ExamGecko
Search Search Login
Home Home / Google / Professional Cloud Network Engineer

Google Professional Cloud Network Engineer Practice Test - Questions Answers, Page 14

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs. Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances. Which two products should you incorporate into the solution? (Choose two.)
You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements: All access to your on-premises network must go through the network virtual appliances. Allow on-premises access in the event of a single network virtual appliance failure. Both network virtual appliances must be used simultaneously. Which method should you use to accomplish this?
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements: IP ranges for pods and services must be as small as possible. The nodes and the master must not be reachable from the internet. You must be able to use kubectl commands from on-premises subnets to manage the cluster. How should you create the GKE cluster?
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed. What is the most likely cause of the problem?
You have a storage bucket that contains the following objects: - folder-a/image-a-1.jpg - folder-a/image-a-2.jpg - folder-b/image-b-1.jpg - folder-b/image-b-2.jpg Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands. What should you do?
Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides separate projects for each team and ensure the solution can scale. What should you do?
Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?
You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible, To ease the transition, you decided to use the same architecture as your on-premises network' a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic IS sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

Question 131

Report
Export
Collapse

Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with onpremises connectivity already in place. You are deploying a new application using Google Kubernetes Engine (GKE), which must be accessible only from the same VPC network and on-premises locations.

You must ensure that the GKE control plane is exposed to a predefined list of on-premises subnets through private connectivity only. What should you do?

A.
Create a GKE private cluster with a private endpoint for the control plane. Configure VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers.Configure authorized networks to specify the desired on-premises subnets.
A.
Create a GKE private cluster with a private endpoint for the control plane. Configure VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers.Configure authorized networks to specify the desired on-premises subnets.
Answers
B.
Create a GKE private cluster with a public endpoint for the control plane. Configure VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers.
B.
Create a GKE private cluster with a public endpoint for the control plane. Configure VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers.
Answers
C.
Create a GKE private cluster with a private endpoint for the control plane. Configure authorized networks to specify the desired on-premises subnets.
C.
Create a GKE private cluster with a private endpoint for the control plane. Configure authorized networks to specify the desired on-premises subnets.
Answers
D.
Create a GKE public cluster. Configure authorized networks to specify the desired on-premises subnets.
D.
Create a GKE public cluster. Configure authorized networks to specify the desired on-premises subnets.
Answers
Suggested answer: C

Question 132

Report
Export
Collapse

You built a web application with several containerized microservices. You want to run those microservices on Cloud Run. You must also ensure that the services are highly available to your customers with low latency. What should you do?

A.
Deploy the Cloud Run services to multiple availability zones. Create a global TCP load balancer.Add the Cloud Run endpoints to its backend service.
A.
Deploy the Cloud Run services to multiple availability zones. Create a global TCP load balancer.Add the Cloud Run endpoints to its backend service.
Answers
B.
Deploy the Cloud Run services to multiple regions. Create serverless network endpoint groups (NEGs) that point to the services. Create a global HTTPS load balancer, and attach the serverlessNEGs as backend services of the load balancer.
B.
Deploy the Cloud Run services to multiple regions. Create serverless network endpoint groups (NEGs) that point to the services. Create a global HTTPS load balancer, and attach the serverlessNEGs as backend services of the load balancer.
Answers
C.
Deploy the Cloud Run services to multiple availability zones. Create Cloud Endpoints that point to the services. Create a global HTTPS load balancer, and attach the Cloud Endpoints to its backend
C.
Deploy the Cloud Run services to multiple availability zones. Create Cloud Endpoints that point to the services. Create a global HTTPS load balancer, and attach the Cloud Endpoints to its backend
Answers
D.
Deploy the Cloud Run services to multiple regions. Configure a round-robin A record in Cloud DNS.
D.
Deploy the Cloud Run services to multiple regions. Configure a round-robin A record in Cloud DNS.
Answers
Suggested answer: B

Question 133

Report
Export
Collapse

You have an HA VPN connection with two tunnels running in active/passive mode between your Virtual Private Cloud (VPC) and on-premises network. Traffic over the connection has recently increased from 1 gigabit per second (Gbps) to 4 Gbps, and you notice that packets are being dropped.

You need to configure your VPN connection to Google Cloud to support 4 Gbps. What should you do?

A.
Configure the remote autonomous system number (ASN) to 4096.
A.
Configure the remote autonomous system number (ASN) to 4096.
Answers
B.
Configure a second Cloud Router to scale bandwidth in and out of the VPC.
B.
Configure a second Cloud Router to scale bandwidth in and out of the VPC.
Answers
C.
Configure the maximum transmission unit (MTU) to its highest supported value.
C.
Configure the maximum transmission unit (MTU) to its highest supported value.
Answers
D.
Configure a second set of active/passive VPN tunnels.
D.
Configure a second set of active/passive VPN tunnels.
Answers
Suggested answer: D

Question 134

Report
Export
Collapse

You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements:

All access to your on-premises network must go through the network virtual appliances.

Allow on-premises access in the event of a single network virtual appliance failure.

Both network virtual appliances must be used simultaneously.

Which method should you use to accomplish this?

A.
Configure two routes for 10.0.0.0/8 with different priorities, each pointing to separate network virtual appliances.
A.
Configure two routes for 10.0.0.0/8 with different priorities, each pointing to separate network virtual appliances.
Answers
B.
Configure an internal HTTP(S) load balancer with the two network virtual appliances as backends.Configure a route for 10.0.0.0/8 with the internal HTTP(S) load balancer as the next hop.
B.
Configure an internal HTTP(S) load balancer with the two network virtual appliances as backends.Configure a route for 10.0.0.0/8 with the internal HTTP(S) load balancer as the next hop.
Answers
C.
Configure a network load balancer for the two network virtual appliances. Configure a route for 10.0.0.0/8 with the network load balancer as the next hop.
C.
Configure a network load balancer for the two network virtual appliances. Configure a route for 10.0.0.0/8 with the network load balancer as the next hop.
Answers
D.
Configure an internal TCP/UDP load balancer with the two network virtual appliances as backends.Configure a route for 10.0.0.0/8 with the internal load balancer as the next hop.
D.
Configure an internal TCP/UDP load balancer with the two network virtual appliances as backends.Configure a route for 10.0.0.0/8 with the internal load balancer as the next hop.
Answers
Suggested answer: C

Question 135

Report
Export
Collapse

You are responsible for enabling Private Google Access for the virtual machine (VM) instances in your Virtual Private Cloud (VPC) to access Google APIs. All VM instances have only a private IP address and need to access Cloud Storage.

You need to ensure that all VM traffic is routed back to your onpremises data center for traffic scrubbing via your existing Cloud Interconnect connection. However, VM traffic to Google APIs should remain in the VPC. What should you do?

A.
Delete the default route in your VPC.Create a private Cloud DNS zone for googleapis.com, create a CNAME for *.googleapis.com to restricted googleapis.com, and create an A record for restricted googleapis com that resolves to the addresses in 199.36.153.4/30.Create a static route in your VPC for the range 199.36.153.4/30 with the default internet gateway as the next hop.
A.
Delete the default route in your VPC.Create a private Cloud DNS zone for googleapis.com, create a CNAME for *.googleapis.com to restricted googleapis.com, and create an A record for restricted googleapis com that resolves to the addresses in 199.36.153.4/30.Create a static route in your VPC for the range 199.36.153.4/30 with the default internet gateway as the next hop.
Answers
B.
Delete the default route in your VPC and configure your on-premises router to advertise 0.0.0.0/0 via Border Gateway Protocol (BGP).Create a public Cloud DNS zone with a CNAME for *.google.com to private googleapis com, create a CNAME for * googleapis.com to private googleapis com, and create an A record for Private googleapis.com that resolves to the addresses in 199.36.153 8/30.Create a static route in your VPC for the range 199 .36.153.8/30 with the default internet gateway as the next hop.
B.
Delete the default route in your VPC and configure your on-premises router to advertise 0.0.0.0/0 via Border Gateway Protocol (BGP).Create a public Cloud DNS zone with a CNAME for *.google.com to private googleapis com, create a CNAME for * googleapis.com to private googleapis com, and create an A record for Private googleapis.com that resolves to the addresses in 199.36.153 8/30.Create a static route in your VPC for the range 199 .36.153.8/30 with the default internet gateway as the next hop.
Answers
C.
Configure your on-premises router to advertise 0.0.0.0/0 via Border Gateway Protocol (BGP) with a lower priority (MED) than the default VPC route.Create a private Cloud DNS zone for googleapis.com, create a CNAME for * googieapis.com to private googleapis com, and create an A record for private.googleapis.com that resolves to the addresses in 199 .36.153.8/30.Create a static route in your VPC for the range 199.36. 153.8/30 with the default internet gateway as the next hop.
C.
Configure your on-premises router to advertise 0.0.0.0/0 via Border Gateway Protocol (BGP) with a lower priority (MED) than the default VPC route.Create a private Cloud DNS zone for googleapis.com, create a CNAME for * googieapis.com to private googleapis com, and create an A record for private.googleapis.com that resolves to the addresses in 199 .36.153.8/30.Create a static route in your VPC for the range 199.36. 153.8/30 with the default internet gateway as the next hop.
Answers
D.
Delete the default route in your VPC and configure your on-premises router to advertise 0.0.0.0/0 via Border Gateway Protocol (BGP).Create a private Cloud DNS zone for googleapis.com, create a CNAME for * googieapis.com to Private googleapis.com, and create an A record for private.googleapis.com that resolves to the addresses in 199.36.153.8/30.Create a static route in your VPC for the range 199.36.153.8/30 with the default internet gateway as the next hop.
D.
Delete the default route in your VPC and configure your on-premises router to advertise 0.0.0.0/0 via Border Gateway Protocol (BGP).Create a private Cloud DNS zone for googleapis.com, create a CNAME for * googieapis.com to Private googleapis.com, and create an A record for private.googleapis.com that resolves to the addresses in 199.36.153.8/30.Create a static route in your VPC for the range 199.36.153.8/30 with the default internet gateway as the next hop.
Answers
Suggested answer: C

Question 136

Report
Export
Collapse

You are designing a hub-and-spoke network architecture for your company's cloud-based environment. You need to make sure that all spokes are peered with the hub. The spokes must use the hub's virtual appliance for internet access.

The virtual appliance is configured in high-availability mode with two instances using an internal load balancer with IP address 10.0.0.5. What should you do?

A.
Create a default route in the hub VPC that points to IP address 10.0.0.5.Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.Export the custom routes in the hub.Import the custom routes in the spokes.
A.
Create a default route in the hub VPC that points to IP address 10.0.0.5.Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.Export the custom routes in the hub.Import the custom routes in the spokes.
Answers
B.
Create a default route in the hub VPC that points to IP address 10.0.0.5.Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.Export the custom routes in the hub. Import the custom routes in the spokes.Delete the default internet gateway route of the spokes.
B.
Create a default route in the hub VPC that points to IP address 10.0.0.5.Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.Export the custom routes in the hub. Import the custom routes in the spokes.Delete the default internet gateway route of the spokes.
Answers
C.
Create two default routes in the hub VPC that point to the next hop instances of the virtual appliances.Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.Export the custom routes in the hub. Import the custom routes in the spokes.
C.
Create two default routes in the hub VPC that point to the next hop instances of the virtual appliances.Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.Export the custom routes in the hub. Import the custom routes in the spokes.
Answers
D.
Create a default route in the hub VPC that points to IP address 10.0.0.5.Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.Create a new route in the spoke VPC that points to IP address 10.0.0.5.
D.
Create a default route in the hub VPC that points to IP address 10.0.0.5.Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.Create a new route in the spoke VPC that points to IP address 10.0.0.5.
Answers
Suggested answer: B

Question 137

Report
Export
Collapse

You configured Cloud VPN with dynamic routing via Border Gateway Protocol (BGP). You added a custom route to advertise a network that is reachable over the VPN tunnel. However, the onpremises clients still cannot reach the network over the VPN tunnel. You need to examine the logs in Cloud Logging to confirm that the appropriate routers are being advertised over the VPN tunnel.

Which filter should you use in Cloud Logging to examine the logs?

A.
resource.type= "gce_router"
A.
resource.type= "gce_router"
Answers
B.
resource.type= "gce_network_region"
B.
resource.type= "gce_network_region"
Answers
C.
resource.type= "vpn_tunnel"
C.
resource.type= "vpn_tunnel"
Answers
D.
resource.type= "vpn_gateway"
D.
resource.type= "vpn_gateway"
Answers
Suggested answer: C

Question 138

Report
Export
Collapse

Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with access from on-premises locations using Cloud Interconnect connections. Your company must be able to send traffic to Cloud Storage only through the Interconnect links while accessing other Google APIs and services over the public internet. What should you do?

A.
Use the default public domains for all Google APIs and services.
A.
Use the default public domains for all Google APIs and services.
Answers
B.
Use Private Service Connect to access Cloud Storage, and use the default public domains for all other Google APIs and services.
B.
Use Private Service Connect to access Cloud Storage, and use the default public domains for all other Google APIs and services.
Answers
C.
Use Private Google Access, with restricted.googleapis.com virtual IP addresses for Cloud Storage and private.googleapis.com for all other Google APIs and services.
C.
Use Private Google Access, with restricted.googleapis.com virtual IP addresses for Cloud Storage and private.googleapis.com for all other Google APIs and services.
Answers
D.
Use Private Google Access, with private.googleapis.com virtual IP addresses for Cloud Storage and restricted.googleapis.com virtual IP addresses for all other Google APIs and services.
D.
Use Private Google Access, with private.googleapis.com virtual IP addresses for Cloud Storage and restricted.googleapis.com virtual IP addresses for all other Google APIs and services.
Answers
Suggested answer: B

Question 139

Report
Export
Collapse

Your organization has a Google Cloud Virtual Private Cloud (VPC) with subnets in us-east1, us-west4, and europe-west4 that use the default VPC configuration. Employees in a branch office in Europe need to access the resources in the VPC using HA VPN. You configured the HA VPN associated with the Google Cloud VPC for your organization with a Cloud Router deployed in europe-west4. You need to ensure that the users in the branch office can quickly and easily access all resources in the VPC.

What should you do?

A.
Create custom advertised routes for each subnet.
A.
Create custom advertised routes for each subnet.
Answers
B.
Configure each subnet's VPN connections to use Cloud VPN to connect to the branch office.
B.
Configure each subnet's VPN connections to use Cloud VPN to connect to the branch office.
Answers
C.
Configure the VPC dynamic routing mode to Global.
C.
Configure the VPC dynamic routing mode to Global.
Answers
D.
Set the advertised routes to Global for the Cloud Router.
D.
Set the advertised routes to Global for the Cloud Router.
Answers
Suggested answer: C

Question 140

Report
Export
Collapse

Your organization uses a Shared VPC architecture with a host project and three service projects. You have Compute Engine instances that reside in the service projects. You have critical workloads in your on-premises data center. You need to ensure that the Google Cloud instances can resolve onpremises hostnames via the Dedicated Interconnect you deployed to establish hybrid connectivity.

What should you do?

A.
Create a Cloud DNS private forwarding zone in the host project of the Shared VPC that forwards the private zone to the on-premises DNS servers.In your Cloud Router, add a custom route advertisement for the IP 35.199.192.0/19 to the onpremises environment.
A.
Create a Cloud DNS private forwarding zone in the host project of the Shared VPC that forwards the private zone to the on-premises DNS servers.In your Cloud Router, add a custom route advertisement for the IP 35.199.192.0/19 to the onpremises environment.
Answers
B.
Create a Cloud DNS private forwarding zone in the host project of the Shared VPC that forwards the Private zone to the on-premises DNS servers.In your Cloud Router, add a custom route advertisement for the IP 169.254 169.254 to the onpremises environment.
B.
Create a Cloud DNS private forwarding zone in the host project of the Shared VPC that forwards the Private zone to the on-premises DNS servers.In your Cloud Router, add a custom route advertisement for the IP 169.254 169.254 to the onpremises environment.
Answers
C.
Configure a Cloud DNS private zone in the host project of the Shared VPC.Set up DNS forwarding to your Google Cloud private zone on your on-premises DNS servers to point to the inbound forwarder IP address in your host project In your Cloud Router, add a custom route advertisement for the IP 169.254 169 254 to the onpremises environment.
C.
Configure a Cloud DNS private zone in the host project of the Shared VPC.Set up DNS forwarding to your Google Cloud private zone on your on-premises DNS servers to point to the inbound forwarder IP address in your host project In your Cloud Router, add a custom route advertisement for the IP 169.254 169 254 to the onpremises environment.
Answers
D.
Configure a Cloud DNS private zone in the host project of the Shared VPC.Set up DNS forwarding to your Google Cloud private zone on your on-premises DNS servers to point to the inbound forwarder IP address in your host project.Configure a DNS policy in the Shared VPC to allow inbound query forwarding with your on-premises DNS server as the alternative DNS server.
D.
Configure a Cloud DNS private zone in the host project of the Shared VPC.Set up DNS forwarding to your Google Cloud private zone on your on-premises DNS servers to point to the inbound forwarder IP address in your host project.Configure a DNS policy in the Shared VPC to allow inbound query forwarding with your on-premises DNS server as the alternative DNS server.
Answers
Suggested answer: D
Total 215 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms