PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam Questions
262 real PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam questions with expert-verified answers and explanations. Page 5 of 6.
- Question #202Implementing network security
Your company uses Compute Engine instances that are exposed to the public internet. Each compute instance has a single network interface with a single public IP address. You need t...
Cloud ArmorNetwork SecurityBGP ASN FilteringCompute Engine - Question #203Implementing a Google Cloud network
Your frontend application VMs and your backend database VMs are all deployed in the same VPC but across different subnets. Global network firewall policy rules are configured to al...
VPC Custom RoutesInternal Passthrough Network Load BalancerNetwork Virtual Appliances (NVAs)Traffic Steering - Question #204Designing, planning, and prototyping a Google Cloud network
Your organization wants to set up hybrid connectivity with VLAN attachments that terminate in a single Cloud Router with 99.9% uptime. You need to create a network design for your...
Hybrid ConnectivityCloud InterconnectBGPActive/Passive Configuration - Question #205Implementing network security
You are implementing firewall controls to protect your compute resources in a newly created VPC. To make the protection process easier to manage and control, you've defined the hie...
Google Cloud Firewall PoliciesNetwork Policy Evaluation OrderVPC Firewall RulesNetwork Troubleshooting - Question #206Configuring network services
You are configuring the intrusion prevention service (IPS) feature on Cloud Next Generation Firewall Enterprise. You deployed your firewall endpoints and you need to inspect the tr...
Cloud NGFW EnterpriseIntrusion Prevention System (IPS)Firewall Rule ConfigurationTraffic Inspection - Question #207Configuring network services
Your organization recently exposed a set of services through a global external Application Load Balancer. After conducting some testing, you observed that responses would intermitt...
Application Load BalancerTroubleshootingBackend ServicesLogging & Monitoring - Question #208Implementing network security
Your company's current network architecture has two VPCs that are connected by a dual-NIC instance that acts as a bump-in-the-wire firewall between the two VPCs. Flows between pair...
Network TroubleshootingVPC Firewall RulesIP ForwardingInter-VPC Connectivity - Question #209Implementing network security
Your company deployed Cloud Next Generation Firewall Enterprise (Cloud NGFW Enterprise). You have already created a CA pool and a CA in Certificate Authority Service. You need to e...
Cloud NGFW EnterpriseTLS inspectionCertificate Authority ServiceIAM roles - Question #210Implementing network security
You have recently taken over responsibility for your organization's Google Cloud network security configurations. You want to review your Cloud Next Generation Firewall (Cloud NGFW...
Cloud NGFWFirewall InsightsNetwork SecuritySecurity Policy Review - Question #211Configuring network services
Your company's cloud network has hybrid connectivity to an on-premises environment through Cloud Interconnect in two regions (us-east4 and us-west1). You received complaints that s...
Cloud InterconnectHybrid NetworkingTroubleshootingNetwork Monitoring - Question #212Designing, planning, and prototyping a Google Cloud network
Your organization has resources in two different VPCs, each in different Google Cloud projects, which require connectivity between them. You have already determined that there is n...
VPC PeeringInter-VPC ConnectivitySubnet RoutingHA VPN - Question #213Implementing a Google Cloud network
Your organization recently re-architected your cloud environment to use Network Connectivity Center. However, an error occurred when you tried to add a new VPC, named vpc-dev, as a...
Network Connectivity CenterVPC SpokeIP OverlapCloud Network Troubleshooting - Question #214Configuring network services
Recently, your networking team enabled Cloud CDN for one of the external-facing services that is exposed through an external Application Load Balancer. The application team has alr...
Cloud CDNCaching ModesTroubleshooting - Question #215Implementing network security
Your organization requires that all SMTP traffic to your cloud environment is blocked, except for traffic that originates from your corporate network. Your organization also requir...
Hierarchical Firewall RulesNetwork SecurityIngress Firewall RulesSMTP - Question #216Implementing network security
Your organization has a subset of applications in multiple regions that require internet access. You need to control internet access from applications to URLs, including hostnames...
Secure Web ProxyURL filteringOutbound network securityRegional network architecture - Question #217Implementing a Google Cloud network
You are implementing hybrid connectivity between your company's data center and Google Cloud. You've already deployed redundant Dedicated Interconnect connections, and are now depl...
Dedicated InterconnectCloud RouterBGPActive/Passive Failover - Question #218Implementing a Google Cloud network
Your organization has multiple VMs running on Google Cloud within a VPC. The VMs require connectivity to certain Google APIs. You need to enable Private Google Access for VM connec...
Private Google AccessVPC NetworkingSubnet ConfigurationGoogle APIs Connectivity - Question #219Configuring network services
You are configuring the final elements of a migration effort where resources have been moved from on-premises to Google Cloud. While reviewing the deployed architecture, you notice...
Cloud DNSDNS ResolutionCompute EngineHybrid Connectivity - Question #220Implementing network security
Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious...
Network securityTLS inspectionCloud NGFW EnterpriseEgress traffic inspection - Question #221Configuring network services
Your organization has a hub and spoke architecture with VPC Network Peering, and hybrid connectivity is centralized at the hub. The Cloud Router in the hub VPC is advertising subne...
Cloud RouterBGPVPC Network PeeringRoute Advertisement - Question #222Implementing a Google Cloud network
Your organization has a legacy VPN device that uses IKEv1 and does not support BGP. Connectivity from your on-premises environment to Google Cloud needs to be established. You are...
Policy-based VPNTraffic SelectorsHybrid ConnectivityLegacy VPN - Question #223Implementing network security
You plan to deploy Google Cloud Armor web application firewall (WAF) policies that use the preconfigured WAF rules. You want all Google Cloud Armor logs to be sent to Cloud Logging...
Google Cloud ArmorLoggingNetwork SecurityWAF - Question #224Implementing a Google Cloud network
Your organization has implemented Vertex AI online prediction in your Google Cloud environment, which is in the us-central1 region. Online prediction is available through private s...
Cloud InterconnectPrivate Services AccessBGP Route AdvertisementRegional Redundancy - Question #225Implementing network security
As part of your organization's modernization efforts, the application teams are migrating services to GKE on Google Cloud (GKE). The GKE clusters will live in service projects. The...
GKEIAMService AccountsNetwork Security - Question #226Implementing a Google Cloud network
You are implementing a Shared VPC network for your organization, which has distributed teams. One of the application developers works across several teams and notices that they can...
Shared VPCSubnet Access Controlgcloud computeService Project Association - Question #227Designing, planning, and prototyping a Google Cloud network
You are configuring HA VPN for your organization to connect your on-premises environment to your Google Cloud network. Your on-premises environment is closest to the us-west1 Googl...
HA VPNNetwork ScalingHigh AvailabilityBGP Routing - Question #228Implementing a Google Cloud network
Your organization mandates that all internal IP addresses used by all database VMs must be statically allocated. While analyzing your VPC IP address allocations, you observed that...
Internal IP addressesStatic IP allocationVM configurationNon-disruptive operations - Question #229Implementing network security
Your organization deployed a mission critical application that is expected to be a new revenue source. As part of the planning and deployment process, you have recently implemented...
Cloud NGFWThreat SignaturesSecurity ProfilesFirewall Actions - Question #230Configuring network services
You are configuring a Cross-Cloud Interconnect connection for your Google Cloud organization with two public cloud service providers (CSPs)-CSP 1 and CSP 2. The CSP 1 and CSP 2 env...
Cross-Cloud InterconnectHigh AvailabilityBandwidth ProvisioningCost Optimization - Question #231Configuring network services
Your organization's application is running on a VPC-native GKE Standard cluster with public IP addresses. You need to configure access to the remote address range 35.100.0.0/16 thr...
GKE NetworkingCloud NATSNATip-masq-agent - Question #232Designing, planning, and prototyping a Google Cloud network
Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides se...
Shared VPCLanding ZoneNetwork DesignMulti-project Architecture - Question #233Implementing a Google Cloud network
You are using Network Connectivity Center and you already have the hub configured. All VPCs in your environment need to have network connectivity to each other. All the subnet rang...
Network Connectivity CenterHub-and-spoke topologyVPC network connectivityNetwork topology - Question #234Designing, planning, and prototyping a Google Cloud network
You are creating a design that will connect your single on-premises data center to a VPC in Google Cloud by using an IPsec VPN connection. The connection must have a minimum SLA of...
HA VPNIPsec VPNHybrid ConnectivitySLA - Question #235Configuring network services
Your organization has a highly available application that is not HTTP-based. The application runs on multiple TCP ports and is hosted in multiple regions. You need to design a solu...
Internal Passthrough NLBSource IP preservationGlobal AccessShared VPC - Question #236Designing, planning, and prototyping a Google Cloud network
Your organization is using a Shared VPC model. Service project owners want to independently manage their DNS zones in service projects. All service project workloads must be able t...
Cloud DNSShared VPCPrivate DNS ZoneCross-project binding - Question #237Implementing a Google Cloud network
Your organization wants to deploy HA VPN over Cloud Interconnect to ensure encryption-in- transit over the Cloud Interconnect connections. You have created a Cloud Router and two e...
HA VPNCloud InterconnectIPsec VPNHybrid Connectivity - Question #238Implementing network security
You have recently taken over responsibility for your organization's Google Cloud network security configurations. You want to review your Cloud Next Generation Firewall (Cloud NGFW...
Cloud NGFWFirewall InsightsNetwork securityConfiguration review - Question #239Designing, planning, and prototyping a Google Cloud network
Your organization is connecting their Shared VPC network to their on-premises data center by using Dedicated Interconnect to provide connectivity to all of its service projects. Yo...
Dedicated InterconnectHigh AvailabilitySLA DesignNetwork Connectivity - Question #240Configuring network services
Your organization's on-premises networking team is reporting frequent BGP session flaps toward your Google Cloud environment. You need to review the BGP configuration. What should...
BGPBFDHybrid Cloud NetworkingNetwork Troubleshooting - Question #241Designing, planning, and prototyping a Google Cloud network
Your organization has over 250 autonomous business units that currently operate in a decentralized manner. Due to the organization's maturity, there is limited routable private IP...
Network Connectivity CenterPrivate NATOverlapping IP NetworksHybrid Connectivity - Question #242Configuring network services
You are configuring an Application Load Balancer. The backend resides in your on-premises data center and is connected by Dedicated Interconnect. You need to ensure the load balanc...
Application Load BalancerNetwork Endpoint Group (NEG)Hybrid ConnectivityOn-premises integration - Question #243Configuring network services
You are troubleshooting connectivity issues between Google Cloud and a public SaaS provider. Connectivity between the two environments is through the public internet. Your users ar...
Connectivity TestsNetwork TroubleshootingTCP ConnectivityNetwork Path Analysis - Question #244Configuring network services
You configured a single IPSec Cloud VPN tunnel for your organization to a third-party customer. You confirmed that the VPN tunnel is established. However, the BGP session status st...
Cloud VPNBGP ConfigurationHybrid ConnectivityCloud Router - Question #245Designing, planning, and prototyping a Google Cloud network
Your organization's current architecture has one Shared VPC host project (SH_HOST_PRJ) that contains a single VPC (SH_VPC) and two Shared VPC service projects (SP_ONE_PRJ and SP_TW...
Shared VPCCloud DNSPrivate DNS ZonesCross-project binding - Question #246Configuring network services
You are troubleshooting an application in your organization's Google Cloud network that is not functioning as expected. You suspect that packets are getting lost somewhere. The app...
VPC Flow LogsNetwork TroubleshootingPacket AnalysisCompute Engine Networking - Question #247Configuring network services
Your organization is launching a new video game that will be available to all users globally through Cloud CDN. During the earl y release phase, you discovered that the wrong binar...
Cloud CDNCache InvalidationContent UpdateCloud Storage - Question #248Implementing network security
You recently reviewed the user behavior for your main application, which uses an external global Application Load Balancer, and found that the backend servers were overloaded due t...
Cloud ArmorRate LimitingHTTP 429Application Load Balancer - Question #249Implementing network security
Your company uses web application firewall (WAF) capabilities from a third-party cloud WAF provider. This WAF provider proxies all the HTTPS connections from internet clients, appl...
Cloud ArmorSecurity PoliciesThird-party WAFClient IP identification - Question #250Configuring network services
Your organization, TerramEarth, is launching a global application to manage credit card payments. There are some client VMs inside the same VPC as the application that need to acce...
Cloud DNSPrivate ZonesInternal IP resolutionVPC Networking - Question #251Implementing network security
You are reviewing and tuning Secure Web Proxy at your organization, Mount Kirk Games. Users have reported that they are unable to reach the documents they need on the Terram Earth...
Secure Web ProxyNetwork Access ControlTroubleshootingProxy Configuration