GCP Associate 1 - The test

Course 2: Preparing for Your Associate Cloud Engineer Journey

Job role

Deploy and secure applications and infrastructure and monitor operations, working to meet target performance metrics.

An associated cloud engineer should:

• Have knowledge about public clouds and on-premises solutions;
• Use GCP Console and CLI;
• Be familiar with computer storage and resources available on GCP;
• Understand Google recommended practices.

Exam guide is divided in 5 sections available on the exam guide.

About the test

Question structure: scenario, goal and what the candidate would do.

To answer the questions:

• Understand what you're being asked exactly;
• Try to come up with an answer before reading the options;
• If details are ommited, they'll probably not contribute to finding the correct answer;
• Attention to qualifiers and key words;
• Check official documentation while preparing for the exam.

Test sections:

• Setting up a cloud solution environment;
• Planning and configuring a cloud solution;
• Deploying and implementing a cloud solution;
• Ensuring successful operation;
• Configuring access and security.

Preparing

• Take the diagnostic questions and study the workbook afterwards. There you'll learn about the options, why each one may be right or wrong and how to get to the correct answer.
• Take notes about key concepts and check the documentation when you don't understand something.

Notes:

The diagnostic questions are very specific about resources and commands from GCP and related to the video about a fictional company migrating to the cloud. I found most of them very hard but the goal is to find out what you need to study.
Pay attention to the video, try to use logic to answer them but don't forget to read carefully the workbook on the end of each section.
Take notes about the topics you find more difficult.

• There's no need to download the first workbook, presented on the introduction module. It only contains the questions, without any answers or explanations.

Setting up a cloud solution environment

Goal: explore the tasks correspondent to the first section of the exam.

Key concepts:

• Resource hierarchy;
• Attributing and managing IAM roles;
• Relationship between resources and projects;
• Permission hierarchy;
• Roles.

Resource hierarchy:

The company has 3 applications corresponding to 3 different departments.

Organization level > folder level (this is optional) > project level > resource level

An organization may have folders organizing the projects by department or some other criteria.

Each project contains different resources according to the needs and goals.

Each element has only one parent.

IAM - Identity and Access Management

Where you define who (identity) has what access (role) for which resource.

• Least privilege: security principle. Nobody should have more permissions than needed.
• Permissions are not granted to individuals. They must be grouped into roles. Roles are granted to principals/members.

When you grant a role to a principal, they have access to all of the permissions that the role contains.

Types of principals

1. Google account
   A person who interacts with GC.

2. Service account
   For an application or compute workload, not for an end user.

3. Google grop
   Named collection of Google and service accounts. Has an unique e-mail address. Best way to grant access controls, instead of doing it one at a time for individuals.

4. Google Workspace account
   Associated with the organization's domain.

5. Cloud Identity domain
   Similar to workspace account.

6. All authenticated users
   Every user on the internet whos authenticated with a Google Account.

7. All users
   All of the above plus unidentified users.

Example

An online store (organization) has 3 departments (folders). In which folder there are one or more projects corresponding to the department needs. Each project has one or more resoures such as VMs, buckets, pub/sub etc.

If you grant someone access to an element, they'll have access to all of the elements below it in the hierarchy.

Types of roles

1. Basic
   Owner, editor and viewer - available on the GC console. Don't use them unless absolutely necessary since they grant thousands of permissions.

2. Predefined
   Some more restrictive roles available.

3. Custom
   Roles created by the user according to the organization needs.

Always choose to grant the most limited predefined or custom roles instead of the basic roles.

Setting allow policies

• Can be set at any level of the hierarchy.
• Resources inherit policies from the elements above them.
• Changes in the resource hierarchy cause changes in the allow policies.

Post in portuguese here