ExamGecko
Search Search Login
Home Home / Google / Professional Cloud Network Engineer

Google Professional Cloud Network Engineer Practice Test - Questions Answers, Page 15

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs. Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances. Which two products should you incorporate into the solution? (Choose two.)
You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements: All access to your on-premises network must go through the network virtual appliances. Allow on-premises access in the event of a single network virtual appliance failure. Both network virtual appliances must be used simultaneously. Which method should you use to accomplish this?
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements: IP ranges for pods and services must be as small as possible. The nodes and the master must not be reachable from the internet. You must be able to use kubectl commands from on-premises subnets to manage the cluster. How should you create the GKE cluster?
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed. What is the most likely cause of the problem?
You have a storage bucket that contains the following objects: - folder-a/image-a-1.jpg - folder-a/image-a-2.jpg - folder-b/image-b-1.jpg - folder-b/image-b-2.jpg Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands. What should you do?
Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides separate projects for each team and ensure the solution can scale. What should you do?
Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?
You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible, To ease the transition, you decided to use the same architecture as your on-premises network' a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic IS sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

Question 141

Report
Export
Collapse

Your organization is implementing a new security policy to control how firewall rules are applied to control flows between virtual machines (VMs). Using Google-recommended practices, you need to set up a firewall rule to enforce strict control of traffic between VM A and VM B. You must ensure that communications flow only from VM A to VM B within the VPC, and no other communication paths are allowed. No other firewall rules exist in the VPC. Which firewall rule should you configure to allow only this communication path?

A.
Firewall rule direction: ingressAction: allowTarget: VM B service accountSource ranges: VM A service accountPriority: 1000
A.
Firewall rule direction: ingressAction: allowTarget: VM B service accountSource ranges: VM A service accountPriority: 1000
Answers
B.
Firewall rule direction: ingressAction: allowTarget: specific VM B tagSource ranges: VM A tag and VM A source IP addressPriority: 1000
B.
Firewall rule direction: ingressAction: allowTarget: specific VM B tagSource ranges: VM A tag and VM A source IP addressPriority: 1000
Answers
C.
Firewall rule direction: ingressAction: allowTarget: VM A service accountSource ranges: VM B service account and VM B source IP addressPriority: 100
C.
Firewall rule direction: ingressAction: allowTarget: VM A service accountSource ranges: VM B service account and VM B source IP addressPriority: 100
Answers
D.
Firewall rule direction: ingressAction: allowTarget: specific VM A tagSource ranges: VM B tag and VM B source IP addressPriority: 100
D.
Firewall rule direction: ingressAction: allowTarget: specific VM A tagSource ranges: VM B tag and VM B source IP addressPriority: 100
Answers
Suggested answer: D

Question 142

Report
Export
Collapse

You have configured a service on Google Cloud that connects to an on-premises service via a Dedicated Interconnect. Users are reporting recent connectivity issues. You need to determine whether the traffic is being dropped because of firewall rules or a routing decision. What should you do?

A.
Use the Network Intelligence Center Connectivity Tests to test the connectivity between the VPC and the on-premises network.
A.
Use the Network Intelligence Center Connectivity Tests to test the connectivity between the VPC and the on-premises network.
Answers
B.
Use Network Intelligence Center Network Topology to check the traffic flow, and replay the traffic from the time period when the connectivity issue occurred.
B.
Use Network Intelligence Center Network Topology to check the traffic flow, and replay the traffic from the time period when the connectivity issue occurred.
Answers
C.
Configure VPC Flow Logs. Review the logs by filtering on the source and destination.
C.
Configure VPC Flow Logs. Review the logs by filtering on the source and destination.
Answers
D.
Configure a Compute Engine instance on the same VPC as the service running on Google Cloud to run a traceroute targeted at the on-premises service.
D.
Configure a Compute Engine instance on the same VPC as the service running on Google Cloud to run a traceroute targeted at the on-premises service.
Answers
Suggested answer: B

Question 143

Report
Export
Collapse

You are configuring a new HTTP application that will be exposed externally behind both IPv4 and IPv6virtual IP addresses, using ports 80, 8080, and 443. You will have backends in two regions: us-west1and us-east1. You want to serve the content with the lowest-possible latency while ensuring highavailability and autoscaling, and create native content-based rules using the HTTP hostname andrequest path. The IP addresses of the clients that connect to the load balancer need to be visible tothe backends. Which configuration should you use?

A.
Use Network Load Balancing
A.
Use Network Load Balancing
Answers
B.
Use TCP Proxy Load Balancing with PROXY protocol enabled
B.
Use TCP Proxy Load Balancing with PROXY protocol enabled
Answers
C.
Use External HTTP(S) Load Balancing with URL Maps and custom headers
C.
Use External HTTP(S) Load Balancing with URL Maps and custom headers
Answers
D.
Use External HTTP(S) Load Balancing with URL Maps and an X-Forwarded-For header
D.
Use External HTTP(S) Load Balancing with URL Maps and an X-Forwarded-For header
Answers
Suggested answer: D

Question 144

Report
Export
Collapse

You need to define an address plan for a future new Google Kubernetes Engine (GKE) cluster in your Virtual Private Cloud (VPC). This will be a VPC-native cluster, and the default Pod IP range allocation will be used. You must pre-provision all the needed VPC subnets and their respective IP address ranges before cluster creation. The cluster will initially have a single node, but it will be scaled to a maximum of three nodes if necessary. You want to allocate the minimum number of Pod IP addresses. Which subnet mask should you use for the Pod IP address range?

A.
/21
A.
/21
Answers
B.
/22
B.
/22
Answers
C.
/23
C.
/23
Answers
D.
/25
D.
/25
Answers
Suggested answer: A

Question 145

Report
Export
Collapse

You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?

A.
Order a Dedicated Interconnect connection in the same metropolitan area. Create a VLAN attachment, a Cloud Router in us-west1, and a Border Gateway Protocol (BGP) session between your Cloud Router and your router.
A.
Order a Dedicated Interconnect connection in the same metropolitan area. Create a VLAN attachment, a Cloud Router in us-west1, and a Border Gateway Protocol (BGP) session between your Cloud Router and your router.
Answers
B.
Order a Direct Peering connection in the same metropolitan area. Configure a Border Gateway Protocol (BGP) session between Google and your router.
B.
Order a Direct Peering connection in the same metropolitan area. Configure a Border Gateway Protocol (BGP) session between Google and your router.
Answers
C.
Configure HA VPN in us-west1. Configure a Border Gateway Protocol (BGP) session between your Cloud Router and your on-premises data center.
C.
Configure HA VPN in us-west1. Configure a Border Gateway Protocol (BGP) session between your Cloud Router and your on-premises data center.
Answers
D.
Order a Carrier Peering connection in the same metropolitan area. Configure a Border Gateway Protocol (BGP) session between Google and your router.
D.
Order a Carrier Peering connection in the same metropolitan area. Configure a Border Gateway Protocol (BGP) session between Google and your router.
Answers
Suggested answer: B

Question 146

Report
Export
Collapse

You suspect that one of the virtual machines (VMs) in your default Virtual Private Cloud (VPC) is under a denial-of-service attack. You need to analyze the incoming traffic for the VM to understand where the traffic is coming from. What should you do?

A.
Enable Data Access audit logs of the VPC. Analyze the logs and get the source IP addresses from the subnetworks.get field.
A.
Enable Data Access audit logs of the VPC. Analyze the logs and get the source IP addresses from the subnetworks.get field.
Answers
B.
Enable VPC Flow Logs for the subnet. Analyze the logs and get the source IP addresses from the connection field.
B.
Enable VPC Flow Logs for the subnet. Analyze the logs and get the source IP addresses from the connection field.
Answers
C.
Enable VPC Flow Logs for the VPC. Analyze the logs and get the source IP addresses from the src_location field.
C.
Enable VPC Flow Logs for the VPC. Analyze the logs and get the source IP addresses from the src_location field.
Answers
D.
Enable Data Access audit logs of the subnet. Analyze the logs and get the source IP addresses from the networks.get field.
D.
Enable Data Access audit logs of the subnet. Analyze the logs and get the source IP addresses from the networks.get field.
Answers
Suggested answer: B

Question 147

Report
Export
Collapse

You are responsible for configuring firewall policies for your company in Google Cloud. Your security team has a strict set of requirements that must be met to configure firewall rules.

Always allow Secure Shell (SSH) from your corporate IP address.

Restrict SSH access from all other IP addresses.

There are multiple projects and VPCs in your Google Cloud organization. You need to ensure that other VPC firewall rules cannot bypass the security team's requirements. What should you do?

A.
Configure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 0.Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 1.
A.
Configure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 0.Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 1.
Answers
B.
Configure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 0.Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 1.
B.
Configure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 0.Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 1.
Answers
C.
Configure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 1.Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 0.
C.
Configure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 1.Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 0.
Answers
D.
Configure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 1 Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 0.
D.
Configure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 1 Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 0.
Answers
Suggested answer: A

Question 148

Report
Export
Collapse

You are designing a new application that has backends internally exposed on port 800. The application will be exposed externally using both IPv4 and IPv6 via TCP on port 700. You want to ensure high availability for this application. What should you do?

A.
Create a network load balancer that used backend services containing one instance group with two instances.
A.
Create a network load balancer that used backend services containing one instance group with two instances.
Answers
B.
Create a network load balancer that uses a target pool backend with two instances.
B.
Create a network load balancer that uses a target pool backend with two instances.
Answers
C.
Create a TCP proxy that uses a zonal network endpoint group containing one instance.
C.
Create a TCP proxy that uses a zonal network endpoint group containing one instance.
Answers
D.
Create a TCP proxy that uses backend services containing an instance group with two instances.
D.
Create a TCP proxy that uses backend services containing an instance group with two instances.
Answers
Suggested answer: D

Question 149

Report
Export
Collapse

You work for a university that is migrating to Google Cloud.

These are the cloud requirements:

On-premises connectivity with 10 Gbps

Lowest latency access to the cloud

Centralized Networking Administration Team

New departments are asking for on-premises connectivity to their projects. You want to deploy the most cost-efficient interconnect solution for connecting the campus to Google Cloud.

What should you do?

A.
Use Shared VPC, and deploy the VLAN attachments and Dedicated Interconnect in the host project.
A.
Use Shared VPC, and deploy the VLAN attachments and Dedicated Interconnect in the host project.
Answers
B.
Use Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.
B.
Use Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.
Answers
C.
Use standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Dedicated Interconnects.
C.
Use standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Dedicated Interconnects.
Answers
D.
Use standalone projects and deploy the VLAN attachments and Dedicated Interconnects in each of the individual projects.
D.
Use standalone projects and deploy the VLAN attachments and Dedicated Interconnects in each of the individual projects.
Answers
Suggested answer: A

Question 150

Report
Export
Collapse

You have several microservices running in a private subnet in an existing Virtual Private Cloud (VPC).

You need to create additional serverless services that use Cloud Run and Cloud Functions to access the microservices. The network traffic volume between your serverless services and private microservices is low. However, each serverless service must be able to communicate with any of your microservices. You want to implement a solution that minimizes cost. What should you do?

A.
Deploy your serverless services to the serverless VPC. Peer the serverless service VPC to the existing VPC. Configure firewall rules to allow traffic between the serverless services and your existing microservices.
A.
Deploy your serverless services to the serverless VPC. Peer the serverless service VPC to the existing VPC. Configure firewall rules to allow traffic between the serverless services and your existing microservices.
Answers
B.
Create a serverless VPC access connector for each serverless service. Configure the connectors to allow traffic between the serverless services and your existing microservices.
B.
Create a serverless VPC access connector for each serverless service. Configure the connectors to allow traffic between the serverless services and your existing microservices.
Answers
C.
Deploy your serverless services to the existing VPC. Configure firewall rules to allow traffic between the serverless services and your existing microservices.
C.
Deploy your serverless services to the existing VPC. Configure firewall rules to allow traffic between the serverless services and your existing microservices.
Answers
D.
Create a serverless VPC access connector. Configure the serverless service to use the connector for communication to the microservices.
D.
Create a serverless VPC access connector. Configure the serverless service to use the connector for communication to the microservices.
Answers
Suggested answer: D
Total 215 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms