GCP - DAY 5

Cloud Run can only pull images from: Artifact Registry. Docker Hub. Github. Self-hosted registries.

You should complete all work before you return a response to a web request for the following reason: Because non-blocking I/O is not supported. Because running containers can be pre-empted without any notice. Because background threads are not supported on Cloud Run. Because Cloud Run shuts down and throttles idle containers so any tasks you run in the background after returning a response might not finish.

Pricing on Cloud Run is determined by: (select all that apply). Network egress from the container. The system resources a container uses while handling a request or during startup/shutdown. A fixed fee for every Cloud Run service, regardless of how many containers you have. A small fee per one million requests served.

Which of the following statements about Buildpacks is true: (select all that apply). Buildpacks offers you a hands-off approach to building a container image. Google Cloud Buildpacks support Go, Node.js, Python, Java, and .NET Core. Google Cloud Buildpacks are used as the build system for App Engine, Cloud Run and Cloud Functions. Buildpacks turn a Dockerfile into a container image on auto-pilot.

Which of the following statements about Docker is true: (select all that apply). Dockerfiles are a powerful, transparent, and flexible way to create container images. A Dockerfile is a script to build a container image. All container images on Docker Hub are monitored for security vulnerabilities and are regularly updated. Multi-stage builds are used to create optimized and secure container images.

A container image is: A package with your application and everything it needs to run. A script to turn source code into a container image. A base runtime you can use to bootstrap your application. A manifest that is used to build a virtual machine.

Which of the following situations may result in your container stopping suddenly: (select all that apply). The container has exceeded the configured memory limit (default 256Mb). The load balancer is increasing the number of containers to handle extra load. There is an error in your application code. One of the libraries within the container has been deprecated.

By building your application to handle a SIGTERM signal, you can use ten seconds shutdown grace time to: (select all that apply). Spin up a new container to handle more requests. Close connections to your database. Flush buffers with telemetry data. Write a log to help with debugging.

If Cloud Run starts a new container, when does it start to forward new web requests?. As soon as the TLS handshake completes when sending an HTTPS request to the container. As soon as the container accepts TCP connections on the configured port. As soon as the container responds with HTTP 200 to a new request. Immediately after starting the entrypoint program of the container image.

What is one of the benefits of using minimum instances?. It improves request latency when the service has not received requests for a while. If your service is under heavy load, minimum instances guarantees that there are always idle instances ready to handle traffic peaks. Because the container never stops, you can use the disk to store persistent data. You can use minimum instances to perform background works, as they are not subject to CPU throttling.

Which of the following statements is true about IAM: (select all that apply). A service account has a role that grants it permissions. An IAM policy is attached to a resource. A service account is a list of policy bindings. An IAM policy is a list of policy bindings that bind members to roles.

How do you achieve the principle of least privilege on Cloud Run?. Create a new service account for every Cloud Run service and selectively grant permissions. Remove the Editor role and replace it with a custom role, that has only the permission your application needs. Use only client libraries to call other Google Cloud services, instead of calling the API endpoints directly. Leverage the resource hierarchy and remove all permissions from the Google Cloud project.r.

If you create a Cloud Run service, the default service account is used. What role is given to this service by default?. Editor. Owner. Billing Admin. Viewer.

Cross-region load balancing is useful when: (select all that apply). You want to enable Cloud CDN. You want to improve the availability of your application. You want to route requests to the closest Cloud Run servicer. You want to use path-based routing to multiple Cloud Run services.

Serving content through Cloud CDN improves website performance because: You serve static content closer to the user, which reduces latency. Cloud CDN minifies Javascript assets. Cloud CDN uses an anycast IP to serve content from multiple regions.

What are the three building blocks of the global load balancer?. The frontend, the URL map, and the backend services. The serverless NEG, URL masks, and backend services. The frontend, the HTTPS proxy, and Cloud Run service.

You would attach a Serverless VPC Access connector to a Cloud Run service and route all egress traffic to the connector in order to (select all that apply): Automatically add a Google-signed OIDC token to outbound requests. Prevent connections to unknown or dangerous hosts using the VPC firewall. Use a static outbound IP from connections from the Cloud Run service. Prevent connections to external IP addresses.

You should use the ingress settings on Cloud Run to: (select all that apply). Apply rule-based content filters to traffic from Global Load Balancing. Allow only incoming requests from resources in the VPC. Disable the default *.run.app URL or custom domains. Restrict access to certain service accounts or Google Cloud services such as Pub/Sub.

With IAM on Cloud Run, you can: (select all that apply). Allow access only to certain service accounts or Google Cloud services. Provide user login access to web applications on Cloud Run. Allow public access to a Cloud Run service.

To create internal Cloud Run services that can communicate only with each other, you should: Disable the default domain on every Cloud Run service. Add IAM policies to every service to restrict inbound traffic to selected service accounts. Route all outbound traffic through the VPC Access Connector and set ingress settings to internal only.

Data stores that offer a multi-regional location are (select all that apply): Cloud Spanner. Cloud SQL. Cloud Storage. Memorystore. Firestore.

What is Cloud Spanner?. A relational database that automatically scales to handle demand. A horizontally scalable, fully-managed alternative to Cloud SQL. A serverless document database.

What is Firestore?. Fully managed network attached storage (NAS). A serverless document databaser. A proprietary, fully-managed relational database.

Cloud Run scales dynamically by adding containers. What is the maximum number of containers Cloud Run can scale up to (unless you request a quota override)?. Up to 100,000 containers. Up to 1,000 containers. Up to 10,000 containers.

You must create a Serverless VPC Access Connector if you want to connect to: Cloud SQL. Memorystore. Cloud Storage. Firestore. Cloud Spanner.

Choose Cloud Tasks over Pub/Sub if you: (select all that apply). Need explicit request rate controls. Require a request timeout longer than 10 minutes up to 30 minutes. Do not want undeliverable messages to be discarded. Require messages to be delivered in the order they are published.

Which statements about Pub/Sub are true? (select all that apply). A push subscription guarantees at least once delivery to any HTTPS endpoint. A publisher can receive a read-receipt when a message has been forwarded to all subscribers. Messages can be delivered multiple times and out of order. If you enable message ordering, you can’t catch undeliverable messages.

Select the preferred way to implement URL discovery on Cloud Run: Use internal DNS to resolve other service URLs. Treat other service URLs as configuration and pass them using environment variables. Call the Cloud Run Admin API to retrieve the list of all services in a project.

Valid call steps in a Cloud Workflow include (Select all that apply): Send a request to an external HTTPS URL. Pull and run a container image. Sleep for 5 seconds.

Select statements that are true about Cloud Workflows (select all that apply): Steps in a workflow are always executed linearly. HTTP requests are retried by default. You can use branching logic to create complex workflows. You can add inline, user-defined functions by using Javascript code. A workflow is a series of HTTP requests.

The maximum duration of a workflow execution is: 1 hour. 15 minutes. One year.