• Home
  • Articles
  • Professional-Cloud-Network-Engineer Exam Dumps Free Test Engine Verified By Google Cloud Platform Certified Experts [Q63-Q83]

Professional-Cloud-Network-Engineer Exam Dumps Free Test Engine Verified By Google Cloud Platform Certified Experts [Q63-Q83]

Share

Professional-Cloud-Network-Engineer Exam Dumps Free Test Engine Verified By Google Cloud Platform Certified Experts

Use Real Google Achieve the Professional-Cloud-Network-Engineer Dumps - 100% Exam Passing Guarantee

NEW QUESTION 63
You have a storage bucket that contains two objects. Cloud CDN is enabled on the bucket, and both objects have been successfully cached. Now you want to make sure that one of the two objects will not be cached anymore, and will always be served to the internet directly from the origin.
What should you do?

  • A. Add an appropriate lifecycle rule on the storage bucket containing the two objects.
  • B. Ensure that the object you don't want to be cached anymore is not shared publicly.
  • C. Add a Cache-Control entry with value private to the metadata of the object you don't want to be cached anymore. Invalidate all the previously cached copies.
  • D. Create a new storage bucket, and move the object you don't want to be checked anymore inside it. Then edit the bucket setting and enable the private attribute.

Answer: B

Explanation:
Reference:
https://developers.google.com/web/ilt/pwa/caching-files-with-service-worker

 

NEW QUESTION 64
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances.
Which two products should you incorporate into the solution? (Choose two.)

  • A. Firewall logs
  • B. Cloud Audit logs
  • C. VPC flow logs
  • D. Compute Engine instance system logs
  • E. Stackdriver Trace

Answer: A,C

Explanation:
A: Using VPC Flow Logs VPC Flow Logs records a sample of network flows sent from and received by VM instances, including instances used as GKE nodes. These logs can be used for network monitoring, forensics, real-time security analysis, and expense optimization. https://cloud.google.com/vpc/docs/using-flow-logs (B): Firewall Rules Logging overview Firewall Rules Logging allows you to audit, verify, and analyze the effects of your firewall rules. For example, you can determine if a firewall rule designed to deny traffic is functioning as intended. Firewall Rules Logging is also useful if you need to determine how many connections are affected by a given firewall rule. You enable Firewall Rules Logging individually for each firewall rule whose connections you need to log. Firewall Rules Logging is an option for any firewall rule, regardless of the action (allow or deny) or direction (ingress or egress) of the rule. https://cloud.google.com/vpc/docs/firewall-rules-logging

 

NEW QUESTION 65
You are increasing your usage of Cloud VPN between on-premises and GCP, and you want to support more traffic than a single tunnel can handle. You want to increase the available bandwidth using Cloud VPN.
What should you do?

  • A. Add a second on-premises VPN gateway with a different public IP address. Create a second tunnel on the existing Cloud VPN gateway that forwards the same IP range, but points at the new on-premises gateway IP.
  • B. Double the MTU on your on-premises VPN gateway from 1460 bytes to 2920 bytes.
  • C. Add a second Cloud VPN gateway in a different region than the existing VPN gateway. Create a new tunnel on the second Cloud VPN gateway that forwards the same IP range, but points to the existing on-premises VPN gateway IP address.
  • D. Create two VPN tunnels on the same Cloud VPN gateway that point to the same destination VPN gateway IP address.

Answer: A

Explanation:
https://cloud.google.com/network-connectivity/docs/vpn/concepts/classic-topologies#redundancy-options

 

NEW QUESTION 66
You want to use Partner Interconnect to connect your on-premises network with your VPC. You already have an Interconnect partner.
What should you first?

  • A. Run gcloud compute interconnect attachments partner update <attachment> / -- region <region> --admin-enabled.
  • B. Create a Partner Interconnect type VLAN attachment in the GCP Console and retrieve the pairing key.
  • C. Log in to your partner's portal and request the VLAN attachment there.
  • D. Ask your Interconnect partner to provision a physical connection to Google.

Answer: D

Explanation:
https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview?hl=En#provisioning "To provision a Partner Interconnect connection with a service provider, you start by connecting your on-premises network to a supported service provider. Work with the service provider to establish connectivity.

 

NEW QUESTION 67
You need to give each member of your network operations team least-privilege access to create, modify, and delete Cloud Interconnect VLAN attachments.
What should you do?

  • A. Assign each user the compute.networkAdmin role.
  • B. Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get.
  • C. Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get, compute.routers.create, compute.routers.get, compute.routers.update.
  • D. Assign each user the editor role.

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 68
Your software team is developing an on-premises web application that requires direct connectivity to Compute Engine Instances in GCP using the RFC 1918 address space. You want to choose a connectivity solution from your on-premises environment to GCP, given these specifications:
* Your ISP is a Google Partner Interconnect provider.
* Your on-premises VPN device's internet uplink and downlink speeds are 10 Gbps.
* A test VPN connection between your on-premises gateway and GCP is performing at a maximum speed of
500 Mbps due to packet losses.
* Most of the data transfer will be from GCP to the on-premises environment.
* The application can burst up to 1.5 Gbps during peak transfers over the Interconnect.
* Cost and the complexity of the solution should be minimal.
How should you provision the connectivity solution?

  • A. Use network compression over your VPN to increase the amount of data you can send over your VPN.
  • B. Provision a Dedicated Interconnect instead of a VPN.
  • C. Provision a Partner Interconnect through your ISP.
  • D. Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using ECMP.

Answer: D

 

NEW QUESTION 69
You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly.
How should you configure the health check?

  • A. Set request-path to a specific URL used for health checking, and set hostto include a custom host header that identifies the health check.
  • B. Set request-pathto a specific URL used for health checking, and set proxy-headerto PROXY_V1.
  • C. Set request-path to a specific URL used for health checking, and set responseto a string that the backend service will always return in the response body.
  • D. Set proxy-header to the default value, and set hostto include a custom host header that identifies the health check.

Answer: A

Explanation:
https://cloud.google.com/load-balancing/docs/health-checks

 

NEW QUESTION 70
Your on-premises data center has 2 routers connected to your GCP through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.
During troubleshooting you find:
* Each on-premises router is configured with the same ASN.
* Each on-premises router is configured with the same routes and priorities.
* Both on-premises routers are configured with a VPN connected to a single Cloud Router.
* The VPN logs have no-proposal-chosen lines when the VPNs are connecting.
* BGP session is not established between one on-premises router and the Cloud Router.
What is the most likely cause of this problem?

  • A. One of the VPN sessions is configured incorrectly.
  • B. BGP sessions are not established between both on-premises routers and the Cloud Router.
  • C. You do not have a load balancer to load-balance the network traffic.
  • D. A firewall is blocking the traffic across the second VPN connection.

Answer: A

Explanation:
If the VPN logs show a no-proposal-chosen error, this error indicates that Cloud VPN and your peer VPN gateway were unable to agree on a set of ciphers. For IKEv1, the set of ciphers must match exactly. For IKEv2, there must be at least one common cipher proposed by each gateway. Make sure that you use supported ciphers to configure your peer VPN gateway. https://cloud.google.com/network-connectivity/docs/vpn/support/troubleshooting#:~:text=If%20the%20VPN%20logs%20show,of%20ciphers%20must%20match%20exactly.&text=Make%20sure%20that%20you%20use,configure%20your%20peer%20VPN%20gateway.

 

NEW QUESTION 71
You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.
What should you do?

  • A. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.
  • B. Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.
  • C. Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.
  • D. Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.

Answer: D

Explanation:
https://link.springer.com/chapter/10.1007/978-1-4842-1004-8_4

 

NEW QUESTION 72
You work for a multinational enterprise that is moving to GCP.
These are the cloud requirements:
* An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us-west1 (primary HQ) and us-east4 (backup)
* Multiple regional offices in Europe and APAC
* Regional data processing is required in europe-west1 and australia-southeast1
* Centralized Network Administration Team
Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering. You want to deploy the appliance in us-west1.
What should you do?

  • A. * Create 1 VPC in a Shared VPC Service Project.* Configure a 2-NIC instance in zone us-west1-a in the Service Project.* Attach NIC0 in us-west1 subnet of the Service Project.* Attach NIC1 in us-west1 subnet of the Service Project* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.
  • B. * Create 2 VPCs in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Host Project.* Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.* Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.
  • C. * Create 1 VPC in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Host Project.* Attach NIC0 in us-west1 subnet of the Host Project.* Attach NIC1 in us-west1 subnet of the Host Project* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.
  • D. * Create 2 VPCs in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Service Project.* Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.* Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.

Answer: D

Explanation:
https://cloud.google.com/vpc/docs/shared-vpc

 

NEW QUESTION 73
You are deploying a global external TCP load balancing solution and want to preserve the source IP address of the original layer 3 payload.
Which type of load balancer should you use?

  • A. Network load balancer
  • B. TCP/SSL proxy load balancer
  • C. HTTP(S) load balancer
  • D. Internal load balancer

Answer: A

Explanation:
Reference:
https://cloud.google.com/load-balancing/docs/network

 

NEW QUESTION 74
You created a VPC network named Retail in auto mode. You want to create a VPC network named Distribution and peer it with the Retail VPC.
How should you configure the Distribution VPC?

  • A. Create the Distribution VPC in custom mode.
    Use the CIDR range 10.0.0.0/9. Create the necessary subnets, and then peer them via network peering.
  • B. Rename the default VPC as "Distribution" and peer it via network peering.
  • C. Create the Distribution VPC in custom mode.
    Use the CIDR range 10.128.0.0/9.
    Create the necessary subnets, and then peer them via network peering.
  • D. Create the Distribution VPC in auto mode.
    Peer both the VPCs via network peering.

Answer: A

Explanation:
https://cloud.google.com/vpc/docs/using-vpc

 

NEW QUESTION 75
You are the Organization Admin for your company. One of your engineers is responsible for setting up multiple host projects across multiple folders and sharing subnets with service projects. You need to enable the engineer's Identity and Access Management (IAM) configuration to complete their task in the fewest number of steps. What should you do?

  • A. Set up the engineer with Compute Shared VPC Admin IAM role at the folder level.
  • B. Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the folder level.
  • C. Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the organization level.
  • D. Set up the engineer with Compute Shared VPC Admin IAM role at the organization level.

Answer: D

 

NEW QUESTION 76
In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.
What should you do?

  • A. Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
  • B. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
  • C. Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.
  • D. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 77
You are trying to update firewall rules in a shared VPC for which you have been assigned only Network Admin permissions. You cannot modify the firewall rules. Your organization requires using the least privilege necessary.
Which level of permissions should you request?

  • A. Organization Admin privileges from the Organization Admin.
  • B. Shared VPC Admin privileges from the Organization Admin.
  • C. Security Admin privileges from the Shared VPC Admin.
  • D. Service Project Admin privileges from the Shared VPC Admin.

Answer: C

Explanation:
Explanation/Reference: https://cloud.google.com/vpc/docs/shared-vpc

 

NEW QUESTION 78
You have just deployed your infrastructure on Google Cloud. You now need to configure the DNS to meet the following requirements:
Your on-premises resources should resolve your Google Cloud zones.
Your Google Cloud resources should resolve your on-premises zones.
You need the ability to resolve ".internal" zones provisioned by Google Cloud.
What should you do?

  • A. Configure Cloud DNS to DNS peer with your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.
  • B. Configure both an inbound server policy and outbound DNS forwarding zones with the target as the on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.
  • C. Configure an outbound DNS server policy, and set your alternative name server to be your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.
  • D. Configure an outbound server policy, and set your alternative name server to be your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.

Answer: D

 

NEW QUESTION 79
Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead.
How should you design the topology?

  • A. Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs.
  • B. Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.
  • C. Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.
  • D. Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.

Answer: B

Explanation:
Use Shared VPC to connect to a common VPC network. Resources in those projects can communicate with each other securely and efficiently across project boundaries using internal IPs. You can manage shared network resources, such as subnets, routes, and firewalls, from a central host project, enabling you to apply and enforce consistent network policies across the projects.
With Shared VPC and IAM controls, you can separate network administration from project administration.
This separation helps you implement the principle of least privilege. For example, a centralized network team can administer the network without having any permissions into the participating projects. Similarly, the project admins can manage their project resources without any permissions to manipulate the shared network.
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations

 

NEW QUESTION 80
You are using the gcloud command line tool to create a new custom role in a project by coping a predefined role. You receive this error message:
INVALID_ARGUMENT: Permission resourcemanager.projects.list is not valid What should you do?

  • A. Add the resourcemanager.projects.get permission, and try again.
  • B. Remove the resourcemanager.projects.list permission, and try again.
  • C. Try again with a different role with a new name but the same permissions.
  • D. Add the resourcemanager.projects.setIamPolicy permission, and try again.

Answer: B

Explanation:
Reference:
https://cloud.google.com/iam/docs/understanding-custom-roles

 

NEW QUESTION 81
You have a Cloud Storage bucket in Google Cloud project XYZ. The bucket contains sensitive dat a. You need to design a solution to ensure that only instances belonging to VPCs under project XYZ can access the data stored in this Cloud Storage bucket. What should you do?

  • A. Configure Cloud Storage with projectPrivate Access Control List (ACL) that gives permission to the project team based on their roles.
  • B. Configure Private Google Access to privately access the Cloud Storage service using private IP addresses.
  • C. Configure Private Service Connect to privately access Cloud Storage from all VPCs under project XYZ.
  • D. Configure a VPC Service Controls perimeter around project XYZ, and include storage.googleapis.com as a restricted service in the service perimeter.

Answer: A

 

NEW QUESTION 82
Your company is running out of network capacity to run a critical application in the on-premises data center.
You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances.
Which two products should you incorporate into the solution? (Choose two.)

  • A. Cloud Audit logs
  • B. Stackdriver Trace
  • C. Firewall logs
  • D. VPC flow logs
  • E. Compute Engine instance system logs

Answer: A,B

Explanation:
Explanation/Reference: https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations

 

NEW QUESTION 83
......


How to book Google Professional Cloud Network Engineer Exams

The registration for the Google Professional Cloud Network Engineer Exam follows the steps given below.

  • Step 1: Visit the Google Cloud Webassessor Website
  • Step 2: Sign in or sign up to your Google Cloud Webassessor account
  • Step 3: Search for the exam name Google Professional Cloud Network Engineer
  • Step 4: Take the date of the exam, choose exam center and make further payment using payment method like credit/debit etc.

 

Check the Free demo of our Professional-Cloud-Network-Engineer Exam Dumps with 155 Questions: https://www.2pass4sure.com/Google-Cloud-Platform/Professional-Cloud-Network-Engineer-actual-exam-braindumps.html

Verified Professional-Cloud-Network-Engineer Q&As - Pass Guarantee Professional-Cloud-Network-Engineer Exam Dumps: https://drive.google.com/open?id=1JQNW5dXl9XmQSgm1qYnIYvxdW_NZTai0

Related Articles

more
Google Professional-Cloud-Network-Engineer Certification Practice Exam