Google Cloud Certified Professional Cloud Architect Study Guide E-Book

Table of Contents

Cover

Title Page

Copyright

Dedication

Acknowledgments

About the Author

About the Technical Editors

Introduction

What Does This Book Cover?

Interactive Online Learning Environment and Test Bank

Additional Resources

Objective Map

Assessment Test

Answers to the Assessment Test

Chapter 1: Introduction to the Google Professional Cloud Architect Exam

Exam Objectives

Analyzing Business Requirements

Analyzing Technical Requirements

Exam Case Studies

Summary

Exam Essentials

Review Questions

Chapter 2: Designing Solutions to Meet Business Requirements

Business Use Cases and Product Strategy

Application Design and Cost Considerations

Systems Integration and Data Management

Compliance and Regulation

Security

Success Measures

Summary

Exam Essentials

Review Questions

Chapter 3: Designing Solutions to Meet Technical Requirements

High Availability

Scalability

Reliability

Summary

Exam Essentials

Review Questions

Chapter 4: Designing Compute Systems

Compute Services and Use Cases

Anthos

AI and Machine Learning Services

Data Flows and Pipelines

Compute System Provisioning

Additional Design Issues

Summary

Exam Essentials

Review Questions

Chapter 5: Designing Storage Systems

Overview of Storage Services

Object Storage with Google Cloud Storage

Network-Attached Storage with Google Cloud Filestore

Databases

Data Retention and Lifecycle Management

Networking and Latency

Summary

Exam Essentials

Review Questions

Chapter 6: Designing Networks

IP Addressing, Firewall Rules, and Routers

Virtual Private Clouds

Hybrid-Cloud Networking

Service-Centric Networking

Load Balancing

Additional Network Services

Summary

Exam Essentials

Review Questions

Chapter 7: Designing for Security and Legal Compliance

Identity and Access Management and Related Access Control Services

Organization Constraints

Data Security

Security Evaluation

Security Design Principles

Major Regulations

ITIL Framework

Summary

Exam Essentials

Review Questions

Chapter 8: Designing for Reliability

Improving Reliability with Cloud Operations Suite

Release Management

Systems Reliability Engineering

Summary

Exam Essentials

Review Questions

Chapter 9: Analyzing and Defining Technical Processes

Software Development Lifecycle Plan

Continuous Integration/Continuous Delivery

Troubleshooting and Post-Mortem Analysis Culture

IT Enterprise Processes

Business Continuity Planning and Disaster Recovery

Summary

Exam Essentials

Review Questions

Chapter 10: Analyzing and Defining Business Processes

Stakeholder Management

Change Management

Team Skill Management

Customer Success Management

Cost Optimization/Resource Optimization

Summary

Exam Essentials

Review Questions

Chapter 11: Development and Operations

Application Development Methodologies

Technical Debt

API Best Practices

Testing Frameworks

Data and System Migration Tooling

Interacting with Google Cloud Programmatically

Summary

Exam Essentials

Review Questions

Chapter 12: Migration Planning

Integrating Cloud Services with Existing Systems

Migrating Systems and Data to Support a Solution

Software Licensing Mapping

Network Planning

Summary

Exam Essentials

Review Questions

Appendix: Answers to the Review Questions

Index

End User License Agreement

List of Tables

Chapter 2

TABLE 2.1 Examples of Google Cloud Platform managed services

Chapter 3

TABLE 3.1 Example availability SLAs and corresponding downtimes

Chapter 8

TABLE 8.1 Example of a CPU utilization time series for a VM instance

List of Illustrations

Chapter 4

FIGURE 4.1 Kubernetes clusters have a set of worker nodes that are managed b...

FIGURE 4.2 Pods are deployed on nodes, which may be grouped into multiple no...

FIGURE 4.3 Kubernetes uses multiple types of IP addresses for diff...

Chapter 7

FIGURE 7.1 Google Cloud Platform resource hierarchy

Chapter 8

FIGURE 8.1 Service dashboard showing time-series data

Guide

Cover Page

Title Page

Copyright

Dedication

Acknowledgments

About the Author

About the Technical Editors

Introduction

Table of Contents

Begin Reading

Answers to the Review Questions

Index

WILEY END USER LICENSE AGREEMENT

Pages

iii

iv

v

vii

ix

xi

xxii

xxiii

xxiv

xxv

xxvi

xxvii

xxviii

xxix

xxx

xxxi

xxxii

xxxiii

xxxiv

xxxv

xxxvi

xxxvii

xxxviii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

Google Cloud Certified

Professional Cloud ArchitectStudy Guide

Second Edition

Dan Sullivan

Copyright © 2022 by Dan Sullivan. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

ISBN: 978-1-119-87105-7

ISBN: 978-1-119-87106-4 (ebk.)

ISBN: 978-1-119-87107-1 (ebk.)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware the Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Control Number: 2022931858

Trademarks: WILEY, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Cover image: © Jeremy Woodhouse/Getty Images

Cover design: Wiley

for Katherine

Acknowledgments

I have been fortunate to work again with professionals from Waterside Productions and Wiley to create this study guide.

Carole Jelen, vice president of Waterside Productions, and Jim Minatel, associate publisher at John Wiley & Sons, led the effort to continue to create Google Cloud certification guides. It was a pleasure to work with Kristi Bennett, Melissa Burlock, Saravanan Dakshinamurthy, and Pete Gaughan, who managed the revision process and made this project go more smoothly than I expected.

I am especially grateful to Ammett Williams and Mark Grand for their deep knowledge of Google Cloud and the thorough technical review they provided of the second edition of this book. Their input has significantly improved the explanation of multiple topics. Thanks to Valerie Parham-Thompson for her technical review of the first edition of this book.

My sons, James and Nicholas, both technology writers themselves, were my first readers and helped me get the original manuscript across the finish line. Katherine, my wife and partner in so many ventures, was again key to completing yet another project.

About the Author

Dan Sullivan  is a principal engineer specializing in cloud architecture, data architecture, and data analytics. Dan is the author of the Official Google Cloud Certified Associate Cloud Engineer Study Guide (Sybex, 2019), Official Google Cloud Certified Professional Data Engineer Study Guide (Sybex, 2019), and NoSQL for Mere Mortals (Addison-Wesley Professional, 2015). He is an online instructor with numerous Google Cloud training courses on Udemy, including Google Cloud Professional Architect: Get Certified, Google Cloud Professional Data Engineer: Get Certified, and Google Cloud Associate Engineer: Get Certified. He is also the author of several LinkedIn Learning courses on databases, data science, and machine learning.

About the Technical Editors

Ammett Williams  is a very simple and sometimes avid daydreamer who has more than 14 years of experience in the IT industry. He has a strong inclination to help others learn and challenge themselves with a lot of experience gained as a team leader. Ammett has started the platform called Start Cloud Now with the aim to inspire others along their IT career path. Ammett holds several IT certifications, including CCIE #43569, CISSP, AWS, and a few Google Cloud professional level certs. Ammett can be found online on LinkedIn at www.linkedin.com/in/ammett and is also a developer relations engineer at Google.

Mark Grand  has over 30 years of experience in software development and architecture. The author of eight books on software architecture and Java, he has deep experience in distributed applications, the Java ecosystem, and database design. He has worked with Java since before 1.0. He can translate English to SQL. Mark is also a GCP Certified Professional Cloud Architect.

The application development areas that Mark has been involved with include social media, analytics, what-if analysis, e-commerce, security, machine learning, blockchain, EDI translation, data warehouse, big data, BPM internals, and database internals.

Mark's areas of domain expertise include retail, travel, shipping, credit card processing, healthcare, facilities management, accounting, advertising, and bioinformatics. Companies that Mark has worked with include JFrog, IBM, HP, InComm, AutoZone, Whole Foods, Home Depot, TSYS, Macy’s, Deloitte, Oracle, Young & Rubicam, and Bridge2 Solutions.

In his spare time, Mark enjoys cooking and composing music.

Introduction

The Google Cloud Platform is a diverse and growing set of services. To pass the Google Cloud Professional Cloud Architect exam, you will need to understand how to reason about both business requirements and technical requirements. This is not so much a test of knowledge about how to do specific tasks in GCP, such as attaching a persistent disk to a VM instance, which is the type of question you are more likely to get or see on the Google Cloud Associate Cloud Engineer exam. The Google Cloud Professional Architect exam tests your ability to perform high-level design and architecture tasks related to the following:

Designing applications

Planning migrations

Ensuring feasibility of proposed designs

Optimizing infrastructure

Building and deploying code

Managing data lifecycles

You will be tested on your ability to design solutions using a mix of compute, storage, networking, and managed services. The design must satisfy both business and technical requirements. If you find a question that seems to have two correct technical answers, look closely at the business requirements. There is likely a business consideration that will make one of the options a better choice than the other. For example, you might have a question about implementing a stream processing system, and the options include a solution based on Apache Flink running in Compute Engine and a solution using Cloud Dataflow. If the business requirements indicate a preference for managed services, then the Cloud Dataflow option is a better choice.

You will be tested on how to plan the execution of work required to implement a cloud solution. Migrations to the cloud are often done in stages. Consider the advantages of starting with low-risk migration tasks, such as setting up a test environment in the cloud before moving production workloads to GCP.

The business and technical requirements may leave you open to proposing two or more different solutions. In these cases, consider the feasibility of the implementation. Will it be scalable and reliable? Even if GCP services have high SLOs, your system may depend on a third-party service that may go down. If that happens, what is the impact on your workflow? Should you plan to buffer work in a Cloud Pub/Sub queue rather than sending it directly to the third-party service? Also consider costs and optimizations, but only after you have a technically viable solution that meets business requirements. As computer science pioneer Donald Knuth realized, “The real problem is that programmers have spent far too much time worrying about efficiency in the wrong places and at the wrong times; premature optimization is the root of all evil (or at least most of it) in programming.”1 The same can be said for architecture as well—meet business and technical requirements before trying to optimize.

The exam guide states that architects should be familiar with the software development lifecycle and agile practices. These will be important to know when answering questions about developing and releasing code, especially how to release code into production environments without shutting down the service. It is important to understand topics such as Blue/Green deployments, canary deployments, and continuous integration/continuous delivery.

In this context, managing is largely about security and monitoring. Architects will need to understand authentication and authorization in GCP. The IAM service is used across GCP, and it should be well understood before attempting the exam. Cloud Monitoring and Cloud Logging are the key services for monitoring and logging in GCP.

How Is the Professional Cloud Architect Exam Different from the Associate Cloud Engineer Exam?

There is some overlap between the Professional Cloud Architect and Associate Cloud Engineer exams. Both exams test for an understanding of technical requirements and the ability to build, deploy, and manage cloud resources. In addition, the Professional Cloud Architect exam tests the ability to work with business requirements to design, plan, and optimize cloud solutions.

The questions on the Professional Cloud Architect exam are based on the kinds of work cloud architects do on a day-to-day basis. This includes deciding which of several storage options is best, designing a network to meet industry regulations, or understanding the implications of horizontally scaling a database.

The questions on the Associate Cloud Engineer exam are based on the tasks that cloud engineers perform, such as creating instance groups, assigning roles to identities, or monitoring a set of VMs. The engineering exam is more likely to have detailed questions about gcloud, gsutil, and bq commands. Architects need to be familiar with these commands and their function, but a detailed knowledge of command options and syntax is not frequently needed on the Professional Cloud Architect exam.

This book is designed to help you pass the Professional Cloud Architect certification exam. If you'd like additional preparation, review the Official Google Cloud Certified Associate Cloud Engineer Study Guide (Sybex, 2019).

What Does This Book Cover?

This book covers the topics outlined in the Professional Cloud Architect exam guide available here:

cloud.google.com/certification/guides/professional-cloud-architect

Chapter 1

: Introduction to the Google Professional Cloud Architect Exam

  This chapter outlines the exam objectives, scope of the exam, and case studies used in the exam. One of the most challenging parts of the exam for many architects is mapping business requirements to technical requirements. This chapter discusses strategies for culling technical requirements and constraints from statements about nontechnical business requirements. The chapter also discusses the need to understand functional requirements around computing, storage, and networking as well as nonfunctional characteristics of services, such as availability and scalability.

Chapter 2

: Designing Solutions to Meet Business Requirements

  This chapter reviews several key areas where business requirements are important to understand, including business use cases and product strategies, application design and cost considerations, systems integration and data management, compliance and regulations, security, and success measures.

Chapter 3

: Designing Solutions to Meet Technical Requirements

  This chapter discusses ways to ensure high availability in compute, storage, and applications. It also reviews ways to ensure scalability in compute, storage, and network resources. The chapter also introduces reliability engineering.

Chapter 4

: Designing Compute Systems

  This chapter discusses Compute Engine, App Engine, Kubernetes Engine, Anthos, and Cloud Functions. Topics in this chapter include use cases, configuration, management, and design. Other topics include managing state in distributed systems, data flows and pipelines, and data integrity. Monitoring and alerting are also discussed.

Chapter 5

: Designing Storage Systems

  This chapter focuses on storage and database systems. Storage systems include object storage, network-attached storage, and caching. Several databases are reviewed, including Cloud SQL, Cloud Spanner, BigQuery, Cloud Firestore, and Bigtable. It is important to know how to choose among storage and database options when making architectural choices. Other topics include provisioning, data retention and lifecycle management, and network latency.

Chapter 6

: Designing Networks

  This chapter reviews VPCs, including subnets and IP addressing, hybrid cloud networking, VPNs, peering, Shared VPCs, and direct connections. This chapter also includes a discussion of regional and global load balancing. Hybrid cloud computing and networking topics are important concepts for the exam.

Chapter 7

: Designing for Security and Legal Compliance

  This chapter discusses IAM, data security including encryption at rest and encryption in transit, key management, security evaluation, penetration testing, auditing, and security design principles. Major regulations and ITIL are reviewed.

Chapter 8

: Designing for Reliability

  This chapter begins with a discussion of Cloud Operations (formerly Stackdriver) for monitoring, logging, and alerting. Next, the chapter reviews continuous deployment and continuous integration. Systems reliability engineering is discussed, including overloads, cascading failures, and testing for reliability. Incident management and post-mortem analysis are also described.

Chapter 9

: Analyzing and Defining Technical Processes

  This chapter focuses on software development lifecycle planning. This includes troubleshooting, testing and validation, business continuity, and disaster recovery.

Chapter 10

: Analyzing and Defining Business Processes

  This chapter includes several business-oriented skills including stakeholder management, change management, team skill management, customer success management, and cost management.

Chapter 11

: Development and Operations

  This chapter reviews application development methodologies, API best practices, and testing frameworks, including load, unit, and integration testing. The chapter also discusses data and systems migration tooling. The chapter concludes with a brief review of using Cloud SDK and programmatically working with GCP.

Chapter 12

: Migration Planning

  This chapter describes how to plan for a cloud migration. Steps include integrating with existing systems, migrating systems and data, license mapping, network management and planning, as well as testing and developing proof-of-concept systems.

Like all exams, the Professional Cloud Architect certification from Google is updated periodically and may eventually be retired or replaced. At some point after Google no longer offers this exam, the old editions of our books and online tools will be retired. If you have purchased this book after the exam was retired, or are attempting to register in the Sybex online learning environment after the exam was retired, please know that we make no guarantees that this exam’s online Sybex tools will be available once the exam is no longer available.

Interactive Online Learning Environment and Test Bank

Studying the material in the Google Cloud Certified Professional Cloud Architect Study Guide is an important part of preparing for the Professional Cloud Architect certification exam, but we also provide additional tools to help you prepare. The online Test Bank will help you understand the types of questions that will appear on the certification exam.

The sample tests in the Test Bank include all the questions in each chapter as well as the questions from the assessment test. In addition, there are two practice exams with 50 questions each. You can use these tests to evaluate your understanding and identify areas that may require additional study.

The flashcards in the Test Bank will push the limits of what you should know for the certification exam. There are more than 100 questions that are provided in digital format. Each flashcard has one question and one correct answer.

The online glossary is a searchable list of key terms introduced in this exam guide that you should know for the Professional Cloud Architect certification exam.

Go to www.wiley.com/go/sybextestprep to register and gain access to this interactive online learning environment and test bank with study tools.

Additional Resources

People learn in different ways. For some, a book is an ideal way to study, while auditory learners may find audio and video resources a more efficient way to study. A combination of resources may be the best option for many of us. In addition to this study guide, here are some other resources that can help you prepare for the Google Cloud Professional Cloud Architect exam.

The Professional Cloud Architect Certification Exam Guide:

cloud.google.com/certification/guides/professional-cloud-architect

Exam FAQs:

cloud.google.com/certification/faqs/#0

Google's Sample Questions:

cloud.google.com/certification/cloud-architect

Google Cloud Platform documentation:

cloud.google.com/docs

Online course Google Cloud Professional Architect: Get Certified by Dan Sullivan

www.udemy.com/course/google-cloud-professional-architect-get-certified

Exam objectives are subject to change at any time without prior notice and at Google's sole discretion. Please visit the Google Professional Cloud Architect website (cloud.google.com/certification/cloud-architect) for the most current listing of exam objectives.

Objective Map

Objective

Chapter

Section 1: Designing and planning a cloud solution architecture

1.1 Designing a solution infrastructure that meets business requirements

1, 2

1.2 Designing a solution infrastructure that meets technical requirements

2, 3

1.3 Designing network, storage, and compute resources

4

1.4 Creating a migration plan (i.e., documents and architectural diagrams)

12

1.5 Envisioning future solution improvements

2

Section 2: Managing and provisioning solutions infrastructure

2.1 Configuring network topologies

6

2.2 Configuring individual storage systems

5

2.3 Configuring compute systems

4

Section 3: Designing for security and compliance

3.1 Designing for security

7

3.2 Designing for compliance

7

Section 4: Analyzing and optimizing technical and business processes

4.1 Analyzing and defining technical processes

9

4.2 Analyzing and defining business processes

10

4.3 Developing procedures to ensure reliability of solutions in production (e.g., chaos engineering, penetration testing)

8

Section 5: Managing implementation

5.1 Advising development/operations team(s) to ensure successful deployment of the solution

11

5.2 Interacting with Google Cloud programmatically

11

Section 6: Ensuring solutions and operations reliability

6.1 Monitoring/logging/profiling/alerting solution

8

6.2 Deployment and release management

8

6.3 Assisting with support of deployed solutions

8

6.4 Evaluating quality control measures

8

Assessment Test

Building for Builders LLC manufactures equipment used in residential and commercial building. Each of its 500,000 pieces of equipment in use around the globe has IoT devices collecting data about the state of equipment. The IoT data is streamed from each device every 10 seconds. On average, 10 KB of data is sent in each message. The data will be used for predictive maintenance and product development. The company would like to use a managed service in Google Cloud. What would you recommend?

Apache Cassandra

Cloud Bigtable

BigQuery

Cloud SQL

You have developed a web application that is becoming widely used. The front end runs in Google App Engine and scales automatically. The backend runs on Compute Engine in a managed instance group. You have set the maximum number of instances in the backend managed instance group to five. You do not want to increase the maximum size of the managed instance group or change the VM instance type, but there are times the front end sends more data than the backend can keep up with and data is lost. What can you do to prevent the loss of data?

Use an unmanaged instance group.

Store ingested data in Cloud Storage.

Have the front end write data to a Cloud Pub/Sub topic, and have the backend read from that topic.

Store ingested data in BigQuery.

You are setting up a cloud project and want to assign members of your team different roles that have appropriate permissions for their responsibilities. What GCP service would you use to do that?

Cloud Identity

Identity and Access Management (IAM)

Cloud Authorizations

LDAP

You would like to run a custom stateless container in a managed Google Cloud service. What are your three options?

App Engine Standard, Cloud Run, and Kubernetes Engine

App Engine Flexible, Cloud Run, and Kubernetes Engine

Compute Engine, Cloud Functions, and Kubernetes Engine

Cloud Functions, Cloud Run, and App Engine Flexible

PhotosForYouToday prints photographs and ships them to customers. The front-end application uploads photos to Cloud Storage. Currently, the back end runs a cron job that checks Cloud Storage buckets every 10 minutes for new photos. The product manager would like to process the photos as soon as they are uploaded. What would you use to cause processing to start when a photo file is saved to Cloud Storage?

A Cloud Function

An App Engine Flexible application

A Kubernetes pod

A cron job that checks the bucket more frequently

The chief financial officer of your company believes that you are spending too much money to run an on-premises data warehouse and wants to migrate to a managed cloud solution. What GCP service would you recommend for implementing a new data warehouse in GCP?

Compute Engine

BigQuery

Cloud Dataproc

Cloud Bigtable

A government regulation requires you to keep certain financial data for seven years. You are not likely to ever retrieve the data, and you are only keeping it to comply with regulations. There are approximately 500 TB of financial data for each year that you are required to save. What is the most cost-effective way to store this data?

Cloud Storage multiregional storage

Cloud Storage Nearline storage

Cloud Storage Archive storage

Cloud Storage persistent disk storage

Global Games Enterprises Inc. is expanding from North America to Europe. Some of the games offered by the company collect personal information. With what additional regulation will the company need to comply when it expands into the European market?

HIPAA

PCI-DSS

GDPR

SOX

Your team is developing a Tier 1 application for your company. The application will depend on a PostgreSQL database. Team members do not have much experience with PostgreSQL and want to implement the database in a way that minimizes their administrative responsibilities for the database. What managed service would you recommend?

Cloud SQL

Cloud Dataproc

Cloud Bigtable

Cloud PostgreSQL

What is a service-level indicator?

A metric collected to indicate how well a service-level objective is being met

A type of log

A type of notification sent to a sysadmin when an alert is triggered

A visualization displayed when a VM instance is down

Developers at MakeYouFashionable have adopted agile development methodologies. Which tool might they use to support CI/CD?

Google Docs

Jenkins

Apache Cassandra

Clojure

You have a backlog of audio files that need to be processed using a custom application. The files are stored in Cloud Storage. If the files were processed continuously on three n2-standard-4 instances, the job could complete in two days. You have 30 days to deliver the processed files, after which they will be sent to a client and deleted from your systems. You would like to minimize the cost of processing. What might you do to help keep costs down?

Store the files in Coldline storage.

Store the processed files in multiregional storage.

Store the processed files in Cloud CDN.

Use preemptible VMs.

You have joined a startup selling supplies to visual artists. One element of the company's strategy is to foster a social network of artists and art buyers. The company will provide e-commerce services for artists and earn revenue by charging a fee for each transaction. You have been asked to collect more detailed business requirements. What might you expect as an additional business requirement?

The ability to ingest streaming data

A recommendation system to match buyers to artists

Compliance with SOX regulations

Natural language processing of large volumes of text

You work for a manufacturer of specialty die cast parts for the aerospace industry. The company has built a reputation as the leader in high-quality, specialty die cast parts, but recently the number of parts returned for poor quality is increasing. Detailed data about the manufacturing process is collected throughout every stage of manufacturing. To date, the data has been collected and stored but not analyzed. There is a total of 20 TB of data. The company has a team of analysts familiar with spreadsheets and SQL. What service might you recommend for conducting preliminary analysis of the data?

Compute Engine

Kubernetes Engine

BigQuery

Cloud Functions

A client of yours wants to run an application in a highly secure environment. They want to use instances that will only run boot components verified by digital signatures. What would you recommend they use in Google Cloud?

Preemptible VMs

Managed instance groups

Cloud Functions

Shielded VMs

You have installed the Google Cloud SDK. You would now like to work on transferring files to Cloud Storage. What command-line utility would you use?

bq

gsutil

cbt

gcloud

Kubernetes pods sometimes need access to persistent storage. Pods are ephemeral—they may shut down for reasons not in control of the application running in the pod. What mechanism does Kubernetes use to decouple pods from persistent storage?

PersistentVolumes

Deployments

ReplicaSets

Ingress

An application that you support has been missing service-level objectives, especially around database query response times. You have reviewed monitoring data and determined that a large number of database read operations is putting unexpected load on the system. The database uses PostgreSQL, and it is running in Compute Engine. You have tuned SQL queries, and the performance is still not meeting objectives. Of the following options, which would you try next?

Migrate to a NoSQL database.

Move the database to Cloud SQL.

Use read replicas.

Move some of the data out of the database to Cloud Storage.

You are running a complicated stream processing operation using Apache Beam. You want to start using a managed service. What GCP service would you use?

Cloud Dataprep

Cloud Dataproc

Cloud Dataflow

Cloud Identity

Your team has had several incidents in which Tier 1 and Tier 2 services were down for more than one hour. After conducting a few retrospective analyses of the incidents, you have determined that you could identify the causes of incidents faster if you had a centralized log repository. What GCP service could you use for this?

Cloud Logging

Cloud Monitoring

Cloud SQL

Cloud Trace

A Global 2000 company has hired you as a consultant to help architect a new logistics system. The system will track the location of parts as they are shipped between company facilities in Europe, Africa, South America, and Australia. Anytime a user queries the database, they must receive accurate and up-to-date information; specifically, the database must support strong consistency. Users from any facility may query the database using SQL. What GCP service would you recommend?

Cloud SQL

BigQuery

Cloud Spanner

Cloud Dataflow

A database architect for a game developer has determined that a NoSQL document database is the best option for storing players’ possessions. What GCP service would you recommend?

Cloud Firestore

Cloud Storage

Cloud Dataproc

Cloud Bigtable

A major news agency is seeing increasing readership across the globe. The CTO is concerned that long page-load times will decrease readership. What might the news agency try to reduce the page-load time of readers around the globe?

Regional Cloud Storage

Cloud CDN

Fewer firewall rules

Virtual private network

What networking mechanism allows different VPC networks to communicate using private IP address space, as defined in RFC 1918?

ReplicaSets

Custom subnets

VPC network peering

Firewall rules

You have been tasked with setting up disaster recovery infrastructure in the cloud that will be used if the on-premises data center is not available. What network topology would you use for a disaster recovery environment?

Meshed topology

Mirrored topology

Gated egress topology

Gated ingress topology

Answers to the Assessment Test

B. Option B is correct. Bigtable is the best option for streaming IoT data, since it supports low-latency writes and is designed to scale to support petabytes of data.

Option A is incorrect because Apache Cassandra is not a managed database in GCP. Option C is incorrect because BigQuery is a data warehouse. While it is a good option for analyzing large volumes of data, Bigtable is a better option for ingesting the data. Option D is incorrect. CloudSQL is a managed relational database. The use case does not require a relational database, and Bigtable's scalability is a better fit with the requirements.

C. The correct answer is C. A Cloud Pub/Sub topic would decouple the front end and backend, provide a managed and scalable message queue, and store ingested data until the backend can process it.

Option A is incorrect. Switching to an unmanaged instance group will mean that the instance group cannot autoscale. Option B is incorrect. You could store ingested data in Cloud Storage, but it would not be as performant as the Cloud Pub/Sub solution. Option D is incorrect because BigQuery is a data warehouse and not designed for this use case.

B. The correct answer is B. IAM is used to manage roles and permissions.

Option A is incorrect. Cloud Identity is a service for creating and managing identities. Option C is incorrect. There is no GCP service with that name at this time. Option D is incorrect. LDAP is not a GCP service.

B. The correct answer is B. You can run custom stateless containers in App Engine Flexible, Cloud Run, and Kubernetes Engine.

Option A is incorrect because App Engine Standard does not support custom containers. Option C is incorrect because Compute Engine is not a managed service and Cloud Functions does not support custom containers. Option D is incorrect because Cloud Functions does not support custom containers.

A. The correct answer is A. A Cloud Function can respond to a create file event in Cloud Storage and start processing when the file is created.

Option B is incorrect because an App Engine Flexible application cannot directly respond to a Cloud Storage write event. Option C is incorrect. Kubernetes pods are the smallest compute unit in Kubernetes and are not designed to directly respond to Cloud Storage events. Option D is incorrect because it does not guarantee that photos will be processed as soon as they are created.

B. The correct answer is B. BigQuery is a managed analytics database designed to support data warehouses and similar use cases.

Option A is incorrect. Compute Engine is not a managed service. Option C is incorrect. Cloud Dataproc is a managed Hadoop and Spark service. Option D is incorrect. Bigtable is a NoSQL database well suited for large-volume, low-latency writes and limited ranges of queries. It is not suitable for the kind of ad hoc querying commonly done with data warehouses.

C. The correct answer is C. Cloud Storage Archive is the lowest-cost option, and it is designed for data that is accessed less than once per year.

Options A and B are incorrect because they cost more than Archive storage. Option D is incorrect because there is no such service.

C. The correct answer is C. The GDPR is a European Union directive protecting the personal information of EU citizens.

Option A is incorrect. HIPAA is a US healthcare regulation. Option B is incorrect. PCI-DS is a payment card data security regulation; if Global Games Enterprises Inc. is accepting payment cards in North America, it is already subject to that regulation. Option D is a US regulation on some publicly traded companies; the company may be subject to that regulation already, and expanding to Europe will not change its status.

A. The correct answer is A. Cloud SQL is a managed database service that supports PostgreSQL.

Option B is incorrect. Cloud Dataproc is a managed Hadoop and Spark service. Option C is incorrect. Cloud Bigtable is a NoSQL database. Option D is incorrect. There is no service called Cloud PostgreSQL in GCP at this time.

A. The correct answer is A. A service-level indicator is a metric used to measure how well a service is meeting its objectives.

Options B and C are incorrect. It is not a type of log or a type of notification. Option D is incorrect. A service-level indicator is not a visualization, although the same metrics may be used to drive the display of a visualization.

B. The correct answer is B. Jenkins is a popular CI/CD tool. Option A is incorrect. Google Docs is a collaboration tool for creating and sharing documents. Option C is incorrect. Cassandra is a NoSQL database. Option D is incorrect. Clojure is a Lisp-like programming language that runs on the Java virtual machine (JVM).

D. The correct answer is D. Use preemptible VMs, which cost significantly less than standard VMs. Option A is incorrect. Coldline storage is not appropriate for files that are actively used. Option B is incorrect. Storing files in multiregional storage will cost more than regional storage, and there is no indication from the requirements that they should be stored multiregionally. Option C is incorrect. There is no indication that the processed files need to be distributed to a global user base.

B. The correct answer is B. This is an e-commerce site matching sellers and buyers, so a system that recommends artists to buyers can help increase sales.

Option A is incorrect. There is no indication of any need for streaming data. Option C is incorrect. This is a startup, and it is not likely subject to SOX regulations. Option D is incorrect. There is no indication of a need to process large volumes of text.

C. The correct answer is C. BigQuery is an analytics database that supports SQL.

Options A and B are incorrect because although they could be used to run analytics applications, such as Apache Hadoop or Apache Spark, it would require more administrative overhead. Also, the team members working on this are analysts, but there is no indication that they have the skills or desire to manage analytics platforms. Option D is incorrect. Cloud Functions is for running short programs in response to events in GCP.

D. The correct answer is D. Shielded VMs include secure boot, which only runs digitally verified boot components.

Option A is incorrect. Preemptible VMs are interruptible instances, but they cost less than standard VMs. Option B is incorrect. Managed instance groups are sets of identical VMs that are managed as a single entity. Option C is incorrect. Cloud Functions is a managed service for running programs in response to events in GCP.

B. The correct answer is B.

gsutil

is the command-line utility for working with Cloud Storage.

Option A is incorrect. bq is the command-line utility for working with BigQuery. Option C is incorrect. cbt is the command-line utility for working with Cloud Bigtable. Option D is incorrect. gcloud is used to work with most GCP services but not Cloud Storage.

A. The correct answer is A. PersistentVolumes is Kubernetes' way of representing storage allocated or provisioned for use by a pod.

Option B is incorrect. Deployments are a type of controller consisting of pods running the same version of an application. Option C is incorrect. A ReplicaSet is a controller that manages the number of pods running in a deployment. Option D is incorrect. An Ingress is an object that controls external access to services running in a Kubernetes cluster.

C. The correct answer is C. Use read replicas to reduce the number of reads against the primary persistent storage system that is supporting both reads and writes.

Option A is incorrect. The application is designed to work with a relational database, and there is no indication that a NoSQL database is a better option overall. Option B is incorrect. Simply moving the database to a managed service will not change the number of read operations, which is the cause of the poor performance. Option D is incorrect. Moving data to Cloud Storage will not reduce the number of reads, and Cloud Storage does not support SQL.

C. The correct answer is C. Cloud Dataflow is an implementation of the Apache Beam stream processing framework. Cloud Dataflow is a fully managed service.

Option A is incorrect. Cloud Dataprep is used to prepare data for analysis. Option B is incorrect. Cloud Dataproc is a managed Hadoop and Spark service. Option D is incorrect. Cloud Identity is an authentication service.

A. The correct answer is A. Cloud Logging is a centralized logging service.

Option B is incorrect. Cloud Monitoring collects and manages performance metrics. Option C is incorrect. Cloud SQL is used for regional, relational databases. Option D is incorrect. Cloud Trace is a service for distributed tracing of application performance.

C. The correct answer is C. Cloud Spanner is a globally scalable, strongly consistent relational database that can be queried using SQL.

Option A is incorrect because it will not scale to the global scale as Cloud Spanner will. Option B is incorrect. The requirements describe an application that will likely have frequent updates and transactions. BigQuery is designed for analytics and data warehousing. Option D is incorrect. Cloud Dataflow is a stream and batch processing service.

A. The correct answer is A. Cloud Firestore is a managed document NoSQL database in GCP.

Option B is incorrect. Cloud Storage is an object storage system, not a document NoSQL database. Option C is incorrect. Cloud Dataproc is a managed Hadoop and Spark service. Option D is incorrect. Cloud Bigtable is a wide-column NoSQL database, not a document database.

B. The correct answer is B. Cloud CDN is GCP's content delivery network, which distributes static content globally.

Option A is incorrect. Reading from regional storage can still have long latencies for readers outside of the region. Option C is incorrect. Firewall rules do not impact latency in any discernible way. Option D is incorrect because VPNs are used to link on-premises networks to Google Cloud.

C. The correct answer is C. VPC peering allows different VPCs to communicate using private networks.

Option A is incorrect. ReplicaSets are used in Kubernetes; they are not related to VPCs. Option B is incorrect. Custom subnets define network address ranges for regions. Option D is incorrect. Firewall rules control the flow of network traffic.

B. The correct answer is B. With a mirrored topology, the public cloud and private on-premises environments mirror each other.

Option A is incorrect. In a mesh topology, all systems in the cloud and private networks can communicate with each other. Option C is incorrect. In a gated egress topology, on-premises service APIs are made available to applications running in the cloud without exposing them to the public Internet. Option D is incorrect. In a gated ingress topology, cloud service APIs are made available to applications running on-premises without exposing them to the public Internet.

Chapter 1Introduction to the Google Professional Cloud Architect Exam

PROFESSIONAL CLOUD ARCHITECT CERTIFICATION EXAM OBJECTIVES COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING:

Section 1: Designing and planning a cloud solution architecture

1.1 Designing a solution infrastructure that meets business requirements. Considerations include:

Business use cases and product strategy

Cost optimization

Supporting the application design

Integration with external systems

Movement of data

Design decision tradeoffs

Build, buy, modify, or deprecate

Success measurements (e.g., Key Performance Indicators (KPI), Return on Investment (ROI), metrics)

Compliance and observability

This Study Guide is designed to help you acquire the technical knowledge and analytical skills that you will need to pass the Google Cloud Professional Architect certification exam. This exam is designed to evaluate your skills for assessing business requirements, identifying technical requirements, and mapping those requirements to solutions using Google Cloud products, as well as monitoring and maintaining those solutions. This breadth of topics alone is enough to make this a challenging exam. Add to that the need for soft skills, such as working with colleagues in order to understand their business requirements, and you have an exam that is difficult to pass.

The Google Cloud Professional Architect exam is not a body of knowledge exam. You can know Google Cloud product documentation in detail, memorize most of what you read in this guide, and view multiple online courses, but that will not guarantee that you pass the exam. You will be required to exercise judgment. You will have to understand how business requirements constrain your options for choosing a technical solution. You will be asked the kinds of questions a business sponsor might ask about implementing their project.

This chapter will review the following:

Exam objectives

Scope of the exam

Case studies written by Google and used as the basis for some exam questions

Additional resources to help in your exam preparation

Exam Objectives

The Google Cloud Professional Cloud Architect exam will test your architect skills, including the following:

Planning cloud solutions

Managing and provisioning cloud solutions

Securing systems and processes

Analyzing and optimizing technical and business processes

Managing implementations

Ensuring solution and operations reliability

It is clear from the exam objectives that the test covers the full lifecycle of solution development from inception and planning through monitoring and maintenance.

Analyzing Business Requirements

An architect starts the planning phase by collecting information, starting with business requirements. You might be tempted to start with technical details about the current solution. You might want to ask technical questions so that you can start eliminating options. You may even think that you've solved this kind of problem before and you just have to pick the right architecture pattern. Resist those inclinations if you have them. All architecture design decisions must be made in the context of business requirements.

Business requirements define the operational landscape in which you will develop a solution. Example business requirements are as follows:

The need to reduce

capital expenditures

Accelerating the pace of software development

Reporting on

service-level objectives

Reducing time to recover from an incident

Improving compliance with industry regulations

Business requirements may be about costs, customer experience, or operational improvements. A common trait of business requirements is that they are rarely satisfied by a single technical decision.

Reducing Operational Expenses

Reducing operational expenses may be satisfied by using managed services instead of operating services yourself, accepting different services commitments such as preemptible virtual machines and Pub/Sub Lite, and using services that automatically scale to load.

Managed services reduce the workload on systems administrators and DevOps engineers because they eliminate some of the work required when managing your own implementation of a platform. Note that while managed services can reduce costs, that is not always the case; if cost is a key driver for selecting a managed service, it is important to verify that managed services will actually cost less. A database administrator, for example, would not have to spend time performing backups or patching operating systems if they used Cloud SQL instead of running a database on Compute Engine instances or in their own data center. BigQuery is a widely used data warehouse and analytics managed service that can significantly reduce the cost of data warehousing by eliminating many database administrator tasks, such as managing storage infrastructure.

Some services have the option of trading some availability, scalability, or reliability features for lower costs. Preemptible VMs, for example, are low-cost instances that can be shut down at any time but can run up to 24 hours before they will be preempted, that is, shut down and no longer available to you. They are a good option for batch processing and other tasks that are easily recovered and restarted. Pub/Sub Lite can be an order of magnitude less expensive than Pub/Sub but comes with lower availability and durability. Pub/Sub Lite is recommended only when the cost savings justify additional operational work to reserve and manage resource capacity.

Autoscaling enables engineers to deploy an adequate number of resources needed to meet the load on a system. In a Compute Engine Managed Instance Group, additional virtual machines are added to the group when demand is high; when demand is low, the number of instances is reduced. With autoscaling, organizations can stop pre-purchasing infrastructure to meet peak capacity and can instead scale their infrastructure to meet the immediate need. With Cloud Run, when a service is not receiving any traffic, the revision of that service is scaled to zero and no costs are incurred.

Accelerating the Pace of Development

Successful businesses are constantly innovating. Agile software development practices are designed to support rapid development, testing, deployment, and feedback.

A business that wants to accelerate the pace of development may turn to managed services to reduce the operational workload on their operations teams. Managed services also allow engineers to implement services, such as image processing and natural language processing, which they could not do on their own if they did not have domain expertise on the team.

Continuous integration and continuous delivery are additional practices within software development. The idea is that it's best to integrate small amounts of new code frequently so that it can be tested and deployed rather than trying to release many changes at one time. Small releases are easier to review and debug. They also allow developers to get feedback from colleagues and customers about features, performance, and other factors.

As an architect, you may have to work with monolithic applications that are difficult to update in small increments. In that case, there may be an implied business requirement to consider decomposing the monolithic application into a microservice architecture. If there is an interest in migrating to a microservice architecture, then you will need to decide if you should migrate the existing application into the cloud as is, known as lift and shift, or you should begin transforming the application during the cloud migration. Alternatively, you could also rebuild on the cloud using cloud-native design without migrating, which is known as rip and replace.

There is no way to decide about this without considering business requirements. If the business needs to move to the cloud as fast as possible to avoid a large capital expenditure on new equipment or to avoid committing to a long-term lease in a co-location data center or if the organization wants to minimize change during the migration, then lift and shift is the better choice. Most importantly, you must assess if the application can run in the cloud with minimal modification. Otherwise, you cannot perform a lift-and-shift migration.

If the monolithic application is dependent on deprecated components and written in a language that is no longer supported in your company, then rewriting the application or using a third-party application is a reasonable choice.

Reporting on Service-Level Objectives

The operational groups of a modern business depend on IT applications. A finance department needs access to accounting systems. A logistics analyst needs access to data about how well the fleet of delivery vehicles is performing. The sales team constantly queries and updates the customer management system. Different business units will have different business requirements around the availability of applications and services.

A finance department may only need access to accounting systems during business hours. In that case, upgrades and other maintenance can happen during off-hours and would not require the accounting system to be available during that time. The customer management system, however, is typically used 24 hours a day, every day. The sales team expects the application to be available all the time. This means that support engineers need to find ways to update and patch the customer management system while minimizing or even avoiding downtime.

Requirements about availability are formalized in service-level objectives (SLOs). SLOs can be defined in terms of availability, such as being available 99.9 percent of the time. A database system may have SLOs around durability or the ability to retrieve data. For example, the human resources department may have to store personnel data reliably for seven years, and the storage system must guarantee that there is a less than 1 in 10 billion chances of an object being lost. Interactive systems have performance-related SLOs. A web application SLO may require a page loading average response time of 2 seconds with a 95th percentile of 4 seconds.

Logging and monitoring data are used to demonstrate compliance with SLOs. The Cloud Logging service collects information about significant events, such as a disk running out of space. Cloud Monitoring collects metrics from infrastructure, services, and applications such as average CPU utilization during a particular period of time or the number of bytes written to a network in a defined time span. Developers can create reports and dashboards using logging details and metrics to monitor compliance with SLOs. These metrics are known as service-level indicators (SLIs).

Reducing Time to Recover from an Incident

Incidents, in the context of IT services, are a disruption that causes a service to be degraded or unavailable. An incident can be caused by single factors, such as an incorrect configuration. Often, there is no single root cause of an incident. Instead, a series of failures and errors contributes to a service failure.

For example, consider an engineer on call who receives a notification that customer data is not being processed correctly by an application. In this case, a database is failing to complete a transaction because a disk is out of space, which causes the application writing to the database to block while the application repeatedly retries the transaction in rapid succession. The application stops reading from a message queue, which causes messages to accumulate until the maximum size of the queue is reached, at which point the message queue starts to drop data.

Once an incident begins, systems engineers and system administrators need information about the state of components and services. To reduce the time to recover, it is best to collect metrics and log events and then make them available to engineers at any time, especially during an incident response.

The incident might have been avoided if database administrators created alerts on free disk space or if the application developer chose to handle retries using exponential backoff instead of simply retrying as fast as possible until it succeeds. Alerting on the size of the message queue could have notified the operations team of a potential problem in time to make adjustments before data was dropped.

Improving Compliance with Industry Regulations

Many businesses are subject to government and industry regulations. Regulations range from protecting the privacy of customer data to ensuring the integrity of business transactions and financial reporting. Major regulations include the following:

Health Insurance Portability and Accountability Act (HIPAA)

, a healthcare regulation

Children's Online Privacy Protection Act (COPPA)

, a privacy regulation

Sarbanes–Oxley Act (SOX),

a financial reporting regulation

Payment Card Industry Data Standard (PCI)

, a data protection regulation for credit card processing

General Data Protection Regulation (GDPR)

, a European Union privacy protection regulation