ExamGecko
Search Search Login
Home Home / Google / Professional Cloud Network Engineer

Google Professional Cloud Network Engineer Practice Test - Questions Answers, Page 5

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs. Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances. Which two products should you incorporate into the solution? (Choose two.)
You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements: All access to your on-premises network must go through the network virtual appliances. Allow on-premises access in the event of a single network virtual appliance failure. Both network virtual appliances must be used simultaneously. Which method should you use to accomplish this?
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed. What is the most likely cause of the problem?
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements: IP ranges for pods and services must be as small as possible. The nodes and the master must not be reachable from the internet. You must be able to use kubectl commands from on-premises subnets to manage the cluster. How should you create the GKE cluster?
You have a storage bucket that contains the following objects: - folder-a/image-a-1.jpg - folder-a/image-a-2.jpg - folder-b/image-b-1.jpg - folder-b/image-b-2.jpg Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands. What should you do?
Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides separate projects for each team and ensure the solution can scale. What should you do?
Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?
You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible, To ease the transition, you decided to use the same architecture as your on-premises network' a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic IS sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

Question 41

Report
Export
Collapse

You want to configure load balancing for an internet-facing, standard voice-over-IP (VOIP) application.

Which type of load balancer should you use?

A.
HTTP(S) load balancer
A.
HTTP(S) load balancer
Answers
B.
Network load balancer
B.
Network load balancer
Answers
C.
Internal TCP/UDP load balancer
C.
Internal TCP/UDP load balancer
Answers
D.
TCP/SSL proxy load balancer
D.
TCP/SSL proxy load balancer
Answers
Suggested answer: B

Question 42

Report
Export
Collapse

You want to configure a NAT to perform address translation between your on-premises network blocks and GCP.

Which NAT solution should you use?

A.
Cloud NAT
A.
Cloud NAT
Answers
B.
An instance with IP forwarding enabled
B.
An instance with IP forwarding enabled
Answers
C.
An instance configured with iptables DNAT rules
C.
An instance configured with iptables DNAT rules
Answers
D.
An instance configured with iptables SNAT rules
D.
An instance configured with iptables SNAT rules
Answers
Suggested answer: A

Question 43

Report
Export
Collapse

You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.

What should you do?

A.
Upload your public ssh key to the project Metadata.
A.
Upload your public ssh key to the project Metadata.
Answers
B.
Upload your public ssh key to each instance Metadata.
B.
Upload your public ssh key to each instance Metadata.
Answers
C.
Create a custom Google Compute Engine image with your public ssh key embedded.
C.
Create a custom Google Compute Engine image with your public ssh key embedded.
Answers
D.
Use gcloud compute ssh to automatically copy your public ssh key to the instance.
D.
Use gcloud compute ssh to automatically copy your public ssh key to the instance.
Answers
Suggested answer: A

Explanation:

Overview By creating and managing SSH keys, you can let users access a Linux instance through thirdparty tools. An SSH key consists of the following files: A public SSH key file that is applied to instancelevel metadata or project-wide metadata. A private SSH key file that the user stores on their local devices. If a user presents their private SSH key, they can use a third-party tool to connect to any instance that is configured with the matching public SSH key file, even if they aren't a member of your Google Cloud project. Therefore, you can control which instances a user can access by changing the public SSH key metadata for one or more instances.

https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#addkey

Question 44

Report
Export
Collapse

In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.

What should you do?

A.
Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
A.
Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
Answers
B.
Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
B.
Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
Answers
C.
Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
C.
Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
Answers
D.
Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance- A's network. Configure the appropriate routes to force traffic through to instance-A.
D.
Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance- A's network. Configure the appropriate routes to force traffic through to instance-A.
Answers
Suggested answer: B

Question 45

Report
Export
Collapse

You create a Google Kubernetes Engine private cluster and want to use kubectl to get the status of the pods. In one of your instances you notice the master is not responding, even though the cluster is up and running.

What should you do to solve the problem?

A.
Assign a public IP address to the instance.
A.
Assign a public IP address to the instance.
Answers
B.
Create a route to reach the Master, pointing to the default internet gateway.
B.
Create a route to reach the Master, pointing to the default internet gateway.
Answers
C.
Create the appropriate firewall policy in the VPC to allow traffic from Master node IP address to the instance.
C.
Create the appropriate firewall policy in the VPC to allow traffic from Master node IP address to the instance.
Answers
D.
Create the appropriate master authorized network entries to allow the instance to communicate to the master.
D.
Create the appropriate master authorized network entries to allow the instance to communicate to the master.
Answers
Suggested answer: D

Explanation:

https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#cant_reach_cluster

https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks

Question 46

Report
Export
Collapse

Your company has a security team that manages firewalls and SSL certificates. It also has a networking team that manages the networking resources. The networking team needs to be able to read firewall rules, but should not be able to create, modify, or delete them.

How should you set up permissions for the networking team?

A.
Assign members of the networking team the compute.networkUser role.
A.
Assign members of the networking team the compute.networkUser role.
Answers
B.
Assign members of the networking team the compute.networkAdmin role.
B.
Assign members of the networking team the compute.networkAdmin role.
Answers
C.
Assign members of the networking team a custom role with only the compute.networks.* and the compute.firewalls.list permissions.
C.
Assign members of the networking team a custom role with only the compute.networks.* and the compute.firewalls.list permissions.
Answers
D.
Assign members of the networking team the compute.networkViewer role, and add the compute.networks.use permission.
D.
Assign members of the networking team the compute.networkViewer role, and add the compute.networks.use permission.
Answers
Suggested answer: B

Question 47

Report
Export
Collapse

You have created an HTTP(S) load balanced service. You need to verify that your backend instancesare responding properly.

How should you configure the health check?

A.
Set request-path to a specific URL used for health checking, and set proxy-header to PROXY_V1.
A.
Set request-path to a specific URL used for health checking, and set proxy-header to PROXY_V1.
Answers
B.
Set request-path to a specific URL used for health checking, and set host to include a custom host header that identifies the health check.
B.
Set request-path to a specific URL used for health checking, and set host to include a custom host header that identifies the health check.
Answers
C.
Set request-path to a specific URL used for health checking, and set response to a string that the backend service will always return in the response body.
C.
Set request-path to a specific URL used for health checking, and set response to a string that the backend service will always return in the response body.
Answers
D.
Set proxy-header to the default value, and set host to include a custom host header that identifies the health check.
D.
Set proxy-header to the default value, and set host to include a custom host header that identifies the health check.
Answers
Suggested answer: C

Explanation:

https://cloud.google.com/load-balancing/docs/health-check-concepts#contentbased_health_checks

Question 48

Report
Export
Collapse

You need to give each member of your network operations team least-privilege access to create, modify, and delete Cloud Interconnect VLAN attachments.

What should you do?

A.
Assign each user the editor role.
A.
Assign each user the editor role.
Answers
B.
Assign each user the compute.networkAdmin role.
B.
Assign each user the compute.networkAdmin role.
Answers
C.
Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get.
C.
Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get.
Answers
D.
Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get, compute.routers.create, compute.routers.get, compute.routers.update.
D.
Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get, compute.routers.create, compute.routers.get, compute.routers.update.
Answers
Suggested answer: D

Explanation:

https://cloud.google.com/interconnect/docs/how-to/dedicated/creating-vlan-attachments

Question 49

Report
Export
Collapse

You have an application that is running in a managed instance group. Your development team has released an updated instance template which contains a new feature which was not heavily tested.

You want to minimize impact to users if there is a bug in the new template.

How should you update your instances?

A.
Manually patch some of the instances, and then perform a rolling restart on the instance group.
A.
Manually patch some of the instances, and then perform a rolling restart on the instance group.
Answers
B.
Using the new instance template, perform a rolling update across all instances in the instance group. Verify the new feature once the rollout completes.
B.
Using the new instance template, perform a rolling update across all instances in the instance group. Verify the new feature once the rollout completes.
Answers
C.
Deploy a new instance group and canary the updated template in that group. Verify the new feature in the new canary instance group, and then update the original instance group.
C.
Deploy a new instance group and canary the updated template in that group. Verify the new feature in the new canary instance group, and then update the original instance group.
Answers
D.
Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new template. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.
D.
Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new template. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.
Answers
Suggested answer: D

Explanation:

https://cloud.google.com/compute/docs/instance-groups/rolling-out-updates-to-managed-instancegroups#starting_a_canary_update

https://cloud.google.com/compute/docs/instance-groups/rolling-out-updates-to-managed-instancegroups

Question 50

Report
Export
Collapse

You have deployed a proof-of-concept application by manually placing instances in a single Compute Engine zone. You are now moving the application to production, so you need to increase your application availability and ensure it can autoscale.

How should you provision your instances?

A.
Create a single managed instance group, specify the desired region, and select Multiple zones for the location.
A.
Create a single managed instance group, specify the desired region, and select Multiple zones for the location.
Answers
B.
Create a managed instance group for each region, select Single zone for the location, and manually distribute instances across the zones in that region.
B.
Create a managed instance group for each region, select Single zone for the location, and manually distribute instances across the zones in that region.
Answers
C.
Create an unmanaged instance group in a single zone, and then create an HTTP load balancer forthe instance group.
C.
Create an unmanaged instance group in a single zone, and then create an HTTP load balancer forthe instance group.
Answers
D.
Create an unmanaged instance group for each zone, and manually distribute the instances across the desired zones.
D.
Create an unmanaged instance group for each zone, and manually distribute the instances across the desired zones.
Answers
Suggested answer: A

Explanation:

https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances

Total 215 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms