Top Ten Google Cloud DevOps Engineer Certification

I sat for the Google Cloud Platform DevOps Exam a few days ago and I was pleasantly surprised with the exam format, questions and answers. No case studies:)

I believe this exam is a game changer for folks that are really looking to prove themselves in a niche area. DevOps is still a niche area contrary to what I see in the IT media. The good part is that if you took the Cloud Developer exam then there seems to be some overlap.. Ill elaborate in the list below.

The main area to focus on is not just Kubernetes but we also need to understand their is a significant focus on Site Recovery, DevOps and Stackdriver. Yes, I said it “Stackdriver”.

Google has done a remarkable job on this exam.

DevOps Engineer EXAM Overview

 A Professional Cloud DevOps Engineer is responsible for efficient development operations that can balance service reliability and delivery speed. They are skilled at using Google Cloud Platform to build software delivery pipelines, deploy and monitor services, and manage and learn from incidents.

The Professional Cloud DevOps Engineer exam assesses your ability to:

  • Apply site reliability engineering principles to a service
  • Optimize service performance
  • Implement service monitoring strategies
  • Build and implement CI/CD pipelines for a service
  • Manage service incidents

Beta Exam Questions — 102

Beta Exam Time — 4 Hours (240 Minutes). (Completed in 165 minutes)

Exam Overview Link

The exam was certainly a complex mixture of DevOps, Site Recovery and Google Services such as Stackdriver, Cloud Build, Kubernetes Engine, Container Registry, etc that focused from both an operations and a development perspective

Integrate SRE, DevOps Teams for example and enable a build once policy at the start of your DevOps pipelines so that later phases of the CI/CD pipeline have a consistent build to work with. The goal is to avoid any inconsistencies (Multiple configs, cluster management, multiple build tools, etc)

DevOps Engineer Exam Top Ten Things to Know

The following list is not a concise list of EVERYTHING you should not but merely the main areas to learn and prepare for.

There are command line questions so be forewarned.

Free Practice Exams Here

Number 10

Understand the difference between SLOs, SLAs and SLIS. Yes, this can be really confusing. The number of questions around these topics were more than 2 or 3. Two main resources to review.

  1. Google Cloud Blog – SRE Fundamentals

2. Google online SRE Workbook

Note that Stackdriver can be used for creating dashboard, understanding latency, etc.

How does DevOps and SRE relate. Check it out

Number 09

Just like on the Cloud Developer exam there was a good amount of Kubernetes questions for sure and perhaps the algo popped with a bunch of special questions right off the bat just for me.

  • Taking the exam you must have a concise background for Kubernetes Engine (kubectl/gcloud cli commands)
  • You must know what the Error Codes 400/403 are in several contexts.
  • Know the complementary services around containers and Kube but also how to monitor containers. The easiest way to install Stackdriver monitoring is let it happen at deployment..

Complementary services are…….

Number 08

Stackdriver and Stackdriver….

Do not even take the exam if your not confident in Stackdriver logging setup, setup alerts and you can spell out the difference between Stackdriver modules, workflows and to note that Debug and Trace heavily tested. Stackdriver APIS are a must know

If your in operations working with GCP then your likely going to just spectacular on these types of questions. However, developers may not do as well since monitoring from my experience is more “tribal” than in other areas in IT. Developers generally dont want to play operations sometimes…

Go into the exam knowing the difference between Debug vs Trace vs Profiler

Stackdriver logging

So what is the “Life of a Log”

GCloud logging Commands to know

  • gcloud logging
  • gcloud logging logs list
  • gcloud logging sinks create

Export Logs need to know.

Export Logs via

  • Logging API
  • Cloud Storage
  • Cloud Pub/Sub •BigQuery

Number 07

VPC Flow Logs are tested and we need to know a few things.

  1. Why use them
  2. How to review them
  3. How to be alerted

VPC Flow Logs record a sample of network flows sent from and received by VM instances and instances used as Kubernetes Nodes (GKE). These logs can be used for network monitoring, forensics, real-time security analysis, and expense optimization.

You can view flow logs in Stackdriver Logging, and you can export logs to any destination that Stackdriver Logging export supports.

Flow logs are aggregated by connection from Compute Engine VMs and exported in real time.

By subscribing to Cloud Pub/Sub, you can analyze flow logs using real-time streaming APIs.

You may want to review this GCP page.

Theres more..But not now…

Want to know more about the Cloud Developer Exam… Check out my Deep Dive.

Number 06

Handling Incidents – Yes when SHTF hits you have to know how to deal with an event. An event being a breach has occurred and how to handle issues from a DDOS attack, nodes go done, your boss is out of coffee or a CSS is hacked sort of issues.

Know how to mitigate issues, how to minimize risks, add capacity.

Review this page for a start and specifically understand Google best practices and Data incident response process (Flowchart)

Data Incidents.

Google SRE book has some info that seems familiar..

Lots of acronyms to learn. For example..

The main roles in incident response are the Incident Commander (IC), Communications Lead (CL), and Operations or Ops Lead (OL). IMAG organizes these roles into a hierarchy: the IC leads the incident response, and the CL and OL report to the IC.

When disaster strikes, who declares the incident typically steps into the IC role and directs the high-level state of the incident?

Number 05
Google Cloud Professional DevOps Engineer Certification – All in One Guide

Securing the pipelines. Container Security = Vulnerability analysis with Container Registry, Cloud Security Scanner

Container Registry

Cloud Security Scanner

Cloud Security scanner is a FREE tool that you can use with Compute Engine, App Engine and Kubernetes Engine

This page has a lot of links that are very useful for the exam preparation

Google Container Security

Number 04

Kubernetes Engine uses what? Binary Authorization, we are not talking about gender here. -With binary authorization you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying.

By enforcing validation you get tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process. No need for crappy deployments right?

Binary Authorization

Number 03

Load Balancing and Endpoints

Know the basics of both VM and Container load balancing. What are instance groups.

Know what Endpoints are and how the network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints

There more on this, but wait for my deep dive notes…

Number 02

Infrastructure as Code (IaC)

Cloud Deployment Manager and Terraform were two areas that you may to understand.

In Cloud Deployment Manager -Preview configuration

gcloud deployment-manager deployments create example-deployment –config configuration-file.yaml \     –preview

Number One

Deploying a containerized application to Kubernetes Engine

Cloud Build, Know your build steps, Automatic vs manual and integrate with Cloud Repositories. Custom builds steps (Memorize). Speed Up Builds and CI Pipelines

Know how to deploy a containerized app and the details ..

Here is the link you want to look at.

Ill be coming out with a DEEP DIVE with more details when time permits. Expect some practice questions and a new course in January 2020.

Carry on my cloud friends and please do let me know any feedback or suggestions.

Joe Holbrook, the Cloud Tech Guy