Domain 2: Manage & Provision

**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming company with 500 employees and $50M annual revenue. **Current Environment:** On-premises data centers in US and EU. 200 servers. MySQL databases (5 TB). Peak users: 2M. Cost: $100K/mo. **Business Requirements:** Reduce costs by 40%. Support 5x user growth. Launch in APAC, SA, Africa. Improve deployment to daily. **Executive Statements:** CEO: 'Scale rapidly.' CFO: 'Max $100K/mo, ROI 18mo.' CTO: 'Limited cloud exp, 99.95% uptime.' **Technical Requirements:** <100ms latency globally. Real-time analytics. 5x traffic spikes. EU data residency. DDoS protection. CI/CD. **Constraints:** 12-month migration. Max 4-hour downtime. 20 devs (Java/MySQL), 5 ops (limited cloud). Budget $2M. **QUESTION:** How should you design the network architecture to ensure sub-100ms latency globally and provide DDoS protection?

**CASE STUDY: Dress4Win** **Company Overview:** Dress4Win is a web-based retail company that helps users organize their wardrobes. **Current Environment:** Colocated data center. Tomcat app servers, Nginx web servers, MySQL databases, Redis caching. 100TB of image data on SAN. **Business Requirements:** Migrate to cloud to handle seasonal spikes (Black Friday). Reduce CapEx. Enable rapid prototyping. **Executive Statements:** CEO: 'Innovate faster, stop worrying about servers.' CFO: 'Move to OpEx. Ensure PCI-DSS compliance.' CTO: 'Modernize stack but migrate quickly first.' **Technical Requirements:** Secure hybrid connectivity during migration. PCI-DSS compliance. Automated scaling. CI/CD for microservices. **Constraints:** Migration must be completed before Q4 holiday season (6 months). Limited budget for refactoring during initial migration. **QUESTION:** How should you design the hybrid connectivity to securely transfer the 100TB of image data and maintain database replication during the migration?

**CASE STUDY: TerramEarth** **Company Overview:** TerramEarth manufactures heavy equipment. 2 million vehicles in the field. **Current Environment:** Vehicles send telemetry via cellular. Processing 100,000 msgs/sec. On-prem Hadoop cluster. **Business Requirements:** Predict equipment failure. Reduce warranty costs. Provide fleet dashboard. **Executive Statements:** CEO: 'Monetize data.' CFO: 'Storage costs spiraling.' CTO: 'Need scalable ingestion and ML.' **Technical Requirements:** Ingest 500,000 msgs/sec. Store petabytes cost-effectively. Train ML models. Real-time anomaly detection. **Constraints:** Intermittent connectivity. Strict vehicle authentication. **QUESTION:** To address the CFO's concern about spiraling storage costs for petabytes of historical telemetry data, what should you recommend?

**CASE STUDY: HealthCare360** **Company Overview:** HealthCare360 provides EHR systems to hospitals in NA and EU. **Current Environment:** Isolated on-prem deployments. Fragmented data. **Business Requirements:** Centralize EHR in cloud. Enable cross-hospital research. Ensure compliance. **Executive Statements:** CEO: 'Transforming to SaaS.' CFO: 'Need cost attribution per tenant.' CSO: 'Zero compromise on HIPAA/GDPR.' **Technical Requirements:** Multi-region active-active deployment. Microservices on GKE. End-to-end encryption (CMEK). Strict network perimeters. **Constraints:** Zero data loss (RPO=0). RTO < 15 minutes. HIPAA (US) and GDPR (EU) compliance. **QUESTION:** How should you configure the GKE clusters to ensure the highest level of network security and isolation for the microservices?

A development team is building a new application that requires a relational database. The database will be deployed in a single region, needs to support up to 10 TB of data, and requires automated backups and high availability. Which GCP service should you recommend?

You are designing a highly available web application on Compute Engine. The application must survive a zone failure without manual intervention. How should you configure the Compute Engine instances?

A financial institution wants to modernize its applications using containers. However, due to strict regulatory requirements, some core banking databases and the applications that query them must remain in their on-premises data center. They want a unified way to manage Kubernetes clusters and enforce security policies across both GCP and on-premises environments. What should you recommend?

Your company has multiple GCP projects (Frontend, Backend, Database). The operations team wants a single pane of glass to monitor CPU utilization and error rates across all three projects. Which TWO steps should you take? (Select TWO)

You are implementing chaos engineering to test the resilience of a microservices application running on GKE. You want to simulate network latency and HTTP 500 errors between services without modifying the application code. Which TWO technologies should you use? (Select TWO)

You are deploying a new version of a critical web application. You want to route 5% of user traffic to the new version to monitor for errors before rolling it out to 100%. If errors spike, you want to instantly revert to the old version. Which THREE GCP services/features can facilitate this Canary deployment strategy? (Select THREE)

CASE STUDY: TechStream Gaming Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem servers (US/EU), MySQL 5TB. 2M peak users. $150K/mo cost. Business Req: Reduce cost 40%, 5x growth, 3 new regions, daily deployments. Execs: CEO wants scale; CFO caps budget at $100K/mo; CTO needs 99.95% uptime, notes team has limited cloud skills. Tech Req: <100ms global latency, real-time analytics, 5x seasonal spikes, EU data residency, DDoS protection. Constraints: 12-month migration, max 4-hour downtime. QUESTION: To meet the requirement for <100ms global latency and DDoS protection, which networking solution should you implement?

CASE STUDY: ShopGlobal Overview: Retailer, 2000 employees, $500M revenue. US-Central co-lo, Java/Tomcat monolith, Oracle RAC 20TB, batch inventory sync. Business Req: Handle 10x Black Friday spikes, personalized recommendations, modernize to microservices. Execs: CEO wants omnichannel; CFO needs predictable spend; CTO demands zero downtime cutover. Tech Req: PCI-DSS compliance, automated image processing, real-time inventory, CI/CD. Constraints: Complex Oracle stored procedures, team learning containers, strict bi-annual audits. QUESTION: Which compute platform should you recommend for the modernized microservices architecture, considering the team is just learning containers?

CASE STUDY: AeroMech Overview: Aviation manufacturer, 5000 employees, $2B revenue. 100 engines, 10k sensors/engine, 1GB data/flight. On-prem Hadoop. Business Req: Predictive maintenance, secure data sharing with airlines, monetize data. Execs: CEO wants new revenue; CFO demands ML ROI; CTO says on-prem storage unfeasible. Tech Req: High-throughput ingestion, PB-scale storage, train ML on historical data, deploy ML to edge (aircraft). Constraints: Intermittent low-bandwidth flight connectivity, aviation data compliance, data scientists use Python/Jupyter. QUESTION: To manage the PB-scale storage of historical flight data cost-effectively, what should you implement?

CASE STUDY: AeroMech Overview: Aviation manufacturer, 5000 employees, $2B revenue. 100 engines, 10k sensors/engine, 1GB data/flight. On-prem Hadoop. Business Req: Predictive maintenance, secure data sharing with airlines, monetize data. Execs: CEO wants new revenue; CFO demands ML ROI; CTO says on-prem storage unfeasible. Tech Req: High-throughput ingestion, PB-scale storage, train ML on historical data, deploy ML to edge (aircraft). Constraints: Intermittent low-bandwidth flight connectivity, aviation data compliance, data scientists use Python/Jupyter. QUESTION: To meet the requirement of deploying ML models to the aircraft for real-time anomaly detection, which approach should you use?

Your organization has 10 different departments, each with their own GCP project. The central IT security team wants to manage all firewall rules and subnets centrally, while allowing the departments to create their own VMs. Which networking feature should you use?

You are deploying a web application to Cloud Run. The application occasionally experiences sudden, massive spikes in traffic. During these spikes, the application takes 10 seconds to start up, causing timeout errors for users. How can you mitigate these cold start latencies?

A development team wants to deploy a simple Node.js web application. They want zero infrastructure management, automatic scaling from zero to handle traffic, and they only want to pay when their code is executing. They do not want to build Docker containers. Which compute service should they use?

Your company generates daily log files that must be kept for 5 years for compliance reasons. The logs are accessed frequently for the first 30 days, rarely accessed between 30 and 365 days, and almost never accessed after 1 year. Which TWO Cloud Storage classes should you use in your Object Lifecycle policy to optimize costs? (Select TWO)

You are configuring a Cloud SQL for PostgreSQL instance for a production application. The application is read-heavy. You need to ensure the database survives a zone failure and that read queries do not impact the performance of write queries. Which THREE configurations should you implement? (Select THREE)

You are designing the hybrid connectivity between your on-premises data center and GCP. The connection must support 20 Gbps of throughput, must not traverse the public internet, and requires an industry-standard SLA of 99.99%. Which TWO components are required to achieve this? (Select TWO)

CASE STUDY: RetailMart Overview: Industry: Retail/E-commerce Size: 2000 employees, $500M revenue Environment: - Monolithic Java app on VMware - Oracle RAC DB - F5 Load Balancers - 10 Gbps Direct Connect to AWS Requirements: - CapEx to OpEx - Handle 10x Black Friday traffic - Personalized recommendations - Modernize without impacting sales Exec Statements: - CEO: Omnichannel experience. - CFO: Predictable costs, no hardware refresh. - CTO: Break monolith, but Oracle DB stays on-prem for 2 years. Tech Reqs: - Zero downtime deployments - PCI-DSS compliance - Image processing pipeline - Async order processing Constraints: - Hybrid architecture required - Team knows Spring Boot, zero Kubernetes exp - 6-month timeline QUESTION: Which compute service should you select to host the new Spring Boot microservices, given the team's skills and the 6-month timeline?

CASE STUDY: RetailMart Overview: Industry: Retail/E-commerce Size: 2000 employees, $500M revenue Environment: - Monolithic Java app on VMware - Oracle RAC DB - F5 Load Balancers - 10 Gbps Direct Connect to AWS Requirements: - CapEx to OpEx - Handle 10x Black Friday traffic - Personalized recommendations - Modernize without impacting sales Exec Statements: - CEO: Omnichannel experience. - CFO: Predictable costs, no hardware refresh. - CTO: Break monolith, but Oracle DB stays on-prem for 2 years. Tech Reqs: - Zero downtime deployments - PCI-DSS compliance - Image processing pipeline - Async order processing Constraints: - Hybrid architecture required - Team knows Spring Boot, zero Kubernetes exp - 6-month timeline QUESTION: How should you design the asynchronous order processing system to ensure no orders are lost during Black Friday spikes?

CASE STUDY: HealthData Inc Overview: Industry: Healthcare Analytics Size: 1000 employees Environment: - Co-located data center - Hadoop cluster - SFTP servers - 50 TB patient data Requirements: - ML models for diagnostics - Secure data sharing portals - Break data silos Exec Statements: - CEO: Need compute for ML. - CRO: HIPAA compliance is top priority. - CTO: Managed services needed to replace Hadoop. Tech Reqs: - Strict HIPAA compliance - Automated PHI de-identification - Comprehensive audit logging - CMEK - Network isolation (no public internet) Constraints: - US data sovereignty - 7-year retention (immutable) - Easy auditor access QUESTION: To meet the 7-year immutable data retention requirement for patient records, how should you configure Cloud Storage?

CASE STUDY: ManuIoT Overview: Industry: Manufacturing Size: 100 factories globally Environment: - 100,000 sensors - Local SCADA - Fragmented SQL Server DBs - No central analytics Requirements: - Predictive maintenance - Real-time global dashboards - Edge computing Exec Statements: - CEO: Monetize telemetry. - CFO: Costs must scale linearly. - VP Ops: Factory lines need local control if internet drops. Tech Reqs: - Ingest 1M msgs/sec - Stream processing - Offline factory capabilities - Train ML centrally, deploy to edge Constraints: - Low bandwidth/high latency at factories - Legacy MQTT protocol - Zero IT staff at factories QUESTION: Which database service should you select to store the high-throughput time-series telemetry data for real-time dashboarding?

Your enterprise organization has 50 different departments, each requiring their own GCP project for billing and isolation. However, the central security team mandates that all network traffic must route through a single set of firewall rules and a central VPN connection to on-premises. How should you design the network architecture?

A development team wants to deploy a microservices application on Kubernetes. They want to focus entirely on writing code and defining pod specifications, without managing nodes, configuring cluster autoscaling, or worrying about node pool upgrades. Which compute option should you recommend?

You are designing a hybrid DNS architecture. On-premises servers need to resolve internal GCP hostnames (e.g., `my-db.us-central1.c.my-project.internal`), and GCP VMs need to resolve on-premises hostnames (e.g., `app.corp.local`). How should you configure Cloud DNS?

You are managing a GKE Standard cluster. During peak hours, the pods are consuming all available CPU on the existing nodes, causing new pods to remain in a 'Pending' state. You need the cluster to automatically add more pods when CPU usage is high, and automatically add more VMs to the cluster when there is no room for new pods. Which TWO autoscaling mechanisms must you configure? (Select TWO)

You are migrating a mission-critical MySQL database to Cloud SQL. The business requires that the database remains available even if an entire GCP zone goes offline, and they need the ability to recover the database to a specific point in time if a developer accidentally drops a table. Which TWO features must you enable? (Select TWO)

CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game developer with 500 employees and $100M annual revenue. They recently launched a hit mobile game that is growing rapidly. Current Technical Environment: - On-premises data centers in US and EU. - 200 bare-metal servers running Linux. - Self-managed MySQL databases (5 TB total) for player profiles and inventory. - Peak concurrent users: 2 million. - Current monthly infrastructure cost: $150K. Business Requirements: - Reduce infrastructure costs by 40%. - Support 5x user growth over 2 years. - Launch in 3 new regions (APAC, SA, Africa). - Improve deployment speed from 1 week to daily. Executive Statements: - CEO: "We need to scale rapidly to compete. Cloud migration is critical." - CFO: "Cost reduction is paramount. We cannot exceed $100K/month. ROI must be achieved in 18 months." - CTO: "Our team has limited cloud experience. Reliability is non-negotiable - 99.95% uptime minimum." Technical Requirements: - Sub-100ms latency for players globally. - Real-time analytics on player behavior. - Seasonal traffic spikes (5x during holidays). - CI/CD pipeline for daily deployments. Constraints: - Migration must complete in 12 months. - Cannot exceed 4-hour downtime during cutover. - Dev team: 20 engineers (Java, MySQL). - Ops team: 5 engineers (limited cloud experience). QUESTION: Which compute architecture should you recommend for the game servers to meet the deployment speed, scalability, and operational constraints?

CASE STUDY: AutoMakers Inc Company Overview: AutoMakers Inc is a leading vehicle manufacturer transitioning to connected and autonomous vehicles. They need a platform to ingest, process, and analyze telemetry data from millions of cars. Current Technical Environment: - Legacy MQTT brokers on-premises. - Hadoop cluster for batch processing (nightly runs). - 100,000 connected cars sending 1 KB of data every minute. - On-premises data warehouse reaching capacity. Business Requirements: - Support 5 million connected cars within 3 years. - Enable real-time alerting for critical vehicle faults. - Provide predictive maintenance insights to customers. - Monetize anonymized traffic data. Executive Statements: - CEO: "Data is our new engine. We need real-time insights to improve safety." - CFO: "The platform must scale cost-effectively. We only want to pay for what we use." - CTO: "We need a fully managed serverless data pipeline to minimize operational overhead." Technical Requirements: - Ingest up to 1 million messages per second with low latency. - Process data in real-time for anomaly detection. - Store raw telemetry data indefinitely for machine learning model training. - Provide a scalable data warehouse for business intelligence analysts. Constraints: - Strict data privacy regulations (GDPR) require masking of PII. - Limited data engineering staff; prefer managed services. - Must integrate with existing on-premises identity provider (Active Directory). QUESTION: To meet the requirement to store raw telemetry data indefinitely for machine learning model training while adhering to the CFO's cost constraints, which storage solution should you use?

CASE STUDY: HealthSecure Company Overview: HealthSecure provides electronic health record (EHR) systems and telemedicine platforms to hospitals across North America. They handle highly sensitive patient data. Current Technical Environment: - Co-located data centers with strict physical security. - Monolithic .NET applications running on Windows Server. - Microsoft SQL Server databases. - Custom-built video streaming solution for telemedicine. Business Requirements: - Migrate to the cloud to improve scalability during telemedicine surges. - Maintain strict compliance with HIPAA and HITECH regulations. - Enable interoperability with other healthcare providers using FHIR standards. Executive Statements: - CEO: "Telemedicine is exploding. We need to scale instantly to meet patient demand." - Chief Risk Officer (CRO): "Security and compliance are our license to operate. A data breach would destroy us." - CTO: "We want to leverage cloud-native AI/ML for medical image analysis in the future." Technical Requirements: - End-to-end encryption for all data at rest and in transit. - Strict network isolation to prevent data exfiltration. - Comprehensive audit logging of all data access. - High availability across multiple regions. Constraints: - Must use Customer-Managed Encryption Keys (CMEK). - Third-party auditors require detailed compliance reports. - Legacy .NET applications cannot be easily containerized without refactoring. QUESTION: Given the constraint that the legacy .NET applications cannot be easily containerized, which compute architecture should you recommend for the migration?

Your company is migrating a data-intensive application to Google Cloud. The application requires a hybrid connection to an on-premises database. The connection must guarantee 10 Gbps of bandwidth and have an SLA of 99.99%. Which connectivity option should you choose?

A media company stores millions of high-resolution images in Cloud Storage. Images are accessed frequently during the first 30 days after publication. After 30 days, they are rarely accessed but must be kept for 5 years for compliance. After 5 years, they should be deleted. How can you automate this process most cost-effectively?

Your development team wants to deploy a microservices application to Google Kubernetes Engine (GKE). The application has highly variable traffic. The operations team is currently understaffed and wants to minimize the time spent managing node pools, OS upgrades, and capacity planning. However, the security team requires that the cluster uses Workload Identity and is entirely private (no public IP addresses for nodes). Which GKE configuration should you choose?

You are the network administrator for a large GCP organization. The security team wants to enforce a rule that blocks all outbound SSH traffic to the internet across ALL projects in the organization. Individual project owners must not be able to override this rule. Which TWO steps should you take? (Select TWO)

You are designing the database architecture for a mission-critical application using Cloud SQL for PostgreSQL. The application requires High Availability (HA) within the primary region to survive zone failures, and Disaster Recovery (DR) in a secondary region to survive a full region outage. Which TWO configurations must you implement? (Select TWO)

You are deploying a containerized web application to Cloud Run. The application is expected to receive sudden, massive spikes in traffic. You want to ensure the application scales quickly to handle the load, but you also need to prevent the backend database (Cloud SQL) from being overwhelmed by too many concurrent connections. Which TWO settings should you configure on the Cloud Run service? (Select TWO)