[Jan-2022] Pass Google Professional-Cloud-Network-Engineer Tests Engine pdf - All Free Dumps
Google Cloud Certified - Professional Cloud Network Engineer Practice Tests 2022 | Pass Professional-Cloud-Network-Engineer with confidence!
NEW QUESTION 37
You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly.
How should you configure the health check?
- A. Set request-pathto a specific URL used for health checking, and set proxy-headerto PROXY_V1.
- B. Set request-path to a specific URL used for health checking, and set responseto a string that the backend service will always return in the response body.
- C. Set request-path to a specific URL used for health checking, and set hostto include a custom host header that identifies the health check.
- D. Set proxy-header to the default value, and set hostto include a custom host header that identifies the health check.
Answer: C
Explanation:
https://cloud.google.com/load-balancing/docs/health-checks
NEW QUESTION 38
You want to create a service in GCP using IPv6.
What should you do?
- A. Configure a TCP Proxy with the designated IPv6 address.
- B. Configure a global load balancer with the designated IPv6 address.
- C. Configure an internal load balancer with the designated IPv6 address.
- D. Create the instance with the designated IPv6 address.
Answer: B
NEW QUESTION 39
You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly.
How should you configure the health check?
- A. Set request-path to a specific URL used for health checking, and set response to a string that the backend service will always return in the response body.
- B. Set request-path to a specific URL used for health checking, and set proxy-header to PROXY_V1.
- C. Set proxy-header to the default value, and set host to include a custom host header that identifies the health check.
- D. Set request-path to a specific URL used for health checking, and set host to include a custom host header that identifies the health check.
Answer: D
NEW QUESTION 40
Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.
How should you deploy this service in GCP?
- A. Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.
- B. Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal-priority static routes to the backend servers.
- C. Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.
- D. Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.
Answer: A
NEW QUESTION 41
You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly.
How should you configure the health check?
- A. Set request-pathto a specific URL used for health checking, and set proxy-headerto PROXY_V1.
- B. Set request-path to a specific URL used for health checking, and set responseto a string that the backend service will always return in the response body.
- C. Set request-path to a specific URL used for health checking, and set hostto include a custom host header that identifies the health check.
- D. Set proxy-header to the default value, and set hostto include a custom host header that identifies the health check.
Answer: C
Explanation:
Explanation/Reference: https://cloud.google.com/load-balancing/docs/health-checks
NEW QUESTION 42
You need to define an address plan for a future new GKE cluster in your VPC. This will be a VPC-native cluster, and the default Pod IP range allocation will be used. You must pre-provision all the needed VPC subnets and their respective IP address ranges before cluster creation. The cluster will initially have a single node, but it will be scaled to a maximum of three nodes if necessary. You want to allocate the minimum number of Pod IP addresses.
Which subnet mask should you use for the Pod IP address range?
- A. /25
- B. /22
- C. /23
- D. /21
Answer: A
Explanation:
Explanation/Reference: https://cloud.google.com/kubernetes-engine/docs/how-to/alias-ips
NEW QUESTION 43
You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly.
How should you configure the health check?
- A. Set request-path to a specific URL used for health checking, and set response to a string that the backend service will always return in the response body.
- B. Set request-path to a specific URL used for health checking, and set proxy-header to PROXY_V1.
- C. Set proxy-header to the default value, and set host to include a custom host header that identifies the health check.
- D. Set request-path to a specific URL used for health checking, and set host to include a custom host header that identifies the health check.
Answer: A
Explanation:
https://cloud.google.com/load-balancing/docs/health-check-concepts#content-based_health_checks
NEW QUESTION 44
In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.
What should you do?
- A. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
- B. Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.
- C. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
- D. Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
Answer: C
NEW QUESTION 45
You have a storage bucket that contains the following objects:
- folder-a/image-a-1.jpg
- folder-a/image-a-2.jpg
- folder-b/image-b-1.jpg
- folder-b/image-b-2.jpg
Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached.
You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands.
What should you do?
- A. Make sure that all the objects with prefix folder-a are not shared publicly.
- B. Disable Cloud CDN on the storage bucket. Wait 90 seconds. Re-enable Cloud CDN on the storage bucket.
- C. Issue a cache invalidation command with pattern /folder-a/*.
- D. Add an appropriate lifecycle rule on the storage bucket.
Answer: A
NEW QUESTION 46
You have a storage bucket that contains the following objects:
- folder-a/image-a-1.jpg
- folder-a/image-a-2.jpg
- folder-b/image-b-1.jpg
- folder-b/image-b-2.jpg
Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands.
What should you do?
- A. Make sure that all the objects with prefix folder-a are not shared publicly.
- B. Issue a cache invalidation command with pattern /folder-a/*.
- C. Disable Cloud CDN on the storage bucket. Wait 90 seconds. Re-enable Cloud CDN on the storage bucket.
- D. Add an appropriate lifecycle rule on the storage bucket.
Answer: B
Explanation:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html
NEW QUESTION 47
You are increasing your usage of Cloud VPN between on-premises and GCP, and you want to support more traffic than a single tunnel can handle. You want to increase the available bandwidth using Cloud VPN.
What should you do?
- A. Create two VPN tunnels on the same Cloud VPN gateway that point to the same destination VPN gateway IP address.
- B. Double the MTU on your on-premises VPN gateway from 1460 bytes to 2920 bytes.
- C. Add a second Cloud VPN gateway in a different region than the existing VPN gateway. Create a new tunnel on the second Cloud VPN gateway that forwards the same IP range, but points to the existing on-premises VPN gateway IP address.
- D. Add a second on-premises VPN gateway with a different public IP address. Create a second tunnel on the existing Cloud VPN gateway that forwards the same IP range, but points at the new on-premises gateway IP.
Answer: D
Explanation:
https://cloud.google.com/network-connectivity/docs/vpn/concepts/classic-topologies#redundancy-options
NEW QUESTION 48
Your software team is developing an on-premises web application that requires direct connectivity to Compute Engine Instances in GCP using the RFC 1918 address space. You want to choose a connectivity solution from your on-premises environment to GCP, given these specifications:
* Your ISP is a Google Partner Interconnect provider.
* Your on-premises VPN device's internet uplink and downlink speeds are 10 Gbps.
* A test VPN connection between your on-premises gateway and GCP is performing at a maximum speed of
500 Mbps due to packet losses.
* Most of the data transfer will be from GCP to the on-premises environment.
* The application can burst up to 1.5 Gbps during peak transfers over the Interconnect.
* Cost and the complexity of the solution should be minimal.
How should you provision the connectivity solution?
- A. Provision a Partner Interconnect through your ISP.
- B. Provision a Dedicated Interconnect instead of a VPN.
- C. Use network compression over your VPN to increase the amount of data you can send over your VPN.
- D. Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using ECMP.
Answer: D
NEW QUESTION 49
You are creating a new application and require access to Cloud SQL from VPC instances without public IP addresses.
Which two actions should you take? (Choose two.)
- A. Create a custom static route to allow the traffic to reach the Cloud SQL API.
- B. Enable Private Google Access.
- C. Activate the Service Networking API in your project.
- D. Create a private connection to a service producer.
- E. Activate the Cloud Datastore API in your project.
Answer: B,D
Explanation:
https://cloud.google.com/sql/docs/mysql/configure-private-services-access#console_1 C: If you are using private IP for any of your Cloud SQL instances, you only need to configure private services access one time for every Google Cloud project that has or needs to connect to a Cloud SQL instance. If your Google Cloud project has a Cloud SQL instance, you can either configure it yourself or let Cloud SQL do it for you to use private IP. Cloud SQL configures private services access for you when all the conditions below are true: https://cloud.google.com/sql/docs/postgres/configure-private-services-access#before_you_begin E: You can enable Private Google access on a subnet level and any VMs on that subnet can access Google APIs by using their internal IP address. https://cloud.google.com/vpc/docs/configure-private-google-access
NEW QUESTION 50
You have a storage bucket that contains two objects. Cloud CDN is enabled on the bucket, and both objects have been successfully cached. Now you want to make sure that one of the two objects will not be cached anymore, and will always be served to the internet directly from the origin.
What should you do?
- A. Create a new storage bucket, and move the object you don't want to be checked anymore inside it. Then edit the bucket setting and enable the private attribute.
- B. Ensure that the object you don't want to be cached anymore is not shared publicly.
- C. Add a Cache-Control entry with value private to the metadata of the object you don't want to be cached anymore. Invalidate all the previously cached copies.
- D. Add an appropriate lifecycle rule on the storage bucket containing the two objects.
Answer: C
Explanation:
https://cloud.google.com/cdn/docs/invalidating-cached-content
NEW QUESTION 51
You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible.
What should you do?
- A. Grant the iam.serviceAccountUserto your user account.
- B. Grant the cloud-platformprivilege to the service account for the Cloud Storage bucket.
- C. Grant the read-onlyprivilege to the service account for the Cloud Storage bucket.
- D. Grant the compute.instanceAdminto your user account.
Answer: A
Explanation:
Explanation/Reference: https://cloud.google.com/compute/docs/access/iam
NEW QUESTION 52
Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.
During troubleshooting you find:
* Each on-premises router is configured with a unique ASN.
* Each on-premises router is configured with the same routes and priorities.
* Both on-premises routers are configured with a VPN connected to a single Cloud Router.
* BGP sessions are established between both on-premises routers and the Cloud Router.
* Only 1 of the on-premises router's routes are being added to the routing table.
What is the most likely cause of this problem?
- A. A firewall is blocking the traffic across the second VPN connection.
- B. The on-premises routers are configured with the same routes.
- C. The ASNs being used on the on-premises routers are different.
- D. You do not have a load balancer to load-balance the network traffic.
Answer: C
Explanation:
https://cloud.google.com/network-connectivity/docs/router/support/troubleshooting#ecmp
NEW QUESTION 53
You want to establish a dedicated connection to Google that can access Cloud SQL via a public IP address and that does not require a third-party service provider.
Which connection type should you choose?
- A. Direct Peering
- B. Partner Interconnect
- C. Dedicated Interconnect
- D. Carrier Peering
Answer: A
Explanation:
When established, Direct Peering provides a direct path from your on-premises network to Google services, including Google Cloud products that can be exposed through one or more public IP addresses. Traffic from Google's network to your on-premises network also takes that direct path, including traffic from VPC networks in your projects. Google Cloud customers must request that direct egress pricing be enabled for each of their projects after they have established Direct Peering with Google. For more information, see Pricing.
NEW QUESTION 54
Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs.
Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)
- A. VPC peering
- B. Cloud NAT
- C. Dedicated Interconnect
- D. Shared VPC
- E. Cloud VPN
Answer: A,E
Explanation:
Google Cloud VPC Network Peering allows internal IP address connectivity across two Virtual Private Cloud (VPC) networks regardless of whether they belong to the same project or the same organization.
NEW QUESTION 55
You have a web application that is currently hosted in the us-central1 region. Users experience high latency when traveling in Asia. You've configured a network load balancer, but users have not experienced a performance improvement. You want to decrease the latency.
What should you do?
- A. Configure an HTTP load balancer, and direct the traffic to it.
- B. Configure a policy-based route rule to prioritize the traffic.
- C. Configure Dynamic Routing for the subnet hosting the application.
- D. Configure the TTL for the DNS zone to decrease the time between updates.
Answer: A
Explanation:
Explanation/Reference: https://cloud.google.com/load-balancing/docs/tutorials/optimize-app-latency
NEW QUESTION 56
You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.
What should you do?
- A. Use gcloud compute ssh to automatically copy your public ssh key to the instance.
- B. Upload your public ssh key to the project Metadata.
- C. Create a custom Google Compute Engine image with your public ssh key embedded.
- D. Upload your public ssh key to each instance Metadata.
Answer: B
Explanation:
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys
NEW QUESTION 57
Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs.
Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)
- A. Dedicated Interconnect
- B. Cloud NAT
- C. Shared VPC
- D. VPC peering
- E. Cloud VPN
Answer: A,E
NEW QUESTION 58
You need to establish network connectivity between three Virtual Private Cloud networks, Sales, Marketing, and Finance, so that users can access resources in all three VPCs. You configure VPC peering between the Sales VPC and the Finance VPC. You also configure VPC peering between the Marketing VPC and the Finance VPC. After you complete the configuration, some users cannot connect to resources in the Sales VPC and the Marketing VPC. You want to resolve the problem.
What should you do?
- A. Delete the legacy network and recreate it to allow transitive peering.
- B. Configure VPC peering in a full mesh.
- C. Alter the routing table to resolve the asymmetric route.
- D. Create network tags to allow connectivity between all three VPCs.
Answer: B
NEW QUESTION 59
A database virtual machine on Google Compute Engine has an ext4-formatted persistent disk for data files. The database is about to run out of storage space How can you remediate the problem with the least amount of downtime?
- A. In the Cloud Platform Console, increase the size of the persistent disk and verify the new space is ready to use with the fdisk command in Linux.
- B. In the Cloud Platform Console, increase the size of the persistent disk and use the resize2fs command in Linux.
- C. In the Cloud Platform Console, create a new persistent disk attached to the virtual machine, format and mount it, and configure the database service to move the files to the new disk.
- D. In the Cloud Platform Console, create a snapshot of the persistent disk, restore the snapshot to a new larger disk, unmount the old disk, mount the new disk, and restart the database service.
- E. Shut down the virtual machine, use the Cloud Platform Console to increase the persistent disk size, then restart the virtual machine.
Answer: B
Explanation:
A (Correct answer) - In the Cloud Platform Console, increase the size of the persistent disk and use the resize2fs command in Linux.
Here are the steps: In the Cloud Platform Console, increase the size of the persistent disk; after indicating size increase in console, to make the new size effective, you have two options: restart the VM or configure in the VM's operating systems, Windows or Linux.
NEW QUESTION 60
You are designing a shared VPC architecture. Your network and security team has strict controls over which routes are exposed between departments. Your Production and Staging departments can communicate with each other, but only via specific networks. You want to follow Google- recommended practices.
How should you design this topology?
- A. Create 2 shared VPCs within the shared VPC Host Project, and enable VPC peering between them.
Use firewall rules to filter access between the specific networks. - B. Create 1 VPC within the shared VPC Host Project, and share individual subnets with the Service Projects to filter access between the specific networks.
- C. Create 2 shared VPCs within the shared VPC Service Project, and create a Cloud VPN/Cloud Router between them.
Use Flexible Route Advertisement (FRA) to filter access between the specific networks. - D. Create 2 shared VPCs within the shared VPC Host Project, and create a Cloud VPN/Cloud Router between them.
Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
Answer: B
Explanation:
https://cloud.google.com/vpc/docs/shared-vpc
NEW QUESTION 61
......
Google Professional-Cloud-Network-Engineer Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
Online Exam Practice Tests with detailed explanations!: https://pass4sure.guidetorrent.com/Professional-Cloud-Network-Engineer-dumps-questions.html