ExamGecko
Search Search Login
Home Home / Google / Professional Cloud Network Engineer

Google Professional Cloud Network Engineer Practice Test - Questions Answers, Page 6

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs. Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances. Which two products should you incorporate into the solution? (Choose two.)
You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements: All access to your on-premises network must go through the network virtual appliances. Allow on-premises access in the event of a single network virtual appliance failure. Both network virtual appliances must be used simultaneously. Which method should you use to accomplish this?
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements: IP ranges for pods and services must be as small as possible. The nodes and the master must not be reachable from the internet. You must be able to use kubectl commands from on-premises subnets to manage the cluster. How should you create the GKE cluster?
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed. What is the most likely cause of the problem?
You have a storage bucket that contains the following objects: - folder-a/image-a-1.jpg - folder-a/image-a-2.jpg - folder-b/image-b-1.jpg - folder-b/image-b-2.jpg Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands. What should you do?
Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides separate projects for each team and ensure the solution can scale. What should you do?
Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?
You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible, To ease the transition, you decided to use the same architecture as your on-premises network' a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic IS sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

Question 51

Report
Export
Collapse

You have a storage bucket that contains two objects. Cloud CDN is enabled on the bucket, and both objects have been successfully cached. Now you want to make sure that one of the two objects will not be cached anymore, and will always be served to the internet directly from the origin.

What should you do?

A.
Ensure that the object you don't want to be cached anymore is not shared publicly.
A.
Ensure that the object you don't want to be cached anymore is not shared publicly.
Answers
B.
Create a new storage bucket, and move the object you don't want to be checked anymore inside it. Then edit the bucket setting and enable the private attribute.
B.
Create a new storage bucket, and move the object you don't want to be checked anymore inside it. Then edit the bucket setting and enable the private attribute.
Answers
C.
Add an appropriate lifecycle rule on the storage bucket containing the two objects.
C.
Add an appropriate lifecycle rule on the storage bucket containing the two objects.
Answers
D.
Add a Cache-Control entry with value private to the metadata of the object you don't want to be cached anymore. Invalidate all the previously cached copies.
D.
Add a Cache-Control entry with value private to the metadata of the object you don't want to be cached anymore. Invalidate all the previously cached copies.
Answers
Suggested answer: D

Explanation:

https://cloud.google.com/cdn/docs/invalidating-cached-content

Question 52

Report
Export
Collapse

Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You have recently engaged a traffic-scrubbing service and want to restrict your origin to allow connections only from the trafficscrubbing service.

What should you do?

A.
Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.
A.
Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.
Answers
B.
Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
B.
Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
Answers
C.
Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.
C.
Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.
Answers
D.
Create IPTables firewall rules that block all traffic except for the traffic-scrubbing service.
D.
Create IPTables firewall rules that block all traffic except for the traffic-scrubbing service.
Answers
Suggested answer: A

Explanation:

Global load balancer will proxy the connection . thus no trace of session origin IP. you should use Cloud Armor to geofence your service.

https://cloud.google.com/load-balancing/docs/https

Question 53

Report
Export
Collapse

Your software team is developing an on-premises web application that requires direct connectivity to Compute Engine Instances in GCP using the RFC 1918 address space. You want to choose a connectivity solution from your on-premises environment to GCP, given these specifications:

Your ISP is a Google Partner Interconnect provider.

Your on-premises VPN device's internet uplink and downlink speeds are 10 Gbps.

A test VPN connection between your on-premises gateway and GCP is performing at a maximum speed of 500 Mbps due to packet losses.

Most of the data transfer will be from GCP to the on-premises environment.

The application can burst up to 1.5 Gbps during peak transfers over the Interconnect.

Cost and the complexity of the solution should be minimal.

How should you provision the connectivity solution?

A.
Provision a Partner Interconnect through your ISP.
A.
Provision a Partner Interconnect through your ISP.
Answers
B.
Provision a Dedicated Interconnect instead of a VPN.
B.
Provision a Dedicated Interconnect instead of a VPN.
Answers
C.
Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using ECMP.
C.
Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using ECMP.
Answers
D.
Use network compression over your VPN to increase the amount of data you can send over your VPN.
D.
Use network compression over your VPN to increase the amount of data you can send over your VPN.
Answers
Suggested answer: A

Explanation:

Direct Interconnect will be too expensive and also an overkill for this requirement. Managing multiple tunnels that too with packet loss consideration is complex also. Whereas partner interconnect fits the bill with providing required bandwidth but not super expensive also once setup not too complex too manage.

Question 54

Report
Export
Collapse

Your company has just launched a new critical revenue-generating web application. You deployed the application for scalability using managed instance groups, autoscaling, and a network load balancer as frontend. One day, you notice severe bursty traffic that the caused autoscaling to reach the maximum number of instances, and users of your application cannot complete transactions. After an investigation, you think it as a DDOS attack. You want to quickly restore user access to your application and allow successful transactions while minimizing cost.

Which two steps should you take? (Choose two.)

A.
Use Cloud Armor to blacklist the attacker's IP addresses.
A.
Use Cloud Armor to blacklist the attacker's IP addresses.
Answers
B.
Increase the maximum autoscaling backend to accommodate the severe bursty traffic.
B.
Increase the maximum autoscaling backend to accommodate the severe bursty traffic.
Answers
C.
Create a global HTTP(s) load balancer and move your application backend to this load balancer.
C.
Create a global HTTP(s) load balancer and move your application backend to this load balancer.
Answers
D.
Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline.
D.
Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline.
Answers
E.
SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.
E.
SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.
Answers
Suggested answer: B, E

Question 55

Report
Export
Collapse

You are creating a new application and require access to Cloud SQL from VPC instances without public IP addresses.

Which two actions should you take? (Choose two.)

A.
Activate the Service Networking API in your project.
A.
Activate the Service Networking API in your project.
Answers
B.
Activate the Cloud Datastore API in your project.
B.
Activate the Cloud Datastore API in your project.
Answers
C.
Create a private connection to a service producer.
C.
Create a private connection to a service producer.
Answers
D.
Create a custom static route to allow the traffic to reach the Cloud SQL API.
D.
Create a custom static route to allow the traffic to reach the Cloud SQL API.
Answers
E.
Enable Private Google Access.
E.
Enable Private Google Access.
Answers
Suggested answer: A, C

Question 56

Report
Export
Collapse

You want to use Cloud Interconnect to connect your on-premises network to a GCP VPC. You cannot meet Google at one of its point-of-presence (POP) locations, and your on-premises router cannot run a Border Gateway Protocol (BGP) configuration.

Which connectivity model should you use?

A.
Direct Peering
A.
Direct Peering
Answers
B.
Dedicated Interconnect
B.
Dedicated Interconnect
Answers
C.
Partner Interconnect with a layer 2 partner
C.
Partner Interconnect with a layer 2 partner
Answers
D.
Partner Interconnect with a layer 3 partner
D.
Partner Interconnect with a layer 3 partner
Answers
Suggested answer: D

Explanation:

https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview For Layer 3 connections, your service provider establishes a BGP session between your Cloud Routers and their edge routers for each VLAN attachment. You don't need to configure BGP on your on-premises router. Google and your service provider automatically set the correct configurations.

https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview#connectivity-type

Question 57

Report
Export
Collapse

You have configured a Compute Engine virtual machine instance as a NAT gateway. You execute the following command:

gcloud compute routes create no-ip-internet-route \

--network custom-network1 \

--destination-range 0.0.0.0/0 \

--next-hop instance nat-gateway \

--next-hop instance-zone us-central1-a \

--tags no-ip --priority 800

You want existing instances to use the new NAT gateway. Which command should you execute?

A.
sudo sysctl -w net.ipv4.ip_forward=1
A.
sudo sysctl -w net.ipv4.ip_forward=1
Answers
B.
gcloud compute instances add-tags [existing-instance] --tags no-ip
B.
gcloud compute instances add-tags [existing-instance] --tags no-ip
Answers
C.
gcloud builds submit --config=cloudbuild.waml --substitutions=TAG_NAME=no-ip
C.
gcloud builds submit --config=cloudbuild.waml --substitutions=TAG_NAME=no-ip
Answers
D.
gcloud compute instances create example-instance --network custom-network1 \--subnet subnet-us-central \--no-address \--zone us-central1-a \--image-family debian-9 \--image-project debian-cloud \--tags no-ip
D.
gcloud compute instances create example-instance --network custom-network1 \--subnet subnet-us-central \--no-address \--zone us-central1-a \--image-family debian-9 \--image-project debian-cloud \--tags no-ip
Answers
Suggested answer: B

Explanation:

https://cloud.google.com/sdk/gcloud/reference/compute/routes/create

In order to apply a route to an existing instance we should use a tag to bind the route to it.

Reference: https://cloud.google.com/vpc/docs/special-configurations

Question 58

Report
Export
Collapse

You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command.

Which next hop should you choose?

A.
The default internet gateway
A.
The default internet gateway
Answers
B.
The IP address of the Cloud VPN gateway
B.
The IP address of the Cloud VPN gateway
Answers
C.
The name and region of the Cloud VPN tunnel
C.
The name and region of the Cloud VPN tunnel
Answers
D.
The IP address of the instance on the remote side of the VPN tunnel
D.
The IP address of the instance on the remote side of the VPN tunnel
Answers
Suggested answer: C

Explanation:

When you create a route based tunnel using the Cloud Console, Classic VPN performs both of the following tasks: Sets the tunnel's local and remote traffic selectors to any IP address (0.0.0.0/0) For each range in Remote network IP ranges, Google Cloud creates a custom static route whose destination (prefix) is the range's CIDR, and whose next hop is the tunnel.

https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-static-vpns

Reference: https://cloud.google.com/vpn/docs/how-to/creating-static-vpns

Question 59

Report
Export
Collapse

You need to enable Cloud CDN for all the objects inside a storage bucket. You want to ensure that all the object in the storage bucket can be served by the CDN.

What should you do in the GCP Console?

A.
Create a new cloud storage bucket, and then enable Cloud CDN on it.
A.
Create a new cloud storage bucket, and then enable Cloud CDN on it.
Answers
B.
Create a new TCP load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
B.
Create a new TCP load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
Answers
C.
Create a new SSL proxy load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
C.
Create a new SSL proxy load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
Answers
D.
Create a new HTTP load balancer, select the storage bucket as a backend, enable Cloud CDN onthe backend, and make sure each object inside the storage bucket is shared publicly.
D.
Create a new HTTP load balancer, select the storage bucket as a backend, enable Cloud CDN onthe backend, and make sure each object inside the storage bucket is shared publicly.
Answers
Suggested answer: D

Explanation:

https://cloud.google.com/load-balancing/docs/https/adding-backend-buckets-to-loadbalancers#using_cloud_cdn_with_cloud_storage_buckets

Cloud CDN needs HTTP(S) Load Balancers and Cloud Storage bucket has to be shared publicly.

https://cloud.google.com/cdn/docs/setting-up-cdn-with-bucket

Question 60

Report
Export
Collapse

Your company's Google Cloud-deployed, streaming application supports multiple languages. The application development team has asked you how they should support splitting audio and video traffic to different backend Google Cloud storage buckets. They want to use URL maps and minimize operational overhead. They are currently using the following directory structure:

/fr/video

/en/video

/es/video

A.
./video/fr/audio/en/audio/es/audio
A.
./video/fr/audio/en/audio/es/audio
Answers
B.
./audioWhich solution should you recommend?
B.
./audioWhich solution should you recommend?
Answers
C.
Rearrange the directory structure, create a URL map and leverage a path rule such as /video/* and /audio/*.
C.
Rearrange the directory structure, create a URL map and leverage a path rule such as /video/* and /audio/*.
Answers
D.
Rearrange the directory structure, create DNS hostname entries for video and audio and leverage a path rule such as /video/* and /audio/*.
D.
Rearrange the directory structure, create DNS hostname entries for video and audio and leverage a path rule such as /video/* and /audio/*.
Answers
E.
Leave the directory structure as-is, create a URL map and leverage a path rule such as \/[az]{ 2}\/video and \/[a-z]{2}\/audio.
E.
Leave the directory structure as-is, create a URL map and leverage a path rule such as \/[az]{ 2}\/video and \/[a-z]{2}\/audio.
Answers
F.
Leave the directory structure as-is, create a URL map and leverage a path rule such as /*/video and /*/ audio.
F.
Leave the directory structure as-is, create a URL map and leverage a path rule such as /*/video and /*/ audio.
Answers
Suggested answer: A

Explanation:

https://cloud.google.com/load-balancing/docs/url-map#configuring_url_mapsPath matcher constraints Path matchers and path rules have the following constraints: A path rulecan only include a wildcard character (*) after a forward slash character (/). For example, /videos/*and /videos/hd/* are valid for path rules, but /videos* and /videos/hd* are not. Path rules do notuse regular expression or substring matching. For example, path rules for either /videos/hd or /videos/hd/* do not apply to a URL with the path /video/hd-abcd. However, a path rule for /video/* does apply to that path. https://cloud.google.com/load-balancing/docs/url-map-concepts#pmconstraints

Total 215 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms