Preparing for Your

Associate Cloud
Engineer Journey

Module 1: Setting Up a Cloud Solution Environment

 Proprietary + Confidential

Module 01 Setting up Cymbal Superstore’s cloud environment

02
agenda Diagnostic questions

03 Review and study planning

 Proprietary + Confidential

Setting up Cymbal
Superstore’s cloud
environment
 Proprietary + Confidential

Your role in setting up

Cymbal Superstore’s
cloud solution ● Setting up cloud projects and accounts
● Managing billing configuration
environment ● Installing and configuring the CLI
 Proprietary + Confidential

Cymbal Superstore’s resource hierarchy

Organization Level
Cymbal
Superstore

Folder Level

Operations Sales & Marketing Logistics

B2B Supply Chain Transportation

ECommerce App
App App

Project Level
B2B B2B
B2B Dev
Staging Production
 Proprietary + Confidential

who Data analyst

Cymbal 2

Superstore’s
identity and 3 can do what View data and
run queries
access roles
4 on which resource BigQuery datasets
 Proprietary + Confidential

Google Cloud Observability

Cloud Monitoring

Setting up products in Can B2B Staging

monitor

Google Cloud B2B Development

Can
monitor

Observability
B2B Production

Scoping project

Monitored projects
 Proprietary + Confidential

Cymbal Superstore’s billing accounts

Payment Profile Organization Level Cymbal

(Google-level Resource) Superstore

Linked to Finance
Folder Level
Billing Admin
(CFO)
Creates Pays for Operations
Operations
Billing Account
B2B Supply
Chain App
Sales Billing
Account

Logistics Billing Project Level

B2B B2B
Account B2B Dev
Staging Production
 Proprietary + Confidential

Interacting with Google Cloud

Google Cloud Cloud SDK and Cloud Mobile App REST-based API
console Cloud Shell

Web user interface Command-line For iOS and Android For custom
interface applications
 Proprietary + Confidential

Diagnostic questions
 Proprietary + Confidential

Please complete the

diagnostic questions now
● The diagnostic questions are available in
the workbook.
 Proprietary + Confidential

Review and
study planning
 Proprietary + Confidential

Your study plan:

Setting up a cloud solution environment

1.1 Setting up cloud projects and accounts

1.2 Managing billing configuration

1.3 Installing and configuring the command line

interface (CLI), specifically the Cloud SDK
(e.g., setting the default project)
 Proprietary + Confidential

Setting up cloud
1.1 projects and accounts

Activities include:
● Creating a resource hierarchy
● Applying organizational policies to the resource hierarchy
● Granting members IAM roles within a project
● Managing users and groups in Cloud Identity (manually and automated)
● Enabling APIs within projects
● Provisioning and setting up products in Google Cloud Observability
 Proprietary + Confidential

1.1 Diagnostic Question 01 Discussion

Stella is a new member of a team in your company A. Assign Stella a roles/compute.viewer role.
who has been put in charge of monitoring VM B. Assign Stella compute.instances.get
instances in the organization. Stella will need the permissions on all of the projects she
required permissions to perform this role. needs to monitor.
C. Add Stella to a Google Group in your
organization. Bind that group to
How should you grant her those permissions? roles/compute.viewer.
D. Assign the “viewer” policy to Stella.
 Proprietary + Confidential

1.1 Diagnostic Question 01 Discussion

Stella is a new member of a team in your company A. Assign Stella a roles/compute.viewer role.
who has been put in charge of monitoring VM B. Assign Stella compute.instances.get
instances in the organization. Stella will need the permissions on all of the projects she
required permissions to perform this role. needs to monitor.
C. Add Stella to a Google Group in your
organization. Bind that group to
How should you grant her those permissions? roles/compute.viewer.
D. Assign the “viewer” policy to Stella.
 Proprietary + Confidential

2 who

Identity and
Access Management 3 can do what

4 on which resource
 Proprietary + Confidential

1.1 Diagnostic Question 02 Discussion

A. Organization, Project, Resource, Folder.

How are resource hierarchies organized
in Google Cloud? B. Organization, Folder, Project, Resource.
C. Project, Organization, Folder, Resource.
D. Resource, Folder, Organization, Project.
 Proprietary + Confidential

1.1 Diagnostic Question 02 Discussion

A. Organization, Project, Resource, Folder.

How are resource hierarchies organized
in Google Cloud? B. Organization, Folder, Project, Resource.
C. Project, Organization, Folder, Resource.
D. Resource, Folder, Organization, Project.
 Proprietary + Confidential

On which resource: Users get roles on

specific items in the hierarchy
Organization

2 who
example.com

Policy Inheritance
Project

bookshelf static-assets stream-ingest

3 can do what

4 on which resource
Resources

Compute App Cloud Cloud

Pub/Sub BigQuery
Engine Engine Storage Storage

instance_a queue_a bucket_a bucket_b topic_a dataset_a

 Proprietary + Confidential

1.1 Diagnostic Question 03 Discussion

A. The Project ID.

What Google Cloud project attributes
can be changed? B. The Project Name.
C. The Project Number.
D. The Project Category.
 Proprietary + Confidential

1.1 Diagnostic Question 03 Discussion

A. The Project ID.

What Google Cloud project attributes
can be changed? B. The Project Name.
C. The Project Number.
D. The Project Category.
 Proprietary + Confidential

1.1 Diagnostic Question 04 Discussion

Jane will manage objects in Cloud Storage A. Assign Jane the roles/storage.objectCreator
for the Cymbal Superstore. She needs to on every project.
have access to the proper permissions for B. Assign Jane the roles/viewer on each
every project across the organization. project and the roles/storage.objectCreator
for each bucket.
C. Assign Jane the roles/editor at the
What should you do? organizational level.
D. Add Jane to a group that has the
roles/storage.objectAdmin role assigned at
the organizational level.
 Proprietary + Confidential

1.1 Diagnostic Question 04 Discussion

Jane will manage objects in Cloud Storage A. Assign Jane the roles/storage.objectCreator
for the Cymbal Superstore. She needs to on every project.
have access to the proper permissions for B. Assign Jane the roles/viewer on each
every project across the organization. project and the roles/storage.objectCreator
for each bucket.
C. Assign Jane the roles/editor at the
What should you do? organizational level.
D. Add Jane to a group that has the
roles/storage.objectAdmin role assigned at
the organizational level.
 Proprietary + Confidential

Org Node Company

Dept X Dept y Shared infra

Resource hierarchy levels

Folders Team A Team B
define trust boundaries
Product 1 Product 2
Group your resources according to your
organization structure.
Projects Test Project Prod Project

Levels of the hierarchy provide trust

boundaries and resource isolation.
Resources VMs Storage
 Proprietary + Confidential

1.1 Diagnostic Question 05 Discussion

You need to add new groups of employees A. Grant the most restrictive basic role to most services,
in Cymbal Superstore’s production grant predefined or custom roles as necessary.
environment. You need to consider B. Grant predefined and custom roles that provide
Google’s recommendation of using necessary permissions and grant basic roles only
least privilege. where needed.
C. Grant the least restrictive basic roles to most services
What should you do? and grant predefined and custom roles only when
necessary.
D. Grant custom roles to individual users and implement
basic roles at the resource level.
 Proprietary + Confidential

1.1 Diagnostic Question 05 Discussion

You need to add new groups of employees A. Grant the most restrictive basic role to most services,
in Cymbal Superstore’s production grant predefined or custom roles as necessary.
environment. You need to consider B. Grant predefined and custom roles that provide
Google’s recommendation of using necessary permissions and grant basic roles only
least privilege. where needed.
C. Grant the least restrictive basic roles to most services
What should you do? and grant predefined and custom roles only when
necessary.
D. Grant custom roles to individual users and implement
basic roles at the resource level.
 Proprietary + Confidential

Can do what: IAM roles are

collections of related permissions

2 who

Basic Predefined Custom 3 can do what

4 on which resource
 Proprietary + Confidential

1.1 Diagnostic Question 06 Discussion

The Operations Department at Cymbal A. compute.images.list

Superstore wants to provide managers B. compute.images.get
access to information about VM usage
C. compute.images.create
without allowing them to make changes
that would affect the state. You assign D. compute.images.setIAM
them the Compute Engine Viewer role. E. computer.images.update

Which two permissions will they receive?

 Proprietary + Confidential

1.1 Diagnostic Question 06 Discussion

The Operations Department at Cymbal A. compute.images.list

Superstore wants to provide managers B. compute.images.get
access to information about VM usage
C. compute.images.create
without allowing them to make changes
that would affect the state. You assign D. compute.images.setIAM
them the Compute Engine Viewer role. E. computer.images.update

Which two permissions will they receive?

 Proprietary + Confidential

Setting up cloud projects

1.1 and accounts

Courses Skill Badges Documentation

Google Cloud Fundamentals: Overview | IAM Documentation

Core Infrastructure
Resource hierarchy | Resource Manager
● M2 Resources and Access in the Google Cloud Google Cloud
Documentation
Cloud Implement Load Balancing Set Up an App Dev
on Compute Engine Environment on Google Understanding roles | IAM Documentation
Cloud
Architecting with Google
Compute Engine
● M4 Identity and Access
Management (IAM)

=
Essential Google Cloud
Infrastructure: Core Services
● M1 Identity and Access
Management (IAM)
 Proprietary + Confidential

1.2 Managing billing configuration

Activities include:
● Creating one or more billing accounts
● Linking projects to a billing account
● Establishing billing budgets and alerts
● Setting up billing exports
 Proprietary + Confidential

1.2 Diagnostic Question 07 Discussion

A. Set up Cloud Billing to pay for usage costs in

How are billing accounts applied to
Google Cloud projects and Google
projects in Google Cloud? (Pick two.)
Workspace accounts.
B. A project and its resources can be tied to
more than one billing account.
C. A billing account can be linked to one or
more projects.
D. A project and its resources can only be tied
to one billing account.
E. If your project only uses free resources you
don’t need a link to an active billing account.
 Proprietary + Confidential

1.2 Diagnostic Question 07 Discussion

A. Set up Cloud Billing to pay for usage costs in

How are billing accounts applied to
Google Cloud projects and Google
projects in Google Cloud? (Pick two.)
Workspace accounts.
B. A project and its resources can be tied to
more than one billing account.
C. A billing account can be linked to one or
more projects.
D. A project and its resources can only be tied
to one billing account.
E. If your project only uses free resources you
don’t need a link to an active billing account.
 Proprietary + Confidential

1.2 Diagnostic Question 08 Discussion

Fiona is the billing administrator for the A. Change the budget alert default threshold
project associated with Cymbal rules to include Jeffrey as a recipient.
Superstore’s eCommerce application. B. Use Cloud Monitoring notification channels
Jeffrey, the marketing department lead, to send Jeffrey an email alert.
wants to receive emails related to budget
C. Add Jeffrey and Fiona to the budget scope
alerts. Jeffrey should have access to no
custom email delivery dialog.
additional billing information.
D. Send alerts to a Pub/Sub topic that Jeffrey is
subscribed to.
What should you do?
 Proprietary + Confidential

1.2 Diagnostic Question 08 Discussion

Fiona is the billing administrator for the A. Change the budget alert default threshold
project associated with Cymbal rules to include Jeffrey as a recipient.
Superstore’s eCommerce application. B. Use Cloud Monitoring notification channels
Jeffrey, the marketing department lead, to send Jeffrey an email alert.
wants to receive emails related to budget
C. Add Jeffrey and Fiona to the budget scope
alerts. Jeffrey should have access to no
custom email delivery dialog.
additional billing information.
D. Send alerts to a Pub/Sub topic that Jeffrey is
subscribed to.
What should you do?
 Proprietary + Confidential

1.2 Managing billing configuration

Courses Documentation

Google Cloud Fundamentals: Core Infrastructure

Create, modify, or close your
● M2 Resources and Access in the Cloud self-serve
Cloud Billing account
Create, edit, or delete budgets
Architecting with Google Essential Google Cloud
and budget alerts | Cloud Billing
Compute Engine Infrastructure: Core Services
● M6 Resource = ● M3 Resource
Management Management
 Proprietary + Confidential

Installing and configuring the command line

1.3 interface (CLI), specifically the Cloud SDK
(e.g., setting the default project)
 Proprietary + Confidential

1.3 Diagnostic Question 09 Discussion

A. Google Cloud console

Pick two choices that provide a
command line interface to Google Cloud. B. Cloud Shell
C. Cloud Mobile App
D. Cloud SDK
E. REST-based API
 Proprietary + Confidential

1.3 Diagnostic Question 09 Discussion

A. Google Cloud console

Pick two choices that provide a
command line interface to Google Cloud. B. Cloud Shell
C. Cloud Mobile App
D. Cloud SDK
E. REST-based API
 Proprietary + Confidential

The Cloud SDK and Cloud Shell

● The Cloud SDK includes CLI tools for Google

Cloud products and services.
● gcloud, gcloud storage (Cloud Storage),
bq (BigQuery)
● Available as a Docker image.
● Available via Cloud Shell.
● Containerized version of the Cloud SDK
running on a Compute Engine instance.
 Proprietary + Confidential

1.3 Diagnostic Question 10 Discussion

You want to use the Cloud Shell to copy A. gcloud

files to your Cloud Storage bucket. B. gcloud storage
C. bq
Which Cloud SDK command should you use? D. Cloud Storage Browser
 Proprietary + Confidential

1.3 Diagnostic Question 10 Discussion

You want to use the Cloud Shell to copy A. gcloud

files to your Cloud Storage bucket. B. gcloud storage
C. bq
Which Cloud SDK command should you use? D. Cloud Storage Browser
 Proprietary + Confidential

Installing and configuring the command line

1.3 interface (CLI), specifically the Cloud SDK

Courses Skill Badges Documentation

Google Cloud Fundamentals:
Core Infrastructure Google Cloud overview | Overview

● M2 Resources and Access in the Google Cloud Google Cloud Managing Cloud SDK components |
Cloud Cloud SDK Documentation
Implement Load Balancing on Set Up an App Dev
Compute Engine Environment on Google gcloud | Cloud SDK Documentation
Cloud
Architecting with Google Using the bq command-line tool |
Compute Engine BigQuery
● M1 Interacting with gcloud storage tool | Cloud Storage
Google Cloud

=
Essential Google Cloud
Infrastructure: Foundation
● M1 Interacting with
Google Cloud
 Proprietary + Confidential

Knowledge Check 1
Which Google Cloud interface allows for scripting actions in a set
of command line executables?

A. Google Cloud console

B. Cloud Shell

C. Cloud Mobile App

D. REST API
 Proprietary + Confidential

Knowledge Check 1
Which Google Cloud interface allows for scripting actions in a set
of command line executables?

A. Google Cloud console

B. Cloud Shell

C. Cloud Mobile App

D. REST API
 Proprietary + Confidential

Knowledge Check 2
What is the lowest level basic role that gives you permissions to
change resource state?

A. Owner

B. Administrator

C. Viewer

D. Editor
 Proprietary + Confidential

Knowledge Check 2
What is the lowest level basic role that gives you permissions to
change resource state?

A. Owner

B. Administrator

C. Viewer

D. Editor