• Home
  • Articles
  • Online Questions - Valid Practice Professional-Cloud-Network-Engineer Exam Dumps Test Questions [Q21-Q40]

Online Questions - Valid Practice Professional-Cloud-Network-Engineer Exam Dumps Test Questions [Q21-Q40]

Share

Online Questions - Valid Practice Professional-Cloud-Network-Engineer Exam Dumps Test Questions

100% Real Professional-Cloud-Network-Engineer dumps  - Brilliant Professional-Cloud-Network-Engineer Exam Questions PDF


Google Professional-Cloud-Network-Engineer (Google Cloud Certified - Professional Cloud Network Engineer) Certification Exam is designed for professionals who are interested in validating their skills in designing, implementing, and managing network solutions on the Google Cloud Platform. Google Cloud Certified - Professional Cloud Network Engineer certification exam is intended for applicants with a broad range of skills and expertise in networking technologies, including virtual private clouds, load balancing, and network security.


The Google Professional-Cloud-Network-Engineer exam is intended for individuals who have a deep understanding of networking concepts and experience working with Google Cloud Platform. It is recommended that candidates have at least three years of experience in network engineering, with a focus on cloud-based solutions. Additionally, candidates should be familiar with Google Cloud Platform services and have experience with network protocols and routing.

 

NEW QUESTION # 21
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren't certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users.
What should you do?

  • A. Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to enabled, and review necessary logs.
  • B. Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to disabled, and review necessary logs.
  • C. Create a Cloud Armor Policy rule that denies traffic and review necessary logs.
  • D. Create a Cloud Armor Policy rule that denies traffic, enable preview mode, and review necessary logs.

Answer: D

Explanation:
https://cloud.google.com/armor/docs/security-policy-concepts#preview_mode


NEW QUESTION # 22
You have configured a Compute Engine virtual machine instance as a NAT gateway. You execute the following command:
gcloud compute routes create no-ip-internet-route \
--network custom-network1 \
--destination-range 0.0.0.0/0 \
--next-hop instance nat-gateway \
--next-hop instance-zone us-central1-a \
--tags no-ip --priority 800
You want existing instances to use the new NAT gateway. Which command should you execute?

  • A. gcloud compute instances create example-instance --network custom-network1 \
    --subnet subnet-us-central \
    --no-address \
    --zone us-central1-a \
    --image-family debian-9 \
    --image-project debian-cloud \
    --tags no-ip
  • B. gcloud compute instances add-tags [existing-instance] --tags no-ip
  • C. gcloud builds submit --config=cloudbuild.waml --substitutions=TAG_NAME=no-ip
  • D. sudo sysctl -w net.ipv4.ip_forward=1

Answer: A

Explanation:
Reference:
https://cloud.google.com/vpc/docs/special-configurations


NEW QUESTION # 23
Your end users are located in close proximity to us-east1 and europe-west1. Their workloads need to communicate with each other. You want to minimize cost and increase network efficiency.
How should you design this topology?

  • A. Create 2 VPCs, each with their own region and individual subnets.
    Use external IP addresses on the instances to establish connectivity between these regions.
  • B. Create 1 VPC with 2 regional subnets.
    Create a global load balancer to establish connectivity between the regions.
  • C. Create 2 VPCs, each with their own regions and individual subnets.
    Create 2 VPN gateways to establish connectivity between these regions.
  • D. Create 1 VPC with 2 regional subnets.
    Deploy workloads in these subnets and have them communicate using private RFC1918 IP addresses.

Answer: D

Explanation:
VPC Network Peering enables you to peer VPC networks so that workloads in different VPC networks can communicate in private RFC 1918 space. Traffic stays within Google's network and doesn't traverse the public internet.
https://cloud.google.com/vpc/docs/vpc-peering


NEW QUESTION # 24
You recently deployed Compute Engine instances in regions us-west1 and us-east1 in a Virtual Private Cloud (VPC) with default routing configurations. Your company security policy mandates that virtual machines (VMs) must not have public IP addresses attached to them. You need to allow your instances to fetch updates from the internet while preventing external access. What should you do?

  • A. Create a Cloud NAT gateway and Cloud Router in both us-west1 and us-east1.
  • B. Create a firewall rule that allows egress to destination 0.0.0.0/0.
  • C. Change the instances' network interface external IP address from None to Ephemeral.
  • D. Create a single global Cloud NAT gateway and global Cloud Router in the VPC.

Answer: A


NEW QUESTION # 25
In your company, two departments with separate GCP projects (code-dev and data-dev) in the same organization need to allow full cross-communication between all of their virtual machines in GCP. Each department has one VPC in its project and wants full control over their network. Neither department intends to recreate its existing computing resources. You want to implement a solution that minimizes cost.
Which two steps should you take? (Choose two.)

  • A. Connect both projects using Cloud VPN.
  • B. Enable firewall rules to allow all ingress traffic from all subnets of project code-dev to all instances in project data-dev, and vice versa.
  • C. Create a route in the code-dev project to the destination prefixes in project data-dev and use nexthop as the default gateway, and vice versa.
  • D. Enable Shared VPC in one project (e. g., code-dev), and make the second project (e. g., data-dev) a service project.
  • E. Connect the VPCs in project code-dev and data-dev using VPC Network Peering.

Answer: B,E


NEW QUESTION # 26
You created a new VPC for your development team. You want to allow access to the resources in this VPC via SSH only.
How should you configure your firewall rules?

  • A. Create a single firewall rule to allow port 22 with priority 1000.
  • B. Create a single firewall rule to allow port 3389 with priority 1000.
  • C. Create two firewall rules: one to block all traffic with priority 0, and another to allow port 22 with priority
    1000.
  • D. Create two firewall rules: one to block all traffic with priority 65536, and another to allow port 3389 with priority 1000.

Answer: A

Explanation:
Explanation/Reference: https://geekflare.com/gcp-firewall-configuration/


NEW QUESTION # 27
You recently deployed your application in Google Cloud. You need to verify your Google Cloud network configuration before deploying your on-premises workloads. You want to confirm that your Google Cloud network configuration allows traffic to flow from your cloud resources to your on- premises network. This validation should also analyze and diagnose potential failure points in your Google Cloud network configurations without sending any data plane test traffic. What should you do?

  • A. Use Network Intelligence Center's Network Topology visualizations.
  • B. Use Network Intelligence Center's Connectivity Tests.
  • C. Enable VPC Flow Logs and send test traffic.
  • D. Enable Packet Mirroring on your application and send test traffic.

Answer: A


NEW QUESTION # 28
A database virtual machine on Google Compute Engine has an ext4-formatted persistent disk for data files. The database is about to run out of storage space How can you remediate the problem with the least amount of downtime?

  • A. In the Cloud Platform Console, increase the size of the persistent disk and use the resize2fs command in Linux.
  • B. In the Cloud Platform Console, create a new persistent disk attached to the virtual machine, format and mount it, and configure the database service to move the files to the new disk.
  • C. Shut down the virtual machine, use the Cloud Platform Console to increase the persistent disk size, then restart the virtual machine.
  • D. In the Cloud Platform Console, increase the size of the persistent disk and verify the new space is ready to use with the fdisk command in Linux.
  • E. In the Cloud Platform Console, create a snapshot of the persistent disk, restore the snapshot to a new larger disk, unmount the old disk, mount the new disk, and restart the database service.

Answer: A

Explanation:
A (Correct answer) - In the Cloud Platform Console, increase the size of the persistent disk and use the resize2fs command in Linux.
Here are the steps: In the Cloud Platform Console, increase the size of the persistent disk; after indicating size increase in console, to make the new size effective, you have two options: restart the VM or configure in the VM's operating systems, Windows or Linux.


NEW QUESTION # 29
You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.
Which two actions should you take? (Choose two.)

  • A. Turn on Private Services Access at the VPC level.
  • B. Turn on Private Google Access at the subnet level.
  • C. Turn on Private Google Access at the VPC level.
  • D. Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.
  • E. Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.

Answer: A,D

Explanation:
https://cloud.google.com/vpc/docs/private-access-options


NEW QUESTION # 30
After a network change window one of your company's applications stops working. The application uses an on-premises database server that no longer receives any traffic from the application. The database server IP address is 10.2.1.25. You examine the change request, and the only change is that 3 additional VPC subnets were created. The new VPC subnets created are 10.1.0.0/16, 10.2.0.0/16, and 10.3.1.0/24/ The on-premises router is advertising 10.0.0.0/8.
What is the most likely cause of this problem?

  • A. The on-premises router is not advertising a route for the database server.
  • B. The more specific VPC subnet route is taking priority.
  • C. A cloud firewall rule that blocks traffic to the on-premises database server was created during the change.
  • D. The less specific VPC subnet route is taking priority.

Answer: C


NEW QUESTION # 31
You need to enable Cloud CDN for all the objects inside a storage bucket. You want to ensure that all the object in the storage bucket can be served by the CDN.
What should you do in the GCP Console?

  • A. Create a new TCP load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
  • B. Create a new HTTP load balancer, select the storage bucket as a backend, enable Cloud CDN on the backend, and make sure each object inside the storage bucket is shared publicly.
  • C. Create a new SSL proxy load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
  • D. Create a new cloud storage bucket, and then enable Cloud CDN on it.

Answer: D


NEW QUESTION # 32
Your company has a security team that manages firewalls and SSL certificates. It also has a networking team that manages the networking resources. The networking team needs to be able to read firewall rules, but should not be able to create, modify, or delete them.
How should you set up permissions for the networking team?

  • A. Assign members of the networking team the compute.networkAdmin role.
  • B. Assign members of the networking team the compute.networkUser role.
  • C. Assign members of the networking team the compute.networkViewer role, and add the compute.networks.use permission.
  • D. Assign members of the networking team a custom role with only the compute.networks.* and the compute.firewalls.list permissions.

Answer: A


NEW QUESTION # 33
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren't certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users.
What should you do?

  • A. Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to disabled, and review necessary logs.
  • B. Create a Cloud Armor Policy rule that denies traffic, enable preview mode, and review necessary logs.
  • C. Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to enabled, and review necessary logs.
  • D. Create a Cloud Armor Policy rule that denies traffic and review necessary logs.

Answer: C


NEW QUESTION # 34
Your software team is developing an on-premises web application that requires direct connectivity to Compute Engine Instances in GCP using the RFC 1918 address space. You want to choose a connectivity solution from your on-premises environment to GCP, given these specifications:
Your ISP is a Google Partner Interconnect provider.
Your on-premises VPN device's internet uplink and downlink speeds are 10 Gbps.
A test VPN connection between your on-premises gateway and GCP is performing at a maximum speed of 500 Mbps due to packet losses.
Most of the data transfer will be from GCP to the on-premises environment.
The application can burst up to 1.5 Gbps during peak transfers over the Interconnect.
Cost and the complexity of the solution should be minimal.
How should you provision the connectivity solution?

  • A. Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using ECMP.
  • B. Use network compression over your VPN to increase the amount of data you can send over your VPN.
  • C. Provision a Dedicated Interconnect instead of a VPN.
  • D. Provision a Partner Interconnect through your ISP.

Answer: D

Explanation:
Direct Interconnect will be too expensive and also an overkill for this requirement. Managing multiple tunnels that too with packet loss consideration is complex also. Whereas partner interconnect fits the bill with providing required bandwidth but not super expensive also once setup not too complex too manage.


NEW QUESTION # 35
You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.
What should you do?

  • A. Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.
  • B. Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.
  • C. Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.
  • D. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.

Answer: A

Explanation:
https://link.springer.com/chapter/10.1007/978-1-4842-1004-8_4


NEW QUESTION # 36
You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?

  • A. Configure HA VPN in us-west1. Configure a Border Gateway Protocol (BGP) session between your Cloud Router and your on-premises data center.
  • B. Order a Carrier Peering connection in the same metropolitan area. Configure a Border Gateway Protocol (BGP) session between Google and your router.
  • C. Order a Dedicated Interconnect connection in the same metropolitan area. Create a VLAN attachment, a Cloud Router in us-west1, and a Border Gateway Protocol (BGP) session between your Cloud Router and your router.
  • D. Order a Direct Peering connection in the same metropolitan area. Configure a Border Gateway Protocol (BGP) session between Google and your router.

Answer: D


NEW QUESTION # 37
You are designing a hub-and-spoke network architecture for your company's cloud-based environment. You need to make sure that all spokes are peered with the hub. The spokes must use the hub's virtual appliance for internet access.
The virtual appliance is configured in high-availability mode with two instances using an internal load balancer with IP address 10.0.0.5. What should you do?

  • A. Create a default route in the hub VPC that points to IP address 10.0.0.5.
    Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.
    Create a new route in the spoke VPC that points to IP address 10.0.0.5.
  • B. Create two default routes in the hub VPC that point to the next hop instances of the virtual appliances.
    Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.
    Export the custom routes in the hub. Import the custom routes in the spokes.
  • C. Create a default route in the hub VPC that points to IP address 10.0.0.5.
    Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.
    Export the custom routes in the hub. Import the custom routes in the spokes.
    Delete the default internet gateway route of the spokes.
  • D. Create a default route in the hub VPC that points to IP address 10.0.0.5.
    Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.
    Export the custom routes in the hub.
    Import the custom routes in the spokes.

Answer: C


NEW QUESTION # 38
You are migrating to Cloud DNS and want to import your BIND zone file.
Which command should you use?

  • A. gcloud dns record-sets import ZONE_FILE --replace-origin-ns --zone MANAGED_ZONE
  • B. gcloud dns record-sets import ZONE_FILE --zone-file-format --zone MANAGED_ZONE
  • C. gcloud dns record-sets import ZONE_FILE --zone MANAGED_ZONE
  • D. gcloud dns record-sets import ZONE_FILE --delete-all-existing --zone MANAGED ZONE

Answer: B

Explanation:
https://cloud.google.com/sdk/gcloud/reference/dns/record-sets/import


NEW QUESTION # 39
You want to use Partner Interconnect to connect your on-premises network with your VPC. You already have an Interconnect partner.
What should you first?

  • A. Create a Partner Interconnect type VLAN attachment in the GCP Console and retrieve the pairing key.
  • B. Run gcloud compute interconnect attachments partner update <attachment> / -- region <region> --admin-enabled.
  • C. Log in to your partner's portal and request the VLAN attachment there.
  • D. Ask your Interconnect partner to provision a physical connection to Google.

Answer: D

Explanation:
https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview?hl=En#provisioning "To provision a Partner Interconnect connection with a service provider, you start by connecting your on-premises network to a supported service provider. Work with the service provider to establish connectivity.


NEW QUESTION # 40
......

Professional-Cloud-Network-Engineer Exam PDF [2023] Tests Free Updated Today with Correct 162 Questions: https://certtree.2pass4sure.com/Google-Cloud-Platform/Professional-Cloud-Network-Engineer-actual-exam-braindumps.html

Related Articles

more
Google Professional-Cloud-Network-Engineer Certification Practice Exam