Question bank for module 2, 3 and 4

Module 2:
1. Identify the steps to optimize the performance of a Compute Engine instance
for a high-traffic web application? (performance optimization)

Instance Type Selection:

• Choose an instance type (machine type) that meets your application's

requirements in terms of CPU, RAM, and network throughput. Consider using
Compute-Optimized (C2) or Memory-Optimized (M2) instances for CPU or
memory-intensive workloads respectively.

Auto Scaling:

• Implement managed instance groups with autoscaling based on traffic load or

CPU utilization. This ensures that your application can handle varying levels of
traffic efficiently without manual intervention.

Load Balancing:

• Utilize Google Cloud's load balancing services such as HTTP(S) Load Balancing
or Network Load Balancing to distribute traffic across multiple instances. This
improves availability and scalability by directing traffic to healthy instances.

Optimized Disk Performance:

• Use SSD persistent disks for better I/O performance compared to standard
persistent disks. Consider using local SSDs for temporary data or caching, as
they offer higher throughput and lower latency.

Networking Optimization:

• Ensure your Compute Engine instance is in the appropriate network and region
to minimize latency. Use VPC networks and subnets effectively. You can also
optimize network performance by enabling Google Cloud CDN (Content
Delivery Network) to cache content closer to your users.

Monitoring and Logging:

• Use Google Cloud Monitoring and Logging to monitor instance performance

metrics such as CPU utilization, disk I/O, and network traffic. Set up alerts based
on thresholds to proactively address performance issues.
Caching and Content Delivery:

• Implement caching mechanisms such as Google Cloud Memorystore (for Redis)

or other caching solutions to reduce database load and improve response times
for frequently accessed data.

Optimize Application Code:

• Review and optimize your web application's code to reduce latency and
improve efficiency. Consider techniques like asynchronous processing, lazy
loading, and efficient database queries.

Security Best Practices:

• Implement security best practices such as firewall rules, IAM roles, and HTTPS
encryption to protect your Compute Engine instance and data.

Regular Performance Testing:

• Conduct regular load testing and performance benchmarking to identify

bottlenecks and optimize system configurations accordingly.

2. How do you set up a Dataflow job using the GCP Console? OR Discuss the steps
to configure and run a Dataflow job from the GCP Console.

Navigate to Dataflow in GCP Console:

• Go to the GCP Console at https://console.cloud.google.com/.

• Select the Navigation menu (three horizontal lines) and navigate
to Dataflow under the Big Data section.

Create a New Dataflow Job:

• Click on the Create job from template button to start configuring a new
Dataflow job.

Configure Job Details:

• Job name: Enter a descriptive name for your Dataflow job.

• Region: Select the region where you want the job to run.
• Dataflow template: Choose the template that matches your job type (e.g.,
batch processing, streaming processing).
Configure Pipeline Options:

• Specify the input sources, output sinks, and any additional parameters required
by your Dataflow job.
• This may include details like input file paths, output file paths, Cloud Storage
buckets, Pub/Sub topics, etc.

Set Dataflow Job Execution Options:

• Define the job execution settings such as worker machine type, number of
workers, autoscaling options, and other performance-related configurations.
• You can also specify additional parameters like max workers, disk size, etc.,
depending on your job requirements.

Review and Launch the Job:

• Review all the configurations to ensure they are correct.

• Click on Run job to launch your Dataflow job.

Monitor Job Progress:

• Once the job is launched, you can monitor its progress in the Dataflow section
of the GCP Console.
• You can view details such as job status, throughput, input/output metrics, and
logs to track how your Dataflow job is performing.

View Job Logs and Output:

• After the job completes, you can view detailed logs and review the output
generated by your Dataflow job.
• Logs are accessible from the GCP Console, and output files are typically stored
in the specified Cloud Storage bucket or Pub/Sub topic.

Cleanup (if necessary):

• If you no longer need the resources associated with the Dataflow job, consider
cleaning up by deleting unnecessary resources like temporary files or unused
Cloud Storage buckets.

3. What types of encryption are available in Azure? OR List the types of encryption
supported by Azure, such as data-at-rest encryption and data-in-transit
encryption.
 4. Data-at-Rest Encryption:
a. Azure Disk Encryption: Encrypts operating system and data disks used
by Azure Virtual Machines (VMs) to protect sensitive data.
b. Azure Storage Service Encryption (SSE): Automatically encrypts data
before persisting it to Azure Storage. SSE supports Blob storage, File
storage, and Queue storage.
5. Data-in-Transit Encryption:
a. Transport Layer Security (TLS/SSL): Azure uses TLS/SSL protocols to
encrypt data transmitted between users and Azure services, as well as
between Azure services.
b. Azure VPN Gateway: Provides secure encrypted tunnels between your
on-premises network and Azure Virtual Network (VPN encryption).
6. Encryption for Data Services:
a. SQL Database Transparent Data Encryption (TDE): Automatically
encrypts data in Azure SQL Database, ensuring data remains encrypted
at rest.
b. Azure Cosmos DB Encryption: Offers encryption of data both at rest and
in transit within Azure Cosmos DB using platform-managed keys.
c. Azure Storage Encryption: Besides SSE, Azure provides client-side
encryption where applications encrypt data before storing it in Azure
Storage using customer-managed keys.
7. Encryption Key Management:
a. Azure Key Vault: Centralizes key management and helps safeguard
cryptographic keys and secrets used by cloud applications and services.
8. Application-Level Encryption:
a. Developers can implement encryption within their applications using
libraries and APIs provided by Azure to encrypt sensitive data before
storing it in Azure services or transmitting it over networks.

4 Compare Azure Blob Storage and Azure Files for storing

container data in Kubernetes. What factors would influence
your choice between the two?-storage type and use cases

Azure Blob Storage:

1. Storage Type:
o Object Storage: Azure Blob Storage is optimized for storing large
amounts of unstructured data, such as images, videos, backups, and
logs.
2. Use Cases:
o Data Lakes: Ideal for building data lakes where data is ingested from
various sources and accessed for analytics and machine learning.
 o Backup and Archive: Suitable for long-term storage and archival of data
that is accessed infrequently.
o Content Distribution: Used for serving static content to web applications
and streaming media.
3. Key Features:
o Access Tiers: Offers hot, cool, and archive tiers for cost-effective data
storage based on access frequency.
o Versioning: Supports versioning of blobs to maintain historical changes.
o Lifecycle Management: Automates the transition of data between
storage tiers and deletion of outdated data.

Azure Files:

1. Storage Type:
o File Storage: Azure Files provides SMB (Server Message Block) file shares
that can be accessed over the network using standard file system
protocols.
2. Use Cases:
o Shared File Storage: Suitable for applications that need shared access to
files, such as application data, configuration files, and shared libraries.
o Development and Testing: Useful for sharing files across development
teams and testing environments.
o Distributed Applications: Supports scenarios where multiple instances
of an application need access to the same files.
3. Key Features:
o SMB Protocol: Supports SMB protocol for seamless integration with
Windows and Linux applications.
o Mounting: Can be mounted directly as file shares on Kubernetes pods
using PersistentVolumeClaims (PVCs).
o Azure File Sync: Allows synchronization of on-premises file servers with
Azure Files for hybrid cloud scenarios.

Factors Influencing Choice:

1. Access Method:
o Blob Storage: Accessed via REST APIs, suitable for applications that need
to store and retrieve large amounts of unstructured data directly.
o Azure Files: Accessed via SMB protocol, suitable for applications that
require shared file access and compatibility with existing file-based
applications.
2. Data Structure:
o Blob Storage: Best for unstructured data and binary large objects
(BLOBs).
 o Azure Files: Suitable for structured data and file-based applications
requiring hierarchical file storage.
3. Performance Requirements:
o Blob Storage: Optimized for handling large files and streaming data.
o Azure Files: Offers low-latency access for small file read/write
operations.
4. Integration Needs:
o Consider whether your applications or Kubernetes workloads require
direct integration with file shares (Azure Files) or object storage (Blob
Storage).
5. Cost Considerations:
o Evaluate cost differences based on storage consumption, access
patterns (frequency of access), and data transfer.

9.