Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Google Cloud Certified - Professional Cloud Network Engineer

Last Update 2 hours ago Total Questions : 233

The Google Cloud Certified - Professional Cloud Network Engineer content is now fully updated, with all current exam questions added 2 hours ago. Deciding to include Professional-Cloud-Network-Engineer practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our Professional-Cloud-Network-Engineer exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these Professional-Cloud-Network-Engineer sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Google Cloud Certified - Professional Cloud Network Engineer practice test comfortably within the allotted time.

Question # 21

Your organization has a Google Cloud Virtual Private Cloud (VPC) with subnets in us-east1, us-west4, and europe-west4 that use the default VPC configuration. Employees in a branch office in Europe need to access the resources in the VPC using HA VPN. You configured the HA VPN associated with the Google Cloud VPC for your organization with a Cloud Router deployed in europe-west4. You need to ensure that the users in the branch office can quickly and easily access all resources in the VPC. What should you do?

A.

Create custom advertised routes for each subnet.

B.

Configure each subnet’s VPN connections to use Cloud VPN to connect to the branch office.

C.

Configure the VPC dynamic routing mode to Global.

D.

Set the advertised routes to Global for the Cloud Router.

Question # 22

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner ' s network that need access to some resources in your company ' s VPC. There is no CIDR overlap between the VPCs.

Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)

A.

VPC peering

B.

Shared VPC

C.

Cloud VPN

D.

Dedicated Interconnect

E.

Cloud NAT

Question # 23

You have a storage bucket that contains the following objects:

- folder-a/image-a-1.jpg

- folder-a/image-a-2.jpg

- folder-b/image-b-1.jpg

- folder-b/image-b-2.jpg

Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands.

What should you do?

A.

Add an appropriate lifecycle rule on the storage bucket.

B.

Issue a cache invalidation command with pattern /folder-a/*.

C.

Make sure that all the objects with prefix folder-a are not shared publicly.

D.

Disable Cloud CDN on the storage bucket. Wait 90 seconds. Re-enable Cloud CDN on the storage bucket.

Question # 24

You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.

Which two actions should you take? (Choose two.)

A.

Turn on Private Google Access at the subnet level.

B.

Turn on Private Google Access at the VPC level.

C.

Turn on Private Services Access at the VPC level.

D.

Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.

E.

Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.

Question # 25

You are trying to update firewall rules in a shared VPC for which you have been assigned only Network Admin permissions. You cannot modify the firewall rules. Your organization requires using the least privilege necessary.

Which level of permissions should you request?

A.

Security Admin privileges from the Shared VPC Admin.

B.

Service Project Admin privileges from the Shared VPC Admin.

C.

Shared VPC Admin privileges from the Organization Admin.

D.

Organization Admin privileges from the Organization Admin.

Question # 26

You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BGP) session, and the other one acts as a standby.

Which BGP attribute should you use on your on-premises router?

A.

AS-Path

B.

Community

C.

Local Preference

D.

Multi-exit Discriminator

Question # 27

You are troubleshooting connectivity issues between Google Cloud and a public SaaS provider. Connectivity between the two environments is through the public internet. Your users are reporting intermittent connection errors when using TCP to connect; however, ICMP tests show no failures. According to users, errors occur around the same time every day. You want to troubleshoot and gather information by using Google Cloud tools that are most likely to provide insights into what is occurring within Google Cloud. What should you do?

A.

Enable the Firewall Insights API. Set the deny rule insights observation period to one day. Review the insights to assure there are no firewall rules denying traffic.

B.

Enable and review Cloud Logging on your Cloud NAT gateway. Look for logs with errors matching the destination IP address of the public SaaS provider.

C.

Create a Connectivity Test by using TCP, the source IP address of your test VM, and the destination IP address of the public SaaS provider. Review the live data plane analysis and take the next steps based on the test results.

D.

Enable and review Cloud Logging for Cloud Armor. Look for logs with errors matching the destination IP address of the public SaaS provider.

Question # 28

You are configuring the firewall endpoints as part of the Cloud Next Generation Firewall (Cloud NGFW) intrusion prevention service in Google Cloud. You have configured a threat prevention security profile, and you now need to create an endpoint for traffic inspection. What should you do?

A.

Create a Private Service Connect endpoint within the zone, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.

B.

Create a firewall endpoint within the region, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.

C.

Create a firewall endpoint within the zone, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.

D.

Attach the profile to the VPC network, create a firewall endpoint within the zone, and use a firewall policy rule to apply the L7 inspection.

Question # 29

You work for a multinational enterprise that is moving to GCP.

These are the cloud requirements:

• An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us-west1 (primary HQ) and us-east4 (backup)

• Multiple regional offices in Europe and APAC

• Regional data processing is required in europe-west1 and australia-southeast1

• Centralized Network Administration Team

Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering. You want to deploy the appliance in us-west1.

What should you do?

A.

• Create 2 VPCs in a Shared VPC Host Project.• Configure a 2-NIC instance in zone us-west1-a in the Host Project.• Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.• Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.• Deploy the instance.• Configure the necessary routes and firewall rules to pass traffic through the instance.

B.

• Create 2 VPCs in a Shared VPC Host Project.• Configure a 2-NIC instance in zone us-west1-a in the Service Project.• Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.• Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.• Deploy the instance.• Configure the necessary routes and firewall rules to pass traffic through the instance.

C.

• Create 1 VPC in a Shared VPC Host Project.• Configure a 2-NIC instance in zone us-west1-a in the Host Project.• Attach NIC0 in us-west1 subnet of the Host Project.• Attach NIC1 in us-west1 subnet of the Host Project• Deploy the instance.• Configure the necessary routes and firewall rules to pass traffic through the instance.

D.

• Create 1 VPC in a Shared VPC Service Project.• Configure a 2-NIC instance in zone us-west1-a in the Service Project.• Attach NIC0 in us-west1 subnet of the Service Project.• Attach NIC1 in us-west1 subnet of the Service Project• Deploy the instance.• Configure the necessary routes and firewall rules to pass traffic through the instance.

Question # 30

After a network change window one of your company’s applications stops working. The application uses an on-premises database server that no longer receives any traffic from the application. The database server IP address is 10.2.1.25. You examine the change request, and the only change is that 3 additional VPC subnets were created. The new VPC subnets created are 10.1.0.0/16, 10.2.0.0/16, and 10.3.1.0/24/ The on-premises router is advertising 10.0.0.0/8.

What is the most likely cause of this problem?

A.

The less specific VPC subnet route is taking priority.

B.

The more specific VPC subnet route is taking priority.

C.

The on-premises router is not advertising a route for the database server.

D.

A cloud firewall rule that blocks traffic to the on-premises database server was created during the change.

Go to page: