PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam Questions
262 real PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam questions with expert-verified answers and explanations. Page 2 of 6.
- Question #51Implementing network security
You are trying to update firewall rules in a shared VPC for which you have been assigned only Network Admin permissions. You cannot modify the firewall rules. Your organization req...
IAM rolesShared VPCFirewall rulesLeast privilege - Question #52Configuring network services
You want to create a service in GCP using IPv6. What should you do?
IPv6Load BalancersExternal Load BalancingNetwork Services - Question #53Designing, planning, and prototyping a Google Cloud network
You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP-capable on-premises VPN device. You want to minimize downtime and operational o...
Cloud VPNHA VPNHybrid ConnectivityIKEv2 - Question #54Implementing a Google Cloud network
Your company just completed the acquisition of Altostrat (a current GCP customer). Each company has a separate organization in GCP and has implemented a custom DNS solution. Each o...
Multi-organization networkingCloud VPNCloud RouterCloud DNS forwarding - Question #55Configuring network services
You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly. How should you configure the health check?
Load BalancingHealth ChecksHTTP(S) ConfigurationBackend Services - Question #56Implementing network security
You need to give each member of your network operations team least-privilege access to create, modify, and delete Cloud Interconnect VLAN attachments. What should you do?
IAMLeast PrivilegeCloud InterconnectPredefined Roles - Question #57Implementing a Google Cloud network
You have an application that is running in a managed instance group. Your development team has released an updated instance template which contains a new feature which was not heav...
Managed Instance Groups (MIGs)Canary DeploymentRolling UpdatesDeployment Strategies - Question #58Designing, planning, and prototyping a Google Cloud network
You have deployed a proof-of-concept application by manually placing instances in a single Compute Engine zone. You are now moving the application to production, so you need to inc...
Managed Instance GroupsAutoscalingHigh AvailabilityCompute Engine Instances - Question #59Designing, planning, and prototyping a Google Cloud network
Your developer group works on a set of VM's frequently throughout the day. To save costs, you terminate the VM when it is not in use. However, you need to preserve the contents of...
VM InstancesPersistent DisksCost OptimizationVM Lifecycle Management - Question #60Designing, planning, and prototyping a Google Cloud network
An application development team believes their current logging tool will not meet their needs for their new cloud-based product. They want a better tool to capture errors and help...
loggingmonitoringrequirements analysistool selection - Question #61Implementing network security
All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys. None of the instances are set with a...
SSH AccessInstance Metadatagcloud CLIAuthentication - Question #62Designing, planning, and prototyping a Google Cloud network
You work for a university that is migrating to GCP. These are the cloud requirements: - On-premises connectivity with 10 Gbps - Lowest latency access to the cloud - Centralized Net...
Shared VPCCloud InterconnectHybrid ConnectivityNetwork Architecture - Question #63Configuring network services
Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All applications are working correctly; however, all of the traf...
BGPCloud RouterVPNECMP - Question #64Implementing a Google Cloud network
You have ordered Dedicated Interconnect in the GCP Console and need to give the Letter of Authorization/Connecting Facility Assignment (LOA-CFA) to your cross-connect provider to c...
Dedicated InterconnectLOA-CFAHybrid ConnectivityGCP Console - Question #65Implementing network security
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you...
Cloud ArmorWAF Preview ModeNetwork SecurityGlobal Load Balancer - Question #66Configuring network services
You have a storage bucket that contains two objects. Cloud CDN is enabled on the bucket, and both objects have been successfully cached. Now you want to make sure that one of the t...
Cloud CDNObject CachingCache-Control HeadersCloud Storage - Question #67Implementing network security
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You have recentl...
Cloud ArmorGlobal Load BalancerIP WhitelistingNetwork Security - Question #68Designing, planning, and prototyping a Google Cloud network
Your software team is developing an on-premises web application that requires direct connectivity to Compute Engine Instances in GCP using the RFC 1918 address space. You want to c...
Hybrid ConnectivityPartner InterconnectNetwork PerformanceConnectivity Solutions - Question #69Implementing network security
Your company has just launched a new critical revenue-generating web application. You deployed the application for scalability using managed instance groups, autoscaling, and a net...
DDoS MitigationAutoscalingLog AnalysisIncident Response - Question #70Implementing a Google Cloud network
You are creating a new application and require access to Cloud SQL from VPC instances without public IP addresses. Which two actions should you take? (Choose two.)
Cloud SQLPrivate Service AccessVPC Network PeeringPrivate IP - Question #71Designing, planning, and prototyping a Google Cloud network
You want to use Cloud Interconnect to connect your on-premises network to a GCP VPC. You cannot meet Google at one of its point-of-presence (POP) locations, and your on-premises ro...
Cloud InterconnectPartner InterconnectLayer 3 VPNBGP - Question #72Implementing a Google Cloud network
You have configured a Compute Engine virtual machine instance as a NAT gateway. You execute the following command: gcloud compute routes create no-ip-internet-route \ --network cus...
Compute Engine NetworkingCustom RoutesNAT GatewayInstance Tags - Question #73Configuring network services
You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command. Which next hop shou...
Cloud VPNStatic RoutesNext Hopgcloud - Question #74Configuring network services
You need to enable Cloud CDN for all the objects inside a storage bucket. You want to ensure that all the object in the storage bucket can be served by the CDN. What should you do...
Cloud CDNHTTP(S) Load BalancerCloud StorageBackend Bucket - Question #75Designing, planning, and prototyping a Google Cloud network
Your company's Google Cloud-deployed, streaming application supports multiple languages. The application development team has asked you how they should support splitting audio and...
URL MapsHTTP(S) Load BalancerTraffic RoutingCloud Storage - Question #76Designing, planning, and prototyping a Google Cloud network
You want to establish a dedicated connection to Google that can access Cloud SQL via a public IP address and that does not require a third-party service provider. Which connection...
Direct PeeringHybrid ConnectivityNetwork Connectivity OptionsGoogle Cloud Networking - Question #77Designing, planning, and prototyping a Google Cloud network
You are configuring a new instance of Cloud Router in your Organization's Google Cloud environment to allow connection across a new Dedicated Interconnect to your data center Sales...
Cloud RouterDedicated InterconnectShared VPCHybrid Connectivity - Question #78Implementing network security
You created a new VPC for your development team. You want to allow access to the resources in this VPC via SSH only. How should you configure your firewall rules?
VPC Firewall RulesSSH AccessNetwork SecurityFirewall Rule Priority - Question #79Configuring network services
Your on-premises data center has 2 routers connected to your GCP through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across...
VPNBGPHybrid ConnectivityNetwork Troubleshooting - Question #80Designing, planning, and prototyping a Google Cloud network
You need to define an address plan for a future new GKE cluster in your VPC. This will be a VPC native cluster, and the default Pod IP range allocation will be used. You must pre-p...
GKE NetworkingIP AddressingVPC Native ClustersSubnetting - Question #81Implementing network security
You have created a firewall with rules that only allow traffic over HTTP, HTTPS, and SSH ports. While testing, you specifically try to reach the server over multiple ports and prot...
Firewall LoggingGCP Firewall RulesImplicit DenyNetwork Troubleshooting - Question #82Designing, planning, and prototyping a Google Cloud network
In your company, two departments with separate GCP projects (code-dev and data-dev) in the same organization need to allow full cross-communication between all of their virtual mac...
VPC Network PeeringFirewall RulesInter-project communicationNetwork Connectivity - Question #83Designing, planning, and prototyping a Google Cloud network
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements: - IP ranges for pods and services must be as smal...
GKE NetworkingPrivate ClustersVPC-native GKEHybrid Connectivity - Question #84Configuring network services
You are creating an instance group and need to create a new health check for HTTP(s) load balancing. Which two methods can you use to accomplish this? (Choose two.)
Health ChecksLoad BalancingInstance GroupsGCP Configuration - Question #85Designing, planning, and prototyping a Google Cloud network
You are in the early stages of planning a migration to GCP. You want to test the functionality of your hybrid cloud design before you start to implement it in production. The desig...
Cloud VPNHybrid ConnectivityNetwork PlanningGCP Connectivity Options - Question #86Designing, planning, and prototyping a Google Cloud network
You want to implement an IPSec tunnel between your on-premises network and a VPC via Cloud VPN. You need to restrict reachability over the tunnel to specific local subnets, and you...
IPSec VPNCloud VPNPolicy-based RoutingTraffic Selectors - Question #87Configuring network services
You have enabled HTTP(S) load balancing for your application, and your application developers have reported that HTTP(S) requests are not being distributed correctly to your Comput...
Load Balancer MonitoringCloud MonitoringHTTP(S) Load BalancerTroubleshooting - Question #88Implementing a Google Cloud network
You want to use Partner Interconnect to connect your on-premises network with your VPC. You already have an Interconnect partner. What should you first?
Partner InterconnectVLAN attachmentHybrid connectivityNetwork provisioning - Question #89Implementing network security
You need to centralize the Identity and Access Management permissions and email distribution for the WebServices Team as efficiently as possible. What should you do?
IAMGoogle GroupsIdentity ManagementAccess Control - Question #90Implementing network security
You are using the gcloud command line tool to create a new custom role in a project by coping a predefined role. You receive this error message: INVALID_ARGUMENT: Permission resour...
IAM Custom Rolesgcloud CLIPermissionsError Handling - Question #91Implementing a Google Cloud network
One instance in your VPC is configured to run with a private IP address only. You want to ensure that even if this instance is deleted, its current private IP address will not be a...
Internal IP addressesStatic IP addressesIP address managementCompute Engine networking - Question #92Implementing a Google Cloud network
After a network change window one of your company's applications stops working. The application uses an on-premises database server that no longer receives any traffic from the app...
VPC RoutingLongest Prefix MatchHybrid ConnectivityNetwork Troubleshooting - Question #93Implementing a Google Cloud network
You need to create a new VPC network that allows instances to have IP addresses in both the 10.1.1.0/24 network and the 172.16.45.0/24 network. What should you do?
Alias IPVPC NetworkingVM Instance NetworkingIP Addressing - Question #94Designing, planning, and prototyping a Google Cloud network
You are deploying a global external TCP load balancing solution and want to preserve the source IP address of the original layer 3 payload. Which type of load balancer should you u...
Global Load BalancingTCP/SSL Proxy Load BalancerSource IP PreservationPROXY Protocol - Question #95Configuring network services
Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with access from your on-premises network using Cloud Interconnect. You must configure access...
Private Google AccessVPC Service ControlsHybrid Connectivityrestricted.googleapis.com - Question #96Implementing network security
Your company's security team tends to use managed services when possible. You need to build a dashboard to show the number of deny hits that occur against configured firewall rules...
Firewall RulesLoggingMonitoringNetwork Security - Question #97Configuring network services
You are configuring your Google Cloud environment to connect to your on-premises network. Your configuration must be able to reach Cloud Storage APIs and your Google Kubernetes Eng...
Cloud RouterCloud InterconnectPrivate Google AccessRoute Advertisement - Question #98Configuring network services
You are configuring load balancing for a standard three-tier (web, application, and database) application. You have configured an external HTTP(S) load balancer for the web servers...
Internal Load BalancerHTTP(S) Load BalancerMulti-tier ArchitectureApplication Tier - Question #99Implementing network security
Your organization has a new security policy that requires you to monitor all egress traffic payloads from your virtual machines in region us-west2. You deployed an intrusion detect...
Packet MirroringNetwork MonitoringIDS IntegrationEgress Traffic Security - Question #100Configuring network services
You are developing an HTTP API hosted on a Compute Engine virtual machine instance that must be invoked only by multiple clients within the same Virtual Private Cloud (VPC). You wa...
Internal DNSVPC NetworkingCompute EnginePrivate Communication