One of the goals of mine was to get certified in Cloud. When they said, “Everything is moving to cloud” a few years back, I didn’t really understand, but then Microservices architecture gained popularity with Docker and Kubernetes. It changed everything for me as a Software Developer. My organization started the “Lift-and-Shift” migration for the applications deployed in an on-premises environment. I developed a passion for Cloud and Cloud-Native technologies. Therefore, I started preparing for Google Cloud Associate Cloud Engineer Exam and got certified.
Why Google Cloud?
Google Cloud (or GCP) along with Amazon Web Services and Microsoft Azure form the “Big 3 Public Cloud Providers”. Google Cloud is the youngest member of this exclusive club but is also the fastest-growing Cloud provider in recent years. They have huge partnerships with consumer credit reporting agency – Equifax, music-streaming giant – Spotify, Finnish multinational consumer electronics company – Nokia and recently with Major League Baseball (MLB).
Personally, I feel Google Cloud is extremely developer-friendly. It is also tackling internet of things (IoT) and hybrid environments (some resources in on-premises and some in the cloud) both of which are acknowledgements that not everything is but it will be on the cloud.
Who is an Associate Cloud Engineer?
According to Google,
“An Associate Cloud Engineer deploys applications, monitors operations, and manages enterprise solutions. This individual is able to use Google Cloud Console and the command-line interface to perform common platform-based tasks to maintain one or more deployed solutions that leverage Google-managed or self-managed services on Google Cloud.”
Google also states that,
- 87% of Google Cloud certified users feel more confident in cloud skills.
- 30% of Google Cloud certified users took on more responsibility or leadership roles at work.
The above percentages indicate those who strongly or somewhat agree with the statement. Findings from a survey conducted with Google Cloud certified individuals in May 2019 by an independent third-party research organization.
Preparation for the Exam
Before attempting the exam, I had already created a trial account that would give $300 for trying out all the services. Currently, the trial account is for 3 months, but when I signed up it was for 12 months. You can go to the below link and create a trial account.
Obviously, the best practice one can have is by having hands-on on the services provided by Google Cloud. Even though I was working in GCP for 3 months for my organization and I can tell you this – preparing for the exam requires you to have knowledge of all the services and also, it is a tough exam to crack.
About the Exam
This is a multiple-choice question exam with 50 questions in total to be answered in 2 hours. There would be questions where which you can within 30 seconds, and then some would take at least 2 minutes as the questions would be lengthy. I was able to answer all of them within 50 minutes. So if you are familiar with your services, you can easily complete the exam with an ample amount of time left and also review your options. Yes, you can review your answers before submitting. You can mark a question for review if you don’t feel that confident about the question and then later re-visit if you have time.
There is no negative marking, so even if you don’t know an answer, just take the best guess. There is no official passing score for the exam. Google seems to have its own algorithm in place to determine whether you passed the exam or not.
The Google Cloud exams are designed to determine only whether or not an individual meets a minimum passing standard. They are not designed to be diagnostic or spread people out on a scale of ability. They don’t even give you an exam score, much less tell you how close you were to passing. It’s just Pass or Fail.
Simply put, there is no single resource that can be referenced for the preparation. In fact, the more you know the services, the better you retain. One thing to note – Google will never ask you a straightforward question like “Which is the cheapest storage?”, rather it would be, “Suppose you are the Cloud Engineer…”, or “… is the recommended practice by Google”. The questions are mostly short scenario-based.
Google recommends you to have hands-on experience for at least 6+ months. But that’s just a recommendation. I have seen people passing the exam within a month. However, you need to practice different kinds of scenarios while studying and always try to relate any system to GCP.
Resources I used for The Exam
For my preparation, I practiced a lot by exploring everything whatever is listed in the official exam guide.
Additionally, I also took the Udemy course by Dan Sullivan who is the author of the Official Google Cloud Certified Associate Cloud Engineer Study Guide. This course is extremely great and all the important points that you need to know for the exam are highlighted. Some of my colleagues had opted for the book and commended the author to me without reservation.
For passing the exam, you should definitely have extensive knowledge of VPCs, subnets, VPNs, Cloud Interconnect and Cloud Routers. For that, you must read Stephanie Wong’s articles on Networking. The below article proved to be gold for me.
It is equally important for you to know everything about Kubernetes and Google’s implementation of Kubernetes Engine called GKE. You can easily find a lot of great videos on YouTube. What I referred is the below comics on Kubernetes from Google.
GKE YouTube Videos
Another great resource for understanding GKE is from Priyanka Vergadia’s #GCPSketchnote series covering GKE (and other services) and her YouTube videos.
One of the best articles I read (right before exam) is ‘A GCP Flowcharts a day’ by Grace and it is incredibly easier to remember everything if you just gaze at her Flowcharts articles every day.
Google also emphasizes on knowing the best practices for Enterprise organisations for passing the Exam and you must read the Google documentation thoroughly.
High-Level Overview in a Nutshell
Everyone has their own approach to learning a course and I am no exception. I often make notes which seem useful but then this article would be 30 minutes. I will try to give a high-level overview of whatever I seem important. But there would so many things which I may not cover, so please make your own notes (if you make any) and compare with mine.
Resource Hierarchy in GCP
Organization > Folders > Projects > Resources
IAM & Security in GCP
- You must know about service accounts, their key management and usage using gcloud CLI.
- Read and understand about roles and permissions. See ref.
- You must follow Google’s Principle of least privilege while assigning roles. See ref.
Compute Options in GCP
There are 4 compute options in GCP.
- Compute Engine: infrastructure-as-a-service, build high-performance, fault-tolerant, massively scalable compute apps, there are different options to customize your own virtual machines where you can choose RAM, disk, vCPUs etc.
- App Engine: platform-as-a-service, two types: standard & flexible, fully-managed, automatic scaling, supports Node.js, Java, Ruby, C#, Go, Python, etc., cannot be modified after deployment, supports traffic-splitting with a new version
- Google Kubernetes Engine (GKE): Google’s implementation of Kubernetes Engine, fully-managed, supports Stackdriver monitoring, orchestrates Kubernetes containers, automatic-scaling, automatic upgrades, node auto repairs, etc.
- Cloud Function: single-purpose functions triggered based on events, completely serverless.
Storage Options in GCP
- Cloud Storage: Object-based storage in buckets, unstructured storage, files, videos (ex. CCTV footages), autoscaling managed by GCP, 4 storage classes, supports object lifecycles. See ref.
- Cloud SQL: fully-managed relational database, used for regional use cases, lesser expensive relational DB.
- Cloud Spanner: highly-scalable, enterprise-grade, globally-distributed, and strongly consistent relational database, more expensive than Cloud SQL
- BigQuery: analytical database, petabyte-scale, used for data warehousing, supports SQL queries, not transactional, some joins support. See ref.
- Datastore/Firestore: NoSQL databases, stores semi-structured, flexible schema, no joins support, firestore is the next-gen database of datastore
- Bigtable: wide column database, low-latency writes, petabytes-scale, ideal for ingesting and analyzing large volumes of time series data from sensors and IoT devices in real-time. See ref.
- Filestore: managed network file system, persist files and share via instances
Get familiarity about the Use Cases of Bigtable, BigQuery, Cloud Spanner, Cloud SQL, and Cloud Storage.
Storage Classes in Cloud Storage
Google recommends you to use storage classes of Cloud Storage based on the frequency of the objects.
Standard storage class – access frequently
Nearline storage class – access objects once a month
Coldline storage class – access objects once a quarter
Archive storage – logs archival
Get familiarity about the Object Lifecycle Management in Cloud Storage.
Managed Instance Groups (MIGs)
A managed instance group (MIG) contains an identical virtual machine (VM) instances that are based on an instance template. MIGs support auto-healing, load balancing, autoscaling, and auto-updating. Autoscaling works by adding more instances to your instance group when there is more load (upscaling), and deleting instances when the need for instances is lowered (downscaling). See ref.
Unmanaged Instance Groups
An unmanaged instance group is simply a collection of virtual machines (VMs) that reside in a single zone, VPC network, and subnet. An unmanaged instance group is useful for grouping together VMs that require individual configuration settings or tuning. See ref.
Networking Options in GCP
Networking is one of the most important topics that come in the exam. I would highly recommend to read more about it and understand it.
- Virtual Private Cloud (VPC): Private Cloud that you manage in Google Cloud where you can run your resources. They have VPC networks associated with them and the networks are highly scalable, global and flexible.
- Virtual Private Network (VPN): Network abstraction that allows you to secure the network and transmit data across the internet using secure IP or IPsec.
- Cloud Router: It enables your GCP resources to communicate with your non-GCP resources like resources deployed in on-premises by exchanging routes using Border Gateway Protocol (BGP).
- VPC Peering: Private communication links between VPCs in different organizations (remember Resource Hierarchy).
- Shared VPC: Sharing VPC across resources within the same organization.
- Cloud Interconnect: Service that links resources in VPCs to an on-premises data centre. Can be a Direct Connection (Dedicated) or via 3rd Party (Partner)
- Firewalls: Rules that control the flow of traffic in networks across networks
- Cloud CDN: Allows you to cache objects closest to the user thereby reducing latency.
- Cloud Load Balancing: Scaling up and down of backend instances on the upcoming traffic.
I can’t stress enough how important these topics are for the exam. You must know how to choose your load balancer. Everything about VPNs and VPCs should be known. You just know that subnets are created when VPC network is created. Subnets are regional resources but they can communicate with any other subnet inside a VPC. Each subnet defines a range of IP addresses.
When you create a subnet on your own, you need to provide the IP address range.
When a VM instance is created, the DNS entries are automatically created resolving to a formatted hostname. A fully qualified domain name (FQDN) is the complete domain name for a specific computer, or host, on the internet. The FQDN consists of two parts: the hostname and the domain name.
FQDN = <pre>[hostname].c.[project-id].internal</pre>
If you had a VM instance “kangaroo” with a project-id “my-project”, then the DNS FQDN would be,
Address Allocation For Private Internets
This is taken from a document specifies an Internet Best Current Practices for the Internet Community and requests discussion and suggestions for improvements.
The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
We will refer to the first block as “24-bit block”, the second as “20-bit block”, and to the third as “16-bit” block. Note that (in pre-CIDR notation) the first block is nothing but a single class A network number, while the second block is a set of 16 contiguous class B network numbers, and the third block is a set of 256 contiguous class C network numbers.
Some Other Important Things
- You must know about choosing the Load Balancer based on the scenario. See ref.
- Google emphasizes you to know the gcloud, bq, gsutil and kubectl command-line utilities. Google has created cheat-sheets which I would highly recommend to read this every day and practice in Cloud Shell.
- Know everything about Google Kubernetes Engine (GKE) from understanding Kubernetes architecture to deploying applications in GKE clusters. See ref.
- Know about the Deployment Manager. See ref.
- Know about Stackdriver Monitoring, Trace, Debug, and Logging.
- Know about creating snapshots to periodically backup data from your zonal persistent disks or regional persistent disks. To reduce the risk of unexpected data loss, consider the best practice of setting up a snapshot schedule to ensure your data is backed up on a regular schedule. See ref.
- Know about ML tools like Cloud Dataflow, Cloud Dataproc, Cloud Fusion, etc.
Read. Practice. Repeat.
It is extremely important for you to have hands-on experience as already emphasized a few times in the article. It is also important to have practice exams before appearing for the cloud exam. I took the official practice tests by google available for free.
The more you practice, the more you become aware of scenario-based questions. I think one should never appear for the Cloud exam without taking the practice tests.
You can also try out other sample tests to get the familiarity with the types of questions you are going to get. I found another highly-rated practice tests on Udemy which you can try out.
Cloud computing is the most in-demand skill a developer must-have. I wanted to get certified and glad I did. I wanted to share my journey in the article. Trust me on this, you will learn a lot when you are reading, researching and practising for a certification.
I have barely scratched the surface in this article. I would suggest you have your own preparation, make your own notes, choose your own course, everything is available out there, the important thing is that with the journey and your research on services, you will learn a lot.
If you enjoyed reading this, you might also find the below articles worth your time.
Features That Every Developer Must Know About Spring Boot
If you are not living under the rock, then you must have heard about Spring Boot, the framework which provides a simpler and faster way to set up, configure, and run both simple and web-based applications.