Passing the GCP Associate Cloud Engineer exam

This is the 3rd time I passed the exam. I want to capture what was covered in the exam. I had enough time to finish the exam. The online proctored exam application hit an error after I submitted the exam during the survey window. I had to contact Kryterion support to ask them to submit the exam.

1. Compute Engine managed instance group fails to create new instances. The answers involve deleting persistent disk with the same names as the instance names, delete the instance template, create a new instance template with valid syntax. This is the question I did not know the answer to. I wasn’t sure how compute engine managed instance group would fail to create new instances. The question did not state why.
2. Google cloud billing: how to create budget alerts for multiple projects where you’d get emails if any of the project exceeds $555. The best way to practice is to create a budget to understand you can include multiple projects in a budget. But that will be the sum up to $555. What’d you do for individual project’s budget at $555?
3. When the billing alert requirements are too granular to the point the budget alert feature in billing can’t handle, understand how to use BigQuery billing export and project scope resource labels to sum the charged amounts.
4. I’m surprised to see compute engine instance delete protection more than once in the exam. Good to learn on how to enable it to prevent accidental VM deletion.
5. The question on configuring SSO with a SAML compatible identity provider showed up. The GCP customer wanted to use the SAML compatible identity provider for SAML based services. Choices were setting Google vs the SAML as the identity provider while Google is the identity service provider.
6. GKE appeared in the exam more than 5 times, more than Cloud Run. It’s important how to use Cluster level node pool auto-scaling, why create a deployment with horizontal pod autoscaler on stateless microservices.
7. A few database related questions. You’d need to know SQL vs noSQL types of databases. Cloud Spanner can be global while Cloud SQL is only regional. Can a VM instance from a different region access Cloud SQL’s private IP?
8. Understand how to add a compute engine instance in a new project in cloud console and gcloud CLI. Learn how to create new instances in different zones to prevent zonal downtime.
9. How to use gcloud CLI to activate different configurations? gcloud config configurations list.
10. Study how to grant a group of data analysts read access to BigQuery dataset.table for them to run custom SQL standard queries. Granting individuals without using Google groups is bad.
11. Learn how to use Folders to grant IAM roles to Google groups for grouping cloud resources into folders. Correct answers learn towards using folders for IAM policy binding inheritance vs granting individuals in projects.
12. Learn how to estimate monthly cloud bills by using Google cloud pricing calculator. Use a calculator or Google sheets with product page’s pricing information is error prone and most likely the wrong answers.
13. Understand the basics of VPC network, subnet, and subnet specified at GKE cluster creation can’t be changed. Questions like how to scale out nodes when the subnet used in a GKE cluster consume all the IPs may show up. Expanding the subnet is usually the best solution.
14. When you migrate VMs on premises with a DMZ, a public and private subnet, what are the best options in GCP to create the network? The current state has the VMs in the public subnet to connected to the database servers in the private subnet. Creating 2 VPC without peering is usually bad as they can’t connect at all. Creating a single VPC network with public IPs on the web servers in the DMZ subnet and private IPs on the database servers in another subnet is best.
15. What’s the best option for choosing a storage class out of the 3 storage classes for files accessed every 35 days? What’s the most cost efficient method to auto delete older files? Object lifecycle management action is better than setting a reminder to manually delete. You can even configure such actions to set files to a cheaper storage class after some age condition and another action to delete it later.