Download Professional Cloud Network Engineer.Professional-Cloud-Network-Engineer.VCEplus.2024-09-17.122q.vcex

Vendor: Google
Exam Code: Professional-Cloud-Network-Engineer
Exam Name: Professional Cloud Network Engineer
Date: Sep 17, 2024
File Size: 1 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Purchase
Coupon: EXAM_HUB

Discount: 20%

Demo Questions

Question 1
You recently configured Google Cloud Armor security policies to manage traffic to your application.
You discover that Google Cloud Armor is incorrectly blocking some traffic to your application. You need to identity the web application firewall (WAF) rule that is incorrectly blocking traffic. What should you do?
  1. Enable firewall logs, and view the logs in Firewall Insights.
  2. Enable HTTP(S) Load Balancing logging with sampling rate equal to 1, and view the logs in CloudLogging.
  3. Enable VPC Flow Logs, and view the logs in Cloud Logging.
  4. Enable Google Cloud Armor audit logs, and view the logs on the Activity page in the Google Cloud Console.
Correct answer: A
Question 2
You are the Organization Admin for your company. One of your engineers is responsible for setting up multiple host projects across multiple folders and sharing subnets with service projects. You need to enable the engineer's Identity and Access Management (IAM) configuration to complete their task in the fewest number of steps. What should you do?
  1. Set up the engineer with Compute Shared VPC Admin IAM role at the folder level.
  2. Set up the engineer with Compute Shared VPC Admin IAM role at the organization level.
  3. Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the folder level.
  4. Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the organization level.
Correct answer: B
Question 3
You recently deployed Compute Engine instances in regions us-west1 and us-east1 in a Virtual Private Cloud (VPC) with default routing configurations. Your company security policy mandates that virtual machines (VMs) must not have public IP addresses attached to them. You need to allow your instances to fetch updates from the internet while preventing external access. What should you do?
  1. Create a Cloud NAT gateway and Cloud Router in both us-west1 and us-east1.
  2. Create a single global Cloud NAT gateway and global Cloud Router in the VPC.
  3. Change the instances' network interface external IP address from None to Ephemeral.
  4. Create a firewall rule that allows egress to destination 0.0.0.0/0.
Correct answer: A
Question 4
Your company has provisioned 2000 virtual machines (VMs) in the private subnet of your Virtual Private Cloud (VPC) in the us-east1 region. You need to configure each VM to have a minimum of 128 TCP connections to a public repository so that users can download software updates and packages over the internet. You need to implement a Cloud NAT gateway so that the VMs are able to perform outbound NAT to the internet. You must ensure that all VMs can simultaneously connect to the public repository and download software updates and packages. Which two methods can you use to accomplish this? (Choose two.)
  1. Configure the NAT gateway in manual allocation mode, allocate 2 NAT IP addresses, and update the minimum number of ports per VM to 256.
  2. Create a second Cloud NAT gateway with the default minimum number of ports configured per VM to 64.
  3. Use the default Cloud NAT gateway's NAT proxy to dynamically scale using a single NAT IP address.
  4. Use the default Cloud NAT gateway to automatically scale to the required number of NAT IP addresses, and update the minimum number of ports per VM to 128.
  5. Configure the NAT gateway in manual allocation mode, allocate 4 NAT IP addresses, and update the minimum number of ports per VM to 128.
Correct answer: AB
Question 5
You have the following routing design. You discover that Compute Engine instances in Subnet-2 in the asia-southeast1 region cannot communicate with compute resources on-premises. What should you do?
  1. Configure a custom route advertisement on the Cloud Router.
  2. Enable IP forwarding in the asia-southeast1 region.
  3. Change the VPC dynamic routing mode to Global.
  4. Add a second Border Gateway Protocol (BGP) session to the Cloud Router.
Correct answer: C
Question 6
You are designing a hybrid cloud environment for your organization. Your Google Cloud environment is interconnected with your on-premises network using Cloud HA VPN and Cloud Router. The Cloud Router is configured with the default settings. Your on-premises DNS server is located at 192.168.20.88 and is protected by a firewall, and your Compute Engine resources are located at 10.204.0.0/24. Your Compute Engine resources need to resolve on-premises private hostnames using the domain corp.altostrat.com while still resolving Google Cloud hostnames. You want to follow Google-recommended practices. What should you do?
  1. Create a private forwarding zone in Cloud DNS for 'corp.altostrat.com' called corp-altostrat-com that points to 192.168.20.88.
    Configure your on-premises firewall to accept traffic from 10.204.0.0/24.
    Set a custom route advertisement on the Cloud Router for 10.204.0.0/24
  2. Create a private forwarding zone in Cloud DNS for 'corp.altostrat.com' called corp-altostrat-com that points to 192.168 20.88.
    Configure your on-premises firewall to accept traffic from 35.199.192.0/19 Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.
  3. Create a private forwarding zone in Cloud DNS for 'corp .altostrat.com' called corp-altostrat-com that points to 192.168.20.88.
    Configure your on-premises firewall to accept traffic from 10.204.0.0/24.
    Modify the /etc/resolv conf file on your Compute Engine instances to point to 192.168.20 88
  4. Create a private zone in Cloud DNS for 'corp altostrat.com' called corp-altostrat-com.
    Configure DNS Server Policies and create a policy with Alternate DNS servers to 192.168.20.88.
    Configure your on-premises firewall to accept traffic from 35.199.192.0/19.
    Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.
Correct answer: D
Question 7
Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with onpremises connectivity already in place. You are deploying a new application using Google Kubernetes Engine (GKE), which must be accessible only from the same VPC network and on-premises locations.
You must ensure that the GKE control plane is exposed to a predefined list of on-premises subnets through private connectivity only. What should you do?
  1. Create a GKE private cluster with a private endpoint for the control plane. Configure VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers.Configure authorized networks to specify the desired on-premises subnets.
  2. Create a GKE private cluster with a public endpoint for the control plane. Configure VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers.
  3. Create a GKE private cluster with a private endpoint for the control plane. Configure authorized networks to specify the desired on-premises subnets.
  4. Create a GKE public cluster. Configure authorized networks to specify the desired on-premises subnets.
Correct answer: C
Question 8
You built a web application with several containerized microservices. You want to run those microservices on Cloud Run. You must also ensure that the services are highly available to your customers with low latency. What should you do?
  1. Deploy the Cloud Run services to multiple availability zones. Create a global TCP load balancer.Add the Cloud Run endpoints to its backend service.
  2. Deploy the Cloud Run services to multiple regions. Create serverless network endpoint groups (NEGs) that point to the services. Create a global HTTPS load balancer, and attach the serverlessNEGs as backend services ofthe load balancer.
  3. Deploy the Cloud Run services to multiple availability zones. Create Cloud Endpoints that point to the services. Create a global HTTPS load balancer, and attach the Cloud Endpoints to its backend
  4. Deploy the Cloud Run services to multiple regions. Configure a round-robin A record in Cloud DNS.
Correct answer: B
Question 9
You have an HA VPN connection with two tunnels running in active/passive mode between your Virtual Private Cloud (VPC) and on-premises network. Traffic over the connection has recently increased from 1 gigabit per second (Gbps) to 4 Gbps, and you notice that packets are being dropped.
You need to configure your VPN connection to Google Cloud to support 4 Gbps. What should you do?
  1. Configure the remote autonomous system number (ASN) to 4096.
  2. Configure a second Cloud Router to scale bandwidth in and out of the VPC.
  3. Configure the maximum transmission unit (MTU) to its highest supported value.
  4. Configure a second set of active/passive VPN tunnels.
Correct answer: D
Question 10
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements:
  • All access to your on-premises network must go through the network virtual appliances.
  • Allow on-premises access in the event of a single network virtual appliance failure.
  • Both network virtual appliances must be used simultaneously.
Which method should you use to accomplish this?
  1. Configure two routes for 10.0.0.0/8 with different priorities, each pointing to separate network virtual appliances.
  2. Configure an internal HTTP(S) load balancer with the two network virtual appliances as backends.Configure a route for 10.0.0.0/8 with the internal HTTP(S) load balancer as the next hop.
  3. Configure a network load balancer for the two network virtual appliances. Configure a route for 10.0.0.0/8 with the network load balancer as the next hop.
  4. Configure an internal TCP/UDP load balancer with the two network virtual appliances as backends.Configure a route for 10.0.0.0/8 with the internal load balancer as the next hop.
Correct answer: C
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!