ExamGecko
Search Search Login
Home Home / Google / Professional Cloud Network Engineer

Google Professional Cloud Network Engineer Practice Test - Questions Answers, Page 11

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs. Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances. Which two products should you incorporate into the solution? (Choose two.)
You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements: All access to your on-premises network must go through the network virtual appliances. Allow on-premises access in the event of a single network virtual appliance failure. Both network virtual appliances must be used simultaneously. Which method should you use to accomplish this?
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements: IP ranges for pods and services must be as small as possible. The nodes and the master must not be reachable from the internet. You must be able to use kubectl commands from on-premises subnets to manage the cluster. How should you create the GKE cluster?
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed. What is the most likely cause of the problem?
You have a storage bucket that contains the following objects: - folder-a/image-a-1.jpg - folder-a/image-a-2.jpg - folder-b/image-b-1.jpg - folder-b/image-b-2.jpg Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands. What should you do?
Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides separate projects for each team and ensure the solution can scale. What should you do?
Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?
You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible, To ease the transition, you decided to use the same architecture as your on-premises network' a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic IS sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

Question 101

Report
Export
Collapse

Your company has 10 separate Virtual Private Cloud (VPC) networks, with one VPC per project in a single region in Google Cloud. Your security team requires each VPC network to have private connectivity to the main on-premises location via a Partner Interconnect connection in the same region. To optimize cost and operations, the same connectivity must be shared with all projects. You must ensure that all traffic between different projects, on-premises locations, and the internet can be inspected using the same third-party appliances. What should you do?

A.
Configure the third-party appliances with multiple interfaces and specific Partner Interconnect VLAN attachments per project. Create the relevant routes on the third-party appliances and VPC networks.
A.
Configure the third-party appliances with multiple interfaces and specific Partner Interconnect VLAN attachments per project. Create the relevant routes on the third-party appliances and VPC networks.
Answers
B.
Configure the third-party appliances with multiple interfaces, with each interface connected to a separate VPC network. Create separate VPC networks for on- premises and internet connectivity.Create the relevant routes on the third-party appliances and VPC networks.
B.
Configure the third-party appliances with multiple interfaces, with each interface connected to a separate VPC network. Create separate VPC networks for on- premises and internet connectivity.Create the relevant routes on the third-party appliances and VPC networks.
Answers
C.
Consolidate all existing projects' subnetworks into a single VPC. Create separate VPC networks for on-premises and internet connectivity. Configure the third-party appliances with multiple interfaces, with each interface connected to a separate VPC network. Create the relevant routes on the thirdparty appliances and VPC networks.
C.
Consolidate all existing projects' subnetworks into a single VPC. Create separate VPC networks for on-premises and internet connectivity. Configure the third-party appliances with multiple interfaces, with each interface connected to a separate VPC network. Create the relevant routes on the thirdparty appliances and VPC networks.
Answers
D.
Configure the third-party appliances with multiple interfaces. Create a hub VPC network for all projects, and create separate VPC networks for on-premises and internet connectivity. Create the relevant routes on the third-party appliances and VPC networks. Use VPC Network Peering to connect all projects' VPC networks to the hub VPC. Export custom routes from the hub VPC and import on all projects' VPC networks.
D.
Configure the third-party appliances with multiple interfaces. Create a hub VPC network for all projects, and create separate VPC networks for on-premises and internet connectivity. Create the relevant routes on the third-party appliances and VPC networks. Use VPC Network Peering to connect all projects' VPC networks to the hub VPC. Export custom routes from the hub VPC and import on all projects' VPC networks.
Answers
Suggested answer: D

Question 102

Report
Export
Collapse

You have just deployed your infrastructure on Google Cloud. You now need to configure the DNS to meet the following requirements:

Your on-premises resources should resolve your Google Cloud zones.

Your Google Cloud resources should resolve your on-premises zones.

You need the ability to resolve ".internal" zones provisioned by Google Cloud.

What should you do?

A.
Configure an outbound server policy, and set your alternative name server to be your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.
A.
Configure an outbound server policy, and set your alternative name server to be your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.
Answers
B.
Configure both an inbound server policy and outbound DNS forwarding zones with the target as the on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.
B.
Configure both an inbound server policy and outbound DNS forwarding zones with the target as the on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.
Answers
C.
Configure an outbound DNS server policy, and set your alternative name server to be your onpremises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.
C.
Configure an outbound DNS server policy, and set your alternative name server to be your onpremises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.
Answers
D.
Configure Cloud DNS to DNS peer with your on-premises DNS resolver. Configure your onpremises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.
D.
Configure Cloud DNS to DNS peer with your on-premises DNS resolver. Configure your onpremises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.
Answers
Suggested answer: A

Question 103

Report
Export
Collapse

Your organization uses a hub-and-spoke architecture with critical Compute Engine instances in your Virtual Private Clouds (VPCs). You are responsible for the design of Cloud DNS in Google Cloud. You need to be able to resolve Cloud

DNS private zones from your on-premises data center and enable on-premises name resolution from your hub-and-spoke VPC design. What should you do?

A.
Configure a private DNS zone in the hub VPC, and configure DNS forwarding to the on-premises server.Configure DNS peering from the spoke VPCs to the hub VPC.
A.
Configure a private DNS zone in the hub VPC, and configure DNS forwarding to the on-premises server.Configure DNS peering from the spoke VPCs to the hub VPC.
Answers
B.
Configure a DNS policy in the hub VPC to allow inbound query forwarding from the spoke VPCs.Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.
B.
Configure a DNS policy in the hub VPC to allow inbound query forwarding from the spoke VPCs.Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.
Answers
C.
Configure a DNS policy in the spoke VPCs, and configure your on-premises DNS as an alternate DNS server.Configure the hub VPC with a private zone, and set up DNS peering to each of the spoke VPCs.
C.
Configure a DNS policy in the spoke VPCs, and configure your on-premises DNS as an alternate DNS server.Configure the hub VPC with a private zone, and set up DNS peering to each of the spoke VPCs.
Answers
D.
Configure a DNS policy in the hub VPC, and configure the on-premises DNS as an alternate DNS server.Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.
D.
Configure a DNS policy in the hub VPC, and configure the on-premises DNS as an alternate DNS server.Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.
Answers
Suggested answer: C

Question 104

Report
Export
Collapse

You have a Cloud Storage bucket in Google Cloud project XYZ. The bucket contains sensitive dat a. You need to design a solution to ensure that only instances belonging to VPCs under project XYZ can access the data stored in this Cloud

Storage bucket. What should you do?

A.
Configure Private Google Access to privately access the Cloud Storage service using private IP addresses.
A.
Configure Private Google Access to privately access the Cloud Storage service using private IP addresses.
Answers
B.
Configure a VPC Service Controls perimeter around project XYZ, and include storage.googleapis.com as a restricted service in the service perimeter.
B.
Configure a VPC Service Controls perimeter around project XYZ, and include storage.googleapis.com as a restricted service in the service perimeter.
Answers
C.
Configure Cloud Storage with projectPrivate Access Control List (ACL) that gives permission to the project team based on their roles.
C.
Configure Cloud Storage with projectPrivate Access Control List (ACL) that gives permission to the project team based on their roles.
Answers
D.
Configure Private Service Connect to privately access Cloud Storage from all VPCs under project XYZ.
D.
Configure Private Service Connect to privately access Cloud Storage from all VPCs under project XYZ.
Answers
Suggested answer: C

Question 105

Report
Export
Collapse

You are maintaining a Shared VPC in a host project. Several departments within your company have infrastructure in different service projects attached to the Shared VPC and use Identity and Access Management (IAM) permissions to manage the cloud resources in those projects. VPC Network Peering is also set up between the Shared VPC and a common services VPC that is not in a service project. Several users are experiencing failed connectivity between certain instances in different Shared VPC service projects and between certain instances and the internet. You need to validate the network configuration to identify whether a misconfiguration is the root cause of the problem. What should you do?

A.
Review the VPC audit logs in Cloud Logging for the affected instances.
A.
Review the VPC audit logs in Cloud Logging for the affected instances.
Answers
B.
Use Secure Shell (SSH) to connect to the affected Compute Engine instances, and run a series of PING tests to the other affected endpoints and the 8.8.8.8 IPv4 address.
B.
Use Secure Shell (SSH) to connect to the affected Compute Engine instances, and run a series of PING tests to the other affected endpoints and the 8.8.8.8 IPv4 address.
Answers
C.
Run Connectivity Tests from Network Intelligence Center to check connectivity between the affected endpoints in your network and the internet.
C.
Run Connectivity Tests from Network Intelligence Center to check connectivity between the affected endpoints in your network and the internet.
Answers
D.
Enable VPC Flow Logs for all VPCs, and review the logs in Cloud Logging for the affected instances.
D.
Enable VPC Flow Logs for all VPCs, and review the logs in Cloud Logging for the affected instances.
Answers
Suggested answer: C

Question 106

Report
Export
Collapse

Your organization has Compute Engine instances in us-east1, us-west2, and us-central1. Your organization also has an existing Cloud Interconnect physical connection in the East Coast of the United States with a single VLAN attachment and Cloud Router in us-east1. You need to provide a design with high availability and ensure that if a region goes down, you still have access to all your other Virtual Private Cloud (VPC) subnets. You need to accomplish this in the most cost-effective manner possible. What should you do?

A.
Configure your VPC routing in regional mode.Add an additional Cloud Interconnect VLAN attachment in the us-east1 region, and configure a Cloud Router in us-east1.
A.
Configure your VPC routing in regional mode.Add an additional Cloud Interconnect VLAN attachment in the us-east1 region, and configure a Cloud Router in us-east1.
Answers
B.
Configure your VPC routing in global mode.Add an additional Cloud Interconnect VLAN attachment in the us-east1 region, and configure a Cloud Router in us-east1.
B.
Configure your VPC routing in global mode.Add an additional Cloud Interconnect VLAN attachment in the us-east1 region, and configure a Cloud Router in us-east1.
Answers
C.
Configure your VPC routing in global mode.Add an additional Cloud Interconnect VLAN attachment in the us-west2 region, and configure a Cloud Router in us-west2.
C.
Configure your VPC routing in global mode.Add an additional Cloud Interconnect VLAN attachment in the us-west2 region, and configure a Cloud Router in us-west2.
Answers
D.
Configure your VPC routing in regional mode.Add additional Cloud Interconnect VLAN attachments in the us-west2 and us-central1 regions, and configure Cloud Routers in us-west2 and us-central1.
D.
Configure your VPC routing in regional mode.Add additional Cloud Interconnect VLAN attachments in the us-west2 and us-central1 regions, and configure Cloud Routers in us-west2 and us-central1.
Answers
Suggested answer: B

Question 107

Report
Export
Collapse

You recently configured Google Cloud Armor security policies to manage traffic to your application.

You discover that Google Cloud Armor is incorrectly blocking some traffic to your application. You need to identity the web application firewall (WAF) rule that is incorrectly blocking traffic. What should you do?

A.
Enable firewall logs, and view the logs in Firewall Insights.
A.
Enable firewall logs, and view the logs in Firewall Insights.
Answers
B.
Enable HTTP(S) Load Balancing logging with sampling rate equal to 1, and view the logs in CloudLogging.
B.
Enable HTTP(S) Load Balancing logging with sampling rate equal to 1, and view the logs in CloudLogging.
Answers
C.
Enable VPC Flow Logs, and view the logs in Cloud Logging.
C.
Enable VPC Flow Logs, and view the logs in Cloud Logging.
Answers
D.
Enable Google Cloud Armor audit logs, and view the logs on the Activity page in the Google Cloud Console.
D.
Enable Google Cloud Armor audit logs, and view the logs on the Activity page in the Google Cloud Console.
Answers
Suggested answer: A

Question 108

Report
Export
Collapse

You are the Organization Admin for your company. One of your engineers is responsible for setting up multiple host projects across multiple folders and sharing subnets with service projects. You need to enable the engineer's Identity and Access Management (IAM) configuration to complete their task in the fewest number of steps. What should you do?

A.
Set up the engineer with Compute Shared VPC Admin IAM role at the folder level.
A.
Set up the engineer with Compute Shared VPC Admin IAM role at the folder level.
Answers
B.
Set up the engineer with Compute Shared VPC Admin IAM role at the organization level.
B.
Set up the engineer with Compute Shared VPC Admin IAM role at the organization level.
Answers
C.
Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the folder level.
C.
Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the folder level.
Answers
D.
Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the organization level.
D.
Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the organization level.
Answers
Suggested answer: B

Question 109

Report
Export
Collapse

You recently deployed Compute Engine instances in regions us-west1 and us-east1 in a Virtual Private Cloud (VPC) with default routing configurations. Your company security policy mandates that virtual machines (VMs) must not have public IP addresses attached to them. You need to allow your instances to fetch updates from the internet while preventing external access. What should you do?

A.
Create a Cloud NAT gateway and Cloud Router in both us-west1 and us-east1.
A.
Create a Cloud NAT gateway and Cloud Router in both us-west1 and us-east1.
Answers
B.
Create a single global Cloud NAT gateway and global Cloud Router in the VPC.
B.
Create a single global Cloud NAT gateway and global Cloud Router in the VPC.
Answers
C.
Change the instances' network interface external IP address from None to Ephemeral.
C.
Change the instances' network interface external IP address from None to Ephemeral.
Answers
D.
Create a firewall rule that allows egress to destination 0.0.0.0/0.
D.
Create a firewall rule that allows egress to destination 0.0.0.0/0.
Answers
Suggested answer: A

Question 110

Report
Export
Collapse

You are designing a new global application using Compute Engine instances that will be exposed by a global HTTP(S) load balancer. You need to secure your application from distributed denial-of-service and application layer (layer 7) attacks. What should you do?

A.
Configure VPC Service Controls and create a secure perimeter. Define fine-grained perimeter controls and enforce that security posture across your Google Cloud services and projects.
A.
Configure VPC Service Controls and create a secure perimeter. Define fine-grained perimeter controls and enforce that security posture across your Google Cloud services and projects.
Answers
B.
Configure a Google Cloud Armor security policy in your project, and attach it to the backend service to secure the application.
B.
Configure a Google Cloud Armor security policy in your project, and attach it to the backend service to secure the application.
Answers
C.
Configure VPC firewall rules to protect the Compute Engine instances against distributed denial-ofservice attacks.
C.
Configure VPC firewall rules to protect the Compute Engine instances against distributed denial-ofservice attacks.
Answers
D.
Configure hierarchical firewall rules for the global HTTP(S) load balancer public IP address at theorganization level.
D.
Configure hierarchical firewall rules for the global HTTP(S) load balancer public IP address at theorganization level.
Answers
Suggested answer: C
Total 215 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms