ExamGecko
Login
Ask Question

Google Professional Cloud Network Engineer Practice Test - Questions Answers, Page 6

List of questions

Question 51

Report
Export
Collapse

You have a storage bucket that contains two objects. Cloud CDN is enabled on the bucket, and both objects have been successfully cached. Now you want to make sure that one of the two objects will not be cached anymore, and will always be served to the internet directly from the origin.

What should you do?

Ensure that the object you don't want to be cached anymore is not shared publicly.
Ensure that the object you don't want to be cached anymore is not shared publicly.
Create a new storage bucket, and move the object you don't want to be checked anymore inside it. Then edit the bucket setting and enable the private attribute.
Create a new storage bucket, and move the object you don't want to be checked anymore inside it. Then edit the bucket setting and enable the private attribute.
Add an appropriate lifecycle rule on the storage bucket containing the two objects.
Add an appropriate lifecycle rule on the storage bucket containing the two objects.
Add a Cache-Control entry with value private to the metadata of the object you don't want to be cached anymore. Invalidate all the previously cached copies.
Add a Cache-Control entry with value private to the metadata of the object you don't want to be cached anymore. Invalidate all the previously cached copies.
Suggested answer: D

Explanation:

https://cloud.google.com/cdn/docs/invalidating-cached-content

asked 18/09/2024
koffi .J N tsudze
33 questions

Question 52

Report
Export
Collapse

Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You have recently engaged a traffic-scrubbing service and want to restrict your origin to allow connections only from the trafficscrubbing service.

What should you do?

Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.
Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.
Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.
Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.
Create IPTables firewall rules that block all traffic except for the traffic-scrubbing service.
Create IPTables firewall rules that block all traffic except for the traffic-scrubbing service.
Suggested answer: A

Explanation:

Global load balancer will proxy the connection . thus no trace of session origin IP. you should use Cloud Armor to geofence your service.

https://cloud.google.com/load-balancing/docs/https

asked 18/09/2024
xingrui li
36 questions

Question 53

Report
Export
Collapse

Your software team is developing an on-premises web application that requires direct connectivity to Compute Engine Instances in GCP using the RFC 1918 address space. You want to choose a connectivity solution from your on-premises environment to GCP, given these specifications:

Your ISP is a Google Partner Interconnect provider.

Your on-premises VPN device's internet uplink and downlink speeds are 10 Gbps.

A test VPN connection between your on-premises gateway and GCP is performing at a maximum speed of 500 Mbps due to packet losses.

Most of the data transfer will be from GCP to the on-premises environment.

The application can burst up to 1.5 Gbps during peak transfers over the Interconnect.

Cost and the complexity of the solution should be minimal.

How should you provision the connectivity solution?

Provision a Partner Interconnect through your ISP.
Provision a Partner Interconnect through your ISP.
Provision a Dedicated Interconnect instead of a VPN.
Provision a Dedicated Interconnect instead of a VPN.
Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using ECMP.
Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using ECMP.
Use network compression over your VPN to increase the amount of data you can send over your VPN.
Use network compression over your VPN to increase the amount of data you can send over your VPN.
Suggested answer: A

Explanation:

Direct Interconnect will be too expensive and also an overkill for this requirement. Managing multiple tunnels that too with packet loss consideration is complex also. Whereas partner interconnect fits the bill with providing required bandwidth but not super expensive also once setup not too complex too manage.

asked 18/09/2024
Caridade Martins
44 questions

Question 54

Report
Export
Collapse

Your company has just launched a new critical revenue-generating web application. You deployed the application for scalability using managed instance groups, autoscaling, and a network load balancer as frontend. One day, you notice severe bursty traffic that the caused autoscaling to reach the maximum number of instances, and users of your application cannot complete transactions. After an investigation, you think it as a DDOS attack. You want to quickly restore user access to your application and allow successful transactions while minimizing cost.

Which two steps should you take? (Choose two.)

Use Cloud Armor to blacklist the attacker's IP addresses.
Use Cloud Armor to blacklist the attacker's IP addresses.
Increase the maximum autoscaling backend to accommodate the severe bursty traffic.
Increase the maximum autoscaling backend to accommodate the severe bursty traffic.
Create a global HTTP(s) load balancer and move your application backend to this load balancer.
Create a global HTTP(s) load balancer and move your application backend to this load balancer.
Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline.
Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline.
SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.
SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.
Suggested answer: B, E
asked 18/09/2024
Guus Schenkelaars
28 questions

Question 55

Report
Export
Collapse

You are creating a new application and require access to Cloud SQL from VPC instances without public IP addresses.

Which two actions should you take? (Choose two.)

Activate the Service Networking API in your project.
Activate the Service Networking API in your project.
Activate the Cloud Datastore API in your project.
Activate the Cloud Datastore API in your project.
Create a private connection to a service producer.
Create a private connection to a service producer.
Create a custom static route to allow the traffic to reach the Cloud SQL API.
Create a custom static route to allow the traffic to reach the Cloud SQL API.
Enable Private Google Access.
Enable Private Google Access.
Suggested answer: A, C
asked 18/09/2024
Nick Wells
43 questions

Question 56

Report
Export
Collapse

You want to use Cloud Interconnect to connect your on-premises network to a GCP VPC. You cannot meet Google at one of its point-of-presence (POP) locations, and your on-premises router cannot run a Border Gateway Protocol (BGP) configuration.

Which connectivity model should you use?

Direct Peering
Direct Peering
Dedicated Interconnect
Dedicated Interconnect
Partner Interconnect with a layer 2 partner
Partner Interconnect with a layer 2 partner
Partner Interconnect with a layer 3 partner
Partner Interconnect with a layer 3 partner
Suggested answer: D

Explanation:

https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview For Layer 3 connections, your service provider establishes a BGP session between your Cloud Routers and their edge routers for each VLAN attachment. You don't need to configure BGP on your on-premises router. Google and your service provider automatically set the correct configurations.

https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview#connectivity-type

asked 18/09/2024
Luigi Trigilio
42 questions

Question 57

Report
Export
Collapse

You have configured a Compute Engine virtual machine instance as a NAT gateway. You execute the following command:

gcloud compute routes create no-ip-internet-route \

--network custom-network1 \

--destination-range 0.0.0.0/0 \

--next-hop instance nat-gateway \

--next-hop instance-zone us-central1-a \

--tags no-ip --priority 800

You want existing instances to use the new NAT gateway. Which command should you execute?

sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv4.ip_forward=1
gcloud compute instances add-tags [existing-instance] --tags no-ip
gcloud compute instances add-tags [existing-instance] --tags no-ip
gcloud builds submit --config=cloudbuild.waml --substitutions=TAG_NAME=no-ip
gcloud builds submit --config=cloudbuild.waml --substitutions=TAG_NAME=no-ip
gcloud compute instances create example-instance --network custom-network1 \--subnet subnet-us-central \--no-address \--zone us-central1-a \--image-family debian-9 \--image-project debian-cloud \--tags no-ip
gcloud compute instances create example-instance --network custom-network1 \--subnet subnet-us-central \--no-address \--zone us-central1-a \--image-family debian-9 \--image-project debian-cloud \--tags no-ip
Suggested answer: B

Explanation:

https://cloud.google.com/sdk/gcloud/reference/compute/routes/create

In order to apply a route to an existing instance we should use a tag to bind the route to it.

Reference: https://cloud.google.com/vpc/docs/special-configurations

asked 18/09/2024
Mohamed Hany
42 questions

Question 58

Report
Export
Collapse

You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command.

Which next hop should you choose?

The default internet gateway
The default internet gateway
The IP address of the Cloud VPN gateway
The IP address of the Cloud VPN gateway
The name and region of the Cloud VPN tunnel
The name and region of the Cloud VPN tunnel
The IP address of the instance on the remote side of the VPN tunnel
The IP address of the instance on the remote side of the VPN tunnel
Suggested answer: C

Explanation:

When you create a route based tunnel using the Cloud Console, Classic VPN performs both of the following tasks: Sets the tunnel's local and remote traffic selectors to any IP address (0.0.0.0/0) For each range in Remote network IP ranges, Google Cloud creates a custom static route whose destination (prefix) is the range's CIDR, and whose next hop is the tunnel.

https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-static-vpns

Reference: https://cloud.google.com/vpn/docs/how-to/creating-static-vpns

asked 18/09/2024
Vivek Nandey
34 questions

Question 59

Report
Export
Collapse

You need to enable Cloud CDN for all the objects inside a storage bucket. You want to ensure that all the object in the storage bucket can be served by the CDN.

What should you do in the GCP Console?

Create a new cloud storage bucket, and then enable Cloud CDN on it.
Create a new cloud storage bucket, and then enable Cloud CDN on it.
Create a new TCP load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
Create a new TCP load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
Create a new SSL proxy load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
Create a new SSL proxy load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
Create a new HTTP load balancer, select the storage bucket as a backend, enable Cloud CDN onthe backend, and make sure each object inside the storage bucket is shared publicly.
Create a new HTTP load balancer, select the storage bucket as a backend, enable Cloud CDN onthe backend, and make sure each object inside the storage bucket is shared publicly.
Suggested answer: D

Explanation:

https://cloud.google.com/load-balancing/docs/https/adding-backend-buckets-to-loadbalancers#using_cloud_cdn_with_cloud_storage_buckets

Cloud CDN needs HTTP(S) Load Balancers and Cloud Storage bucket has to be shared publicly.

https://cloud.google.com/cdn/docs/setting-up-cdn-with-bucket

asked 18/09/2024
Andrey Bozhko
32 questions

Question 60

Report
Export
Collapse

Your company's Google Cloud-deployed, streaming application supports multiple languages. The application development team has asked you how they should support splitting audio and video traffic to different backend Google Cloud storage buckets. They want to use URL maps and minimize operational overhead. They are currently using the following directory structure:

/fr/video

/en/video

/es/video

./video/fr/audio/en/audio/es/audio
./video/fr/audio/en/audio/es/audio
./audioWhich solution should you recommend?
./audioWhich solution should you recommend?
Rearrange the directory structure, create a URL map and leverage a path rule such as /video/* and /audio/*.
Rearrange the directory structure, create a URL map and leverage a path rule such as /video/* and /audio/*.
Rearrange the directory structure, create DNS hostname entries for video and audio and leverage a path rule such as /video/* and /audio/*.
Rearrange the directory structure, create DNS hostname entries for video and audio and leverage a path rule such as /video/* and /audio/*.
Leave the directory structure as-is, create a URL map and leverage a path rule such as \/[az]{ 2}\/video and \/[a-z]{2}\/audio.
Leave the directory structure as-is, create a URL map and leverage a path rule such as \/[az]{ 2}\/video and \/[a-z]{2}\/audio.
Leave the directory structure as-is, create a URL map and leverage a path rule such as /*/video and /*/ audio.
Leave the directory structure as-is, create a URL map and leverage a path rule such as /*/video and /*/ audio.
Suggested answer: A

Explanation:

https://cloud.google.com/load-balancing/docs/url-map#configuring_url_mapsPath matcher constraints Path matchers and path rules have the following constraints: A path rulecan only include a wildcard character (*) after a forward slash character (/). For example, /videos/*and /videos/hd/* are valid for path rules, but /videos* and /videos/hd* are not. Path rules do notuse regular expression or substring matching. For example, path rules for either /videos/hd or /videos/hd/* do not apply to a URL with the path /video/hd-abcd. However, a path rule for /video/* does apply to that path. https://cloud.google.com/load-balancing/docs/url-map-concepts#pmconstraints

asked 18/09/2024
Aaron Ford Jr
46 questions
Total 215 questions
Go to page: of 22
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs. Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements: IP ranges for pods and services must be as small as possible. The nodes and the master must not be reachable from the internet. You must be able to use kubectl commands from on-premises subnets to manage the cluster. How should you create the GKE cluster?
You are troubleshooting an application in your organization's Google Cloud network that is not functioning as expected. You suspect that packets are getting lost somewhere. The application sends packets intermittently at a low volume from a Compute Engine VM to a destination on your on-premises network through a pair of Cloud Interconnect VLAN attachments. You validated that the Cloud Next Generation Firewall (Cloud NGFW) rules do not have any deny statements blocking egress traffic, and you do not have any explicit allow rules. Following Google-recommended practices, you need to analyze the flow to see if packets are being sent correctly out of the VM to isolate the issue. What should you do?
Your organization has Compute Engine instances in us-east1, us-west2, and us-central1. Your organization also has an existing Cloud Interconnect physical connection in the East Coast of the United States with a single VLAN attachment and Cloud Router in us-east1. You need to provide a design with high availability and ensure that if a region goes down, you still have access to all your other Virtual Private Cloud (VPC) subnets. You need to accomplish this in the most cost-effective manner possible. What should you do?
You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances. Which two products should you incorporate into the solution? (Choose two.)
You need to configure the Border Gateway Protocol (BGP) session for a VPN tunnel you just created between two Google Cloud VPCs, 10.1.0.0/16 and 172.16.0.0/16. You have a Cloud Router (router-1) in the 10.1.0.0/16 network and a second Cloud Router (router-2) in the 172.16.0.0/16 network. Which configuration should you use for the BGP session?
You have a storage bucket that contains the following objects: - folder-a/image-a-1.jpg - folder-a/image-a-2.jpg - folder-b/image-b-1.jpg - folder-b/image-b-2.jpg Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands. What should you do?
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed. What is the most likely cause of the problem?
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements: All access to your on-premises network must go through the network virtual appliances. Allow on-premises access in the event of a single network virtual appliance failure. Both network virtual appliances must be used simultaneously. Which method should you use to accomplish this?