View All Professional-Cloud-Network-Engineer Actual Free Exam Questions Jul 22, 2023 Updated [Q79-Q99]

View All Professional-Cloud-Network-Engineer Actual Free Exam Questions Jul 22, 2023 Updated

Pass Authentic Google Professional-Cloud-Network-Engineer with Free Practice Tests and Exam Dumps

Earning the Google Professional-Cloud-Network-Engineer certification can open up many career opportunities for individuals in the field of cloud networking. This certification recognizes the skills and knowledge of professionals who can design, implement, and manage cloud network solutions. It can also help individuals differentiate themselves in a competitive job market and demonstrate their expertise to potential employers. Overall, the Google Professional-Cloud-Network-Engineer Exam is a valuable certification for anyone who wants to advance their career in cloud networking.

Manage & Monitor Network Operations

In this part of the exam content, the students should be able to log and monitor with the use of GCP Console or Stackdriver. They must have competence in the management and maintenance of security, which includes firewalls and diagnosing & resolving IAM problems. Besides that, they need to be able to deal with the following objective:

• Maintain & Troubleshoot Connectivity Issues: It includes the identification of traffic flow topology, redirecting and draining of traffic flows, and cross-connect hand-off for interconnect. It also measures one’s knowledge of the monitoring of egress and ingress traffic with the use of flow logs as well as monitoring firewall logs. This section will also evaluate the learners’ skills in troubleshooting and managing VPNs and troubleshooting peering issues with Cloud Router BGP.

The applicants should also demonstrate competence in troubleshooting, monitoring, and maintaining traffic flow and latency, which include routing issues, network latency testing & throughput, and tracing traffic flow.

The Google Professional-Cloud-Network-Engineer exam is a certification that is designed to test an individual's knowledge and skills in network engineering within the Google Cloud Platform. This certification is meant for professionals who are responsible for designing, implementing, and managing complex network solutions on the Google Cloud Platform. The exam is intended to validate the candidate's skills in network architecture, design, and optimization, as well as their knowledge of Google Cloud Platform networking products and services.

 

NEW QUESTION # 79
You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.
What should you do?

• A. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.
• B. Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.
• C. Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.
• D. Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.

Answer: B

Explanation:
https://link.springer.com/chapter/10.1007/978-1-4842-1004-8_4

NEW QUESTION # 80
Your organization uses a hub-and-spoke architecture with critical Compute Engine instances in your Virtual Private Clouds (VPCs). You are responsible for the design of Cloud DNS in Google Cloud. You need to be able to resolve Cloud DNS private zones from your on-premises data center and enable on-premises name resolution from your hub-and-spoke VPC design. What should you do?

• A. Configure a DNS policy in the hub VPC to allow inbound query forwarding from the spoke VPCs.
  Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.
• B. Configure a private DNS zone in the hub VPC, and configure DNS forwarding to the on-premises server.
  Configure DNS peering from the spoke VPCs to the hub VPC.
• C. Configure a DNS policy in the hub VPC, and configure the on-premises DNS as an alternate DNS server.
  Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.
• D. Configure a DNS policy in the spoke VPCs, and configure your on-premises DNS as an alternate DNS server.
  Configure the hub VPC with a private zone, and set up DNS peering to each of the spoke VPCs.

Answer: D

NEW QUESTION # 81
Your company's Google Cloud-deployed, streaming application supports multiple languages. The application development team has asked you how they should support splitting audio and video traffic to different backend Google Cloud storage buckets. They want to use URL maps and minimize operational overhead. They are currently using the following directory structure:
/fr/video
/en/video
/es/video
/../video
/fr/audio
/en/audio
/es/audio
/../audio
Which solution should you recommend?

• A. Rearrange the directory structure, create a URL map and leverage a path rule such as /video/* and /audio/
  *.
• B. Leave the directory structure as-is, create a URL map and leverage a path rule such as /*/video and /*/ audio.
• C. Leave the directory structure as-is, create a URL map and leverage a path rule such as \/[a-z]{2}\/video and
  \/[a-z]{2}\/audio.
• D. Rearrange the directory structure, create DNS hostname entries for video and audio and leverage a path rule such as /video/* and /audio/*.

Answer: B

NEW QUESTION # 82
You have a web application that is currently hosted in the us-central1 region. Users experience high latency when traveling in Asia. You've configured a network load balancer, but users have not experienced a performance improvement. You want to decrease the latency.
What should you do?

• A. Configure the TTL for the DNS zone to decrease the time between updates.
• B. Configure a policy-based route rule to prioritize the traffic.
• C. Configure Dynamic Routing for the subnet hosting the application.
• D. Configure an HTTP load balancer, and direct the traffic to it.

Answer: D

Explanation:
Explanation/Reference: https://cloud.google.com/load-balancing/docs/tutorials/optimize-app-latency

NEW QUESTION # 83
You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in your zone.
What should you do?

• A. Update the TTL for the zone.
• B. Disable DNSSEC at your domain registar.
• C. Set the zone to the TRANSFER state.
• D. Transfer ownership of the domain to a new registar.

Answer: B

Explanation:
Before disabling DNSSEC for a managed zone you want to use, you must deactivate DNSSEC at your domain registrar to ensure that DNSSEC-validating resolvers can still resolve names in the zone.
https://cloud.google.com/dns/docs/dnssec-config

NEW QUESTION # 84
You need to define an address plan for a future new GKE cluster in your VPC. This will be a VPC native cluster, and the default Pod IP range allocation will be used. You must pre-provision all the needed VPC subnets and their respective IP address ranges before cluster creation. The cluster will initially have a single node, but it will be scaled to a maximum of three nodes if necessary. You want to allocate the minimum number of Pod IP addresses.
Which subnet mask should you use for the Pod IP address range?

• A. /23
• B. /25
• C. /22
• D. /21

Answer: C

Explanation:
https://cloud.google.com/kubernetes-engine/docs/how-to/alias-ips#cluster_sizing_secondary_range_pods Reference:
https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr
https://cloud.google.com/kubernetes-engine/docs/concepts/alias-ips#defaults_limits

NEW QUESTION # 85
Your company has recently expanded their EMEA-based operations into APAC. Globally distributed users report that their SMTP and IMAP services are slow. Your company requires end-to-end encryption, but you do not have access to the SSL certificates.
Which Google Cloud load balancer should you use?

• A. HTTPS load balancer
• B. Network load balancer
• C. SSL proxy load balancer
• D. TCP proxy load balancer

Answer: D

Explanation:
https://cloud.google.com/security/encryption-in-transit/ Automatic encryption between GFEs and backends For the following load balancer types, Google automatically encrypts traffic between Google Front Ends (GFEs) and your backends that reside within Google Cloud VPC networks: HTTP(S) Load Balancing TCP Proxy Load Balancing SSL Proxy Load Balancing

NEW QUESTION # 86
Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs.
Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)

• A. VPC peering
• B. Dedicated Interconnect
• C. Shared VPC
• D. Cloud NAT
• E. Cloud VPN

Answer: B,E

Explanation:
https://cloud.google.com/vpc/docs/vpc

NEW QUESTION # 87
You want to apply a new Cloud Armor policy to an application that is deployed in Google Kubernetes Engine (GKE). You want to find out which target to use for your Cloud Armor policy.
Which GKE resource should you use?

• A. GKE Pod
• B. GKE Cluster
• C. GKE Node
• D. GKE Ingress

Answer: A

NEW QUESTION # 88
You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible.
What should you do?

• A. Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.
• B. Grant the read-only privilege to the service account for the Cloud Storage bucket.
• C. Grant the iam.serviceAccountUser to your user account.
• D. Grant the compute.instanceAdmin to your user account.

Answer: B

NEW QUESTION # 89
You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP- capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.
What should you do?

• A. * Create a Cloud VPN instance.
  * Create a route-based VPN tunnel.
  * Configure the appropriate local and remote traffic selectors to 0.0.0.0/0.
  * Configure the appropriate static routes.
• B. * Create a Cloud VPN instance.
  * Create a policy-based VPN tunnel per subnet.
  * Configure the appropriate local and remote traffic selectors to match your local and remote networks.
  * Create the appropriate static routes.
• C. * Create a Cloud VPN instance.
  * Create a policy-based VPN tunnel.
  * Configure the appropriate local and remote traffic selectors to match your local and remote networks.
  * Configure the appropriate static routes.
• D. * Create a Cloud VPN instance.
  * Create a route-based VPN tunnel.
  * Configure the appropriate local and remote traffic selectors to match your local and remote networks.
  * Configure the appropriate static routes.

Answer: A

Explanation:
Explanation/Reference: https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing

NEW QUESTION # 90
You work for a university that is migrating to GCP.
These are the cloud requirements:
- On-premises connectivity with 10 Gbps
- Lowest latency access to the cloud
- Centralized Networking Administration Team
New departments are asking for on-premises connectivity to their projects.
You want to deploy the most cost-efficient interconnect solution for connecting the campus to Google Cloud.
What should you do?

• A. Use Shared VPC, and deploy the VLAN attachments and Interconnect in the host project.
• B. Use standalone projects and deploy the VLAN attachments and Interconnects in each of the individual projects.
• C. Use standalone projects, and deploy the VLAN attachments in the individual projects.
  Connect the VLAN attachment to the standalone projects' Interconnects.
• D. Use Shared VPC, and deploy the VLAN attachments in the service projects.
  Connect the VLAN attachment to the Shared VPC's host project.

Answer: D

NEW QUESTION # 91
You are the network administrator responsible for hybrid connectivity at your organization. Your developer team wants to use Cloud SQL in the us-west1 region in your Shared VPC. You configured a Dedicated Interconnect connection and a Cloud Router in us-west1, and the connectivity between your Shared VPC and on-premises data center is working as expected. You just created the private services access connection required for Cloud SQL using the reserved IP address range and default settings. However, your developers cannot access the Cloud SQL instance from on-premises. You want to resolve the issue. What should you do?

• A. Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes.
  Create a custom route advertisement in your Cloud Router to advertise the Cloud SQL IP address range.
• B. Change the VPC routing mode to global.
  Create a custom route advertisement in your Cloud Router to advertise the Cloud SQL IP address range.
• C. Change the VPC routing mode to global.
  Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes.
• D. Create an additional Cloud Router in us-west2.
  Create a new Border Gateway Protocol (BGP) peering connection to your on-premises data center.
  Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes.

Answer: A

NEW QUESTION # 92
You are using the gcloud command line tool to create a new custom role in a project by coping a predefined role. You receive this error message:
INVALID_ARGUMENT: Permission resourcemanager.projects.list is not valid What should you do?

• A. Add the resourcemanager.projects.setIamPolicy permission, and try again.
• B. Try again with a different role with a new name but the same permissions.
• C. Remove the resourcemanager.projects.list permission, and try again.
• D. Add the resourcemanager.projects.get permission, and try again.

Answer: C

NEW QUESTION # 93
You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.
Which two actions should you take? (Choose two.)

• A. Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.
• B. Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.
• C. Turn on Private Google Access at the VPC level.
• D. Turn on Private Google Access at the subnet level.
• E. Turn on Private Services Access at the VPC level.

Answer: B,E

Explanation:
https://cloud.google.com/vpc/docs/private-access-options

NEW QUESTION # 94
Your software team is developing an on-premises web application that requires direct connectivity to Compute Engine Instances in GCP using the RFC 1918 address space. You want to choose a connectivity solution from your on-premises environment to GCP, given these specifications:
Your ISP is a Google Partner Interconnect provider.
Your on-premises VPN device's internet uplink and downlink speeds are 10 Gbps.
A test VPN connection between your on-premises gateway and GCP is performing at a maximum speed of 500 Mbps due to packet losses.
Most of the data transfer will be from GCP to the on-premises environment.
The application can burst up to 1.5 Gbps during peak transfers over the Interconnect.
Cost and the complexity of the solution should be minimal.
How should you provision the connectivity solution?

• A. Provision a Partner Interconnect through your ISP.
• B. Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using ECMP.
• C. Provision a Dedicated Interconnect instead of a VPN.
• D. Use network compression over your VPN to increase the amount of data you can send over your VPN.

Answer: A

Explanation:
Direct Interconnect will be too expensive and also an overkill for this requirement. Managing multiple tunnels that too with packet loss consideration is complex also. Whereas partner interconnect fits the bill with providing required bandwidth but not super expensive also once setup not too complex too manage.

NEW QUESTION # 95
You want to create a service in GCP using IPv6.
What should you do?

• A. Configure a global load balancer with the designated IPv6 address.
• B. Configure an internal load balancer with the designated IPv6 address.
• C. Configure a TCP Proxy with the designated IPv6 address.
• D. Create the instance with the designated IPv6 address.

Answer: C

NEW QUESTION # 96
You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage. You want to ensure that none of the application instances have external IP addresses.
Which two methods can you use to accomplish this? (Choose two.)

• A. Enable Private Google Access on all the subnets.
• B. Enable Private Services Access on the VPC.
• C. Create a Cloud NAT, and route the application traffic via NAT gateway.
• D. Enable Private Google Access on the VPC.
• E. Create network peering between your VPC and BigQuery.

Answer: A,C

Explanation:
https://cloud.google.com/nat/docs/overview#interaction-pga Specifications https://cloud.google.com/vpc/docs/configure-private-google-access#specifications

NEW QUESTION # 97
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You have recently engaged a traffic-scrubbing service and want to restrict your origin to allow connections only from the traffic-scrubbing service.
What should you do?

• A. Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
• B. Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.
• C. Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.
• D. Create IPTables firewall rules that block all traffic except for the traffic-scrubbing service.

Answer: A

NEW QUESTION # 98
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You have recently engaged a traffic-scrubbing service and want to restrict your origin to allow connections only from the traffic-scrubbing service.
What should you do?

• A. Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
• B. Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.
• C. Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.
• D. Create IPTables firewall rules that block all traffic except for the traffic-scrubbing service.

Answer: C

Explanation:
Global load balancer will proxy the connection . thus no trace of session origin IP. you should use Cloud Armor to geofence your service.
https://cloud.google.com/load-balancing/docs/https

NEW QUESTION # 99
......

New Professional-Cloud-Network-Engineer  Exam Questions Real Google Dumps: https://www.actual4exams.com/Professional-Cloud-Network-Engineer-valid-dump.html

Course 2023 Professional-Cloud-Network-Engineer Test Prep Training Practice Exam Download: https://drive.google.com/open?id=1iAyffzB63B9ic5bAjbBwpbR0KBAmSAP6