Google Professional Cloud Network Engineer Practice Test - Questions Answers, Page 3
List of questions
Related questions
Question 21
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You are increasing your usage of Cloud VPN between on-premises and GCP, and you want to support more traffic than a single tunnel can handle. You want to increase the available bandwidth using Cloud VPN.
What should you do?
Explanation:
https://cloud.google.com/network-connectivity/docs/vpn/concepts/classic-topologies#redundancyoptions
Question 22
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in your zone.
What should you do?
Explanation:
Before disabling DNSSEC for a managed zone you want to use, you must deactivate DNSSEC at your domain registrar to ensure that DNSSEC-validating resolvers can still resolve names in the zone.
Question 23
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic listed.
During troubleshooting you find:
• Flow logs are enabled for the VPC subnet, and all firewall rules are set to log.
• The subnetwork logs are not excluded from Stackdriver.
• The instance that is hosting the application can communicate outside the subnet.
• Other instances within the subnet can communicate outside the subnet.
• The external resource initiates communication.
What is the most likely cause of the missing log lines?
Question 24
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content.
Compression is configured on the web servers, but responses served by Cloud CDN are not compressed.
What is the most likely cause of the problem?
Explanation:
If responses served by Cloud CDN are not compressed but should be, check that the web server software running on your instances is configured to compress responses. By default, some web server software will automatically disable compression for requests that include a Via header. The presence of a Via header indicates the request was forwarded by a proxy. HTTP proxies such as HTTP(S) load balancing add a Via header to each request as required by the HTTP specification. To enable compression, you may have to override your web server's default configuration to tell it to compress responses even if the request had a Via header.
Question 25
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have a web application that is currently hosted in the us-central1 region. Users experience high latency when traveling in Asi a. You've configured a network load balancer, but users have not experienced a performance improvement.
You want to decrease the latency.
What should you do?
Question 26
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage. You want to ensure that none of the application instances have external IP addresses.
Which two methods can you use to accomplish this? (Choose two.)
Explanation:
https://cloud.google.com/nat/docs/overview#interaction-pga Specifications
https://cloud.google.com/vpc/docs/configure-private-google-access#specifications
Question 27
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You are designing a shared VPC architecture. Your network and security team has strict controls over which routes are exposed between departments. Your Production and Staging departments can communicate with each other, but only via specific networks. You want to follow Googlerecommended practices.
How should you design this topology?
Question 28
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible.
What should you do?
Question 29
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You converted an auto mode VPC network to custom mode. Since the conversion, some of your Cloud Deployment Manager templates are no longer working. You want to resolve the problem.
What should you do?
Question 30
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have recently been put in charge of managing identity and access management for your organization. You have several projects and want to use scripting and automation wherever possible.
You want to grant the editor role to a project member.
Which two methods can you use to accomplish this? (Choose two.)
Question