Google Cloud Certification - Associate Cloud Engineer
Updated: Oct 12, 2020
"How should I proceed with my Google Cloud Certification preparation?"
This is the first question which I'm sure many will ask too. Let me share my approach here and hopefully, it will help you in some ways. Teaching you how to fish, rather than to fish for you is my purpose for this first blog though I will provide some tips if you read on. The blog is a bit long so that it is informative enough for you to ace your exam in your first trial without spending extra money.
First, a zest for continuous learning, or Microsoft calls it, a "Growth Mindset", is a necessary first step towards your goal. Whether or not, your current job role is directly or indirectly involved with public cloud, you will sooner or later have to deal with it, let faces it - It is just a matter of time as public cloud is gaining more and more traction esp. with the "hybrid cloud" bridging the gap! And do I have to mind you about the COVID-19 push?
By the way, I come from on-premises generation starting with UNIX, and to a lesser extent, Linux, VMware and Wintel working with plethora of enterprise applications like SAP R/3, Oracle, Oracle RAC, etc.
My later tenure exposed me deeper into Linux, VMware, Open Stack, Open Source, SAP HANA, Private Cloud using Open Stack, Cybersecurity, Networking Function Virtualization (NFV), NFV Infrastructure, etc.
Second, having the commitment, consistency and very importantly, discipline is the foundational pillar one needs to carry your goal through: That means spending many weekends or public holidays poring over both online and physical study materials.
These 2 important character traits are important pre-requisites. For me, the methodology is as follows for Google Cloud Platform - Associate Cloud Engineer:
i) Know more about the exam
Always refer to Google's website for the latest information (Remember cloud moves fast) about the exam
Tip: You are allowed to mark the question for review later. For most of the examinations conducted by CISCO, you are not allow to mark any question for review later. So thanks to Google for their show of sympathy and empathy, LOL.
ii) Know the context surrounding the exam using the Exam Guide
Refer to Google's website for the latest information
Note: Do not panic if you encounter question which is not covered by Exam Guide as I have question about "Cloud Scheduler" and "Microservices".
iii) Plan your study
It is worth sitting down and thinking through how you plan to study rather than just jump straight into it. It will pay dividend later as the plan will guide you back once you go off track.
For me, the first step is copying the official Google exam guide into a spreadsheet. I will leave aside the timeline here as everyone will have different spare cycles depending on many factors like hands-on experience with Google Cloud Platform, prior experience with other public cloud providers and a myriad of others.
I would suggest mark the leftmost spreadsheet column with tag like "critical3", "Review" and others which make sense to you. "critical3" means that the section is still relatively new to me or I am having hard time remembering them or it is an important topic; "critical2" means the same thing but to a LESSER degree. So during revision, I would use search function to search for tags typically starting with the most severe one so in this case it is "critical3". Over time, organically, the spreadsheet will have more and lengthier sheets. Hey, that proves that you are indeed bloating with knowledge which no one can take it away from you.
Let me provide an example from my own Spreadsheet for illustration based on the Exam Guide:
Tip 1: Make sure you know the process of creating an instance template and instance group and the dependency among them. For simplicity sake, an instance template hails from an Operating System image provided by Google or a custom image created by you from your own disk. The last step is to create MANAGED or UN-MANAGED instance group from the instance template. Again, this is another key concept which you must grind into your head esp. Managed Instance Group which is a collection of instances behind it. Managed Instance Group supports many of Google Cloud Platform features related to:
Instinctively, you should realize that the features in bullet points are what makes public cloud attains it elasticity, resiliency and high availability and make it so appealing as compared to on-premises static, expensive, wasteful, and not-future-proof infrastructure. So is it another important concept? Of course... https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances
Tip 2: Know when not to go too deep a dive using the Exam Guide as the saviour again augmented by your own instinct too. Google produced very technical and detailed documentation obviously for someone who needs to go beyond scratching the surface.
It took me 3-4 months to get myself certified in "Associate Cloud Engineer" via self-taught methodology using:
The Official Google Cloud Certified Associate Cloud Engineer Study Guide available at https://www.wiley.com/en-sg/Official+Google+Cloud+Certified+Associate+Cloud+Engineer+Study+Guide-p-9781119564416
Familiarize yourself with certain topics by selectively going over Google Next sessions https://www.youtube.com/results?search_query=Google+NEXT+2019
Getting hands-on with Google Cloud Platform console using Google provided FREE TIER, https://cloud.google.com/free. If you are like me without prior Google Cloud Platform experience, you MUST make full use of it to make yourself comfortable with the GUI navigation as you may expect a few questions related to the use of Google Cloud Platform console. Google Exam Guide mentions Recommended experience: 6 months+ hands-on experience with Google Cloud.
I did not sign up with any of the usual suspects typically recommended by others:
- Linux Academy
Disclaimer: I am not saying you can't sign up with any or multiple of them. It depends on individual preferences. I was born as an on-premises native dealing with UNIX cli for many years and all of my previous tenures were hands-on technical roles, so it helped a lot. I am sure many of you can do it too and are much better than me (Let share and grow together).
In fact, I can still remember some of the nitty-gritty details up to today:Like all HP-UX patches would be prefixed by PH which probably is a short form for PatcH: Networking-related patch will be prefixed by PHNE_##### (NE stands for NEtwork) and kernel-related one denoted by PHKL_###### (KL specifies KerneL), etc.
To check the status of HP-UX cluster, Mission/Critical Service Guard or MC/SG, one would issue cli like #cmviewcl -v
Food for thought
As a side note, all public cloud hyperscalers often stipulated in their hiring criterion that the candidate must have hands-on experience either with their own or other similar cloud technologies. To me, this limits the chance for many others who have proven their mettle by getting certified on their own initiatives and who bring diverse background and unique proposition (By the way, I am not very sure how many of Amazonians and Googlers are certified)
That is why you would frequently see employees switching jobs among these hyperscalers esp. from being Amazonian to Googler? That says something unique about working for Google.
We all know it is hip to be with one of these hyperscalers, but arm yourself with the certification is one step closer though there is NO GUARANTEE.
A telling example is a legacy customer who wants to migrate their UNIX servers to public cloud: Imagine you have two candidates: One comes with legacy expertise but slightly less hands-on public cloud knowledge and the other one who is the polar opposite. Which one would you choose to be the migration engineer bearing in mind that a lot of UNIX servers is running enterprise applications?
Pre-requisite 1: Google Cloud Platform console
Let us use https://cloud.google.com/iam/docs/quickstart as a reference to start using Google Cloud Platform. The first step is to create a project assuming you have signed up successfully with Google for the FREE TIER.
In the Cloud Console, go to the project selector page. GO TO THE PROJECT SELECTOR PAGE
Click Create to begin creating a Cloud project
Name your project. Make a note of your generated project ID.
Edit the other fields as needed.
Click Create to create a project.
Google did an excellent job of embedding appropriate hyperlinks in all of their documentations and it really enhances the learning experience for any newbie. Now try it for yourself and click on the hyperlink above!
Pre-requisite 2: gcloud cli tool
Another hands-on tool you MUST get yourself brushed up on is gcloud command line (Know the basic especially on the placement of ACTION, RESOURCE and some of the very common commands like #gcloud init, gcloud compute instances list, gcloud projects list, gcloud config list, gcloud config project set <the project you want to work on>, etc.
The gcloud CLI is a part of the Google Cloud SDK. You must download and install the SDK on your system and initialize it before you can use the gcloud command-line tool (Actual Google documentation). Please follow the instruction given by Google as you will need to practise with gcloud cli tool during your preparation.
Tip: You do not have to know every gcloud command line options and their flags, but it is good that you know the fundamental like:
All gcloud command lines in my own word follow a set pattern of starting with gcloud follows by RESOURCE NAME you want to work on, the ACTION you want to perform, the NAME if relevant and the mandatory and/or optional flags.
Tip: DON'T be shocked by the myriad of flag options; My advice is to focus on the key flags.
What is flag in gcloud command line?
The best way to learn is to look at one actual example. So let use gcloud compute instance create as an example, https://cloud.google.com/sdk/gcloud/reference/compute/instances/create
Flags are identified and prefixed by two dashes -- and let pick [--no-boot-disk-auto-delete] for illustration. Basically, what it means is whether you would want to:
- Automatically delete boot disks when their instances are deleted. Enabled by default, use--no-boot-disk-auto-deleteto disable.
Some of the flags are mandatory and others are optional as it depends on the use case.
To create a standard VM with 2 vCPUs and 8GB of memory, you can refer to all the machine types supported by Google at https://cloud.google.com/compute/docs/machine-types
You can specify e2-standard-2 as the machine type based on the lowest cost and other requirements specified by your organization.
# gcloud compute instances create --machine-type=e2-standard-2
A well curated gcloud cli cheat sheet is provided by Google at https://cloud.google.com/sdk/docs/cheatsheet
Now that, with the knowledge and readiness of the tools we will use as mentioned above (Google Cloud Platform console using FREE TIER and gcloud), I will delve into the approach I am using to clear both Associate Cloud Engineer & Google Professional Cloud architect examinations in my first trial. You can do it too.
My approach: Always learn with the Exam Guide to guide you
The following section is from Google Associate Cloud Engineer Exam Guide which I am using to illustrate my study methodology:
1. Setting up a cloud solution environment
1.1 Setting up cloud projects and accounts. Activities include:
Focus on the key word, so from the above, it is "projects". Make sure you know what is a project in Google Cloud Platform lingo? So the best source to learn is the official Google documentation.
Follow the url above, you will see that there is many hyperlinks to other related documentations. The key reminder is read through the text under the heading like Before you begin. Make sure you understand the key concepts or terminologies highlighted in blue or bolded.
So here, I will include them for illustration:
If you have clicked the Resource Hierarchy overview, you will see that such hierarchy is critical for any public cloud providers to organise the provided and later provisioned resources tailored to your organizational structure.
Key words or concepts from Resource Hierarchy overview page:
- overview of Cloud Identity - If you check for presence of Cloud Identity in the Associate Cloud Engineer Exam Guide, you will find it in Managing users in Cloud Identity (manually and automated) under Section 1.1 Setting up cloud projects and accounts. Activities include.
Tip: So make sure you know what is Cloud Identity and how to manage users using automated or manually? A search on our Google lands me here.
- Organization policies - If you look for Organization policies in the Associate Cloud Engineer Exam Guide, it is not there.
Tip: So understand Organization policies from 30,000 feet and know some of its properties like inheritance, constraints and violations.
Take note of the purpose of Resource Hierarchy, actual structural layout of the hierarchy from the same url. Google provides a very good diagram from that Resource Hierarchy overview page. I will summarise it here from the highest to the lowest:
- Organization [Obviously, it is the highest/top level. Google called it ROOT NODE]
- Folder(s) - [Grouping mechanism for your organizational departments. An example is IT department]
- Project(s) - [ Think of it like sub-teams within your organizational department. An example is Day 2 Operation Support team within IT department]
- Resource(s) - [Anything your organization is using in Google Cloud Platform. An example is COMPUTE ENGINE's Virtual Machine or GOOGLE CLOUD STORAGE bucket]
Copy key points and points which you are not so clear or struggling to remember from Google documentation into the Excel spreadsheet. You can also include the url so you can refer back later while revising to get a bigger picture.
Key points from Resource Hierarchy overview:
- The purpose of such hierarchy
- The inheritance of organizational polices from higher hierarchical structure above. A policy sets at the Organizational level will be cascaded down to those levels below it: Similarly, if you have a policy defined at the Folder level, it will be inherited by the Project below the Folder and the resources will in turn inherited such policy from the Folder.
- Each resource has one parent EXCEPT the Organization which has no parent obviously.
- A project is required to use Google Cloud, and forms the basis for creating, enabling, and using all Google Cloud services, managing APIs, enabling billing, adding and removing collaborators, and managing permissions (Direct copy from the Google url)
- The project IDis a unique identifier for a project. When you first create a project, you can accept the default generated project ID or customize your own. A project ID cannot be changed after the project is created, so if you are creating a new project, be sure to choose an ID that you'll be comfortable using for the lifetime of the project.
- IAM policy inheritance
IAM stands for Identity and Access Management. It is a big thing as everything you do in Google Cloud Platform needs to have an IAM policy being defined as in:
- WHO can access WHICH RESOURCE and WHAT kind of access he/she or a Service Account has. It is really about Role Based Access Control, Permissions and Access Control List.
Tip: You can't grant permission directly to a user; You have to add permission to a role, then assign that role to a user or user group and that is Google Best Practice for IAM.
Most of Google documentation has an Overview section. Since we are talking about IAM, make sure you read and understand what IAM is all about in detail at https://cloud.google.com/iam/docs/overview
On the left pane of the same IAM page toward the bottom under Concepts, you will see Best Practices sub-heading, you should really spend some time going through all of them as IAM is one of the fundamental and foundational topics of any public cloud provider.
Tip: Always goes through Google documentation with headings as Concepts, Best Practices, How-to-guides and Tutorials. The depth and breath of the topic depends on Exam Guide and criticality of the topic in Google Cloud Platform ecosystem.
A few concepts you must remember is as follow though this is not the exhaustive list as there is just too many to list here (Please refer back to Exam Guide again):
App Engine (Google Cloud Platform Platform As A Service offering. App Engine FLEXIBLE vs STANDARD and their unique use cases, characteristics)
Cloud Audit Logs (You must know the roles needed to view each of the three log classes). The operations which generate the audit log entries like Updating/patching resources generate Admin Activity log.
Google Kubernetes Engine and microservices (A perfect match made in heaven)
Some APIs is enabled by default but most of them needs to be enabled before you can use it. Any Public Cloud service is really about API, so to discontinue using it, choose your Google Cloud Platform project first, then select the API/service you want to DISABLE or stop using to tear down a project, to save cost or whatever business or technical drivers.
Google Cloud Platform Load Balancing (Please know the use case of each type of load balancer)
Google Cloud Storage Classes (Multi-region, Dual-Region & Region. Their use cases and defining characteristics)
gsutil tool (Its use case and some basic command line options like to create a Cloud Storage bucket)
This is especially important if you are also planning to go for the Google Professional Cloud Architect certification route down the road. I will provide another blog post at a later date, so watch this space.
Tip: The more time you spend on revising for Associate Cloud Architect exam, the better prepared you will be when sitting for the Google Professional Cloud Architect exam. I obtained my Associate Cloud Engineer certification on Jul 6 2020 and I cleared my Google Professional Cloud Architect exam on Sep 25 2020 as I have two weeks of downtime due to some other commitments.
Identity and Access Management (IAM) - (Primitive Role [Broadest permission so less secure - OWNER, EDITOR & VIEWER], Predefined Role [More granular and it is service specific like the predefined role for A Billing Account Administrator is to provide access to see and manage all aspects of billing accounts] and Custom Role [It is really for you to pick the roles you want to enforce)
Virtual Private Network (VPC) - VPC Peering vs Shared VPC
Tip: Know cloud billing account role, linking cloud billing user account to project, when to use one consolidated billing account vs. multiple billing accounts (legal or multiple currencies requirement), know what different users can do and can't do - Billing Account Admin role, Billing Account User role, Project Billing Manager, Billing Account Viewer & Billing Account Creator. There will definitely be one or two questions on this.
Tip: BigQuery is a very popular Managed SERVERLESS, No-SQL enterprise data warehouse accessible via standard Structured Query Language interface (SQL) for ANALYTICS over Petabytes of data in Google Cloud Platform ecosystem. Know WHEN to use it, WHY, its properties, its costing model, Predefined IAM roles,
Please make sure you understand and memorise the use case of each tool.
If you are practising the methodology I suggest here based on the Associate Cloud Engineer exam guide from the beginning to the end, I can safely say that you are on your pathway to success.
So the next option is to purchase The Official Google Cloud Certified Associate Cloud Engineer Study Guide available at https://www.wiley.com/en-sg/Official+Google+Cloud+Certified+Associate+Cloud+Engineer+Study+Guide-p-9781119564416
This book is very easy to read and understand. I read it two to three times before my exam. Go through the practice questions included in the book too.
v) Are you Ready?
When you are all set, you can try the official Google Sample Questions to assess your readiness. If you do not score well, go back to your revision and zero in on your weaker topics.
vi) Schedule your exam day - Mine is done via Remote Proctor
Please revise the checklist and make sure that your equipment meets the requirements stipulated by Google Testing Provider, KRYTERION. After that, you have to register your KRYTERION test taker account if you do not have one.
So the name you used to register MUST BE the same as the name on your photo ID like driving license or other physical media you are going to use to authenticate to KRYTERION during the exam day.
Note: KRYTERION will not send you a SMS or TEXT reminder of your exam date beside the e-mail you use for exam registration. Please MARK IT down on your calendar. I missed my first registered exam and I could not get a refund. Google should improve its exam notification system by having the option to send such reminder to our cellphone.
Tip: Don't press the panic button if you do not see any human proctor remotely.
My guess is Google is using its high tech surveillance camera, movement sensors, artificial intelligence and other related technology to automate such predictable and mundane task.
Can any Googler verify my claim???
vi) All The Best with your Google Cloud journey. I can't wait to see you on Cloud Nine.
Here, I want to wish you all good luck with your Associate Cloud Engineer exam. You can drop me an e-mail or post your questions and suggestions to make our blog better together. I will try my best to help you within my capability and capacity to make you successful in your exam. There is just too many topics to be included, so imagine AWS certification. I will come to that later in a separate blog...
Please do not ask me about certification dumps or anything like that as I strongly believe in really learning something out of this continuous learning journey. There is no short cut to success and why you want to cheat yourself out of it.
Thank you for reading my long blog and please stay tuned for my next blog on how to ace Google Professional Cloud Architect exam.