ExamGecko
Login
Ask Question

Google Professional Cloud Network Engineer Practice Test - Questions Answers, Page 3

List of questions

Question 21

Report
Export
Collapse

You are increasing your usage of Cloud VPN between on-premises and GCP, and you want to support more traffic than a single tunnel can handle. You want to increase the available bandwidth using Cloud VPN.

What should you do?

Double the MTU on your on-premises VPN gateway from 1460 bytes to 2920 bytes.
Double the MTU on your on-premises VPN gateway from 1460 bytes to 2920 bytes.
Create two VPN tunnels on the same Cloud VPN gateway that point to the same destination VPN gateway IP address.
Create two VPN tunnels on the same Cloud VPN gateway that point to the same destination VPN gateway IP address.
Add a second on-premises VPN gateway with a different public IP address. Create a second tunnel on the existing Cloud VPN gateway that forwards the same IP range, but points at the new onpremises gateway IP.
Add a second on-premises VPN gateway with a different public IP address. Create a second tunnel on the existing Cloud VPN gateway that forwards the same IP range, but points at the new onpremises gateway IP.
Add a second Cloud VPN gateway in a different region than the existing VPN gateway. Create a new tunnel on the second Cloud VPN gateway that forwards the same IP range, but points to the existing on-premises VPN gateway IP address.
Add a second Cloud VPN gateway in a different region than the existing VPN gateway. Create a new tunnel on the second Cloud VPN gateway that forwards the same IP range, but points to the existing on-premises VPN gateway IP address.
Suggested answer: C

Explanation:

https://cloud.google.com/network-connectivity/docs/vpn/concepts/classic-topologies#redundancyoptions

asked 18/09/2024
Nora Daniels
36 questions

Question 22

Report
Export
Collapse

You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in your zone.

What should you do?

Update the TTL for the zone.
Update the TTL for the zone.
Set the zone to the TRANSFER state.
Set the zone to the TRANSFER state.
Disable DNSSEC at your domain registar.
Disable DNSSEC at your domain registar.
Transfer ownership of the domain to a new registar.
Transfer ownership of the domain to a new registar.
Suggested answer: C

Explanation:

Before disabling DNSSEC for a managed zone you want to use, you must deactivate DNSSEC at your domain registrar to ensure that DNSSEC-validating resolvers can still resolve names in the zone.

asked 18/09/2024
disserto management gmbh
44 questions

Question 23

Report
Export
Collapse

You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic listed.

During troubleshooting you find:

• Flow logs are enabled for the VPC subnet, and all firewall rules are set to log.

• The subnetwork logs are not excluded from Stackdriver.

• The instance that is hosting the application can communicate outside the subnet.

• Other instances within the subnet can communicate outside the subnet.

• The external resource initiates communication.

What is the most likely cause of the missing log lines?

The traffic is matching the expected ingress rule.
The traffic is matching the expected ingress rule.
The traffic is matching the expected egress rule.
The traffic is matching the expected egress rule.
The traffic is not matching the expected ingress rule.
The traffic is not matching the expected ingress rule.
The traffic is not matching the expected egress rule.
The traffic is not matching the expected egress rule.
Suggested answer: C
asked 18/09/2024
carlos soto
36 questions

Question 24

Report
Export
Collapse

You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content.

Compression is configured on the web servers, but responses served by Cloud CDN are not compressed.

What is the most likely cause of the problem?

You have not configured compression in Cloud CDN.
You have not configured compression in Cloud CDN.
You have configured the web servers and Cloud CDN with different compression types.
You have configured the web servers and Cloud CDN with different compression types.
The web servers behind the load balancer are configured with different compression types.
The web servers behind the load balancer are configured with different compression types.
You have to configure the web servers to compress responses even if the request has a Via header.
You have to configure the web servers to compress responses even if the request has a Via header.
Suggested answer: D

Explanation:

If responses served by Cloud CDN are not compressed but should be, check that the web server software running on your instances is configured to compress responses. By default, some web server software will automatically disable compression for requests that include a Via header. The presence of a Via header indicates the request was forwarded by a proxy. HTTP proxies such as HTTP(S) load balancing add a Via header to each request as required by the HTTP specification. To enable compression, you may have to override your web server's default configuration to tell it to compress responses even if the request had a Via header.

asked 18/09/2024
Charles Smith
44 questions

Question 25

Report
Export
Collapse

You have a web application that is currently hosted in the us-central1 region. Users experience high latency when traveling in Asi a. You've configured a network load balancer, but users have not experienced a performance improvement.

You want to decrease the latency.

What should you do?

Configure a policy-based route rule to prioritize the traffic.
Configure a policy-based route rule to prioritize the traffic.
Configure an HTTP load balancer, and direct the traffic to it.
Configure an HTTP load balancer, and direct the traffic to it.
Configure Dynamic Routing for the subnet hosting the application.
Configure Dynamic Routing for the subnet hosting the application.
Configure the TTL for the DNS zone to decrease the time between updates.
Configure the TTL for the DNS zone to decrease the time between updates.
Suggested answer: B
asked 18/09/2024
Scott Wells
38 questions

Question 26

Report
Export
Collapse

You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage. You want to ensure that none of the application instances have external IP addresses.

Which two methods can you use to accomplish this? (Choose two.)

Enable Private Google Access on all the subnets.
Enable Private Google Access on all the subnets.
Enable Private Google Access on the VPC.
Enable Private Google Access on the VPC.
Enable Private Services Access on the VPC.
Enable Private Services Access on the VPC.
Create network peering between your VPC and BigQuery.
Create network peering between your VPC and BigQuery.
Create a Cloud NAT, and route the application traffic via NAT gateway.
Create a Cloud NAT, and route the application traffic via NAT gateway.
Suggested answer: A, E

Explanation:

https://cloud.google.com/nat/docs/overview#interaction-pga Specifications

https://cloud.google.com/vpc/docs/configure-private-google-access#specifications

asked 18/09/2024
Lea Kohl
46 questions

Question 27

Report
Export
Collapse

You are designing a shared VPC architecture. Your network and security team has strict controls over which routes are exposed between departments. Your Production and Staging departments can communicate with each other, but only via specific networks. You want to follow Googlerecommended practices.

How should you design this topology?

Create 2 shared VPCs within the shared VPC Host Project, and enable VPC peering between them.Use firewall rules to filter access between the specific networks.
Create 2 shared VPCs within the shared VPC Host Project, and enable VPC peering between them.Use firewall rules to filter access between the specific networks.
Create 2 shared VPCs within the shared VPC Host Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
Create 2 shared VPCs within the shared VPC Host Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
Create 2 shared VPCs within the shared VPC Service Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
Create 2 shared VPCs within the shared VPC Service Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
Create 1 VPC within the shared VPC Host Project, and share individual subnets with the Service Projects to filter access between the specific networks.
Create 1 VPC within the shared VPC Host Project, and share individual subnets with the Service Projects to filter access between the specific networks.
Suggested answer: D
asked 18/09/2024
Steven Owens
36 questions

Question 28

Report
Export
Collapse

You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible.

What should you do?

Grant the compute.instanceAdmin to your user account.
Grant the compute.instanceAdmin to your user account.
Grant the iam.serviceAccountUser to your user account.
Grant the iam.serviceAccountUser to your user account.
Grant the read-only privilege to the service account for the Cloud Storage bucket.
Grant the read-only privilege to the service account for the Cloud Storage bucket.
Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.
Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.
Suggested answer: C
asked 18/09/2024
George Weine Paulino Chaves
48 questions

Question 29

Report
Export
Collapse

You converted an auto mode VPC network to custom mode. Since the conversion, some of your Cloud Deployment Manager templates are no longer working. You want to resolve the problem.

What should you do?

Apply an additional IAM role to the Google API's service account to allow custom mode networks.
Apply an additional IAM role to the Google API's service account to allow custom mode networks.
Update the VPC firewall to allow the Cloud Deployment Manager to access the custom mode networks.
Update the VPC firewall to allow the Cloud Deployment Manager to access the custom mode networks.
Explicitly reference the custom mode networks in the Cloud Armor whitelist.
Explicitly reference the custom mode networks in the Cloud Armor whitelist.
Explicitly reference the custom mode networks in the Deployment Manager templates.
Explicitly reference the custom mode networks in the Deployment Manager templates.
Suggested answer: D
asked 18/09/2024
Olga Trofimova
34 questions

Question 30

Report
Export
Collapse

You have recently been put in charge of managing identity and access management for your organization. You have several projects and want to use scripting and automation wherever possible.

You want to grant the editor role to a project member.

Which two methods can you use to accomplish this? (Choose two.)

GetIamPolicy() via REST API
GetIamPolicy() via REST API
setIamPolicy() via REST API
setIamPolicy() via REST API
gcloud pubsub add-iam-policy-binding Sprojectname --member user:Susername --role roles/editor
gcloud pubsub add-iam-policy-binding Sprojectname --member user:Susername --role roles/editor
gcloud projects add-iam-policy-binding Sprojectname --member user:Susername --role roles/editor
gcloud projects add-iam-policy-binding Sprojectname --member user:Susername --role roles/editor
Enter an email address in the Add members field, and select the desired role from the drop-down menu in the GCP Console.
Enter an email address in the Add members field, and select the desired role from the drop-down menu in the GCP Console.
Suggested answer: D, E
asked 18/09/2024
Marco Romani
37 questions
Total 215 questions
Go to page: of 22
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs. Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements: IP ranges for pods and services must be as small as possible. The nodes and the master must not be reachable from the internet. You must be able to use kubectl commands from on-premises subnets to manage the cluster. How should you create the GKE cluster?
You are troubleshooting an application in your organization's Google Cloud network that is not functioning as expected. You suspect that packets are getting lost somewhere. The application sends packets intermittently at a low volume from a Compute Engine VM to a destination on your on-premises network through a pair of Cloud Interconnect VLAN attachments. You validated that the Cloud Next Generation Firewall (Cloud NGFW) rules do not have any deny statements blocking egress traffic, and you do not have any explicit allow rules. Following Google-recommended practices, you need to analyze the flow to see if packets are being sent correctly out of the VM to isolate the issue. What should you do?
Your organization has Compute Engine instances in us-east1, us-west2, and us-central1. Your organization also has an existing Cloud Interconnect physical connection in the East Coast of the United States with a single VLAN attachment and Cloud Router in us-east1. You need to provide a design with high availability and ensure that if a region goes down, you still have access to all your other Virtual Private Cloud (VPC) subnets. You need to accomplish this in the most cost-effective manner possible. What should you do?
You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances. Which two products should you incorporate into the solution? (Choose two.)
You need to configure the Border Gateway Protocol (BGP) session for a VPN tunnel you just created between two Google Cloud VPCs, 10.1.0.0/16 and 172.16.0.0/16. You have a Cloud Router (router-1) in the 10.1.0.0/16 network and a second Cloud Router (router-2) in the 172.16.0.0/16 network. Which configuration should you use for the BGP session?
You have a storage bucket that contains the following objects: - folder-a/image-a-1.jpg - folder-a/image-a-2.jpg - folder-b/image-b-1.jpg - folder-b/image-b-2.jpg Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands. What should you do?
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed. What is the most likely cause of the problem?
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements: All access to your on-premises network must go through the network virtual appliances. Allow on-premises access in the event of a single network virtual appliance failure. Both network virtual appliances must be used simultaneously. Which method should you use to accomplish this?