GCPProCloudArchitect.pdf资源-CSDN文库

版权申诉

5星 · 超过95%的资源 92 浏览量 2022-12-20 14:57:33 上传评论收藏 4.51MB PDF 举报

资源推荐

资源详情

资源评论

JencoMart

Testlet 1

Company

Overview

JencoMart is a global retailer with over 10,000 stores in 16 countries. The stores carry a range of goods, such as groceries, tires, and jewelry. One of the

company's core values is excellent customer service. In addition, they recently introduced an environmental policy to reduce their carbon output by 50% over

the next 5 years.

Company

Background

JencoMart started as a general store in 1931, and has grown into one of the world's leading brands, known for great value and customer service. Over time,

the company transitioned from only physical stores to a stores and online hybrid model, with 25% of sales online. Currently, JencoMart has little presence in

Asia, but considers that market key for future growth.

Solution

Concept

JencoMart wants to migrate several critical applications to the cloud but has not completed a technical review to determine their suitability for the cloud and

the engineering required for migration. They currently host all of these applications on infrastructure that is at its end of life and is no longer supported.

Existing Technical Environment

JencoMart hosts all of its applications in 4 data centers: 3 in North American and 1 in Europe; most applications are dual-homed.

JencoMart understands the dependencies and resource usage metrics of their on-premises architecture.

Application:

Customer

loyalty

portal

LAMP (Linux, Apache, MySQL and PHP) application served from the two JencoMart-owned U.S. data centers.

Database

Oracle Database stores user profiles

20 TB

Complex table structure

Well maintained, clean data

Strong backup strategy

PostgreSQL

database

stores

user

credentials

- Single-homed

West

No redundancy

Backed up every 12 hours

- 100%

uptime

service

level

agreement

(SLA)

- Authenticates

all

users

Compute

30 machines in US West Coast, each machine has:

Twin, dual core CPUs

32 GB of RAM

Twin 250 GB HDD (RAID 1)

20 machines in US East Coast, each machine has:

- Single,

dual-core

CPU

24 GB of RAM

Twin 250 GB HDD (RAID 1)

Storage

Access to shared 100 TB SAN in each location

Exam A

QUESTION

The JencoMart security team requires that all Google Cloud Platform infrastructure is deployed using a least privilege model with separation of duties for

administration between production and development resources.

What Google domain and project structure should you recommend?

Create two G Suite accounts to manage users: one for development/test/staging and one for production.

Each account should contain one project for every application

Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production

applications

Create a single G Suite account to manage users with each stage of each application in its own project

Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production

environment

Correct Answer: C

Section: (none)

Explanation

Explanation/Reference:

Section: (none)

Explanation

Explanation/Reference:

Explanation:

Note: The principle of least privilege and separation of duties are concepts that, although semantically different,

are intrinsically related from the standpoint of security. The intent behind both is to prevent people from having higher privilege levels than they actually need

Principle of Least Privilege: Users should only have the least amount of privileges required to perform their

job and no more. This reduces authorization exploitation by limiting access to resources such as targets, jobs, or monitoring templates for which they are

not authorized.

Separation of Duties: Beyond limiting user privilege level, you also limit user duties, or the specific jobs they

can perform. No user should be given responsibility for more than one related function. This limits the ability of a user to perform a malicious action and then

cover up that action.

Reference: https://cloud.google.com/kms/docs/separation-of-duties

QUESTION

A few days after JencoMart migrates the user credentials database to Google Cloud Platform and shuts down the old server, the new database server stops

responding to SSH connections. It is still serving database requests to the application servers correctly.

What three steps should you take to diagnose the problem? (Choose three.)

Delete the virtual machine (VM) and disks and create a new one

Delete the instance, attach the disk to a new VM, and investigate

Take a snapshot of the disk and connect to a new machine to investigate

Check inbound firewall rules for the network the machine is connected to

Connect the machine to another network with very simple firewall rules and investigate

Print the Serial Console output for the instance for troubleshooting, activate the interactive console, and investigate

Correct Answer: CDF

Section: (none)

Explanation

Explanation/Reference:

Section: (none)

Explanation

Explanation/Reference:

Explanation:

D: Handling "Unable to connect on port 22" error message

Possible causes include:

There is no firewall rule allowing SSH access on the port. SSH access on port 22 is enabled on all Compute

Engine instances by default. If you have disabled access, SSH from the Browser will not work. If you run sshd on a port other than 22, you need to enable the

access to that port with a custom firewall rule. The firewall rule allowing SSH access is enabled, but is not configured to allow connections from GCP

Console services. Source IP addresses for browser-based SSH sessions are dynamically allocated by GCP Console and can vary from session to session.

F: Handling "Could not connect, retrying..." error

You can verify that the daemon is running by navigating to the serial console output page and looking for output lines prefixed with the accounts-from-

metadata: string. If you are using a standard image but you do not see these output prefixes in the serial console output, the daemon might be stopped.

Reboot the instance to restart the daemon.

Reference:

https://cloud.google.com/compute/docs/ssh-in-browser

QUESTION

JencoMart has decided to migrate user profile storage to Google Cloud Datastore and the application servers to Google Compute Engine (GCE). During the

migration, the existing infrastructure will need access to Datastore to upload the data.

What service account key-management strategy should you recommend?

Provision service account keys for the on-premises infrastructure and for the GCE virtual machines (VMs)

Authenticate the on-premises infrastructure with a user account and provision service account keys for the VMs

Provision service account keys for the on-premises infrastructure and use Google Cloud Platform (GCP) managed keys for the VMs

Deploy a custom authentication service on GCE/Google Kubernetes Engine (GKE) for the on-premises infrastructure and use GCP managed keys for the

VMs

Correct Answer: C

Section: (none)

Explanation

Explanation/Reference:

Section: (none)

Explanation

Explanation/Reference:

Explanation:

Migrating data to Google Cloud Platform

Let's say that you have some data processing that happens on another cloud provider and you want to transfer the processed data to Google Cloud Platform.

You can use a service account from the virtual machines on the external cloud to push the data to Google Cloud Platform. To do this, you must create and

download a service account key when you create the service account and then use that key from the external process to call the Cloud Platform APIs.

Reference:

https://cloud.google.com/iam/docs/understanding-service-accounts#migrating_data_to_google_cloud_platform

QUESTION

JencoMart has built a version of their application on Google Cloud Platform that serves traffic to Asia. You want to measure success against their business

and technical goals.

Which metrics should you track?

Error rates for requests from Asia

B. Latency

difference

between

and

Asia