ExamGecko
Search Search Login
Home Home / Google / Professional Cloud Network Engineer

Google Professional Cloud Network Engineer Practice Test - Questions Answers, Page 8

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs. Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances. Which two products should you incorporate into the solution? (Choose two.)
You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements: All access to your on-premises network must go through the network virtual appliances. Allow on-premises access in the event of a single network virtual appliance failure. Both network virtual appliances must be used simultaneously. Which method should you use to accomplish this?
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements: IP ranges for pods and services must be as small as possible. The nodes and the master must not be reachable from the internet. You must be able to use kubectl commands from on-premises subnets to manage the cluster. How should you create the GKE cluster?
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed. What is the most likely cause of the problem?
You have a storage bucket that contains the following objects: - folder-a/image-a-1.jpg - folder-a/image-a-2.jpg - folder-b/image-b-1.jpg - folder-b/image-b-2.jpg Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands. What should you do?
Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides separate projects for each team and ensure the solution can scale. What should you do?
Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?
You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible, To ease the transition, you decided to use the same architecture as your on-premises network' a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic IS sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

Question 71

Report
Export
Collapse

You want to implement an IPSec tunnel between your on-premises network and a VPC via Cloud VPN. You need to restrict reachability over the tunnel to specific local subnets, and you do not have a device capable of speaking Border

Gateway Protocol (BGP).

Which routing option should you choose?

A.
Dynamic routing using Cloud Router
A.
Dynamic routing using Cloud Router
Answers
B.
Route-based routing using default traffic selectors
B.
Route-based routing using default traffic selectors
Answers
C.
Policy-based routing using a custom local traffic selector
C.
Policy-based routing using a custom local traffic selector
Answers
D.
Policy-based routing using the default local traffic selector
D.
Policy-based routing using the default local traffic selector
Answers
Suggested answer: C

Explanation:

Reference: https://cloud.google.com/vpn/docs/concepts/overview

Question 72

Report
Export
Collapse

You have enabled HTTP(S) load balancing for your application, and your application developers havereported that HTTP(S) requests are not being distributed correctly to your Compute Engine VirtualMachine instances. You want to find data about how the request are being distributed.

Which two methods can accomplish this? (Choose two.)

A.
On the Load Balancer details page of the GCP Console, click on the Monitoring tab, select your backend service, and look at the graphs.
A.
On the Load Balancer details page of the GCP Console, click on the Monitoring tab, select your backend service, and look at the graphs.
Answers
B.
In Stackdriver Error Reporting, look for any unacknowledged errors for the Cloud Load Balancers service.
B.
In Stackdriver Error Reporting, look for any unacknowledged errors for the Cloud Load Balancers service.
Answers
C.
In Stackdriver Monitoring, select Resources > Metrics Explorer and search for https/request_bytes_count metric.
C.
In Stackdriver Monitoring, select Resources > Metrics Explorer and search for https/request_bytes_count metric.
Answers
D.
In Stackdriver Monitoring, select Resources > Google Cloud Load Balancers and review the Key Metrics graphs in the dashboard.
D.
In Stackdriver Monitoring, select Resources > Google Cloud Load Balancers and review the Key Metrics graphs in the dashboard.
Answers
E.
In Stackdriver Monitoring, create a new dashboard and track the https/backend_request_countmetric for the load balancer.
E.
In Stackdriver Monitoring, create a new dashboard and track the https/backend_request_countmetric for the load balancer.
Answers
Suggested answer: A, E

Question 73

Report
Export
Collapse

You want to use Partner Interconnect to connect your on-premises network with your VPC. You already have an Interconnect partner.

What should you first?

A.
Log in to your partner's portal and request the VLAN attachment there.
A.
Log in to your partner's portal and request the VLAN attachment there.
Answers
B.
Ask your Interconnect partner to provision a physical connection to Google.
B.
Ask your Interconnect partner to provision a physical connection to Google.
Answers
C.
Create a Partner Interconnect type VLAN attachment in the GCP Console and retrieve the pairing key.
C.
Create a Partner Interconnect type VLAN attachment in the GCP Console and retrieve the pairing key.
Answers
D.
Run gcloud compute interconnect attachments partner update <attachment> / -- region <region> - -admin-enabled.
D.
Run gcloud compute interconnect attachments partner update <attachment> / -- region <region> - -admin-enabled.
Answers
Suggested answer: B

Explanation:

https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partneroverview?hl=En#provisioning "

To provision a Partner Interconnect connection with a serviceprovider, you start by connecting your on-premises network to a supported service provider. Work with the service provider to establish connectivity.

Question 74

Report
Export
Collapse

You need to centralize the Identity and Access Management permissions and email distribution for the WebServices Team as efficiently as possible.

What should you do?

A.
Create a Google Group for the WebServices Team.
A.
Create a Google Group for the WebServices Team.
Answers
B.
Create a G Suite Domain for the WebServices Team.
B.
Create a G Suite Domain for the WebServices Team.
Answers
C.
Create a new Cloud Identity Domain for the WebServices Team.
C.
Create a new Cloud Identity Domain for the WebServices Team.
Answers
D.
Create a new Custom Role for all members of the WebServices Team.
D.
Create a new Custom Role for all members of the WebServices Team.
Answers
Suggested answer: A

Question 75

Report
Export
Collapse

You are using the gcloud command line tool to create a new custom role in a project by coping a predefined role. You receive this error message: INVALID_ARGUMENT: Permission resourcemanager.projects.list is not valid What should you do?

A.
Add the resourcemanager.projects.get permission, and try again.
A.
Add the resourcemanager.projects.get permission, and try again.
Answers
B.
Try again with a different role with a new name but the same permissions.
B.
Try again with a different role with a new name but the same permissions.
Answers
C.
Remove the resourcemanager.projects.list permission, and try again.
C.
Remove the resourcemanager.projects.list permission, and try again.
Answers
D.
Add the resourcemanager.projects.setIamPolicy permission, and try again.
D.
Add the resourcemanager.projects.setIamPolicy permission, and try again.
Answers
Suggested answer: C

Explanation:

Reference: https://cloud.google.com/iam/docs/understanding-custom-roles

Question 76

Report
Export
Collapse

One instance in your VPC is configured to run with a private IP address only. You want to ensure that even if this instance is deleted, its current private IP address will not be automatically assigned to a different instance.

In the GCP Console, what should you do?

A.
Assign a public IP address to the instance.
A.
Assign a public IP address to the instance.
Answers
B.
Assign a new reserved internal IP address to the instance.
B.
Assign a new reserved internal IP address to the instance.
Answers
C.
Change the instance's current internal IP address to static.
C.
Change the instance's current internal IP address to static.
Answers
D.
Add custom metadata to the instance with key internal-address and value reserved.
D.
Add custom metadata to the instance with key internal-address and value reserved.
Answers
Suggested answer: C

Explanation:

https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ipaddress#reservenewip Since here https://cloud.google.com/compute/docs/ip-addresses/reservestatic-internal-ip-address#reservenewip it is written that "automatically allocated or an unused address from an existing subnet".

Question 77

Report
Export
Collapse

After a network change window one of your company's applications stops working. The application uses an on-premises database server that no longer receives any traffic from the application. The database server IP address is 10.2.1.25.

You examine the change request, and the only change is that 3 additional VPC subnets were created. The new VPC subnets created are 10.1.0.0/16, 10.2.0.0/16, and 10.3.1.0/24/ The on-premises router is advertising 10.0.0.0/8.

What is the most likely cause of this problem?

A.
The less specific VPC subnet route is taking priority.
A.
The less specific VPC subnet route is taking priority.
Answers
B.
The more specific VPC subnet route is taking priority.
B.
The more specific VPC subnet route is taking priority.
Answers
C.
The on-premises router is not advertising a route for the database server.
C.
The on-premises router is not advertising a route for the database server.
Answers
D.
A cloud firewall rule that blocks traffic to the on-premises database server was created during the change.
D.
A cloud firewall rule that blocks traffic to the on-premises database server was created during the change.
Answers
Suggested answer: B

Question 78

Report
Export
Collapse

You need to create a new VPC network that allows instances to have IP addresses in both the 10.1.1.0/24 network and the 172.16.45.0/24 network.

What should you do?

A.
Configure global load balancing to point 172.16.45.0/24 to the correct instance.
A.
Configure global load balancing to point 172.16.45.0/24 to the correct instance.
Answers
B.
Create unique DNS records for each service that sends traffic to the desired IP address.
B.
Create unique DNS records for each service that sends traffic to the desired IP address.
Answers
C.
Configure an alias-IP range of 172.16.45.0/24 on the virtual instances within the VPC subnet of 10.1.1.0/24.
C.
Configure an alias-IP range of 172.16.45.0/24 on the virtual instances within the VPC subnet of 10.1.1.0/24.
Answers
D.
Use VPC peering to allow traffic to route between the 10.1.0.0/24 network and the 172.16.45.0/24 network.
D.
Use VPC peering to allow traffic to route between the 10.1.0.0/24 network and the 172.16.45.0/24 network.
Answers
Suggested answer: C

Question 79

Report
Export
Collapse

You are deploying a global external TCP load balancing solution and want to preserve the source IP address of the original layer 3 payload.

Which type of load balancer should you use?

A.
HTTP(S) load balancer
A.
HTTP(S) load balancer
Answers
B.
Network load balancer
B.
Network load balancer
Answers
C.
Internal load balancer
C.
Internal load balancer
Answers
D.
TCP/SSL proxy load balancer
D.
TCP/SSL proxy load balancer
Answers
Suggested answer: D

Explanation:

By default TCP/SSL proxy load balancer original client IP address and port information is not preserved, but it can be preserved using the PROXY protocol: https://cloud.google.com/loadbalancing/ docs/tcp#target-proxies

https://medium.com/google-cloud/preserving-client-ips-through-google-clouds-global-tcp-and-sslproxy-load-balancers-3697d76feeb1

Reference: https://cloud.google.com/load-balancing/docs/network

Question 80

Report
Export
Collapse

Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with access from your on-premises network using Cloud Interconnect. You must configure access only to Google APIs and services that are supported by VPC Service Controls through hybrid connectivity with a service level agreement (SLA) in place. What should you do?

A.
Configure the existing Cloud Routers to advertise the Google API's public virtual IP addresses.
A.
Configure the existing Cloud Routers to advertise the Google API's public virtual IP addresses.
Answers
B.
Use Private Google Access for on-premises hosts with restricted.googleapis.com virtual IP addresses.
B.
Use Private Google Access for on-premises hosts with restricted.googleapis.com virtual IP addresses.
Answers
C.
Configure the existing Cloud Routers to advertise a default route, and use Cloud NAT to translate traffic from your on-premises network.
C.
Configure the existing Cloud Routers to advertise a default route, and use Cloud NAT to translate traffic from your on-premises network.
Answers
D.
Add Direct Peering links, and use them for connectivity to Google APIs that use public virtual IP addresses.
D.
Add Direct Peering links, and use them for connectivity to Google APIs that use public virtual IP addresses.
Answers
Suggested answer: B
Total 215 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms