of directly connecting your office network to GCP - dedicated interconnect
38. Speed of Cloud VPN connection - 1.5GPS per tunnel
39. Can you export past data when creating a new billing export - No
40. IAM Roles to give for IT security team to have visibility of organization/projects without giving them too much permission are Project viewer or Organization viewer
41. IAM tool of grouping projects together and able to apply single IAM policy to multiple projects at once - Folders
42. Best practices for assigning organization administrator IAM role - Assign this role to more than one person
43. Method of giving only just enough permissions for a user/service account to do their job is 'Principle of least privilege'
44. Stackdriver product to help find and resolve errors in application code - Stackdriver debug and error reporting
45. Highest level of access for a GCP organization - Organization admin
46. Export locations for Stackdriver logs - GCS, BigQuery, pub/sub, custom locations
47. Where billing information can be exported to - GCS, BigQuery
48. Cloud storage security method applied to individual objects - ACL permissions
49. How Stackdriver premium tier charges based on resource usage - By log agent installed per resource
50. Admin activity logs are enabled by default - Yes
51. Stackdriver product to create metrics for performance - Stackdriver monitoring
52. Labels are used to identify resources with key-value pair, labels would not affect operations; Tags are attached to control firewall aspects and routes (network operations), Tags affect the network operations.
53. GCS bucket storage classes are - Regional, Multi-regional, Nearline, Coldline
54. Method of connecting GCP over public internet - Cloud VPN
55. When log into VM instance through SSH you would log in as compute engine service account
56. IAM parent policies overrule Child's restrictive policy
57. IAM roles are of three types - primitive (broad level at project level ex. editor, viewer), predefined (granular at the resource level ex. compute engine admin, storage admin), and custom role
58. Labels can be applied any GCP resource
59. IAM defines who can to do what on which resource
60. IAM role has permissions and is assigned to project member
61. Cloud storage lifecycle management's rule is formed by action and condition
62. Admin activity log - create/modify configuration or metadata, enabled by default, no charge; Data access log - create/modify user provided data, disabled by default, charge depends on the size of the logs
63. Sequence of CI/CD pipeline for container services - Container repository, Container builder, Container registry, Jenkins, GKE
64. Best practice for stackdriver logging - Search for specific values using filter, use advanced search
65. Types of logs written by default for GCE in Stackdriver logging are Activity, Activity_log
Comments
Post a Comment
Thanks for your comments.