Test Questions

• Kubernetes Engine offers tools to make it compliant with PCI DSS #60
• On-prem subnet range can't overlap primary nor secondary ranges #63
• Use stackdriver custom metrics to view PKI data, can't use Data Studio with BigTable #79
• GKE has native integration with Cloud Monitoring and Logging that can capture application logs #82
• When using kind:Ingress, GKE creates L7 LB, whereas type:Service create L4 LB. #106
• For service account keys, use user-managed keys for on-prem use and google manage keys for GCP use JencoMart #3
• Stackdriver up-time checking an external server, must allow incoming requests from IP's of uptime-check servers Dress4Win #7
• To mitigate DDoS, you should not manually try to block SYN floods because it's automatically handled by GFE or L7 LB #32
• True or False: You are not charged for {external IP in use, ephemeral IP}: False #36
• Overprovision MIG by at least 50% to account for zonal failure because every region consists of at least 3 zones #38
• for dynamic route exchange, minimum components required are: Google VPN Gateway, Peer Gateway (on-prem) and Cloud Router (BGP exchange) #40
• Both gsutil and Storage Transfer Service can copy S3 data to GCS #48
• Access logs contain life-cycle-managemet actions #58
• Stackdriver tracing doesn't need to be instrumented explicity for App Engine Standard Env, and includes latency for round-trip RPC calls #60