All Google Professional Cloud Developer certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the Professional Cloud Developer Professional Cloud Developer practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!

Networking

1. Networking Overview

Let's talk about networking for developers. I did want to touch on some of the basics so that as a developer, you have an idea of why Google Cloud has a really solid network infrastructure. They have really significant investments as well, compared to other providers. And another thing, too: the traffic going between regions, for example, goes over Google's private network and not the Internet. This is a big deal. There are also two submarine lines as well. For example, between Japan and the US Basically, the cable itself gets 60 terabytes, and Google's network speed goes up to ten terabytes of that cable speed. Now there's a tool called GPing.

If you're unfamiliar with Gcping, we'll walk you through it in a demo. It's very simple and appears throughout the course. But GCping is a way that you could essentially find out the latency between your closest Internet mile—where you are—and Google Cloud regions. When it comes to Google Cloud, for example, we want to be aware that Google was the first to launch what is called a "network tier service." Basically, if you want to pay more, you get more. That's really the theme here. But basically, the standard tier will deliver your outbound traffic from GCP to the Internet, as you would expect from what you've been doing for quite a while with other providers, for example. Or if you want to pay more, you could use the premium tier.

This will go over Google's network from a low-latency perspective. And again, you're going from one Google region to another over the Google Cloud network, but also to essentially the end point that's closest to where the traffic should exit. Whatever is supported by Google Cloud at the time, that's another nice benefit. When comparing Google services to AWS, we can see that Google services are more global. And this is because, for example, Google uses software-defined networking. But also, with Google, we have the ability to use, for example, managed services like load balancing.

Now, like in AWS, load balancing in AWS is somewhat more difficult. It takes more time because it's regional, whereas in Google it's all global. And here's an example of how a Google VPC would be set up. You could see that we have two different regions here with Google Cloud, and you're just traversing over Google's network. So, for example, if you go from, let's say, Oregon to Charleston, you're going directly through Google's network. And again, that's because you go from region to region.

Now if you go through AWS, for example, generally you're going out to the Internet, even if you're just going to another AWS region or zone. A couple of other notes here as well. Basically, just be aware that from a cost perspective, Google can absolutely save you some money, but it can also do part of that too, not just that efficiency but also the ability to connect, for example, to pops and edges. And some services, such as app engine and cloud storage, are essentially cashed out dynamically, which is significant, whereas typically, as in Amazon, the cloud front is cached, but it's more static, not dynamic, as some of Google's services are. Now, not every Google service is, of course, free, but the main ones are what you would expect, and we'll talk more about some of those. Now that networking on Google is global, we already should know that. And one of the things to point out is that there are three types of networks.

When I go through some of the demos, you'll see this. Now the protocols supported are basically TCP, UDP, and ICMP. Just be aware of that. Subnets Why do we want to subnet? Well, generally, we want to have a separate subnet to be able to isolate our virtual machines and our traffic, basically. Again, we don't want to group resources that shouldn't be together. We want to, for example, group our virtual machines in production in one subnet and our virtual machines in development in another subnet—nothing particularly difficult to understand, I'm sure. Just be aware again; we're going to subnet just like in any other cloud. The routing of courses is supported. There are different types of routing.

We could route globally, and we could route regionally as well. We'll talk about it further throughout the course. Now, firewalls. Now, pretty much on any Google exam, you're going to get some kind of question around firewalls. A tag—why do we want a tag? A tag, again, is to help you identify rule sets and routes for the firewall, basically. And to add a tag, we're going to simply use the command "g cloud," compute instances, and then add tags that you want and name the tags appropriately on the exam. We just want to be aware that if we're looking at submitting again, we want to be able to understand why we want to subnet and why we want to isolate. Also, how do we, for example, deal with overlapping address ranges?

For example, if we're going to do that, we may need to look at having what's called an "external IP address" as well. And again, a couple of small notes that I wouldn't worry about per se; just leave the contents there if you want to take a quick look at them. Now that firewalls are a resource, of course, in Google Cloud they're considered a global resource. Now you'll see in the demo that we can configure a firewall in the VPC, and then we could also get down to the virtual machine level as well. One of the things I did want to point out for the exam is that there are implied rules. We cannot remove implied rules because, again, they're implied by Google Cloud. They're there for a reason. You can't remove them.

Consider the rule that allows egress. In other words, traffic should be able to exit the cloud if it meets the requirements and be denied based on specific requirements as well. Now, I would recommend you go to the firewall page here, where, basically again, there's blocked traffic that's always blocked. GCP will block that traffic. There is a list of traffic right here. I'll let you look into that. But basically, if it's a rule that's blocking traffic and it's implied, you can't delete it. Just be aware. Now that we have rules, we need to prioritise how we apply them. The default is 1000. Know the default, of course, for the exam as well. Now, one of the things that I think comes up typically in the exams, such as for the developer, the data engineer, and the cloud engineer, for sure, is connecting to Google Cloud. And how should we do that?

Now, if we have, for example, an on-premises site with, let's say, 20 developers, do we want to have those 20 developers connect directly to each virtual machine? Or do we want them to go to what is called a bastion host? Ambassador Host will serve as a connection concentrator. And it also serves another purpose in that it allows us to basically not only filter and control our traffic into Google Cloud, but it also facilitates scaling with SSH, because SSH generally doesn't scale very well on the exam. We want to know what a bastion host is, why we want to use it, and also how a Nat gateway is actually a little different. In general, we want to use a NAT gateway to route traffic out of the cloud. We now have a couple test tips for the exam. A bastion host knows what a bastion host is. Think about it. For ingress, if the traffic is leaving Google Cloud, we probably want to have a NAT gateway for that traffic for egress. Let's go ahead and move on to the next module.

2. VPC Overview

Virtual private clouds Let's talk about a VPC and why this is important to know for pretty much any exam. To begin with, a VPC in Google Cloud differs from those offered by other providers. First of all, with Google, it is global, private, isolated, and virtual network partition. Basically, it provides managed networking functionality for your GCP resources. In general, other providers' address spaces are more regionally focused, whereas Google Cloud's address space is global.

Now, when it comes to a VPC, we can think of this as a physical network per se between our resources in different Google Cloud regions and zones. But basically, again, this is virtualized, and we know that Google uses software to find networking, and that's part of the magic here as well. But basically, VPC is a global resource. It's going to have, basically, regional subnets as part of its structure. And we'll see in the demo how the subnets are divided up. Basically, at the time of writing, you have 20 essentially different regional networks. Basically, these are based on the regions in Google Cloud, and that's pretty much the structure from a top-level perspective.

And then each of the VPCs has firewall rules. You could set up routes and forwarding rules and also have the ability to customise your IP addresses for your Compute Engine instances, containers, etc. As well. There's also the ability to share a VPC as well. We'll talk more about that when it comes up. Now we'll go into a demo coming up shortly on the VPC. I won't spend a lot of time on the picture, but you'll see that in a demo, a VPC is basically a global communications space. Remember that. Again, I'm repeating it for a reason.

And also, to think about it from a use-case perspective, we're going to deploy this on a global scale between the regions and Google Cloud. It allows us to submit our resources based on regions, of course, and route them appropriately as well. Then, if we want, we can have a shared VPCor perform what is known as "network peering." For example, network peering is very useful with software as a service. We could think about it from that perspective. We can also set up a hybrid cloud as well.

And again, load balancing is part of the picture. We could talk more about that as well. Now, as far as some of the features that we want to know for the exam, the main feature that we want to think about is the fact that the traffic goes over Google's backbone. In other words, it's not going to egress Google Cloud and then ingress Google Cloud again; it's going to go directly over Google's backbone. And this is really a big differentiator. Now there are also different VPC modes. I'll go over custom and auto modes.

Now, generally, we want to use Auto mode if we just want to deploy a predefined Cedar range, which essentially allows you to get up and running quickly. If we for some reason need a customised configuration, we could handle that as well. Let's say, for example, we want a specific seat in our network. We're going to extend on-premises to the VPC, let's say, and we want to make sure that we have a custom IP to accommodate this. We'd then have to go in and customise all of the subnets. That takes a little bit more work and planning, but again, it could be done.

And it's certainly the recommended practise for something that you're going to keep around. Now, we could use VPC peering to allow us to peer between different VPCs. And what's nice about this is that they don't have to belong to the same project or even the same organization. Let's say company A buys company B, and they're both using Google Cloud. You all want to become one big happy family. We go ahead and use peering to help alleviate some of the management challenges that might come up. The use cases for peering are listed here on the exam.

Again, we want to know what these are. The first thing is that organisations with several network admin domains would be one use case, and then generally, the other use case is really focused on peering with other organizations. Again, we could go ahead and use peering again for those two main reasons. And, as I previously stated, peering allows us to create software as a service. This is a very common solution for doing that as well. So if we set up a VPC peering network, basically, it's going to be an RSC 1918 configuration. We're going to have our own firewall rules; we could pair our network appropriately; we could share our subnet routes as well; and we could have our own networking management structure as well if we wanted as well.

So there's a lot there. Again, for the developer exam, we don't need to know all the little administrative details on how to do it. It's more about why we need to do it this way. And as far as the highlights go, basically we want to be aware that each GCP project can contain one or more VPC networks. We'll see that in the demo coming up. And then we'll also talk more about how it spans the globe. Basically, each region is going to have its own subnet. We should already be aware of that. And then we also want to be aware that, for example, we could communicate over Google's private network.

We're aware of that as well because, again, it is a global space that is available for you to communicate with other Google Cloud regions and zones. And then one of the things to point out is that resources in Google Cloud could be global, regional, or zonally based resources. We want to think of resources based on the appropriate level of access. Essentially, can we move it around? A zone or resource, for example, could be a VM instance; their type and disc could be determined by that zone. One good example is that some processors, for example, may only be available in specific zones. Some of the older zones might have; I think it's Sandy Bridge. Some of the newer zones may not.

That's more of a zonal resource. Regional resources, for example, are heavily focused on external IP addresses, followed by global resources. Then there's more to that as well. could also be images and then subnets as well. But when it comes to global resources, and there's a whole list of these as well, for this exam, we're not too worried about all the little details, but we do want to be aware, for example, of our global resources and our zonal resources, and definitely be aware of that. We'll talk more about that. Now let's talk about the VPC test tips.

What we want to really focus on on the exam is understanding, for example, the network configuration. Like, why do we want to have a subnet? Why do we need to have, for example, a VPC peer network? Or why do we want to use VPC sharing, for example? Now one thing I did want to point out is that a shared VPC is actually different from a VPC network peer with the shared VPC; just be aware of this because it can be confusing. I think if there's anything confusing from a networking perspective, it's this: why do we have a VPC peer, and what is a shared VPC?

There are actually two different things. What we want to think about here for a shared VPC is that this is a shared VPC. We're going to share this VPC network from one project to another in the organization. Now we can grant access essentially to the whole network or just a specific subnet as well. And we would accomplish this by defining permissions. And again, the main purpose of using a shared VPC is to allow mainly centralised control, but it also gives you some flexibility and management of the Google Cloud organisation as a whole.

But generally, a shared VPC really needs to be in the same organization, whereas a VPC network peering approach is really used more for software as a service ecosystems. But also, we could extend this to other organizations, so it doesn't have to be in the same company. Lastly, as far as the test tip, we want to be aware that the shared VPC allows the organisation to connect resources from multiple projects to a common VPC network via internal IPS from that network.

Now, that's one thing I didn't talk about; just be aware that it uses internal IPS and not external IPS. And I highlighted that for a reason. Again, sometimes even on the developer exam, there'll be one or two networking-related questions that they're going to try to trip you up on. But in general, we're really focused on development, but we do need to know how to extend our network. And to do that, a VPC is one of the ways to do that through what's called "peering" or "sharing" a VPC. All right, let's go ahead and move on. We have a couple more topics and then some demos as well.

3. IP Addressing

Let's talk about IP addressing. Now, let's talk about IP addressing briefly. Basically, there are two things we want to know. The first difference is that IP addresses are assigned or provisioned differently internally versus externally. Probably not a total surprise, but just be aware that internal addresses are provisioned by DHCP. And I want you to make a note of how the name is actually registered with DNS. So the VM is known as "virtual machine one," or VM 1.

Then it would take the name and IP address assigned to it; this would be the name of the VM that would be registered with DNS. Now the external IPS is handled differently. We can have those basically provisioned from a pool, or they could be reserved, basically reserved, or static. meaning that when we reserve that static IP, it's our IP that we're leasing from Google Cloud. And of course we'd want to do that, especially if we're going to have a production app that we're going to reference routinely.

And again, we don't want to have any challenges connecting. So reserving a static IP may actually make a lot of sense. Now, if we choose the ephemeral approach, it's going to be signed from a pool. Now again, doesn't mean one way is better than another. It really depends on your use case. And again, that's for external IP addresses. Now the VM does not know the address per se, but it is mapped again to the internal IP address. So in the background, Google has the external IP actually mapped to an internal IP. And that's really pretty much what we want to be aware of when it comes to the FQDN; we're going to use the hostname "C" (projected internal). That's how DNS is going to resolve it, actually.

And on the exam, we want to ensure that we understand our schema, that we understand the FQDN format for our IP addresses, and how they are referenced in DNS. It should also be noted that external IPS can be provisioned in two ways: static and ephemeral. Understand the use case; for both of those situations, we're going to use the course. If we're going to have a reserved IP, we're going to want to keep that same IP. Let's say we're going to connect on-premises to a Google Cloud Service application, which might be a SaaS app. Whatever it is that might make sense to have a static IP, an ephemeral IP might be something where a deployment VM is involved, and since we're not really dependent on it from an application perspective, that might just work just fine. But, once again, be aware of the use case; you may encounter it again on the exam. Alright, let's go ahead and move on.

4. Networking Whiteboard

Welcome back. Let's talk about a specific solution that will include a few areas that you're going to see again. The first is: how do we set up an on-premises connection to Google Cloud? And then we'll add to it by talking about how we can tie in GCDS, for example. But also, how do we determine a good rendering solution? Let's say, for example, that we have a mobile application and we want to render graphics or something.

That nature. Let's talk about it first. As you can see, I have both on-premises and GCP setup. So this is my on-premises environment; this is GCP. What we want to do now is discuss, for example, connectivity. We know that if we want to connect securely to Google Cloud, we really want to look at either cloud VPN or cloud interconnect. That really gives us two choices. And we could also think about pairing. If cost is an issue, direct connect would not be one of the options to consider unless there were significant technical requirements that would necessitate it.

Now we have to consider, too, if cost isn't a big deal, that the best way to connect to Google Cloud is through what is called cloud interconnect. Because of limited space, I'm going to call this cloudinterconnect. But, in general, we'd like to connect our on-premises environment to GCP. Now, cloud interconnect is what we have. With our ten terabytes of bandwidth, we're good to go and should be able to handle anything. We're currently slamming into it. Of course, cloud interconnect may not be available in every location. Of course, you may need to look at partner interconnection. And to be honest, partner interconnect could actually work just as well and be more cost-effective because with Google Cloud interconnect, you pretty much have to subscribe to the whole ten terabytes.

With partner interconnect, you get down to megabits, and it's a fraction of what you need from a cost perspective in some cases. So if you only need a fraction of that, then maybe partner interconnect could work just fine. And again, there are pros and cons to each. You'll need to look into what makes sense for your environment. Now what we want to do here is connect, for example, our VPNs first. So even though we're running cloud interconnect, it's best practice, of course, to have a VPN.

So what do we want to do? We have to go ahead and set up our VPN. On this end, we will, of course, have a member Cloud VPN, which is what? gateway to gateway managed service So we're going to go ahead and have a VPN here, right? And we're going to use what? Cloud VPN. We'd also remember that if we're using cloud interconnect, we'd need to do what we need to do to use a cloud router as well. with our cloud VPN in most cases. So we have to think about that. So from a networking perspective, this is pretty much what we need to do at a high level. Now. What about if, on premise, I'm using t. So from I have our users' information in Active Directory and I want to sync it up to Google Cloud.

Well, I can do that, right? How do I do it? I need to use what's called an organization. I need to set up G Suite and let me get my pin, and you can see I have LDAP. So what I want to do is connect it over to Google Cloud, right? Now to do this we need to create what? An organization. Now again, there are of course more steps to this. When we create an organization, we're going to have an organisational node. There will be an organisational administrator under that organisational mode, who will then bring in all of the projects under that organization. So, for example, if I have companya.com using G Suite, then I could bring in company.com, and that'll let me propagate basically a one-way to Google Cloud. So if anything changes here, we're good to go, right? That's what we want to do. Now what about our connectivity? We want to connect to Google Cloud. Well, we can do that. We set up our VPN, and then, say, we want to set up a rendering farm.

A rendering farm is what we're going to have. Our databases, our nodes, our queues, et cetera, a file server So I'm just going to put it in for time purposes; from an understanding perspective, we want to focus more on networking than services. Right now we'll talk more about services and upcoming modules, but I just want to give you an idea of where you want to go with this. So when we get to the case studies, it's going to be a combination of networking data services, storage, compute, and whatever else it throws at you, right? It will be a combination of having to pick out the right networking solution, the right storage solution, and the right data services. How do you create a pipeline DevOps solution? And some of the answers will require you to pick out three or four answers in the correct order. So that's really where we're going with this. Okay, so we have our networking down, right? So we know we're going to go with cloudconnect with cloud VPN, and we also know that we want to tie in our organization.

We want to use GCDS as part of the solution. Now what we want to do is put them in. I'm just going to put in rendering services. A database, or file store, will now be included as part of the rendering services. We're going to have, basically, a queue manager. And then we'll also, of course, have an API gateway and additional services. Again, just some of the things to consider now on Google Cloud's end: we're probably going to need some services, right? Chances are, we're going to want to use cloud storage. We're going to need a way to ingest your data and at least bring it onto Google Cloud. So cloud storage is an excellent data ingestion tool we could use, and then we'll probably want to have compute, right? So we need to do what we have to do to add our computation as well. And then we'll also need to have workflows in other areas like that as well. So we'll go ahead and add, let's see, a couple of other services here. not exactly in order due to space, but we get the point.

So let's go ahead and talk about what we might want to have here. Now, what we might want to consider first, because Cloud I is probably the easiest topic to discuss here, is Cloud II. We need to enable that when we talk about clots, which I am and actually, let me just type it in. We need to use Cloud I. Why? Because we're using GCDS, of course, and we're using Google Cloud. Of course, we need to have strict granularity in our permissions or roles, et cetera. Makes sense. Right now the next service we want to talk about here is generally going to be some kind of cash or read through cash. Generally, we'll just put cash, for example, in this case, and we get tied to sending a compute engine, of course. And, let's say, we'll definitely use ComputeEngine in this case. And this is just a high-level architecture for it. And if we think about it too, let me get a different colour here. For example, we're going to have new services like our API gateway. We're going to want to connect to our cloud storage. So we're going to have our data coming into cloud storage here.

But with cloud storage, what do we want to do? We're going to at least consider a way to pull it into Compute Engine, right? Compute Engine will be able to access it. Now, as part of the solution, we may also have, for example, our nodes over here rendering our solution over to Cloud VPN through Cloud VPN, of course, over to our caching services. And then we have essentially what is going to be almost like a rendering service acting together here to render our graphics or whatever we're trying to do. Again, there are many more services we can consider and discuss, but from a high level, I want to ensure we have at least the connectivity options. We'll talk a lot more about services that will come up later in the course. Let's go ahead and move on.

5. Networking Demo

Let's talk about networking services and go through a demo. There are numerous networking services available in Google Cloud. It doesn't look like there's a lot, but in reality, there's certainly some planning we want to do. And when we're talking about setting up a VPC network, there are a lot of best practises to consider.

When we consider, for example, two, how do we share our V PCs, this is another topic we'll discuss further, and then we'll move on to load balancing and Nat and other functions like content delivery. It is also critical to consider how we connect on-premises to Google Cloud. And then network service tiers This is a really amazing service from Google Cloud, where it provides the end user, for example, the option to go over Google's well-provisioned network to basically the closest point to their destination.

So it can undoubtedly provide some significant advantages, particularly in terms of latency and security. And we'll go over that further in the course, as well as network security. But I'd like to concentrate on just showing you, for example, here that there's a demoon creating a separate VPC. So I will hold off on going through creating the VPC that is provided as well as the whiteboard. And then, as far as when we do create a VPC, we're going to create a VPC in a project. So, for example, I could have one VPC or 20 VPCs, depending on my quota and my thresholds. With that said, I could go ahead and create a VPC, for example, for several reasons.

One of the primary reasons for establishing a VPC—a virtual private cloud, of course—is to establish a sandbox of resources within the VPC. And we talked about this in the PowerPoint module earlier, but basically, if we do create a VPC, we may want to create a VPC. For example, to provide some kind of isolation for our services, like pipelines, However, we can extend the capabilities of VPCs by using peering or shared VPCs, so those capabilities are actually extended. But with that said, we'll get into some of these areas of networking a little bit more in detail. Firewall rules, routes, network peering, and a bare VPC will all be covered. Now, when I go back to networking, I want to point out two more things. For example, I will be walking through a whiteboard to decide: do we go with VPN or cloud interconnect?

That's really important to understand from a developer's perspective. Again, it's not so much setting up the networking or anything like that; it's just knowing what tools are available and how to secure our application from on-premises to Google Cloud. So we will talk about network security, such as SSL policies, and cloud armor. Finally, I wanted to mention Nat and Bastion host, which we will cover during the course, but from a networking standpoint, the services are somewhat simpler than what you've seen in AWS, for example. But, with that said, we'll go over this topic in greater depth throughout the course, with a focus on the Google Cloud Developer Exam objectives. Let's move on.

Google Professional Cloud Developer practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass Professional Cloud Developer Professional Cloud Developer certification exam dumps & practice test questions and answers are to help students.