Preparing for Your

Associate Cloud
Engineer Journey

Module 1: Setting Up a Cloud Solution Environment

Welcome to Module 1: Setting Up a Cloud Solution Environment.

Review and
study planning

Now let’s review how to use these diagnostic questions to help you identify what to
include in your study plan.

As a reminder - this isn’t meant to be a crash course teaching you everything you
need to know about setting up a solution in Google Cloud. Instead, it’s meant to give
you a better sense of the scope of the section and the different skills you’ll want to
develop as you prepare for the certification.
Your study plan:
Setting up a cloud solution environment

1.1 Setting up cloud projects and accounts

1.2 Managing billing configuration

1.3 Installing and configuring the command line

interface (CLI), specifically the Cloud SDK
(e.g., setting the default project)

We’ll approach this review by looking at the objectives of this exam section and the
questions you just answered about each one. We’ll introduce an objective, briefly
review the answers to the related questions, then talk about where you can find out
more in the learning resources and/or in Google Cloud documentation. As we go
through each section objective, use the page in your workbook to mark the specific
documentation, courses (and modules!), and quests you’ll want to emphasize in your
study plan.
 Setting up cloud
1.1 projects and accounts

Activities include:
● Creating a resource hierarchy
● Applying organizational policies to the resource hierarchy
● Granting members IAM roles within a project
● Managing users and groups in Cloud Identity (manually and automated)
● Enabling APIs within projects
● Provisioning and setting up products in Google Cloud’s operations suite

At the start of this module we mentioned some of the tasks you’d undertake as an
Associate Cloud Engineer to help set up Cymbal Superstore’s cloud projects and
accounts. This includes tasks such as creating a resource hierarchy related to the
three applications migrating to the cloud and their associated departments, granting
IAM roles, and the activities here.

Many of the questions you just answered relate to this area - these are key concepts
for an Associate Cloud Engineer!

Question 1 tested your ability to assign users to IAM roles. Question 2 explored using
organization resource hierarchies in Google Cloud, and question 3 tested your
knowledge of the relationship between resources and projects to track resource
usage, billing, or permissions. Question 4 examined concepts of permission
hierarchy, and questions 5 and 6 tested your knowledge of roles in Google Cloud.

Let’s review.
1.1 Diagnostic Question 01 Discussion

Stella is a new member of a team in your company A. Assign Stella a roles/compute.viewer role.
who has been put in charge of monitoring VM B. Assign Stella compute.instances.get permissions on
instances in the organization. Stella will need the all of the projects she needs to monitor.
required permissions to perform this role.
C. Add Stella to a Google Group in your organization.
Bind that group to roles/compute.viewer.
D. Assign the “viewer” policy to Stella.
How should you grant her those permissions?

Feedback:
A. Incorrect. You should not assign roles to an individual user. Users should be added
to groups and groups assigned roles to simplify permissions management.
B. Incorrect. Roles are combinations of individual permissions. You should assign
roles, not individual permissions, to users.
* C. Correct! Best practice is to manage role assignment by groups, not by individual
users.
D. Incorrect. A policy is a binding that is created when you associate a user with a
role. Policies are not "assigned" to a user.

Where to look: https://cloud.google.com/iam/docs/overview

Content mapping:
● Instructor-led Training/OnDemand
○ Google Cloud Fundamentals: Core Infrastructure
■ M2 Getting Starting with Google Cloud
○ Architecting with Google Compute Engine
■ M4 Cloud IAM
● Quests
○ Create and Manage Cloud Resources
(https://www.qwiklabs.com/quests/120)
 ○ Perform Foundational Infrastructure Tasks in Google Cloud
(https://www.qwiklabs.com/quests/118)

Summary:
You assign members to roles through an IAM policy. Roles are combinations of
permissions needed for a role. Members can be a Google account, a service account,
a Google group, a Google Workspace domain, a Cloud Identity domain, all
authenticated users, and all users. A service account is an account for an application
instead of an end user.

Summary content continues on the next slide.

 2 who

Cloud Identity and

Access Management 3 can do what

4 on which resource

IAM lets administrators authorize who can take action on specific resources. An IAM
policy has a “who” part, a “can do what” part, and an “on which resource” part.
1.1 Diagnostic Question 02 Discussion

How are resource hierarchies organized A. Organization, Project, Resource, Folder.

in Google Cloud? B. Organization, Folder, Project, Resource.
C. Project, Organization, Folder, Resource.
D. Resource, Folder, Organization, Project.

Feedback:
A: Incorrect. Folders are optional and come in between organizations and projects.
*B: Correct! Organization sits at the top of the Google Cloud resource hierarchy. This
can be divided into folders, which are optional. Next, there are projects you define.
Finally, resources are created under projects.
C: Incorrect. Organization is the highest level of the hierarchy.
D: Incorrect. Organization is the highest level of the hierarchy, followed by optional
folders, projects, and then resources.

Where to look:
https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hiera
rchy#resource-hierarchy-detail

Content mapping:
● Instructor-led Training/OnDemand
○ Google Cloud Fundamentals: Core Infrastructure
■ M2 Getting Starting with Google Cloud
● Quests
○ Create and Manage Cloud Resources
(https://www.qwiklabs.com/quests/120)

Summary:
You may find it easiest to understand the Google Cloud resource hierarchy from the
bottom up. All the resources you use--whether they’re virtual machines, Cloud
Storage buckets, tables in BigQuery, or anything else in Google Cloud--are organized
into projects. Optionally, these projects may be organized into folders; folders can
contain other folders. All the folders and projects used by your organization can be
brought together under an organization node. Projects, folders, and organization
nodes are all places where policies can be defined. Some Google Cloud resources let
you put policies on individual resources too, like Cloud Storage buckets.

Policies are inherited downwards in the hierarchy.

Summary content continues on the next slide.

On which resource: Users get roles on
specific items in the hierarchy
Organization

2 who
example.com

Policy Inheritance
Project

bookshelf static-assets stream-ingest

3 can do what

on which resource
Resources

Compute App Cloud Cloud

Pub/Sub
4
BigQuery
Engine Engine Storage Storage

instance_a queue_a bucket_a bucket_b topic_a dataset_a

When you give a user, group, or service account a role on a specific element of the
resource hierarchy, the resulting policy applies to the element you chose, as well as to
elements below it in the hierarchy.
1.1 Diagnostic Question 03 Discussion

What Google Cloud project attributes A. The Project ID.

can be changed? B. The Project Name.
C. The Project Number.
D. The Project Category.

Feedback:
A: Incorrect. Project ID is set by the user at creation time but cannot be changed. It
must be unique.
*B: Correct! Project name is set by the user at creation. It does not have to be unique.
It can be changed after creation time.
C: Incorrect. Project number is an automatically generated unique identifier for a
project. It cannot be changed.
D: Incorrect. Create Time is a project attribute that records when a project was
created. It cannot be changed.

Where to look:
https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy#
projects

Content Mapping:
● Instructor-led Training/OnDemand
○ Google Cloud Fundamentals: Core Infrastructure
■ M2 Getting Starting with Google Cloud
● Quests
○ Create and Manage Cloud Resources
(https://www.qwiklabs.com/quests/120)
Summary: A project is required to use Google Cloud, and forms the basis for
creating, enabling, and using all Google Cloud services, managing APIs, enabling
billing, adding and removing collaborators, and managing permissions.

In order to interact with most Google Cloud resources, you must provide the
identifying project information for every request. You can identify a project in either of
two ways: a project ID, or a project number.

A project ID is the customized name you chose when you created the project. If you
activate an API that requires a project, you will be directed to create a project or select
a project using its project ID. (Note that the name string, which is displayed in the UI,
is not the same as the project ID.)

A project number is automatically generated by Google Cloud. Both the project ID and
project number can be found on the dashboard of the project in the Google Cloud
Console. For information on getting project identifiers and other management tasks
for projects see Creating and Managing Projects.

The initial IAM policy for the newly created project resource grants the owner role to
the creator of the project.
1.1 Diagnostic Question 04 Discussion

Jane will manage objects in Cloud Storage A. Assign Jane the roles/storage.objectCreator on every project.
for the Cymbal Superstore. She needs to B. Assign Jane the roles/viewer on each project and the
have access to the proper permissions for roles/storage.objectCreator for each bucket.
every project across the organization.
C. Assign Jane the roles/editor at the organizational level.
D. Add Jane to a group that has the roles/storage.objectAdmin role
assigned at the organizational level.
What should you do?

Feedback:
A. Incorrect. Inheritance would be a better way to handle this scenario. The
roles/storage.objectCreator role does not give the permission to delete objects, an
essential part of managing them.
B. Incorrect. This role assignment is at too low of a level to allow Jane to manage
objects.
C. Incorrect. Roles/editor is basic and would give Jane too many permissions at the
project level.
*D. Correct! This would give Jane the right level of access across all projects in your
company.

Where to look:
https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy

Content mapping:
● Instructor-led Training/OnDemand
○ Google Cloud Fundamentals: Core Infrastructure
■ M2 Getting Starting with Google Cloud
● Quests
○ Create and Manage Cloud Resources
(https://www.qwiklabs.com/quests/120)
Summary: Resource hierarchy is different from Identity and Access Management.
Identity and Access Management focuses on who, and lets the administrator
authorize who can take action on specific resources based on permissions.
Organization Policy focuses on what, and lets the administrator set restrictions on
specific resources to determine how they can be configured. A constraint is a
particular type of restriction against a Google Cloud service or a list of Google Cloud
services. A constraint has a type, either list or boolean.

Summary continues on the next slide.

 Org Node Company

Dept X Dept y Shared infra

Resource hierarchy levels

Folders Team A Team B
define trust boundaries
Product 1 Product 2
Group your resources according to your
organization structure.
Projects Test Project Prod Project

Levels of the hierarchy provide trust

boundaries and resource isolation.
Resources VMs Storage

When an organization policy is set on a resource hierarchy node, all descendants of

that node inherit the organization policy by default. If you set an organization policy at
the root organization node, then the configuration of restrictions defined by that policy
will be passed down through all descendant folders, projects, and service resources.

When a child node inherits organization policies based on list constraints, the
inherited policies are merged and reconciled with the node's organization policy. In list
policy evaluation, DENY values always take precedence.

Organization policies that are derived from boolean constraints do not merge and
reconcile policies. If a policy is specified on a resource node, that TRUE or FALSE
value is used to determine the effective policy.
1.1 Diagnostic Question 05 Discussion

You need to add new groups of employees A. Grant the most restrictive basic role to most services, grant
in Cymbal Superstore’s production predefined or custom roles as necessary.
environment. You need to consider B. Grant predefined and custom roles that provide necessary
Google’s recommendation of using permissions and grant basic roles only where needed.
least privilege.
C. Grant the least restrictive basic roles to most services and grant
predefined and custom roles only when necessary.
What should you do?
D. Grant custom roles to individual users and implement basic roles
at the resource level.

Feedback:
A: Incorrect. Basic roles are too broad and don’t provide least privilege.
*B: Correct! Basic roles are broad and don’t use the concept of least privilege. You
should grant only the roles that someone needs through predefined and custom roles.
C: Incorrect. Basic roles apply to the project level and do not provide least privilege.
D: Incorrect. You should see if a predefined role meets your needs before
implementing a custom role.

Where to look: https://cloud.google.com/iam/docs/understanding-roles#role_types

Content mapping:
● Instructor-led Training/OnDemand
○ Google Cloud Fundamentals: Core Infrastructure
■ M2 Getting Starting with Google Cloud
○ Architecting with Google Compute Engine
■ M4 Cloud IAM
● Quests
○ Create and Manage Cloud Resources
(https://www.qwiklabs.com/quests/120)
Summary:
See following slide.
Can do what: IAM roles are
collections of related permissions

2 who

Basic Predefined Custom 3 can do what

4 on which resource

The “can do what” part of an IAM policy is defined by a role. An IAM role is a
collection of permissions, because, most of the time you need more than 1 permission
to do meaningful work. For example, to manage virtual machine instances in a
project, you have to be able to create, delete, start, stop and change virtual machines.
So these permissions are grouped together into a role to make them easier to
understand and easier to manage.

There are three types of roles in IAM:

● Basic roles, which include the Owner, Editor, and Viewer roles that existed
prior to the introduction of IAM.
● Predefined roles, which provide granular access for a specific service and are
managed by Google Cloud.
● Custom roles, which provide granular access according to a user-specified list
of permissions.

Basic roles are the Owner, Editor, and Viewer.

Pre-defined roles bundle selected permissions up into collections that correlate with
common job-related business needs.
1.1 Diagnostic Question 06 Discussion

The Operations Department at Cymbal A. compute.images.list

Superstore wants to provide managers B. compute.images.get
access to information about VM usage
C. compute.images.create
without allowing them to make changes
that would affect the state. You assign D. compute.images.setIAM
them the Compute Engine Viewer role. E. computer.images.update

Which two permissions will they receive?

Feedback:
*A: Correct! Viewer can perform read-only actions that do not affect state.
*B: Correct! Get is read-only. Viewer has this permission.
C: Incorrect. This permission would change state.
D: Incorrect. Only the Owner can set the IAM policy on a service.
E: Incorrect. Only Editor and above can change the state of an image.

Where to look: https://cloud.google.com/iam/docs/understanding-roles#basic

Content mapping:
● Instructor-led Training/OnDemand
○ Google Cloud Fundamentals: Core Infrastructure
■ M2 Getting Starting with Google Cloud
○ Architecting with Google Compute Engine
■ M4 Cloud IAM
● Quests
○ Create and Manage Cloud Resources
(https://www.qwiklabs.com/quests/120)

Summary: If you’re a viewer on a given resource, you can examine it but not change
its state. If you’re an editor, you can do everything a viewer can do plus change its
state. And if you’re an owner, you can do everything an editor can do plus manage
roles and permissions on the resource.
IAM basic roles offer fixed, coarse-grained levels of access

Billing
Owner Editor Viewer Administrator

● Invite members ● Deploy applications ● Read-only access ● Manage billing

● Remove members ● Modify code ● Add and remove
● Delete projects ● Configure services administrators
● And... ● And...

A project can have multiple owners, editors, viewers, and billing administrators.

These are the Owner, Editor, and Viewer roles. If you’re a viewer on a given resource,
you can examine it but not change its state. If you’re an Editor, you can do everything
a Viewer can do plus change its state. And if you’re an Owner, you can do everything
an Editor can do plus manage roles and permissions on the resource. The Owner role
on a project lets you do one more thing too: you can set up billing. Often companies
want someone to be able to control the billing for a project without the right to change
the resources in the project, and that’s why you can grant someone the Billing
Administrator role.

Be careful! If you have several people working together on a project that contains
sensitive data, basic roles are probably too coarse. Fortunately, Google Cloud IAM
provides finer-grained types of roles.
 Setting up cloud projects
1.1 and accounts

Courses Skill Badges Documentation

Google Cloud Fundamentals:

Core Infrastructure Overview | Cloud IAM Documentation

● M2 Getting Starting with Google Cloud Google Cloud Resource hierarchy | Resource Manager
Google Cloud Create and Manage Perform Foundational Documentation
Cloud Resource Quest Infrastructure Tasks in Understanding roles | Cloud IAM
Google Cloud Quest
Documentation
Architecting with Google
Compute Engine
● M4 Cloud IAM

=
Essential Google Cloud
Infrastructure: Core Services
● M1 Cloud IAM

Now that we’ve reviewed the diagnostic questions related to Section 1.1 Setting up
cloud projects and account, let’s take a moment to consider resources that can help
you build your knowledge and skills in this area.

The concepts in the diagnostic questions we just reviewed are covered in these
modules, skill badges, and documentation. You’ll find this list in your workbook so you
can take a note of what you want to include later when you build your study plan.
Based on your experience with the diagnostic questions, you may want to include
some or all of these.

https://cloud.google.com/iam/docs/overview
https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy
https://cloud.google.com/iam/docs/understanding-roles
1.2 Managing billing configuration

Activities include:
● Creating one or more billing accounts
● Linking projects to a billing account
● Establishing billing budgets and alerts
● Setting up billing exports

Now let’s focus on Section 1.2. An Associate Cloud Engineer needs to be able to
manage the billing configuration for a cloud solution, which involves tasks such as
setting up billing accounts, linking projects, establishing budget alerts, and setting up
exports.

Question 7 tested your knowledge of billing accounts and the role of a billing
administrator. Question 8 explored budget alerts.
1.2 Diagnostic Question 07 Discussion

How are billing accounts applied to A. Set up Cloud Billing to pay for usage costs in Google
projects in Google Cloud? (Pick two.) Cloud projects and Google Workspace accounts.
B. A project and its resources can be tied to more than
one billing account.
C. A billing account can be linked to one or more projects.
D. A project and its resources can only be tied to one
billing account.
E. If your project only uses free resources you don’t need
a link to an active billing account.

Feedback:
A: Incorrect. Cloud Billing does not pay for charges associated with a Google
Workspace account.
B: Incorrect. A project can only be linked to one billing account at a time.
*C: Correct! A billing account can handle billing for more than one project.
*D: Correct! A project can only be linked to one billing account at a time.
E: Incorrect. Even projects using free resources need to be tied to a valid Cloud
Billing account.

Where to look: https://cloud.google.com/billing/docs/how-to/manage-billing-account

Content Mapping:
● Instructor-led Training/OnDemand
○ Google Cloud Fundamentals: Core Infrastructure
■ M2 Getting Starting with Google Cloud
○ Architecting with Google Compute Engine
■ M6 Resource Management
Summary:
Cloud Billing accounts pay for usage costs in Google Cloud projects and Google
Maps Platform projects. Cloud Billing accounts do not pay for Google Workspace
accounts. Google Workspace customers need a separate Google Workspace billing
account.

A project and its service-level resources are linked to one Cloud Billing account at a
time.

A Cloud Billing account operates in a single currency and is linked to a Google

payments profile.

A Cloud Billing account can be linked to one or more projects.

Usage costs are tracked by Project and are charged to the linked Cloud Billing
account.

Important: Projects that are not linked to an active Cloud Billing account cannot use
Google Cloud or Google Maps Platform services. This is true even if you only use
services that are free.

If you want to change the Cloud Billing account that you are using to pay for a project
(that is, link a project to a different Cloud Billing account), see Enable, disable, or
change billing for a project.

You can manage your Cloud Billing accounts using the Google Cloud Console. For
more information about the Cloud Console, visit General guide to the console. Link
(https://support.google.com/cloud/answer/3465889?hl=en&ref_topic=3340599)
1.2 Diagnostic Question 08 Discussion

Fiona is the billing administrator for the A. Change the budget alert default threshold rules to
project associated with Cymbal include Jeffrey as a recipient.
Superstore’s eCommerce application. B. Use Cloud Monitoring notification channels to send
Jeffrey, the marketing department lead, Jeffrey an email alert.
wants to receive emails related to budget
C. Add Jeffrey and Fiona to the budget scope custom
alerts. Jeffrey should have access to no
email delivery dialog.
additional billing information.
D. Send alerts to a Pub/Sub topic that Jeffrey is
What should you do? subscribed to.

Feedback:
A. Incorrect. To add Jeffrey as a recipient to the default alert behavior you would have
to grant him the role of a billing administrator or billing user. The qualifier in the
questions states he should have no additional access.
*B. Correct! You can set up to 5 Cloud Monitoring channels to define email recipients
that will receive budget alerts.
C. Incorrect. Budget scope defines what is reported in the alert.
D. Incorrect. Pub/Sub is for programmatic use of alert content.

Where to look: https://cloud.google.com/billing/docs/how-to/budgets

Content Mapping:
● Instructor-led Training/OnDemand
○ Google Cloud Fundamentals: Core Infrastructure
■ M2 Getting Starting with Google Cloud
Summary:

To create a new budget, complete the following steps:

1. Create and name the budget

2. Set the budget scope
3. Set the budget amount
4. Set the budget threshold rules and actions
 1. Click finish to save the new budget

Threshold rules define the triggering events used to generate a budget notification
email. Note that threshold rules are required for email notifications and are used
specifically to trigger email notifications. Thresholds rules are not required for
programmatic notifications, unless you want your programmatic notifications to
include data about the thresholds you set.

Email notification settings can be either role-based, which sends alerts to the Billing
account Administrator and Billing Account Users. This is the default behavior.

Or you can set up Cloud Monitoring notification channels to send alerts to email
addresses of your choice.
1.2 Managing billing configuration

Courses Documentation

Google Cloud Fundamentals: Core Infrastructure

Create, modify, or close your
● M2 Getting Starting with Google Cloud
self-serve
Cloud Billing account
Architecting with Google Essential Google Cloud Create, edit, or delete budgets
Compute Engine Infrastructure: Core Services and budget alerts | Cloud Billing
● M6 Resource = ● M3 Resource
Management Management

Let’s take a moment to consider resources that can help you build your knowledge
and skills in this area.

The concepts in the diagnostic questions we just reviewed are covered in these
modules and in this documentation. You’ll find this list in your workbook so you can
take a note of what you want to include later when you build your study plan. Based
on your experience with the diagnostic questions, you may want to include some or all
of these.

https://cloud.google.com/billing/docs/how-to/manage-billing-account
https://cloud.google.com/billing/docs/how-to/budgets
 Installing and configuring the command line
1.3 interface (CLI), specifically the Cloud SDK
(e.g., setting the default project)

There are four ways you can interact with Google Cloud: the Cloud Console, the
Cloud SDK and Cloud Shell, the mobile app, and the APIs. As an Associate Cloud
Engineer you will have to be familiar with all of them.

Question 9 tested your knowledge of ways to interact with Google Cloud services,
and question 10 asked you to differentiate between the main components of the
Google Cloud SDK (gcloud, gsutil, and bq).
1.3 Diagnostic Question 09 Discussion

Pick two choices that provide a A. Google Cloud Console

command line interface to Google Cloud. B. Cloud Shell
C. Cloud Console Mobile App
D. Cloud SDK

Feedback:
A: Incorrect. Console is a graphical interface.
*B: Correct! Cloud Shell provides a cloud-based CLI environment.
C: Incorrect. The console mobile app allows you to interact graphically with your
Google Cloud resources through an app on your mobile device.
*D: Correct! Cloud SDK provides a local CLI environment.
E: Incorrect. This interface allows API access through CURL or client-based
programming SDKs.

Where to look:
https://cloud.google.com/docs/overview#ways_to_interact_with_the_services

Content mapping:
● Instructor-led Training/OnDemand
○ Google Cloud Fundamentals: Core Infrastructure
■ M2 Getting Starting with Google Cloud
○ Architecting with Google Compute Engine
■ M1 Getting Started with Google Cloud
● Quests
○ Create and Manage Cloud Resources
(https://www.qwiklabs.com/quests/120)
Summary:

The Google Cloud Console provides a web-based, graphical user interface that you
can use to manage your Google Cloud projects and resources.

The gcloud tool lets you manage development workflow and Google Cloud resources
in a terminal window.

You can run gcloud commands by installing the Cloud SDK, which includes the gcloud
tool. You use it by opening a terminal window on your own computer.

You can also access gcloud commands by using Cloud Shell, a browser-based shell
that runs in the cloud.

Client libraries are also provided by Cloud SDK. They provide access to API’s for
access to services, called application API’s, and Admin API’s which allow you to
automate resource management tasks.

Summary content continues on the next slide.

The Cloud SDK and Cloud Shell

● The Cloud SDK includes CLI tools for Google

Cloud products and services.
● gcloud, gsutil (Cloud Storage), bq (BigQuery)
● Available as a Docker image.
● Available via Cloud Shell.
● Containerized version of the Cloud SDK
running on a Compute Engine instance.

The Cloud SDK is a set of tools that you can use to manage resources and
applications hosted on Google Cloud. These include the gcloud tool, which provides
the main command-line interface for Google Cloud Platform products and services, as
well as gsutil and bq. When installed, all of the tools within the Cloud SDK are located
under the bin directory.

Cloud Shell provides you with command-line access to your cloud resources directly
from your browser. Cloud Shell is a Debian-based virtual machine with a persistent
5-GB home directory, which makes it easy for you to manage your Google Cloud
projects and resources. With Cloud Shell, the Cloud SDK gcloud command and other
utilities you need are always installed, available, up to date, and fully authenticated
when you need them.

For more information on the SDK command-line tools, see:

https://cloud.google.com/sdk/cloudplatform

Note: Currently, the App Engine SDKs are separate downloads. For more information,
see: https://cloud.google.com/appengine/downloads

Cloud Shell provides the following:

● A temporary Compute Engine virtual machine instance running a
Debian-based Linux operating system
● Command-line access to the instance from a web browser using terminal
windows in the Cloud Console
 ● 5 GB of persistent disk storage per user, mounted as your $HOME directory in
Cloud Shell sessions across projects and instances
● The Cloud SDK and other tools pre-installed on the Compute Engine instance
● Language support, including SDKs, libraries, runtime environments and
compilers for Java, Go, Python, Node.js, PHP and Ruby
● Web preview functionality, which allows you to preview web applications
running on the Cloud Shell instance through a secure proxy
● Built-in authorization for access to projects and resources

You can use Cloud Shell to:

● Create and manage Compute Engine instances.
● Create and access Cloud SQL databases.
● Manage Cloud Storage data.
● Interact with hosted or remote Git repositories, including Cloud Source
Repositories.
● Build and deploy App Engine applications.

You can also use Cloud Shell to perform other management tasks related to your
projects and resources, using either the gcloud command or other available tools.
1.3 Diagnostic Question 10 Discussion

You want to use the Cloud Shell to copy A. gcloud

files to your Cloud Storage bucket. B. gsutil
C. bq
Which Cloud SDK command should you use? D. Cloud Storage Browser

Feedback:
A: Incorrect. gcloud provides tools for interacting with resources and services in the
Cloud SDK.
*B: Correct! Use gsutil to interact with Cloud Storage via the Cloud SDK.
C: Incorrect. bq is a way to submit queries to BigQuery.
D: Incorrect. Cloud Storage Browser is part of Cloud Console, not CLI-based.

Where to look: https://cloud.google.com/sdk/docs/components

Content Mapping:
● Instructor-led Training/OnDemand
○ Google Cloud Fundamentals: Core Infrastructure
■ M2 Getting Starting with Google Cloud
● Quests
○ Create and Manage Cloud Resources
(https://www.qwiklabs.com/quests/120)
○ Perform Foundational Infrastructure Tasks in Google Cloud
(https://www.qwiklabs.com/quests/118)

Summary:
gcloud
Default gcloud CLI Commands
Tool for interacting with Google Cloud. Only commands at the General Availability and
Preview release levels are installed with this component. You must separately install
the gcloud alpha Commands and/or gcloud beta Commands components if you want
to use commands at other release levels.
bq
BigQuery Command-Line Tool
Tool for working with data in Google BigQuery
gsutil
Cloud Storage Command-Line Tool
Tool for performing tasks related to Google Cloud Storage.
 Installing and configuring the command line
1.3 interface (CLI), specifically the Cloud SDK

Courses Skill Badges Documentation

Google Cloud Fundamentals:
Core Infrastructure Google Cloud overview | Overview
● M2 Getting Starting with Google Cloud Google Cloud Managing Cloud SDK components |
Google Cloud Create and Manage Perform Foundational Cloud SDK Documentation
Cloud Resource Quest Infrastructure Tasks in
Google Cloud Quest gcloud | Cloud SDK Documentation
Architecting with Google Using the bq command-line tool |
Compute Engine BigQuery
● M1 Getting Started gsutil tool | Cloud Storage
with Google Cloud

=
Essential Google Cloud
Infrastructure: Core Services
● M1 Introduction to
Google Cloud

Let’s take a moment to consider resources that can help you build your knowledge
and skills in this area.

The concepts in the diagnostic questions we just reviewed are covered in these
modules, skill badges, and documentation. You’ll find this list in your workbook so you
can take a note of what you want to include later when you build your study plan.
Based on your experience with the diagnostic questions, you may want to include
some or all of these.

https://cloud.google.com/docs/overview#ways_to_interact_with_the_services
https://cloud.google.com/sdk/docs/components
https://cloud.google.com/sdk/gcloud/reference
https://cloud.google.com/bigquery/bq-command-line-tool
https://cloud.google.com/storage/docs/gsutil