How to pass the Google Cloud Professional Cloud Architect exam in 30 days or less!

Deep Dive

Feb 4

Interested in passing the Google Cloud Professional Cloud Architect exam?

Follow my strategy and learn how I passed the exam in less than 30 days.

First, if you haven’t already, go read “Why you should get certified” because there are a few reasons why I need you to become certificate advocates beyond total compensation.

This blog post is going to be a comprehensive technical deep dive on all the ways in which you can pass the Google Cloud Professional Cloud Architect exam.

Background

I’m authoring the Google Cloud Professional Cloud Architect Exam Guide with McGraw Hill. It’s coming out on February 26th. This book is unlike any other technical book you’ve read. Come on, I’m from the generation of memes, at a bare minimum you know this book is going to be entertaining.

I have 14 certifications. It takes me an average of 9 days to pass each exam. I’ve read 10+ technical books and I thought to myself, I don’t want my audience to be miserable through this journey.

Let’s make this comprehensive, engaging, funny, and most of all the best damn certification book to pass the exam that exists. PERIOD.

It’s an All-In-One series book. I worked through the very technical building blocks of GCP, starting with the second you “sign up” for Google Cloud to running a large, multinational enterprise cloud environment.

I also zoom out frequently to the bigger picture to talk about philosophy, jokes, real-life scenarios and implications, and overall immersing you into the life of a Cloud Architect.

I do this for a living at Google Cloud, and while this blog & book is based on my own opinions and not of Google’s, it’s in everyone's best interest to cultivate a successful community of learners.

I really want you to be successful beyond the certification. Book or no book.

Time, comments, and reviews will tell if this approach is working. So, please leave a review on Amazon if you get the book, good or bad. And, leave me comments here and anywhere for feedback to revise this deep dive. My goal is to involve the community in every aspect of #TheCertsGuy content, so make this your place.

This blog post is a supplemental resource to anyone studying for the certification, whether it’s reading my book or using any other materials.

*note — if this blog is helpful for you, please feel free to share it on social media, and add #TheCertsGuy to it so I can get notified!

PCA Deep Dive Outline.

Here’s the outline for this blog post. Feel free to dive into whatever is important for you. I’m aware there are no anchor tags, so bear with me while I work on that feature request :)

Official Google Cloud Exam Outline
1. New beta exam -- will I pass?
The Certs Guy Four C’s Exam-Cram Formula
1. Choice
2. Calendar
3. Consistency
4. Community
Exam Strategies
1. Test-taking tips
2. How to break down a test question
3. Case Studies
How to use my book?
1. Book Outline
2. FREE Chapter 2 Study Guide
3. Sample Questions & Online Test Bank
Supplementary Resources
Concepts to prepare for the exam
1. Cloud Identity
2. Resource Management
3. Cloud Identity & Access Management
4. Networking
5. Compute and Containers
6. Storage, Databases, and Data Analytics
7. DevOps
8. Cloud Operations
9. Security
10. Billing, Migration, Support
Help someone with your new knowledge

1. Official Google Cloud Exam Outline

Okay first, go through and read everything on the official Google Cloud page. I don’t want to fill up this blog post with stuff that exists and is maintained elsewhere, so, take 10 minutes and review it now.

Take a look at the exam outline but don’t be daunted by all the super complex language. Not all the elements of the outline are explicitly questioned in the exam… It’s more of guidance for how/what you need to think about.

New beta exam - will I pass?

PSA: There's a new beta exam!

As you can imagine, this beta will one day no longer be beta, so pay attention to which exam you’re taking. When this officially gets out of beta phase, the two new case studies “EHR Healthcare'' and “Helicopter Racing League” will become part of the official exam. It looks like TerramEarth and MountKirk games are still going to remain on the new exam.

I’m planning on taking the beta exam shortly, so I will update this blog post on how I do and what some of the key differences were.

I am confident that my book and this blog post will still prepare you for the new exam, because the focus is on becoming a Google Cloud Architect and that will give you the skills to pass any Google Cloud Architect exam.

Also, the beta exams are usually more difficult, because they have questions that may have high failure rates that they then remove from the generally l available exam. So, when it does become generally available, it should be easier anyway.

2. The Certs Guy Four C’s Exam-Cram Formula

Copy of Blue and White SWOT Analysis Chart Presentation.png

Like when politicians create a new bill, I feel like they first create the acronym and then decide what to put in it…

“Duh... Bill, what should we name this legislation?”

“Let’s call it the CARES act cause the peoples need to know we cares”

So these are my four C’s. This is the approach I take to preparing for my exams.

Choice

TL;DR - Start with your intention.

The second you rob yourself of the choice is when you lose the motivation and discipline to do something out of your innate desire.

If you’re forcing yourself to take this certification, the pressure will make you crumble. Nobody wants to be forced into anything.

If you chose to take this certification, that means you chose to do all the work and sacrifice that comes along with it.

Take a moment to think about your intentions behind the learning journey. Start with your intentions before and every day of your learning journey.

Your perception creates reality. Choose wisely. Remember, the only one in control of your choice is you.

Start your preparation by remembering your choice to pursue this learning journey.

Calendar

TL;DR. Plan to take your certification within 30 days. Pay for your exam at the beginning. Create a calendar for your approach. Fail if you need to. Follow my calendar for a 30-day approach.

The next step is to plan out your calendar.

Too many people make the mistake of turning certifications into marathons.

The continued learning behind the certification, the work experience, the projects, the meetings -- these are the marathon… NOT the certification itself.

The certification is a sprint. And if you decide to sprint for one mile instead of 400 meters, you’ll get tired halfway through and lose track.

You should still pace yourself through the sprint. Don’t cram 4 chapters in a day.

My trick. When I set the intention and order my books, I choose a day within 30 days and I schedule & pay for the exam.

Things can go south in life, at any time, of course. And I know some people face many more challenges than I do. Having kids, having family challenges, commitments -- totally understandable.

Just don’t forget, you made the choice.

Also, failure is OK.

I failed the Professional Cloud Architect the first time I took it.

I’ve failed other exams too. Failing is the fastest way to pass. Fail-first is the approach that every successful person in the world has done. Michael Jordan, Serena Williams, Elon Musk, even a key principle of DevOps is a fail-first culture… It takes failing to know what you need to solve for. There’s a lot of science behind these claims, but who needs science when it’s common sense!

It’s also cheaper to fail and cough up $200 than it is to spend another 50 hours of your life studying. Don’t be afraid to fail! Now you know exactly what the exam is about and what you need to do.

Lastly, here is a sample calendar you can stick to in order to pass the Professional Cloud Architect in 15 days using only my book and the docs page. Feel free to spread this out to 30 depending on your commitments in life.

Screen Shot 2020-12-31 at 8.59.29 AM.png

Consistency

Let’s pretend this word is Discipline. I just wanted to stick to the Cs to make it easy.

TL;DR - Please, be consistent with your learning. And after the certification, don’t stop.

Consistency is the hardest thing in the world. Believe me.

The only thing I’m consistently good at is Call of Duty… everything else is painful. But, going back to Michael Jordan (btw, if you need a book on this, check out Relentless) -- it was not the genetics, not the luck, not the talent. It was the consistency that made him great.

Motivation is the ignition that starts your car, consistency is the gas that keeps you going.

Being consistent with your learning will change the game for you. Your brain will deprioritize memorizing things when you let them slide for enough time

If I’m reading a book, I typically plan on reading 1 chapter a day and I will plan my life around that one chapter.

That means, booking lunchtime to read, maybe blocking an hour at the end of your day to read, maybe taking a day off to read.

Just one chapter a day, that’s all you need to think about.

It’s easier to go through 30 days of pain than 365 days of torment.

Community

TL:DR - Google search like your life depends on it. Network with people. Find communities online. Ask questions. Not just for this certification, this should be part of your career growth in general.

Don’t discount the power of community.

The way I passed my CISSP and those certifications when I was in my early 20s was literally googling everything. I googled all the curious questions I had about the exam, discovered all of the online forums and communities that existed, joined, asked more questions, learned from other people’s experiences.

I’ve googled so much, I literally googled my way to Google *I just work here don’t mind me*.

Had it not been for the community, I would’ve probably not done so well on a lot of exams. It was hearing about other people’s highlights and lowlights, what tricks they employed, what they needed more clarity on. (Google + YouTube + Reddit = the Trifecta of Growth)

The beautiful part, at the end of all these questions there is always someone who is willing to help.

There is such a vast community out there. There are people who you can ping on LinkedIn, forums full of certification-learners who shared your experiences, learners who are on the same journey as you, subreddits that are filled with knowledge.

Be curious, search, connect, and ask!

3. Exam Strategies

You would be surprised to know that just studying for your test adequately isn’t always enough to pass. There are some really easy tips and tricks that you can implement leading up to and on your test day for your mind to be working at its best. Remember, your brain is not a binary device that is either on or off -- it’s a highly sophisticated complex machine that operates its best when it’s treated it’s best. Follow these test-taking tips to increase your chances of success.

Quick Tips

Sleep is your superpower! Sleep plays the most important role in memory retention when you’re learning something new. Get good quality sleep after studying and get a great night’s rest before you take your exam. Without sleep, your mind will not draw from the right sources of memory. Read more here.
Pace yourself on your sprint. It sounds easier running through as much content as fast as possible. Yes, treat the exam like a sprint and the learning like a marathon, but get some rest and don’t burn yourself out before the exam. Sprint cycles are 2 weeks long, not 3 days :)
Eat a clean diet and drink lots of water. Plenty of research has shown the effects of sugar, dehydration, and a poor overall diet on your body. Your body needs nutrition to be its best, so treat yourself like a Ferrari, not like a jalopy!
Take a break during the exam and get your blood flowing. Do some jumping jacks, pushups, or take a brisk walk to the restroom. It’s so easy to doze off during this exam because it is so technical and mentally draining, so a little micro exercise will get your mind and cognition stimulated. EDIT: I don’t think you can do this on the virtual exams but maybe you can stretch at your desk.
When an exam question takes you longer than 30–45 seconds to solve, flag it and skip it. It’s easy to get through all the questions you know the answers to immediately and then go back to the flagged questions at the end. That way, you aren’t rushing through any potential easy questions if you’re running low on time by working through everything in one sprint.
Identify the keywords provided to you in each exam question. Certain words can change the entire context of the question or the order of the answer; list them out while you’re looking for an answer. For example, if you’re asked, “What is the most cost-effective strategy for storing objects in a data store that need to be accessed only once a month?” Cost-effective, object storage, accessed once a month—these are all keywords or key phrases. In this case, storing the data in Google Cloud Storage on a nearline storage class would be the right answer.
Read the answers to identify patterns before assuming you know the right answer. Oftentimes, the patterns within the answer may point you in a closing direction. You’ll see how I explain this in my next section of this blog.
Answer the questions with the Architect hat on. You’re no longer an engineer, so don’t answer questions like you’re an engineer. Think like an Architect.

How to break down a test question

Consider the following test scenario:

CatSnap, a popular cat videos application, wants to build a solution that enables their extended workforce—contractors and temporary staff—to access an environment in which they can upload and download marketing materials for the marketing team.

How do you turn this into a solution? A lot more information is needed here. Luckily, on the exam, you’ll get all of the information you need (though in real life, you’ll have to probe a little deeper).

Here’s an example of a scenario-based question:

CatSnap, a popular cat videos application, needs to store 50TB of data in an environment where they can share it with extended staff that does not have CatSnap credentials, so that these staff members can upload and download marketing materials that they will be editing. The data needs to have nonrepudiation of who accessed it for auditing and monitoring, and data that is older than six months needs to be moved to an archive, where it’ll be accessed at most once a year. What is the most secure, cost-effective, and fastest way to do this?

Provision a private GCS bucket, apply object lifecycle policies to move it to coldline after six months, onboard extended workforce with a CatSnap identity account, and enable bucket logging for the security team to review.
Provision a private GCS bucket, apply object lifecycle policies to move it to archive after six months, onboard extended workforce with a CatSnap identity account, and enable bucket logging for the security team to review.
Provision a private GCS bucket, apply object lifecycle policies to move it to coldline after six months, enable data owners to create signed URLs that will be provided to extended workforce as needed, and enable bucket logging for the security team to review.
Provision a private GCS bucket, apply object lifecycle policies to move it to archive after six months, enable data owners to create signed URLs that will be provided to extended workforce as needed, and enable bucket logging for the security team to review.

So here’s what you’d want to parse from this question:

50TB of object storage
Shared user environment
Untrusted users without credentials
Upload and download permissions
Nonrepudiation of each audit log entry
After six months, move to a new storage class
Archive is accessed once a year
Most secure
Cost-effective
Fastest

You may have an answer already, but if you look at the four potential answers provided, you can identify another pattern and gather another data point:

Provisioning a private GCS bucket is a given across all answers.
Applying object lifecycle policies is next, but what’s the difference between coldline and archive storage classes? Well, if you knew that the data is accessed once a year and they’re looking for the most cost-effective solution, it sounds like archive is the answer here. Coldline would still work, though, because you can access it once a year or more as well, but the key words here are “most…cost-effective.”
Bucket logging is enabled across all four answers.
Ah, here’s an interesting one—do we onboard and provision users with CatSnap identities, or do we use signed URLs? It says the fastest way, so granting signed URLs is the fastest way here. But wait, there’s also a requirement of nonrepudiation of all user accesses, so can I have nonrepudiation if my users are using signed URLs? That requirement is an example of a detractor: “fastest” doesn’t matter here, because the fastest solution does not satisfy all requirements.

As you start to dissect each exam question, you’ll need to have this mindset: What are patterns I can identify? Where can I find more requirements or keywords in my questions and in the answers provided? How can I eliminate multiple questions at once? While all four of the answers are technically correct, at the end of the day, if you parse through this question properly, the answer should be B, because you cannot use signed URLs as a means to prove nonrepudiation of all the users who could be accessing your data.

Case Studies

You will get many questions on the exam that are based on case studies. The good news is, these case studies are all available online ahead of time. Go to the Official Outline I mentioned a few sections above.

Don’t overlook the case studies! They are such a huge portion of the exam.

When you’re working through a case study, follow the same instructions as my last section. Understand the objectives -- are they business or technical objectives, and then start to funnel down your answer from there.

Remember, you’re an Architect, not an Engineer -- so you need to start answering questions like an Architect.

4. How to use my book?

The book is an all-in-one book, so it’s all you need to pass.

I do recommend you also get some hands-on experience with Coursera or Qwiklabs so that you know what you’re doing beyond the theoretical. Remember, the certification is a sprint, the experience is a marathon.

I recommend you stick to reading one chapter a day and target getting 75% of the end of chapter questions right. Then you can start adding in the TotalTester questions when you’re nearing completion of the book. Aim for a comfortable 75% there as well.

What if I’m already certified, is the book still useful?

Yes. Absolutely.

This book is a great reference guide for anyone on the job. It covers many philosophical aspects of being a Cloud Architect, the non-technical components of the job, and all of the building blocks of designing a large, multinational enterprise cloud platform.

It’s a great reference for technical and business teams alike, giving you talking points across all major topics of Google Cloud based on a lot of the real world experience I’ve had in the field. It’s also a security book, so you get a three in one book (Cert + Architect + Security).

So, even if you passed the cert -- it might not be a bad idea to have the book on hand. Just take a look at the outline and you’ll see what I mean.

Outline

I’m explicitly writing the outline because, even if you didn’t purchase the book, you can follow this outline as a study aid for things you should read about. Anyways, feel free to download the outline here or see below.

Download PDF

Preface

Copyright
Dedication
About the author
About the technical editor
Acknowledgements
Table of contents
Introduction
Overview of Google Cloud certifications
What does this exam guide cover?
Online Test Bank
Supplementary Resources

Introduction to the Professional Cloud Architect Certification
1. Reasons to take the Professional Cloud Architect exam
2. Prerequisite Knowledge
3. Exam Information
4. General tips on taking technical certification exams
5. How to use Supplementary Resources
  1. Professional Cloud Architect Certification Exam Guide
  2. Certification Frequently Asked Questions
  3. Google Cloud Professional Cloud Architect Exam
  4. Google Cloud Products Page
  5. Google Cloud Products Documentation
  6. Google Cloud Console
  7. Coursera
  8. Qwiklabs
  9. A Cloud Guru
  10. Blog Posts
  11. Google Cloud YouTube Channel
6. Questions
7. Answers
8. Chapter Review
Overview of Cloud Computing and Google Cloud
1. Overview of Cloud Computing
2. Google Cloud versus other Clouds
  1. Security First
  2. Open Cloud
  3. Analytics and Artificial Intelligence
  4. Global Data Centers and Network
  5. Principles of System Design
    1. Operational Excellence
    2. Security, privacy, and compliance
    3. Reliability
    4. Performance and cost optimization
3. 10,000 Foot Overview of Google Cloud
  1. Compute
  2. Storage
  3. Databases
  4. Data Analytics
  5. Networking
  6. Operations
  7. Developer Tools
  8. Hybrid Cloud & Multi-Cloud
  9. Migration
  10. Security & Identity
4. Ways to interact with the Google Cloud Platform
  1. Google Cloud Console
  2. Command-line Interface
    1. CLI Exercise
  3. Client Libraries
5. Business and Technical Context for the Google Cloud Architect
  1. Assessing business requirements
    1. Reducing Expenditures
    2. SLO’s, SLA’s, SLI’s, So What?!
  2. Assessing technical requirements
    1. Mountkirk Games
  3. Exercise
6. Chapter Review
7. Additional References
8. Questions
9. Answers
Cloud Identity
1. Security Principles
  1. The AAA Security Model
  2. Least Privileges and Separation of Duties
2. Cloud Identity Overview
  1. Users and Groups
  2. Free Tier vs Premium Tier
  3. Super Admin and Organization Admin
3. Ways to authenticate
  1. Using 2SV
4. Provisioning users
5. Auditing users
6. Chapter Review
7. Additional References
8. Questions
9. Answers
Resource Management
1. Cloud Resource Manager Overview
2. Organization Hierarchy
  1. Organization, Folders, Projects, Resources
    1. Organization
    2. Folders
    3. Projects
    4. Resources
3. Organization Policies
4. Best Practices
5. Chapter Review
6. Additional References
7. Questions
8. Answers
Identity & Access Management
1. Cloud IAM Overview
2. Members, Roles, and Policies
  1. Google Account
  2. Groups
  3. Service Accounts
    1. Managing Service Account Keys
    2. Default vs Custom Service Accounts
  4. IAM Roles
    1. Primitive Roles
    2. Predefined Roles
    3. Custom Roles
  5. IAM Policies
3. IAM Conditions
4. BeyondCorp
5. Accounting and Technical Compliance
6. Monitoring Technical Compliance
7. Chapter Review
8. Additional References
9. Questions
10. Answers
Networking
1. Networking Deep Dive
  1. Google's Global Network
    1. Encryption in Transit
  2. Network Tiers
  3. Virtual Private Cloud, Subnets, Regions, Zones
  4. Subnet Ranges and IP Addressing
    1. To Expose, or Not to Expose
  5. Routes and Firewall Rules
  6. Private Access
    1. Private Google Access
    2. Private Service Access
  7. Cross Project Communication
    1. Shared VPC
    2. VPC Peering
    3. Cloud VPN
  8. Cloud DNS
2. Connectivity to your Cloud
  1. Cloud Router
  2. Cloud VPN
  3. Cloud Interconnect
    1. Dedicated Interconnect
    2. Partner Interconnect
3. Cloud Load Balancing
  1. Overview
  2. Cloud CDN
4. Network Security
  1. Network Security Principles
  2. Firewalls
    1. VPC Firewall
    2. Cloud Armor
  3. Cloud NAT
  4. VPC Service Controls
  5. Identity Aware Proxy
  6. Network Logging
5. Explain It Like I’m 5 (ELI5)
6. Chapter Review
7. Additional References
8. Questions
9. Answers
Compute & Containers
1. Google Compute Engine
  1. Virtual Machine Instances
    1. Machine Types
    2. Preemptible VMs
    3. Shielded VMs
    4. Confidential VMs
    5. Sole-Tenant Nodes
  2. Images
  3. Instance Templates and Instance Groups
  4. Storage Options
  5. OS Login
2. Google App Engine
  1. App Engine Flex vs App Engine Standard
3. Google Kubernetes Engine
  1. Cluster Architecture
  2. Configuration
  3. Node Upgrades
4. Cloud Functions
5. Cloud Run
6. API Management
  1. Apigee
  2. Cloud Endpoints
  3. Secure your APIs
7. Chapter Review
8. Additional References
9. Questions
10. Answers
Storage, Databases, and Data Analytics
1. Storage
  1. Google Cloud Storage (GCS)
  2. Cloud Filestore
  3. Persistent Disk (PD)
  4. Local SSD
2. Databases
  1. Cloud SQL
  2. Cloud Spanner
  3. Cloud BigTable
  4. Cloud Firestore
  5. Cloud Memorystore
3. Data Analytics
  1. BigQuery
  2. Cloud DataProc
  3. Cloud Dataflow
  4. Cloud Pub/Sub
4. Data Security
  1. Data Classification
  2. Cloud DLP
  3. Encryption
    1. Default Encryption
    2. Cloud KMS
    3. Customer Managed Encryption Keys
    4. Customer Supplied Encryption Keys
    5. External Key Management
5. Chapter Review
6. Additional References
7. Questions
8. Answers
DevOps
1. DevOps
  1. Continuous Integration and Continuous Deployment
  2. Infrastructure As Code
2. Deployment Models
3. Google Deployment Manager
4. Cloud Build
5. Cloud Source Repositories
6. Google Container Registry
7. Chapter Review
8. Additional References
9. Questions
10. Answers
Logging & Monitoring
1. Cloud Logging
  1. Types of Logs
2. Cloud Trace
3. Cloud Profiler
4. Cloud Debugger
5. Cloud Monitoring
  1. Workspaces
  2. Monitoring Agent
  3. Uptime Checks
  4. Metrics and Alerts
  5. Dashboards
6. Resilience
7. Chapter Review
8. Additional References
9. Questions
10. Answers
Security
1. Security Fundamentals
  1. CIA Triad
  2. Control Categories
  3. Control Functions
  4. Asset x Threat x Vulnerability = Risk
2. Security Modernization
3. Compliance
4. Infrastructure Security Highlights
  1. Identity Security
  2. Resource Management Security
  3. IAM Security
  4. Network Security
  5. Application Layer Security
  6. Data Security
  7. DevOps Security
5. Security Operations
  1. Cloud Asset Inventory
  2. Security Command Center
    1. Cloud Threat Detection
    2. Security Health Analytics
    3. Web Security Scanner
6. Chapter Review
7. Additional References
8. Questions
9. Answers
Billing, Migration, and Support
1. Billing Fundamentals
  1. Cost Control
2. Migration Planning
  1. Resource Quotas vs Capacity
  2. Transferring Applications and Data
3. Support Overview
4. Chapter Review
5. Closing Thoughts
6. Additional References
7. Questions
8. Answers
Appendix
1. Appendix A - Objective Map
2. Appendix B - About the online content
3. Appendix C - Glossary
4. Appendix D - Index

FREE Chapter 2 Study Guide

Chapter 2 is free for you to download. It is a great overview chapter that provides a 10,000 foot overview of all of the key products and services you’ll see on the exam. I highly recommend you skim through this chapter to get an idea of all of the key products.

I’ve pulled some of the content from chapter 2 into this blog anyway, but, feel free to download it below!

Download Study Guide

Sample Questions and Online Test Bank

The book has 10 questions at the end of each chapter, which are pretty easy in the first few chapters because I can’t start asking you complex solutions if you haven’t developed the foundational knowledge of Google Cloud yet. Once you get to the Networking chapter they turn up a notch and become more complex.

It also includes an online test bank that has 100 exam-like sample questions, which were developed by the Technical Editor, Rich Foltak.

Rich has like 38 certifications. Rich spends more time learning than I do breathing. He’s the VP of Cloud at Dito, a premier Google Cloud partner, and a former Chief Architect at Deloitte.

If there’s anyone I trusted to handle the online test bank, it’s Rich.

There are various other online testing questions you can use, but just remember, your goal is to learn the technology -- not get the answers to the test. Be very wary of anything that claims to have an exam dump, even if it’s true, because at that point there’s no reason to take the certification. Don’t rob yourself from the learning experience!

ORDER THE BOOK!

5. Supplementary Resources

Professional Cloud Architect Certification Exam Guide
Certification Frequently Asked Questions
Google Cloud Professional Cloud Architect Practice Exam
Google Cloud Products
Get Started with Google Cloud - Docs page
Coursera: “Architecting with Google Cloud Platform Specialization”
QwikLabs Cloud Architecture Quest
Google Cloud Platform YouTube Channel
Google Cloud Podcast

6. Concepts to prepare for the exam

This section is basically a very rough write-up of things I’ve seen on the exam. This is way less organized and thorough than the book, but just some key points that I’ve added myself for now and will crowdsource the remainder through you all. So, add comments below to recommend changes.

Ranking System

I will be ranking each topic based on

Deep expertise
Medium expertise
High level understanding

General

Here are some general things you want to consider for your exam.

(2) What are all the ways in which you can access GCP? UI, API, CLI.
(1) What is the difference between using gcloud, gsutil, kubectl -- what are each of these commands and when are they used?
(2) Very basic linux syntax
(2) Understanding of general computing concepts (LDAP, SSO, RBAC, AD, DNS, DHCP, Firewalls, CIDR, VMs, Containers, object vs block vs file storage, DevOps, CI/CD, IaC, least privileges, defense in depth, separation of duties, microservices, hybrid-cloud, multi-cloud, etc)

Cloud Identity

Cloud Identity is the first element of using GCP, where you determine how you want to manage authentication to the cloud, use single sign-on, provision users, and audit users. Some things you want to think about:

(1) The difference between Cloud Identity & Cloud IAM.
(1) Where you manage Cloud Identity (admin.google.com), what actions you can perform there.
(2) LDAP, AD, etc.
(2) What is Google Cloud Directory Sync and when to leverage it?
(2) What is Single Sign On and how to leverage it in your deployment?
(2) Multifactor authentication / 2 step verification / using hardware keys

Resource Management

Resource management refers to how you design the resource hierarchy of your cloud environment using organizations, folders, projects, and resources. Some things you want to think about:

(1) What is the resource hierarchy? Where are the policy attachment points?
(2) What are organization policies?
(1) Best practices for designing organization, managing policies, etc
(1) When to use a single org vs multi-org approach, how to leverage folders within these models for business units / departments, teams, environments, etc

Cloud Identity & Access Management

Cloud IAM refers to how you manage user authorization in GCP -- policies, roles, groups, and service accounts. Some things you want to think about:

(1) Some common roles (org viewer, org admin, project viewer, project browser, etc)
(2) What happens if you have a policy issue at a certain resource node? Do policies affect parents or children?
(1) How to centrally manage and govern IAM policies across multi-faceted organizations
(2) Troubleshooting role / permissions issues
(3) Least privileges, separation of duties, AAA security
(2) What are service accounts? What are service account keys?
(2) Where to store secret keys?

Networking

Networking dives into the core concepts in Google Cloud, including virtual private clouds (VPCs), regions, zones, and subnets, etc. Connecting to your cloud, how Google Cloud provides load balancing across its platform, and how you can secure and control access to your network.

(1) Zonal, regional, global resources
(1) VPCs (regional)
- How to manage traffic flow with Firewall rules, network tags, etc
- VPC peering, private google access, etc
- Shared VPC
- Creating your IP ranges
(1) Load balancing
- The types of load balancers, when you’d use each load balancer
- Load balancer health checks
(1) Connectivity options
- Dedicated interconnect
- Partner interconnect
- VPN, VPN gateways

Compute and Containers

Compute and Containers discusses the various IaaS, PaaS, SaaS, and FaaS offerings in GCP. Google Compute Engine, Google Kubernetes Engine, Google App Engine, Cloud Functions, Cloud Run, etc.

(1) Compute Engine
- MIGs, autoscaling, preemptible vms
- Connecting to GCE using shell or ssh keys
- VM snapshots
- Resizing disks in linux
- Shutdown scripts, instance templates
(2) Kubernetes
- Cluster architecture
- Vertical vs horizontal autoscaling
- Basic kubernetes syntax
- Using gcloud vs kubectl
(2) App Engine
- How to serve various types of users and divert traffic
- Deploying updates / rollbacks (green-blue, canary, etc)
- App engine standard vs flex
(2) Cloud Functions
- Serverless, scales to zero, cost effective, scales on demand

Storage, Databases, and Data Analytics

Storage, Databases, and Data Analytics cover the key data offerings. Databases like Cloud SQL, Spanner, Bigtable, Firestore and Memorystore. Data analytics offerings like BigQuery, Dataproc, Dataflow, and Pub/Sub. Storage offerings like GCS, persistent disk, all the block/object/file storage options.

Databases

(1) Relational vs non-relational databases on GCP
(1) Time-series use cases
(1) MS SQL Server on GCP vs Cloud SQL. Some functionality like availability groups, failover clustering, failover replicas, etc.

Data Analytics

(1) Batch (historical) vs stream (real-time) data ingestion / processing
(1) Bigquery - time partitioning, expiration times, bigquery jobs, roles, etc.

Storage

(1) Storing disk snapshots in GCS
(1) Object lifecycle classes in GCS, policies, etc

DevOps

DevOps goes into some offerings through the CI/CD pipeline including third party tools. You should have an idea of the stages of CI/CD and what tools are applicable where.

(3) Container registry, cloud build, cloud source repositories, etc
(1) Deployment models (green-blue, canary, rolling)
(2) Rollbacks
(2) Common 3rd party tools (Jenkins, Spinnaker, Ansible, Terraform)
(2) Deployment manager

Cloud Operations

Cloud Operations (formerly Stackdriver) refers to the logging, monitoring, and alerting you can do in Google Cloud. Designing logging architecture, which logs are which, how to monitor, set alerts, use metrics, etc.

(1) Where to find various types of logs , using the log search in the console, what each log category is
(2) Cloud logging agent
(2) Tracing latency
(1) Exporting logging data to BigQuery, archiving logs in GCS, etc
(2) What kind of alerts would trigger certain events
(1) Troubleshooting events by diving into operational data

Security

Security refers to the various preventative, detective, and corrective controls you can employ in GCP as well as a high level understanding of compliance.

(2) Source code analysis / vulnerability scanning within pipeline
(3) Compliance -- major compliance frameworks (HIPAA, PCI, GDPR)
(2) De-identification using DLP API, Data tokenization
(2) Managing secrets
(3) Digital signatures & PKI

Billing, Migration, Support

Billing dives into how to manage your billing accounts for large multinational organizations. Migration is focused on the strategic, tactical, and operational items to lead the cloud migration. And you probably won’t see questions about working with customer support in the exam.

(2) Applying labels (VM CPU utilization, etc) and using them to manage costs in BigQuery
(2) Sustained use discounts vs committed use discounts
(2) Using a transfer appliance vs storage transfer service
(3) Training & enablement

7. Help someone with your new knowledge

Folks.

If this blog has been helpful for you, please share it with other learners in the community. Also, feel free to tag #TheCertsGuy so that I can keep a tab of the open threads.

Lastly, if your new knowledge has helped you grow in your career, my only ask is that you share it with someone else.

Find someone to mentor, or find someone to provide some moral support in life, pair up and help -- regardless if it’s about this certification.

My philosophy is that if everyone in the world helps one other person, it will create a massive domino effect.

I appreciate you reading my blog post, I sincerely hope that it is helpful. I love feedback. Please share feedback here, good or bad, leave honest reviews on Amazon for the book, whatever it may be -- thank you.

Now go kick some ass and get certified.

- The Certs Guy

Order Now!

All opinions stated here are of my own and not of Google LLC. I cannot guarantee you will pass, even if you follow this approach, so I assume no responsibility in your exam outcome.

I do believe in you, and I think you’re amazing for even making it this far, so best of luck!

CHANGELOG: Date - Release - Notes
2/11/21 - V1.0 - First publication
Bugs - Adding anchor links TBD

Iman Ghanizada

Iman is an Author & Cloud Security Dude at Google Cloud.

https://thecertsguy.com