ExamGecko
Login
Ask Question

Google Professional Cloud Network Engineer Practice Test - Questions Answers, Page 5

List of questions

Question 41

Report
Export
Collapse

You want to configure load balancing for an internet-facing, standard voice-over-IP (VOIP) application.

Which type of load balancer should you use?

HTTP(S) load balancer
HTTP(S) load balancer
Network load balancer
Network load balancer
Internal TCP/UDP load balancer
Internal TCP/UDP load balancer
TCP/SSL proxy load balancer
TCP/SSL proxy load balancer
Suggested answer: B
asked 18/09/2024
Gerson Rodrigo Menendez
36 questions

Question 42

Report
Export
Collapse

You want to configure a NAT to perform address translation between your on-premises network blocks and GCP.

Which NAT solution should you use?

Cloud NAT
Cloud NAT
An instance with IP forwarding enabled
An instance with IP forwarding enabled
An instance configured with iptables DNAT rules
An instance configured with iptables DNAT rules
An instance configured with iptables SNAT rules
An instance configured with iptables SNAT rules
Suggested answer: A
asked 18/09/2024
Chun Yin Lau
44 questions

Question 43

Report
Export
Collapse

You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.

What should you do?

Upload your public ssh key to the project Metadata.
Upload your public ssh key to the project Metadata.
Upload your public ssh key to each instance Metadata.
Upload your public ssh key to each instance Metadata.
Create a custom Google Compute Engine image with your public ssh key embedded.
Create a custom Google Compute Engine image with your public ssh key embedded.
Use gcloud compute ssh to automatically copy your public ssh key to the instance.
Use gcloud compute ssh to automatically copy your public ssh key to the instance.
Suggested answer: A

Explanation:

Overview By creating and managing SSH keys, you can let users access a Linux instance through thirdparty tools. An SSH key consists of the following files: A public SSH key file that is applied to instancelevel metadata or project-wide metadata. A private SSH key file that the user stores on their local devices. If a user presents their private SSH key, they can use a third-party tool to connect to any instance that is configured with the matching public SSH key file, even if they aren't a member of your Google Cloud project. Therefore, you can control which instances a user can access by changing the public SSH key metadata for one or more instances.

https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#addkey

asked 18/09/2024
Styliani Simoiridou
43 questions

Question 44

Report
Export
Collapse

In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.

What should you do?

Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance- A's network. Configure the appropriate routes to force traffic through to instance-A.
Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance- A's network. Configure the appropriate routes to force traffic through to instance-A.
Suggested answer: B
asked 18/09/2024
Grant Richardson
32 questions

Question 45

Report
Export
Collapse

You create a Google Kubernetes Engine private cluster and want to use kubectl to get the status of the pods. In one of your instances you notice the master is not responding, even though the cluster is up and running.

What should you do to solve the problem?

Assign a public IP address to the instance.
Assign a public IP address to the instance.
Create a route to reach the Master, pointing to the default internet gateway.
Create a route to reach the Master, pointing to the default internet gateway.
Create the appropriate firewall policy in the VPC to allow traffic from Master node IP address to the instance.
Create the appropriate firewall policy in the VPC to allow traffic from Master node IP address to the instance.
Create the appropriate master authorized network entries to allow the instance to communicate to the master.
Create the appropriate master authorized network entries to allow the instance to communicate to the master.
Suggested answer: D

Explanation:

https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#cant_reach_cluster

https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks

asked 18/09/2024
Medard Vedasto
38 questions

Question 46

Report
Export
Collapse

Your company has a security team that manages firewalls and SSL certificates. It also has a networking team that manages the networking resources. The networking team needs to be able to read firewall rules, but should not be able to create, modify, or delete them.

How should you set up permissions for the networking team?

Assign members of the networking team the compute.networkUser role.
Assign members of the networking team the compute.networkUser role.
Assign members of the networking team the compute.networkAdmin role.
Assign members of the networking team the compute.networkAdmin role.
Assign members of the networking team a custom role with only the compute.networks.* and the compute.firewalls.list permissions.
Assign members of the networking team a custom role with only the compute.networks.* and the compute.firewalls.list permissions.
Assign members of the networking team the compute.networkViewer role, and add the compute.networks.use permission.
Assign members of the networking team the compute.networkViewer role, and add the compute.networks.use permission.
Suggested answer: B
asked 18/09/2024
Paul Hackett
38 questions

Question 47

Report
Export
Collapse

You have created an HTTP(S) load balanced service. You need to verify that your backend instancesare responding properly.

How should you configure the health check?

Set request-path to a specific URL used for health checking, and set proxy-header to PROXY_V1.
Set request-path to a specific URL used for health checking, and set proxy-header to PROXY_V1.
Set request-path to a specific URL used for health checking, and set host to include a custom host header that identifies the health check.
Set request-path to a specific URL used for health checking, and set host to include a custom host header that identifies the health check.
Set request-path to a specific URL used for health checking, and set response to a string that the backend service will always return in the response body.
Set request-path to a specific URL used for health checking, and set response to a string that the backend service will always return in the response body.
Set proxy-header to the default value, and set host to include a custom host header that identifies the health check.
Set proxy-header to the default value, and set host to include a custom host header that identifies the health check.
Suggested answer: C

Explanation:

https://cloud.google.com/load-balancing/docs/health-check-concepts#contentbased_health_checks

asked 18/09/2024
Jeremiah Hutchins
45 questions

Question 48

Report
Export
Collapse

You need to give each member of your network operations team least-privilege access to create, modify, and delete Cloud Interconnect VLAN attachments.

What should you do?

Assign each user the editor role.
Assign each user the editor role.
Assign each user the compute.networkAdmin role.
Assign each user the compute.networkAdmin role.
Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get.
Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get.
Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get, compute.routers.create, compute.routers.get, compute.routers.update.
Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get, compute.routers.create, compute.routers.get, compute.routers.update.
Suggested answer: D

Explanation:

https://cloud.google.com/interconnect/docs/how-to/dedicated/creating-vlan-attachments

asked 18/09/2024
Rob Versteeg
36 questions

Question 49

Report
Export
Collapse

You have an application that is running in a managed instance group. Your development team has released an updated instance template which contains a new feature which was not heavily tested.

You want to minimize impact to users if there is a bug in the new template.

How should you update your instances?

Manually patch some of the instances, and then perform a rolling restart on the instance group.
Manually patch some of the instances, and then perform a rolling restart on the instance group.
Using the new instance template, perform a rolling update across all instances in the instance group. Verify the new feature once the rollout completes.
Using the new instance template, perform a rolling update across all instances in the instance group. Verify the new feature once the rollout completes.
Deploy a new instance group and canary the updated template in that group. Verify the new feature in the new canary instance group, and then update the original instance group.
Deploy a new instance group and canary the updated template in that group. Verify the new feature in the new canary instance group, and then update the original instance group.
Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new template. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.
Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new template. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.
Suggested answer: D

Explanation:

https://cloud.google.com/compute/docs/instance-groups/rolling-out-updates-to-managed-instancegroups#starting_a_canary_update

https://cloud.google.com/compute/docs/instance-groups/rolling-out-updates-to-managed-instancegroups

asked 18/09/2024
Antonio Pombo
30 questions

Question 50

Report
Export
Collapse

You have deployed a proof-of-concept application by manually placing instances in a single Compute Engine zone. You are now moving the application to production, so you need to increase your application availability and ensure it can autoscale.

How should you provision your instances?

Create a single managed instance group, specify the desired region, and select Multiple zones for the location.
Create a single managed instance group, specify the desired region, and select Multiple zones for the location.
Create a managed instance group for each region, select Single zone for the location, and manually distribute instances across the zones in that region.
Create a managed instance group for each region, select Single zone for the location, and manually distribute instances across the zones in that region.
Create an unmanaged instance group in a single zone, and then create an HTTP load balancer forthe instance group.
Create an unmanaged instance group in a single zone, and then create an HTTP load balancer forthe instance group.
Create an unmanaged instance group for each zone, and manually distribute the instances across the desired zones.
Create an unmanaged instance group for each zone, and manually distribute the instances across the desired zones.
Suggested answer: A

Explanation:

https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances

asked 18/09/2024
Flora Hundal
32 questions
Total 215 questions
Go to page: of 22
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs. Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements: IP ranges for pods and services must be as small as possible. The nodes and the master must not be reachable from the internet. You must be able to use kubectl commands from on-premises subnets to manage the cluster. How should you create the GKE cluster?
You are troubleshooting an application in your organization's Google Cloud network that is not functioning as expected. You suspect that packets are getting lost somewhere. The application sends packets intermittently at a low volume from a Compute Engine VM to a destination on your on-premises network through a pair of Cloud Interconnect VLAN attachments. You validated that the Cloud Next Generation Firewall (Cloud NGFW) rules do not have any deny statements blocking egress traffic, and you do not have any explicit allow rules. Following Google-recommended practices, you need to analyze the flow to see if packets are being sent correctly out of the VM to isolate the issue. What should you do?
Your organization has Compute Engine instances in us-east1, us-west2, and us-central1. Your organization also has an existing Cloud Interconnect physical connection in the East Coast of the United States with a single VLAN attachment and Cloud Router in us-east1. You need to provide a design with high availability and ensure that if a region goes down, you still have access to all your other Virtual Private Cloud (VPC) subnets. You need to accomplish this in the most cost-effective manner possible. What should you do?
You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances. Which two products should you incorporate into the solution? (Choose two.)
You need to configure the Border Gateway Protocol (BGP) session for a VPN tunnel you just created between two Google Cloud VPCs, 10.1.0.0/16 and 172.16.0.0/16. You have a Cloud Router (router-1) in the 10.1.0.0/16 network and a second Cloud Router (router-2) in the 172.16.0.0/16 network. Which configuration should you use for the BGP session?
You have a storage bucket that contains the following objects: - folder-a/image-a-1.jpg - folder-a/image-a-2.jpg - folder-b/image-b-1.jpg - folder-b/image-b-2.jpg Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands. What should you do?
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed. What is the most likely cause of the problem?
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements: All access to your on-premises network must go through the network virtual appliances. Allow on-premises access in the event of a single network virtual appliance failure. Both network virtual appliances must be used simultaneously. Which method should you use to accomplish this?