Q1: "I'm working on maintaining a virtual Apache server with you guys, and

we have recently reserved port 8081 to our web app. After some testing, the
traffic on that port to this app is not coming in, our IT Team is flooded with
reports from end users, help!" (Screenshot of the domain not responding.)

First Netstat command to verify if Apache is listening on port 8081, then

also verify the Apache Virtual host Configuration. Also we can check Apache
local host conecctivity with the URL including the 8081 port

Q2: In your own worlds, please explain how the "Least Privilege
Access" principle in Google Cloud security can be applied in a
company that is trying to provide access to an external auditor
checking logs stored in a Google Cloud Storage bucket.

For auditing purpose, this option allow to the external auditor to just check
the information and don’t edit or change any on the configuration.

Q3: Vmstat

R: meaning Running Process

Id: Idle CPU %

Q4: Cron job

The for/loop it’s a function designed to use por repetitive action.

Q5: Your customer is a hospital that is training a deep learning

model to analyze CT scans for diagnosis, they are using TensorFlow
as the main framework for their current solutions, there are time,
accuracy and data processing (including HIPAA) constraints, explain
what type of Google Cloud solution you would position to them
taking into considerations the constraints

Recommendation of AI processing tools, Cloud Storage, Procesing, and the

security ccertification.

Q6: In your own words describe what Network Address Translation

(NAT) is and why do we use it in computer networking

NAT is a method used in computer networking to translate private IP into a

public IP

Q7: You're using ufw to update rules in your Linux VM and would like
to block insecure HTTP ingress, what's the correct syntax for the
command with all the flags and elements.
This configuration can be applied as Firewall policys where its necessary to
block some ports.

sudo ufw deny proto tcp from any to any port 80

Q8: In your own words, what is the difference between

Authentication and Authorization and how does this affect an end-
user?

Authentication: is access

Authorization: Is allowness to do something

Q9: You were lucky and were assigned as a Network Engineer in GCP
Support. A customer is trying to communicate two GCE instances
located in different VPCs and projects but after creating the Peering
Connection the status never turned "active." From the logical
topology diagram below please create a -short, 50 word- email
telling the customer what's missing.

The VPC peering isn’t active because routes and firewall rules between the
two VPCs haven’t been configured. After establishing the peering, each VPC
must have custom routes for the peer’s subnet and allow ingress/egress
traffic in firewall rules to enable communication

1. Google Cloud Storage

Q: Can you explain the difference between object storage, block storage, and
file storage?

A: “Object storage, like Google Cloud Storage, stores data as objects and is
ideal for unstructured data such as media files or backups. Block storage
divides data into fixed-size blocks, which makes it suitable for databases and
high-performance workloads. File storage organizes data in a hierarchical file
and folder system, and is best for applications that expect shared file access.
In GCP, Cloud Storage is object-based, while services like Persistent Disks are
block-based.”

________________________________________

2. Databases
Q: A customer wants to choose between Cloud SQL and Firestore. How would
you guide them?

A: “Cloud SQL is a relational database service that supports MySQL,

PostgreSQL, and SQL Server, so it’s best when the application requires
structured data, joins, and transactions. Firestore is a NoSQL document
database that scales easily and is ideal for applications with dynamic or
unstructured data, like mobile or web apps with real-time sync. I would first
clarify their data model and access patterns to recommend the right option.”

________________________________________

3. Serverless Solutions

Q: What are the advantages of using a serverless service like Cloud

Functions?

A: “With Cloud Functions, developers don’t manage infrastructure. They just

deploy code and it scales automatically. This reduces operational overhead,
optimizes costs since you pay per execution, and allows for quick integration
with other GCP services like Pub/Sub or Cloud Storage. It’s great for event-
driven workloads, such as processing a file immediately after it’s uploaded.”

________________________________________

4. Networking

Q: How would you troubleshoot connectivity issues between a VM in Google

Compute Engine and a Cloud Storage bucket?

A: “First, I’d check the IAM permissions to ensure the service account or user
has access to the bucket. Next, I’d confirm network connectivity by testing
DNS resolution and using ping or traceroute to validate the route. If there’s a
firewall rule blocking traffic, I’d review the VPC firewall configuration. Finally,
I’d look at logs in Cloud Logging to identify whether the issue is
authentication, network routing, or firewall-related.”

________________________________________

5. Troubleshooting & Logs

Q: How do you approach troubleshooting when a customer reports a slow

response from their GCP application?

A: “I start by clarifying the scope—whether the slowness affects all users or

specific regions. Then, I check metrics in Cloud Monitoring to see CPU,
memory, or network usage. I review logs to identify errors or unusual
patterns. Tools like netstat or tcpdump can help check network-level issues. If
it’s resource-related, I might recommend scaling up instances or using load
balancing. The key is to combine monitoring data with system logs to isolate
the root cause.”

________________________________________

6. Linux & Windows

Q: What are some Linux commands you use for troubleshooting performance
issues?

A: “I typically use top or htop to monitor CPU and memory usage, df -h to

check disk space, and iostat for disk performance. For network issues, I use
netstat, ss, or tcpdump to analyze connections. On Windows, I’d use Task
Manager, Event Viewer, and PowerShell commands to check logs and system
status.”

________________________________________

7. DevOps / CI-CD

Q: How would you explain CI/CD to a customer who is new to DevOps?

A: “CI/CD is a practice that automates code integration, testing, and

deployment. CI, or Continuous Integration, means every code change is
automatically built and tested, reducing integration problems. CD, or
Continuous Deployment, means those changes can automatically go to
production after passing tests. This improves speed, reduces errors, and
allows teams to deliver updates more frequently and reliably.”

________________________________________

________________________________________

9. Continuous Learning

Q: How do you keep yourself up to date with Google Cloud updates and new
features?

A: “I regularly follow Google Cloud’s release notes and documentation, as

well as their official blog and YouTube channel. I also use Qwiklabs and Cloud
Skills Boost to get hands-on practice with new services. Staying current is
crucial in cloud support, since features and services evolve quickly.”

1. Networking – DNS
Q: How would you troubleshoot a DNS resolution issue in a VM on Google
Cloud?

A: “I’d start by checking if the VM has proper DNS configuration in

/etc/[Link] (Linux) or network settings (Windows). Then I’d test using dig
or nslookup to confirm if the DNS query resolves. If not, I’d check firewall
rules, VPC DNS settings, or custom DNS servers configured in the project.”

________________________________________

2. Firewalls

Q: A customer cannot connect to their VM over SSH. What steps would you
take?

A: “I’d first confirm that the VM is running and the correct external IP is being
used. Then I’d check IAM roles to ensure the user has SSH permissions. Next,
I’d verify firewall rules allow TCP port 22, and if needed, use the Google
Cloud serial console to log in and review system logs for additional issues.”

________________________________________

3. Load Balancing

Q: What’s the difference between a TCP Load Balancer and an HTTP(S) Load
Balancer in GCP?

A: “A TCP Load Balancer works at Layer 4 and distributes traffic based on IP

and port. It’s ideal for non-HTTP traffic like gaming or legacy applications. An
HTTP(S) Load Balancer works at Layer 7, understands the application layer,
and can make decisions based on URLs, headers, or cookies. It’s best for web
applications.”

________________________________________

4. Cloud Storage

Q: How would you secure access to a Cloud Storage bucket so only a specific
team can use it?

A: “I’d use IAM roles at the bucket level, granting roles/[Link]

or roles/[Link] only to the team members’ accounts or a
group. For more granular control, I could apply object-level ACLs or use
signed URLs for temporary access.”

________________________________________
5. Databases

Q: What’s the difference between Cloud SQL and BigQuery?

A: “Cloud SQL is a relational database service designed for transactional

workloads, supporting MySQL, PostgreSQL, and SQL Server. BigQuery is a
serverless data warehouse optimized for analytical queries over very large
datasets. If a customer needs real-time analytics over terabytes of data,
BigQuery is the right tool. If they need relational operations like transactions,
Cloud SQL is better.”

________________________________________

6. Logging & Monitoring

Q: How would you use Cloud Logging to identify why a service is failing?

A: “I’d navigate to Cloud Logging, filter logs for the affected service or
resource, and look for error codes, exceptions, or denied permission
messages. If it’s related to networking, I’d check VPC Flow Logs. If it’s an
application error, I’d correlate logs with Cloud Monitoring metrics to pinpoint
performance or configuration issues.”

________________________________________

7. CI/CD

Q: What tools would you use in GCP for CI/CD pipelines?

A: “Cloud Build is Google’s native CI/CD service for building and deploying
applications. It integrates with Cloud Source Repositories, GitHub, or GitLab.
For deployments, I’d use Cloud Deploy or connect Cloud Build to Kubernetes
(GKE) or Cloud Run. This enables automated builds, tests, and deployments
triggered on code commits.”

________________________________________

8. APIs

Q: How would you authenticate an application that needs to call a Google

Cloud API?

A: “The best practice is to use a Service Account with a key or, even better,
Workload Identity Federation to avoid long-lived credentials. The application
uses OAuth 2.0 tokens to call APIs securely. For temporary access, signed
URLs or API keys can be used, but service accounts are the recommended
approach for production.”
________________________________________

9. VPN / Hybrid Networking

Q: A company needs secure communication between their on-premises data

center and Google Cloud. What options would you suggest?

A: “They can use Cloud VPN for secure IPSec tunnels over the internet, or
Dedicated/Partner Interconnect if they need higher bandwidth and lower
latency. The choice depends on their throughput and availability needs. For
redundancy, I’d suggest HA VPN with multiple tunnels.”