[Oct-2022] Professional-Cloud-Network-Engineer Dumps PDF - Professional-Cloud-Network-Engineer Real Exam Questions Answers [Q15-Q37]

Rate this post

[Oct-2022] Professional-Cloud-Network-Engineer Dumps PDF – Professional-Cloud-Network-Engineer Real Exam Questions Answers

Professional-Cloud-Network-Engineer Dumps 100% Pass Guarantee With Latest Demo

Career Opportunities

Earning the Google Professional Cloud Network Engineer certification proves that you can perform successful Cloud implementations with the help of the command-line interface or Google Cloud Platform Console. The knowledge and skills gained during exam preparation qualify you for numerous networking-related job roles. Some of the titles that the certified candidates can consider include a Cloud Network Engineer, a Cloud Technical Solutions Engineer, a Cloud Infrastructure Engineer, a Cloud Security Engineer, a Server Infrastructure Engineer, a Data Engineer, a Corporate Sales Engineer, and a Sales Engineer, among others. The median salary associated with these positions is $132,279 per year.

QUESTION 15
Your company’s web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers.
The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.
How should you deploy this service in GCP?

Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.

Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.

Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.

Use GCP’s ECMP capability to load-balance traffic to the backend servers by installing multiple equal- priority static routes to the backend servers.

QUESTION 16
You want to establish a dedicated connection to Google that can access Cloud SQL via a public IP address and that does not require a third-party service provider.
Which connection type should you choose?

Carrier Peering

Direct Peering

Dedicated Interconnect

Partner Interconnect

QUESTION 17
You built a web application with several containerized microservices. You want to run those microservices on Cloud Run. You must also ensure that the services are highly available to your customers with low latency. What should you do?

Deploy the Cloud Run services to multiple availability zones. Create a global TCP load balancer. Add the Cloud Run endpoints to its backend service.

Deploy the Cloud Run services to multiple regions. Create serverless network endpoint groups (NEGs) that point to the services. Create a global HTTPS load balancer, and attach the serverless NEGs as backend services of the load balancer.

Deploy the Cloud Run services to multiple availability zones. Create Cloud Endpoints that point to the services. Create a global HTTPS load balancer, and attach the Cloud Endpoints to its backend

Deploy the Cloud Run services to multiple regions. Configure a round-robin A record in Cloud DNS.

QUESTION 18
You created a new VPC for your development team. You want to allow access to the resources in this VPC via SSH only.
How should you configure your firewall rules?

Create two firewall rules: one to block all traffic with priority 0, and another to allow port 22 with priority 1000.

Create two firewall rules: one to block all traffic with priority 65536, and another to allow port 3389 with priority 1000.

Create a single firewall rule to allow port 22 with priority 1000.

Create a single firewall rule to allow port 3389 with priority 1000.

QUESTION 19
You have an application that is running in a managed instance group. Your development team has released an updated instance template which contains a new feature which was not heavily tested. You want to minimize impact to users if there is a bug in the new template.
How should you update your instances?

Manually patch some of the instances, and then perform a rolling restart on the instance group.

Using the new instance template, perform a rolling update across all instances in the instance group. Verify the new feature once the rollout completes.

Deploy a new instance group and canary the updated template in that group. Verify the new feature in the new canary instance group, and then update the original instance group.

Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new template. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.

QUESTION 20
You have deployed a proof-of-concept application by manually placing instances in a single Compute Engine zone. You are now moving the application to production, so you need to increase your application availability and ensure it can autoscale.
How should you provision your instances?

Create a single managed instance group, specify the desired region, and select Multiple zones for the location.

Create a managed instance group for each region, select Single zone for the location, and manually distribute instances across the zones in that region.

Create an unmanaged instance group in a single zone, and then create an HTTP load balancer for the instance group.

Create an unmanaged instance group for each zone, and manually distribute the instances across the desired zones.

QUESTION 21
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren’t certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users.
What should you do?

Create a Cloud Armor Policy rule that denies traffic and review necessary logs.

Create a Cloud Armor Policy rule that denies traffic, enable preview mode, and review necessary logs.

Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to disabled, and review necessary logs.

Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to enabled, and review necessary logs.

QUESTION 22
You are designing a new application that has backends internally exposed on port 800. The application will be exposed externally using both IPv4 and IPv6 via TCP on port 700. You want to ensure high availability for this application. What should you do?

Create a network load balancer that used backend services containing one instance group with two instances.

Create a network load balancer that uses a target pool backend with two instances.

Create a TCP proxy that uses a zonal network endpoint group containing one instance.

Create a TCP proxy that uses backend services containing an instance group with two instances.

QUESTION 23
You have a storage bucket that contains two objects. Cloud CDN is enabled on the bucket, and both objects have been successfully cached. Now you want to make sure that one of the two objects will not be cached anymore, and will always be served to the internet directly from the origin.
What should you do?

Ensure that the object you don’t want to be cached anymore is not shared publicly.

Create a new storage bucket, and move the object you don’t want to be checked anymore inside it. Then edit the bucket setting and enable the private attribute.

Add an appropriate lifecycle rule on the storage bucket containing the two objects.

Add a Cache-Control entry with value private to the metadata of the object you don’t want to be cached anymore. Invalidate all the previously cached copies.

QUESTION 24
You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP-capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.
What should you do?

* Create a Cloud VPN instance.* Create a policy-based VPN tunnel per subnet.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Create the appropriate static routes.

* Create a Cloud VPN instance.* Create a policy-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Configure the appropriate static routes.

* Create a Cloud VPN instance.* Create a route-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Configure the appropriate static routes.

* Create a Cloud VPN instance.* Create a route-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to 0.0.0.0/0.* Configure the appropriate static routes.

QUESTION 25
You are increasing your usage of Cloud VPN between on-premises and GCP, and you want to support more traffic than a single tunnel can handle. You want to increase the available bandwidth using Cloud VPN.
What should you do?

Double the MTU on your on-premises VPN gateway from 1460 bytes to 2920 bytes.

Create two VPN tunnels on the same Cloud VPN gateway that point to the same destination VPN gateway IP address.

Add a second on-premises VPN gateway with a different public IP address. Create a second tunnel on the existing Cloud VPN gateway that forwards the same IP range, but points at the new on-premises gateway IP.

Add a second Cloud VPN gateway in a different region than the existing VPN gateway. Create a new tunnel on the second Cloud VPN gateway that forwards the same IP range, but points to the existing on-premises VPN gateway IP address.

QUESTION 26
You want to apply a new Cloud Armor policy to an application that is deployed in Google Kubernetes Engine (GKE). You want to find out which target to use for your Cloud Armor policy.
Which GKE resource should you use?

GKE Node

GKE Pod

GKE Cluster

GKE Ingress

QUESTION 27
Your organization has Compute Engine instances in us-east1, us-west2, and us-central1. Your organization also has an existing Cloud Interconnect physical connection in the East Coast of the United States with a single VLAN attachment and Cloud Router in us-east1. You need to provide a design with high availability and ensure that if a region goes down, you still have access to all your other Virtual Private Cloud (VPC) subnets. You need to accomplish this in the most cost-effective manner possible. What should you do?

Configure your VPC routing in regional mode.
Add an additional Cloud Interconnect VLAN attachment in the us-east1 region, and configure a Cloud Router in us-east1.

Configure your VPC routing in global mode.
Add an additional Cloud Interconnect VLAN attachment in the us-east1 region, and configure a Cloud Router in us-east1.

Configure your VPC routing in global mode.
Add an additional Cloud Interconnect VLAN attachment in the us-west2 region, and configure a Cloud Router in us-west2.

Configure your VPC routing in regional mode.
Add additional Cloud Interconnect VLAN attachments in the us-west2 and us-central1 regions, and configure Cloud Routers in us-west2 and us-central1.

QUESTION 28
You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.
What should you do?

Upload your public ssh key to the project Metadata.

Upload your public ssh key to each instance Metadata.

Create a custom Google Compute Engine image with your public ssh key embedded.

Use gcloud compute ssh to automatically copy your public ssh key to the instance.

QUESTION 29
You configured Cloud VPN with dynamic routing via Border Gateway Protocol (BGP). You added a custom route to advertise a network that is reachable over the VPN tunnel. However, the on-premises clients still cannot reach the network over the VPN tunnel. You need to examine the logs in Cloud Logging to confirm that the appropriate routers are being advertised over the VPN tunnel. Which filter should you use in Cloud Logging to examine the logs?

resource.type= “gce_router”

resource.type= “gce_network_region”

resource.type= “vpn_tunnel”

resource.type= “vpn_gateway”

QUESTION 30
You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BGP) session, and the other one acts as a standby.
Which BGP attribute should you use on your on-premises router?

AS-Path

Community

Local Preference

Multi-exit Discriminator

QUESTION 31
You are designing a hybrid cloud environment for your organization. Your Google Cloud environment is interconnected with your on-premises network using Cloud HA VPN and Cloud Router. The Cloud Router is configured with the default settings. Your on-premises DNS server is located at 192.168.20.88 and is protected by a firewall, and your Compute Engine resources are located at 10.204.0.0/24. Your Compute Engine resources need to resolve on-premises private hostnames using the domain corp.altostrat.com while still resolving Google Cloud hostnames. You want to follow Google-recommended practices. What should you do?

Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168.20.88.
Configure your on-premises firewall to accept traffic from 10.204.0.0/24.
Set a custom route advertisement on the Cloud Router for 10.204.0.0/24

Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168 20.88.
Configure your on-premises firewall to accept traffic from 35.199.192.0/19 Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.

Create a private forwarding zone in Cloud DNS for ‘corp .altostrat.com’ called corp-altostrat-com that points to 192.168.20.88.
Configure your on-premises firewall to accept traffic from 10.204.0.0/24.
Modify the /etc/resolv conf file on your Compute Engine instances to point to 192.168.20 88

Create a private zone in Cloud DNS for ‘corp altostrat.com’ called corp-altostrat-com.
Configure DNS Server Policies and create a policy with Alternate DNS servers to 192.168.20.88.
Configure your on-premises firewall to accept traffic from 35.199.192.0/19.

QUESTION 32
You are migrating to Cloud DNS and want to import your BIND zone file.
Which command should you use?

gcloud dns record-sets import ZONE_FILE –zone MANAGED_ZONE

gcloud dns record-sets import ZONE_FILE –replace-origin-ns –zone MANAGED_ZONE

gcloud dns record-sets import ZONE_FILE –zone-file-format –zone MANAGED_ZONE

gcloud dns record-sets import ZONE_FILE –delete-all-existing –zone MANAGED ZONE

QUESTION 33
You need to enable Private Google Access for use by some subnets within your Virtual Private Cloud (VPC). Your security team set up the VPC to send all internet-bound traffic back to the on- premises data center for inspection before egressing to the internet, and is also implementing VPC Service Controls in the environment for API-level security control. You have already enabled the subnets for Private Google Access. What configuration changes should you make to enable Private Google Access while adhering to your security team’s requirements?

Create a private DNS zone with a CNAME record for *.googleapis.com to restricted.googleapis.com, with an A record pointing to Google’s restricted API address range.
Create a custom route that points Google’s restricted API address range to the default internet gateway as the next hop.

Create a private DNS zone with a CNAME record for *.googleapis.com to restricted.googleapis.com, with an A record pointing to Google’s restricted API address range.
Change the custom route that points the default route (0/0) to the default internet gateway as the next hop.

Create a private DNS zone with a CNAME record for *.googleapis.com to private.googleapis.com, with an A record painting to Google’s private AP address range.
Change the custom route that points the default route (0/0) to the default internet gateway as the next hop.

Create a private DNS zone with a CNAME record for *.googleapis.com to private.googleapis.com, with an A record pointing to Google’s private API address range.
Create a custom route that points Google’s private API address range to the default internet gateway as the next hop.

QUESTION 34
You want to configure load balancing for an internet-facing, standard voice-over-IP (VOIP) application.
Which type of load balancer should you use?

HTTP(S) load balancer

Network load balancer

Internal TCP/UDP load balancer

TCP/SSL proxy load balancer

QUESTION 35
You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BGP) session, and the other one acts as a standby.
Which BGP attribute should you use on your on-premises router?

AS-Path

Community

Local Preference

Multi-exit Discriminator

QUESTION 36
You need to enable Cloud CDN for all the objects inside a storage bucket. You want to ensure that all the objects in the storage bucket can be served by the CDN.
What should you do in the GCP Console?

Create a new cloud storage bucket, and then enable Cloud CDN on it.

Create a new TCP load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.

Create a new SSL proxy load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.

Create a new HTTP load balancer, select the storage bucket as a backend, enable Cloud CDN on the backend, and make sure each object inside the storage bucket is shared publicly.

QUESTION 37
Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead.
How should you design the topology?

Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.

Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs.

Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.

Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.

Dumps Real Google Professional-Cloud-Network-Engineer Exam Questions [Updated 2022]: https://www.prepawaypdf.com/Google/Professional-Cloud-Network-Engineer-practice-exam-dumps.html

[Oct-2022] Professional-Cloud-Network-Engineer Dumps PDF – Professional-Cloud-Network-Engineer Real Exam Questions Answers [Q15-Q37]

Career Opportunities

admin

Leave a Reply Cancel reply

Career Opportunities

Related posts:

admin

You might also like

Leave a Reply Cancel reply