Google Professional Cloud Network Engineer Practice Test - Questions Answers, Page 5
List of questions
Related questions
Question 41
You want to configure load balancing for an internet-facing, standard voice-over-IP (VOIP) application.
Which type of load balancer should you use?
Question 42
You want to configure a NAT to perform address translation between your on-premises network blocks and GCP.
Which NAT solution should you use?
Question 43
You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.
What should you do?
Explanation:
Overview By creating and managing SSH keys, you can let users access a Linux instance through thirdparty tools. An SSH key consists of the following files: A public SSH key file that is applied to instancelevel metadata or project-wide metadata. A private SSH key file that the user stores on their local devices. If a user presents their private SSH key, they can use a third-party tool to connect to any instance that is configured with the matching public SSH key file, even if they aren't a member of your Google Cloud project. Therefore, you can control which instances a user can access by changing the public SSH key metadata for one or more instances.
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#addkey
Question 44
In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.
What should you do?
Question 45
You create a Google Kubernetes Engine private cluster and want to use kubectl to get the status of the pods. In one of your instances you notice the master is not responding, even though the cluster is up and running.
What should you do to solve the problem?
Explanation:
https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#cant_reach_cluster
https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks
Question 46
Your company has a security team that manages firewalls and SSL certificates. It also has a networking team that manages the networking resources. The networking team needs to be able to read firewall rules, but should not be able to create, modify, or delete them.
How should you set up permissions for the networking team?
Question 47
You have created an HTTP(S) load balanced service. You need to verify that your backend instancesare responding properly.
How should you configure the health check?
Explanation:
https://cloud.google.com/load-balancing/docs/health-check-concepts#contentbased_health_checks
Question 48
You need to give each member of your network operations team least-privilege access to create, modify, and delete Cloud Interconnect VLAN attachments.
What should you do?
Explanation:
https://cloud.google.com/interconnect/docs/how-to/dedicated/creating-vlan-attachments
Question 49
You have an application that is running in a managed instance group. Your development team has released an updated instance template which contains a new feature which was not heavily tested.
You want to minimize impact to users if there is a bug in the new template.
How should you update your instances?
Explanation:
https://cloud.google.com/compute/docs/instance-groups/rolling-out-updates-to-managed-instancegroups#starting_a_canary_update
https://cloud.google.com/compute/docs/instance-groups/rolling-out-updates-to-managed-instancegroups
Question 50
You have deployed a proof-of-concept application by manually placing instances in a single Compute Engine zone. You are now moving the application to production, so you need to increase your application availability and ensure it can autoscale.
How should you provision your instances?
Explanation:
https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances
Question