Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Google Professional-Cloud-Network-Engineer - Google Cloud Certified - Professional Cloud Network Engineer

Google Professional-Cloud-Network-Engineer Premium Access     Download Demo    
Page: 5 / 7
Total 233 questions

Question:

You are designing the architecture for your organization so that clients can connect to certain Google APIs. Your plan must include a way to connect to Cloud Storage and BigQuery. You also need to ensure the traffic does not traverse the internet. You want your solution to be cloud-first and require the least amount of configuration steps. What should you do?

A.

Configure Private Google Access on the VPC resource. Create a default route to the internet.

B.

Configure Private Google Access on the subnet resource. Create a default route to the internet.

C.

Configure Cloud NAT and remove the default route to the internet.

D.

Configure a global Secure Web Proxy and remove the default route to the internet.

Question:

Your organization has distributed geographic applications with significant data volumes. You need to create a design that exposes the HTTPS workloads globally and keeps traffic costs to a minimum. What should you do?

A.

Deploy a regional external Application Load Balancer with Standard Network Service Tier.

B.

Deploy a regional external Application Load Balancer with Premium Network Service Tier.

C.

Deploy a global external proxy Network Load Balancer with Standard Network Service Tier.

D.

Deploy a global external Application Load Balancer with Premium Network Service Tier.

Your organization wants to set up hybrid connectivity with VLAN attachments that terminate in a single Cloud Router with 99.9% uptime. You need to create a network design for your on-premises router that meets those requirements and has an active/passive configuration that uses only one VLAN attachment at a time. What should you do?

A.

Create a design that uses a BGP multi-exit discriminator (MED) attribute to influence the egress path from Google Cloud to the on-premises environment.

B.

Create a design that uses the as_path BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

C.

Create a design that uses an equal-cost multipath (ECMP) with flow-based hashing on your on-premises devices.

D.

Create a design that uses the local_pref BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead.

How should you design the topology?

A.

Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.

B.

Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs.

C.

Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.

D.

Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.

You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in your zone.

What should you do?

A.

Update the TTL for the zone.

B.

Set the zone to the TRANSFER state.

C.

Disable DNSSEC at your domain registar.

D.

Transfer ownership of the domain to a new registar.

You work for a university that is migrating to Google Cloud.

These are the cloud requirements:

On-premises connectivity with 10 Gbps

Lowest latency access to the cloud

Centralized Networking Administration Team

New departments are asking for on-premises connectivity to their projects. You want to deploy the most cost-efficient interconnect solution for connecting the campus to Google Cloud.

What should you do?

A.

Use Shared VPC, and deploy the VLAN attachments and Dedicated Interconnect in the host project.

B.

Use Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.

C.

Use standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Dedicated Interconnects.

D.

Use standalone projects and deploy the VLAN attachments and Dedicated Interconnects in each of the individual projects.

Your company has a Virtual Private Cloud (VPC) with two Dedicated Interconnect connections in two different regions: us-west1 and us-east1. Each Dedicated Interconnect connection is attached to a Cloud Router in its respective region by a VLAN attachment. You need to configure a high availability failover path. By default, all ingress traffic from the on-premises environment should flow to the VPC using the us-west1 connection. If us-west1 is unavailable, you want traffic to be rerouted to us-east1. How should you configure the multi-exit discriminator (MED) values to enable this failover path?

A.

Use regional routing. Set the us-east1 Cloud Router to a base priority of 100, and set the us-west1 Cloud Router to a base priority of 1

B.

Use global routing. Set the us-east1 Cloud Router to a base priority of 100, and set the us-west1 Cloud Router to a base priority of 1

C.

Use regional routing. Set the us-east1 Cloud Router to a base priority of 1000, and set the us-west1 Cloud Router to a base priority of 1

D.

Use global routing. Set the us-east1 Cloud Router to a base priority of 1000, and set the us-west1 Cloud Router to a base priority of 1

Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.

How should you deploy this service in GCP?

A.

Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.

B.

Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.

C.

Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.

D.

Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal-priority static routes to the backend servers.

You want to create a service in GCP using IPv6.

What should you do?

A.

Create the instance with the designated IPv6 address.

B.

Configure a TCP Proxy with the designated IPv6 address.

C.

Configure a global load balancer with the designated IPv6 address.

D.

Configure an internal load balancer with the designated IPv6 address.

Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with access from on-premises locations using Cloud Interconnect connections. Your company must be able to send traffic to Cloud Storage only through the Interconnect links while accessing other Google APIs and services over the public internet. What should you do?

A.

Use the default public domains for all Google APIs and services.

B.

Use Private Service Connect to access Cloud Storage, and use the default public domains for all other Google APIs and services.

C.

Use Private Google Access, with restricted.googleapis.com virtual IP addresses for Cloud Storage and private.googleapis.com for all other Google APIs and services.

D.

Use Private Google Access, with private.googleapis.com virtual IP addresses for Cloud Storage and restricted.googleapis.com virtual IP addresses for all other Google APIs and services.