ExamGecko
Search Search Login
Home Home / Google / Professional Cloud Network Engineer

Google Professional Cloud Network Engineer Practice Test - Questions Answers, Page 22

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs. Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances. Which two products should you incorporate into the solution? (Choose two.)
You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements: All access to your on-premises network must go through the network virtual appliances. Allow on-premises access in the event of a single network virtual appliance failure. Both network virtual appliances must be used simultaneously. Which method should you use to accomplish this?
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed. What is the most likely cause of the problem?
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements: IP ranges for pods and services must be as small as possible. The nodes and the master must not be reachable from the internet. You must be able to use kubectl commands from on-premises subnets to manage the cluster. How should you create the GKE cluster?
You have a storage bucket that contains the following objects: - folder-a/image-a-1.jpg - folder-a/image-a-2.jpg - folder-b/image-b-1.jpg - folder-b/image-b-2.jpg Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands. What should you do?
Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides separate projects for each team and ensure the solution can scale. What should you do?
Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?
You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible, To ease the transition, you decided to use the same architecture as your on-premises network' a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic IS sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

Question 211

Report
Export
Collapse

Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides separate projects for each team. You must also make sure the solution can scale. What should you do?

A.

Configure VPC Network Peering, and peer one of the VPCs to the service project.

A.

Configure VPC Network Peering, and peer one of the VPCs to the service project.

Answers
B.

Configure a Shared VPC, and create a VPC network in the service project.

B.

Configure a Shared VPC, and create a VPC network in the service project.

Answers
C.

Configure a Shared VPC, and create a VPC network in the host project.

C.

Configure a Shared VPC, and create a VPC network in the host project.

Answers
D.

Configure Policy-based Routing for each team.

D.

Configure Policy-based Routing for each team.

Answers
Suggested answer: C

Explanation:

A Shared VPC allows the central networking team to manage the VPC network while individual teams can manage their resources in service projects. This solution provides scalability by allowing for multiple service projects under the same Shared VPC, and it allows the network team to maintain control over the network resources.

Question 212

Report
Export
Collapse

Your organization has a hub and spoke architecture with VPC Network Peering, and hybrid connectivity is centralized at the hub. The Cloud Router in the hub VPC is advertising subnet routes, but the on-premises router does not appear to be receiving any subnet routes from the VPC spokes. You need to resolve this issue. What should you do?

A.

Create custom routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

A.

Create custom routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

Answers
B.

Create custom learned routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

B.

Create custom learned routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

Answers
C.

Create custom routes at the Cloud Router in the spokes to advertise the subnets of the VPC spokes.

C.

Create custom routes at the Cloud Router in the spokes to advertise the subnets of the VPC spokes.

Answers
D.

Create a BGP route policy at the Cloud Router, and ensure the subnets of the VPC spokes are being announced towards the on-premises environment.

D.

Create a BGP route policy at the Cloud Router, and ensure the subnets of the VPC spokes are being announced towards the on-premises environment.

Answers
Suggested answer: D

Explanation:

Creating a BGP route policy at the Cloud Router ensures that the subnets of the VPC spokes are properly advertised to the on-premises environment. This allows the on-premises router to receive and use those routes. Without the correct BGP policies, route advertisement may not happen as expected.

Question 213

Report
Export
Collapse

There are two established Partner Interconnect connections between your on-premises network and Google Cloud. The VPC that hosts the Partner Interconnect connections is named 'vpc-a' and contains three VPC subnets across three regions, Compute Engine instances, and a GKE cluster. Your on-premises users would like to resolve records hosted in a Cloud DNS private zone following Google-recommended practices. You need to implement a solution that allows your on-premises users to resolve records that are hosted in Google Cloud. What should you do?

A.

Associate the private zone to 'vpc-a.' Create an outbound forwarding policy and associate the policy to 'vpc-a.' Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to 'vpc-a.'

A.

Associate the private zone to 'vpc-a.' Create an outbound forwarding policy and associate the policy to 'vpc-a.' Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to 'vpc-a.'

Answers
B.

Configure a DNS proxy service inside one of the GKE clusters. Expose the DNS proxy service in GKE as an internal load balancer. Configure the on-premises DNS servers to forward queries for the private zone to the IP address of the internal load balancer.

B.

Configure a DNS proxy service inside one of the GKE clusters. Expose the DNS proxy service in GKE as an internal load balancer. Configure the on-premises DNS servers to forward queries for the private zone to the IP address of the internal load balancer.

Answers
C.

Use custom route advertisements to announce 169.254.169.254 via BGP to the on-premises environment. Configure the on-premises DNS servers to forward DNS requests to 169.254.169.254.

C.

Use custom route advertisements to announce 169.254.169.254 via BGP to the on-premises environment. Configure the on-premises DNS servers to forward DNS requests to 169.254.169.254.

Answers
D.

Associate the private zone to 'vpc-a.' Create an inbound forwarding policy and associate the policy to 'vpc-a.' Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to 'vpc-a.'

D.

Associate the private zone to 'vpc-a.' Create an inbound forwarding policy and associate the policy to 'vpc-a.' Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to 'vpc-a.'

Answers
Suggested answer: A

Explanation:

Associating the private zone to 'vpc-a' and creating an outbound forwarding policy allows DNS queries to be forwarded from on-premises to Google Cloud DNS. The on-premises DNS servers will forward queries to the entry points created when the forwarding policy was applied to 'vpc-a,' enabling proper name resolution.

Question 214

Report
Export
Collapse

You configured a single IPSec Cloud VPN tunnel for your organization to a third-party customer. You confirmed that the VPN tunnel is established; however, the BGP session status states that BGP is not configured. The customer has provided you with their BGP settings:

Local BGP address: 169.254.11.1/30

Local ASN: 64515

Peer BGP address: 169.254.11.2

Peer ASN: 64517

Base MED: 1000

MD5 Authentication: Disabled

You need to configure the local BGP session for this tunnel based on the settings provided by the customer. You already associated the Cloud Router with the Cloud VPN Tunnel. What settings should you use for the BGP session?

A.

Peer ASN: 64517 Advertised Route Priority (MED): 100 Local BGP IP: 169.254.11.2 Peer BGP IP: 169.254.11.1 MD5 Authentication: Disabled

A.

Peer ASN: 64517 Advertised Route Priority (MED): 100 Local BGP IP: 169.254.11.2 Peer BGP IP: 169.254.11.1 MD5 Authentication: Disabled

Answers
B.

Peer ASN: 64515 Advertised Route Priority (MED): 100 Local BGP IP: 169.254.11.2 Peer BGP IP: 169.254.11.1 MD5 Authentication: Disabled

B.

Peer ASN: 64515 Advertised Route Priority (MED): 100 Local BGP IP: 169.254.11.2 Peer BGP IP: 169.254.11.1 MD5 Authentication: Disabled

Answers
C.

Peer ASN: 64515 Advertised Route Priority (MED): 1000 Local BGP IP: 169.254.11.2 Peer BGP IP: 169.254.11.1 MD5 Authentication: Enabled

C.

Peer ASN: 64515 Advertised Route Priority (MED): 1000 Local BGP IP: 169.254.11.2 Peer BGP IP: 169.254.11.1 MD5 Authentication: Enabled

Answers
D.

Peer ASN: 64515 Advertised Route Priority (MED): 100 Local BGP IP: 169.254.11.1 Peer BGP IP: 169.254.11.2 MD5 Authentication: Disabled

D.

Peer ASN: 64515 Advertised Route Priority (MED): 100 Local BGP IP: 169.254.11.1 Peer BGP IP: 169.254.11.2 MD5 Authentication: Disabled

Answers
Suggested answer: A

Explanation:

The correct configuration requires setting the Peer ASN as 64517 (as this is the ASN of the third-party customer). The local and peer BGP IP addresses should also be set correctly based on the provided information, and MD5 authentication should be disabled. The route priority should be set to 100 to reflect standard behavior.

Question 215

Report
Export
Collapse

Your organization recently exposed a set of services through a global external Application Load Balancer. After conducting some testing, you observed that responses would intermittently yield a non-HTTP 200 response. You need to identify the error. What should you do? (Choose 2 answers)

A.

Delete the load balancer and backend services. Create a new passthrough Network Load Balancer. Configure a failover group of VMs for the backend.

A.

Delete the load balancer and backend services. Create a new passthrough Network Load Balancer. Configure a failover group of VMs for the backend.

Answers
B.

Access a VM in the VPC through SSH and try to access a backend VM directly. If the request is successful from the VM, increase the quantity of backends.

B.

Access a VM in the VPC through SSH and try to access a backend VM directly. If the request is successful from the VM, increase the quantity of backends.

Answers
C.

Enable and review the health check logs. Review the error responses in Cloud Logging.

C.

Enable and review the health check logs. Review the error responses in Cloud Logging.

Answers
D.

Validate the health of the backend service. Enable logging for the backend service and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.

D.

Validate the health of the backend service. Enable logging for the backend service and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.

Answers
E.

Validate the health of the backend service. Enable logging on the load balancer and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.

E.

Validate the health of the backend service. Enable logging on the load balancer and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.

Answers
Suggested answer: C, E

Explanation:

To troubleshoot the intermittent non-HTTP 200 responses, you should enable and review health check logs and log the backend service's responses in Cloud Logging. Reviewing the statusDetails field helps identify the cause of the error. Enabling logging on the load balancer and backend service provides visibility into the issue.


Total 215 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms