Managing & Provisioning Infrastructure

You are designing a disaster recovery plan for a critical application running on Compute Engine. The business requires an RTO (Recovery Time Objective) of 4 hours and an RPO (Recovery Point Objective) of 1 hour. Which TWO actions should you include in your DR plan? (Select TWO)

Your enterprise has a strict policy that no public IP addresses can be assigned to Compute Engine instances, and all resources must be deployed in the europe-west1 region. How can you enforce these rules organization-wide? (Select TWO)

You are designing a CI/CD pipeline using Cloud Build. You want to ensure that container images are only deployed to GKE if they have been scanned for vulnerabilities and signed by a trusted authority. Which THREE GCP services are required to implement this? (Select THREE)

CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak users. $100K/mo cost. Req: Cut cost 40%, 5x growth, 3 new regions, daily deploys. CEO: Scale fast. CFO: <$100K/mo, 18mo ROI. CTO: Low cloud skills, 99.95% uptime. Tech: <100ms latency, real-time analytics, 5x spikes, EU data residency, DDoS protection, CI/CD. Constraints: 12mo migration, 4hr downtime, 20 devs (Java/MySQL), 5 ops (no cloud), $2M budget.

To achieve sub-100ms latency globally and DDoS protection, which networking solution should you implement?

CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak users. $100K/mo cost. Req: Cut cost 40%, 5x growth, 3 new regions, daily deploys. CEO: Scale fast. CFO: <$100K/mo, 18mo ROI. CTO: Low cloud skills, 99.95% uptime. Tech: <100ms latency, real-time analytics, 5x spikes, EU data residency, DDoS protection, CI/CD. Constraints: 12mo migration, 4hr downtime, 20 devs (Java/MySQL), 5 ops (no cloud), $2M budget.

How should you address the CFO's requirement to reduce costs by 40% for the steady-state baseline compute resources?

CASE STUDY: ShopGlobal. Global e-commerce. Monolithic Java on VMware. Oracle RAC (20TB). 10x Black Friday traffic. Req: Microservices, 100% uptime during holidays, personalized recommendations. CEO: Flawless omnichannel. CFO: Predictable spend. CTO: No vendor lock-in, open-source. Tech: Containerize, Global LB, PCI-DSS, async orders, real-time inventory. Constraints: Keep Oracle on-prem for 2 yrs (licensing), low K8s skills, strict security reviews.

Which compute platform best satisfies the CTO's requirement for open-source standards while addressing the constraint of low Kubernetes skills?

CASE STUDY: ShopGlobal. Global e-commerce. Monolithic Java on VMware. Oracle RAC (20TB). 10x Black Friday traffic. Req: Microservices, 100% uptime during holidays, personalized recommendations. CEO: Flawless omnichannel. CFO: Predictable spend. CTO: No vendor lock-in, open-source. Tech: Containerize, Global LB, PCI-DSS, async orders, real-time inventory. Constraints: Keep Oracle on-prem for 2 yrs (licensing), low K8s skills, strict security reviews.

To route traffic globally to the closest healthy GKE cluster and offload SSL, which load balancer should you configure?

CASE STUDY: AutoMakers Inc. 1M connected cars, 100GB/day telemetry. Req: Predictive maintenance, real-time driver dashboard, monetize data. CEO: Data is new engine. CFO: Cut 3rd-party IoT costs. CTO: Highly scalable ingest. Tech: MQTT ingest, stream processing, ML models, 7-yr cold storage, handle intermittent connectivity. Constraints: Anonymize data, low vehicle compute, strict analytics budget.

To meet the 7-year cold storage requirement while adhering to the strict analytics budget, how should you configure storage?

CASE STUDY: AutoMakers Inc. 1M connected cars, 100GB/day telemetry. Req: Predictive maintenance, real-time driver dashboard, monetize data. CEO: Data is new engine. CFO: Cut 3rd-party IoT costs. CTO: Highly scalable ingest. Tech: MQTT ingest, stream processing, ML models, 7-yr cold storage, handle intermittent connectivity. Constraints: Anonymize data, low vehicle compute, strict analytics budget.

How should you handle the intermittent connectivity of vehicles to ensure no telemetry data is lost when they reconnect?

CASE STUDY: HealthSecure. 50M patient records. Legacy mainframe, on-prem SAN (100TB), .NET portal. Req: Modernize portal, secure hospital sharing, fast audits. CEO: Modern UX. CFO: Automate audits. CISO: Zero breaches. Tech: HIPAA, CMEK, audit logging, API gateway, DR (1h RPO/4h RTO). Constraints: No public DB IPs, Dev/Ops separation, US data only, mainframe stays on-prem via VPN.

Which service should you use to implement the API gateway for secure data sharing with partner hospitals?

CASE STUDY: HealthSecure. 50M patient records. Legacy mainframe, on-prem SAN (100TB), .NET portal. Req: Modernize portal, secure hospital sharing, fast audits. CEO: Modern UX. CFO: Automate audits. CISO: Zero breaches. Tech: HIPAA, CMEK, audit logging, API gateway, DR (1h RPO/4h RTO). Constraints: No public DB IPs, Dev/Ops separation, US data only, mainframe stays on-prem via VPN.

How should you configure the database network to meet the constraint of 'No public DB IPs' while allowing the modernized portal to access it?

You need to resolve internal DNS names for VMs across two different VPCs connected via VPC Peering. What must you configure?

A pod running in GKE needs to access a Cloud Storage bucket. You want to follow the principle of least privilege and avoid managing service account keys manually. What is the recommended approach?

You are deploying a containerized web application to Cloud Run. The application is thread-safe and can handle multiple requests simultaneously. How can you optimize costs and performance?

You want to measure the latency of a user's journey from clicking 'Checkout' to receiving an order confirmation. Which Service Level Indicator (SLI) type is most appropriate?

Your finance team needs to allocate GCP costs to specific cost centers (e.g., Marketing, R&D) across multiple shared projects. How should you configure resources to enable this chargeback model?

You need to protect Cloud Storage objects from accidental deletion and ensure that deleted objects are kept for 30 days before permanent removal. Which TWO features should you configure? (Select TWO)

You are configuring a Managed Instance Group (MIG) for a web application. Which TWO metrics can be used natively by the MIG autoscaler to trigger scaling events? (Select TWO)

In a Shared VPC architecture, which THREE IAM roles are typically required to allow a developer in a Service Project to create a VM that uses a subnet in the Host Project? (Select THREE)

Which TWO workloads are ideal candidates for running on Spot VMs (Preemptible VMs) to optimize costs? (Select TWO)

Your company is experiencing high network egress costs. Which TWO strategies should you implement to reduce these costs? (Select TWO)

An enterprise wants to establish a robust FinOps culture. They need to visualize spend, allocate costs to teams, and enforce budget limits. Which THREE actions should they take? (Select THREE)

CASE STUDY: TechStream Gaming

Company Overview:
TechStream Gaming is a global gaming company with 500 employees and $100M in annual revenue. They develop multiplayer online games.

Current Technical Environment:

• On-premises data centers in US and EU
• 200 servers (mix of Windows and Linux)
• MySQL databases (5 TB total)
• Peak concurrent users: 2 million
• Current monthly infrastructure cost: $100K

Business Requirements:

• Reduce infrastructure costs by 40%
• Support 5x user growth over 2 years
• Launch in 3 new regions (APAC, SA, Africa)
• Improve deployment speed (current: 1 week -> target: daily)

Executive Statements:

• CEO: "We need to scale rapidly to compete with larger gaming companies. Cloud migration is critical to our growth strategy."
• CFO: "Cost reduction is paramount. We cannot exceed $60K/month in cloud costs. ROI must be achieved within 18 months."
• CTO: "Our team has limited cloud experience. We need a solution that doesn't require extensive retraining. Reliability is non-negotiable - 99.95% uptime minimum."

Technical Requirements:

• Sub-100ms latency for players globally
• Real-time analytics on player behavior
• Seasonal traffic spikes (5x during holidays)
• DDoS protection
• CI/CD pipeline for daily deployments

Constraints:

• Migration must complete in 12 months
• Cannot exceed 4-hour downtime during cutover
• Development team: 20 engineers (Java, MySQL expertise)
• Operations team: 5 engineers (limited cloud experience)

QUESTION:
To meet the technical requirements for global latency and security, how should you design the network ingress architecture?

CASE STUDY: TechStream Gaming

Company Overview:
TechStream Gaming is a global gaming company with 500 employees and $100M in annual revenue. They develop multiplayer online games.

Current Technical Environment:

• On-premises data centers in US and EU
• 200 servers (mix of Windows and Linux)
• MySQL databases (5 TB total)
• Peak concurrent users: 2 million
• Current monthly infrastructure cost: $100K

Business Requirements:

• Reduce infrastructure costs by 40%
• Support 5x user growth over 2 years
• Launch in 3 new regions (APAC, SA, Africa)
• Improve deployment speed (current: 1 week -> target: daily)

Executive Statements:

• CEO: "We need to scale rapidly to compete with larger gaming companies. Cloud migration is critical to our growth strategy."
• CFO: "Cost reduction is paramount. We cannot exceed $60K/month in cloud costs. ROI must be achieved within 18 months."
• CTO: "Our team has limited cloud experience. We need a solution that doesn't require extensive retraining. Reliability is non-negotiable - 99.95% uptime minimum."

Technical Requirements:

• Sub-100ms latency for players globally
• Real-time analytics on player behavior
• Seasonal traffic spikes (5x during holidays)
• DDoS protection
• CI/CD pipeline for daily deployments

Constraints:

• Migration must complete in 12 months
• Cannot exceed 4-hour downtime during cutover
• Development team: 20 engineers (Java, MySQL expertise)
• Operations team: 5 engineers (limited cloud experience)

QUESTION:
To meet the CFO's requirement of reducing costs to under $60K/month while handling seasonal traffic spikes, which cost optimization strategy should you implement?

CASE STUDY: TrendWear Apparel

Company Overview:
TrendWear Apparel is a global clothing retailer with an e-commerce platform and 500 physical stores.

Current Technical Environment:

• On-premises VMware environment
• Legacy IBM Mainframe for core inventory management
• Monolithic e-commerce application running on VMs

Business Requirements:

• Modernize the e-commerce platform to handle Black Friday (10x normal traffic)
• Unify online and in-store inventory data in real-time
• Avoid major capital expenditure (CapEx) for data center refreshes

Executive Statements:

• CEO: "We need an omnichannel experience. Customers should see accurate store inventory online."
• CFO: "We must shift from CapEx to OpEx. No more buying hardware."
• CTO: "We want to move to microservices, but we cannot retire the mainframe for at least 3 years due to complex legacy dependencies."

Technical Requirements:

• Hybrid architecture connecting GCP and on-premises
• Microservices architecture for the new e-commerce platform
• PCI-DSS compliance for all payment processing
• Consistent management plane across on-prem and cloud

Constraints:

• Mainframe must remain on-premises
• E-commerce migration must be completed before the next holiday season (8 months)

QUESTION:
The new e-commerce microservices in GCP must query the on-premises mainframe for real-time inventory. This requires high bandwidth, low latency, and an enterprise-grade SLA. Which networking solution should you implement?

CASE STUDY: TrendWear Apparel

Company Overview:
TrendWear Apparel is a global clothing retailer with an e-commerce platform and 500 physical stores.

Current Technical Environment:

• On-premises VMware environment
• Legacy IBM Mainframe for core inventory management
• Monolithic e-commerce application running on VMs

Business Requirements:

• Modernize the e-commerce platform to handle Black Friday (10x normal traffic)
• Unify online and in-store inventory data in real-time
• Avoid major capital expenditure (CapEx) for data center refreshes

Executive Statements:

• CEO: "We need an omnichannel experience. Customers should see accurate store inventory online."
• CFO: "We must shift from CapEx to OpEx. No more buying hardware."
• CTO: "We want to move to microservices, but we cannot retire the mainframe for at least 3 years due to complex legacy dependencies."

Technical Requirements:

• Hybrid architecture connecting GCP and on-premises
• Microservices architecture for the new e-commerce platform
• PCI-DSS compliance for all payment processing
• Consistent management plane across on-prem and cloud

Constraints:

• Mainframe must remain on-premises
• E-commerce migration must be completed before the next holiday season (8 months)

QUESTION:
To handle the Black Friday traffic (10x normal load), the operations team is concerned about the GKE cluster scaling fast enough. What combination of GCP features should you implement to ensure the platform remains responsive?

CASE STUDY: CareData Health

Company Overview:
CareData Health is a large healthcare provider network operating 50 hospitals. They manage petabytes of patient records, medical imaging, and telemetry data.

Current Technical Environment:

• Decentralized on-premises data centers at each hospital
• Legacy Electronic Health Record (EHR) systems
• Fragmented data silos preventing holistic patient views

Business Requirements:

• Centralize patient data into a single secure data lake
• Enable machine learning for predictive diagnostics
• Securely share anonymized data with external research partners

Executive Statements:

• CEO: "We must leverage AI to improve patient outcomes and reduce readmission rates."
• CISO: "Zero tolerance for data breaches. Patient data must be encrypted everywhere, and we must prevent any unauthorized data exfiltration."
• DPO (Data Protection Officer): "We must strictly adhere to HIPAA in the US and GDPR for our European patients. Data residency is mandatory."

Technical Requirements:

• End-to-end encryption using keys managed by CareData
• Strict access controls and comprehensive audit logging
• Ingestion of HL7 and FHIR healthcare data formats
• Physical separation of EU and US data

Constraints:

• Highly regulated environment
• Legacy systems cannot be modified, only integrated with

QUESTION:
To meet the requirement for comprehensive audit logging, the security team needs to retain all data access logs for 7 years and query them rapidly during compliance audits. How should you configure this?

CASE STUDY: AutoMakers Inc

Company Overview:
AutoMakers Inc is a global vehicle manufacturer. They have recently launched a line of connected cars.

Current Technical Environment:

• 1 million connected cars currently on the road
• Cars send telemetry data (speed, engine temp, location) every 5 seconds
• Current on-premises MQTT brokers are crashing under the load

Business Requirements:

• Enable predictive maintenance to alert drivers before parts fail
• Provide real-time fleet tracking for commercial customers
• Support over-the-air (OTA) software updates

Executive Statements:

• CEO: "Data is our new revenue stream. We need to monetize this telemetry data."
• CTO: "We expect to have 10 million connected cars in 3 years. The architecture must scale infinitely without manual intervention."
• CFO: "The cost of ingesting and storing this data must be strictly controlled. We cannot pay for idle capacity."

Technical Requirements:

• Ingest up to 100,000 messages per second
• Low-latency processing for real-time alerts
• Time-series data storage for historical analysis
• Handle variable network connectivity (cars driving through tunnels)

Constraints:

• Strict budget for data ingestion
• Small data engineering team

QUESTION:
When designing the Cloud Bigtable schema for the telemetry data, how should you structure the row key to prevent hotspotting and allow efficient querying of a specific car's history?

CASE STUDY: AutoMakers Inc

Company Overview:
AutoMakers Inc is a global vehicle manufacturer. They have recently launched a line of connected cars.

Current Technical Environment:

• 1 million connected cars currently on the road
• Cars send telemetry data (speed, engine temp, location) every 5 seconds
• Current on-premises MQTT brokers are crashing under the load

Business Requirements:

• Enable predictive maintenance to alert drivers before parts fail
• Provide real-time fleet tracking for commercial customers
• Support over-the-air (OTA) software updates

Executive Statements:

• CEO: "Data is our new revenue stream. We need to monetize this telemetry data."
• CTO: "We expect to have 10 million connected cars in 3 years. The architecture must scale infinitely without manual intervention."
• CFO: "The cost of ingesting and storing this data must be strictly controlled. We cannot pay for idle capacity."

Technical Requirements:

• Ingest up to 100,000 messages per second
• Low-latency processing for real-time alerts
• Time-series data storage for historical analysis
• Handle variable network connectivity (cars driving through tunnels)

Constraints:

• Strict budget for data ingestion
• Small data engineering team

QUESTION:
To address the CFO's concern about the cost of ingesting millions of messages, how should you optimize the data transmission from the cars to Cloud Pub/Sub?

Your company is deploying a multi-tier application across several GCP projects. The security team mandates that all network resources (subnets, firewalls, routes) must be centrally managed by the network engineering team, but the application developers should be able to create VMs in their own projects. Which networking architecture should you implement?