• Home
  • Articles
  • [Apr-2024] Google Professional-Cloud-Network-Engineer Test Engine PDF - All Free Dumps from UpdateDumps [Q57-Q77]

[Apr-2024] Google Professional-Cloud-Network-Engineer Test Engine PDF - All Free Dumps from UpdateDumps [Q57-Q77]

Share

[Apr-2024] Google Professional-Cloud-Network-Engineer Test Engine PDF - All Free Dumps from UpdateDumps

Get New Professional-Cloud-Network-Engineer Certification – Valid Exam Dumps Questions


Evaluation and Its Structure

The Google Professional Cloud Network Engineer exam includes both multiple-choice and multiple-answer inquiries. The vendor doesn’t give details on the number of questions that the candidates will need to respond to. Still, it mentions that the allotted time for each candidate to accomplish the actual test will be 2 hours. Besides, the exam-takers will have to pay an enrollment fee of $200 plus any applicable tax that might be necessary. In addition, such an exam is available in the English language only. As for the delivery mode, the candidates can take the proctored exam online. Still, they should first check the testing requirements and make sure they comply with them for a smooth exam process. The second option would be to take the official validation in a test center so the exam-takers should check the closest testing center to their current location. When it comes to the prerequisites, Google doesn’t mention any specific conditions. However, as it was highlighted above, the vendor recommends that candidates have a minimum of 3 years of experience in the industry. During this period, they should have also gathered at least 1 year of experience in using GCP for solution management and design.


Manage & Monitor Network Operations

In this part of the exam content, the students should be able to log and monitor with the use of GCP Console or Stackdriver. They must have competence in the management and maintenance of security, which includes firewalls and diagnosing & resolving IAM problems. Besides that, they need to be able to deal with the following objective:

  • Maintain & Troubleshoot Connectivity Issues: It includes the identification of traffic flow topology, redirecting and draining of traffic flows, and cross-connect hand-off for interconnect. It also measures one’s knowledge of the monitoring of egress and ingress traffic with the use of flow logs as well as monitoring firewall logs. This section will also evaluate the learners’ skills in troubleshooting and managing VPNs and troubleshooting peering issues with Cloud Router BGP.

The applicants should also demonstrate competence in troubleshooting, monitoring, and maintaining traffic flow and latency, which include routing issues, network latency testing & throughput, and tracing traffic flow.

 

NEW QUESTION # 57
You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic listed.
During troubleshooting you find:
- Flow logs are enabled for the VPC subnet, and all firewall rules are
set to log.
- The subnetwork logs are not excluded from Stackdriver.
- The instance that is hosting the application can communicate outside
the subnet.
- Other instances within the subnet can communicate outside the subnet.
- The external resource initiates communication.
What is the most likely cause of the missing log lines?

  • A. The traffic is matching the expected egress rule.
  • B. The traffic is not matching the expected ingress rule.
  • C. The traffic is matching the expected ingress rule.
  • D. The traffic is not matching the expected egress rule.

Answer: B


NEW QUESTION # 58
Your company recently migrated to Google Cloud in a Single region. You configured separate Virtual Private Cloud (VPC) networks for two departments. Department A and Department B. Department A has requested access to resources that are part Of Department Bis VPC. You need to configure the traffic from private IP addresses to flow between the VPCs using multi-NIC virtual machines (VMS) to meet security requirements Your configuration also must
* Support both TCP and UDP protocols
* Provide fully automated failover
* Include health-checks
Require minimal manual Intervention In the client VMS
Which approach should you take?

  • A. Create an instance template and a managed instance group. Configure two separate internal TCP/IJDP load balancers for each protocol (TCP!UDP), and configure the client VIVIS to use the internal load balancers' virtual IP addresses
  • B. Create the VMS in different zones, and configure static routes with instance names as next hops
  • C. Create the VMS In the same zone, and configure static routes With IP addresses as next hops.
  • D. Create an Instance template and a managed instance group. Configure a Single internal load balancer, and define a custom static route with the Internal TCP/UDP load balancer as the next hop

Answer: A

Explanation:
The correct answer is D. Create an instance template and a managed instance group. Configure two separate internal TCP/UDP load balancers for each protocol (TCP/UDP), and configure the client VMs to use the internal load balancers' virtual IP addresses.
This answer is based on the following facts:
Using multi-NIC VMs as network virtual appliances (NVAs) allows you to route traffic between different VPC networks1. You can use NVAs to implement custom network policies and security requirements.
Using an instance template and a managed instance group allows you to create and manage multiple identical NVAs2. You can also use health checks and autoscaling policies to ensure high availability and reliability of your NVAs.
Using internal TCP/UDP load balancers allows you to distribute traffic from client VMs to NVAs based on the protocol and port3. You can also use health checks and failover policies to ensure that only healthy NVAs receive traffic.
Configuring the client VMs to use the internal load balancers' virtual IP addresses allows you to simplify the routing configuration and avoid manual intervention4. You do not need to create static routes or update them when NVAs are added or removed.
The other options are not correct because:
Option A is not suitable. Creating the VMs in the same zone does not provide high availability or failover. Using static routes with IP addresses as next hops requires manual intervention when NVAs are added or removed.
Option B is not optimal. Creating the VMs in different zones provides high availability, but not failover. Using static routes with instance names as next hops requires manual intervention when NVAs are added or removed.
Option C is not feasible. Creating an instance template and a managed instance group provides high availability and reliability, but using a single internal load balancer does not support both TCP and UDP protocols. You cannot define a custom static route with an internal load balancer as the next hop.


NEW QUESTION # 59
You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in your zone.
What should you do?

  • A. Update the TTL for the zone.
  • B. Set the zone to the TRANSFER state.
  • C. Disable DNSSEC at your domain registar.
  • D. Transfer ownership of the domain to a new registar.

Answer: C

Explanation:
Before disabling DNSSEC for a managed zone you want to use, you must deactivate DNSSEC at your domain registrar to ensure that DNSSEC-validating resolvers can still resolve names in the zone.


NEW QUESTION # 60
Your organization has a Google Cloud Virtual Private Cloud (VPC) with subnets in us-east1, us-west4, and europe-west4 that use the default VPC configuration. Employees in a branch office in Europe need to access the resources in the VPC using HA VPN. You configured the HA VPN associated with the Google Cloud VPC for your organization with a Cloud Router deployed in europe-west4. You need to ensure that the users in the branch office can quickly and easily access all resources in the VPC. What should you do?

  • A. Create custom advertised routes for each subnet.
  • B. Configure the VPC dynamic routing mode to Global.
  • C. Set the advertised routes to Global for the Cloud Router.
  • D. Configure each subnet's VPN connections to use Cloud VPN to connect to the branch office.

Answer: B


NEW QUESTION # 61
Your company has recently expanded their EMEA-based operations into APAC. Globally distributed users report that their SMTP and IMAP services are slow. Your company requires end-to-end encryption, but you do not have access to the SSL certificates.
Which Google Cloud load balancer should you use?

  • A. HTTPS load balancer
  • B. Network load balancer
  • C. SSL proxy load balancer
  • D. TCP proxy load balancer

Answer: C

Explanation:
https://cloud.google.com/security/encryption-in-transit/


NEW QUESTION # 62
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances.
Which two products should you incorporate into the solution? (Choose two.)

  • A. Compute Engine instance system logs
  • B. VPC flow logs
  • C. Stackdriver Trace
  • D. Firewall logs
  • E. Cloud Audit logs

Answer: C,E

Explanation:
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations


NEW QUESTION # 63
Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with on-premises connectivity already in place. You are deploying a new application using Google Kubernetes Engine (GKE), which must be accessible only from the same VPC network and on-premises locations. You must ensure that the GKE control plane is exposed to a predefined list of on-premises subnets through private connectivity only. What should you do?

  • A. Create a GKE private cluster with a private endpoint for the control plane. Configure VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers. Configure authorized networks to specify the desired on-premises subnets.
  • B. Create a GKE private cluster with a public endpoint for the control plane. Configure VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers.
  • C. Create a GKE public cluster. Configure authorized networks to specify the desired on-premises subnets.
  • D. Create a GKE private cluster with a private endpoint for the control plane. Configure authorized networks to specify the desired on-premises subnets.

Answer: D


NEW QUESTION # 64
Your company has recently expanded their EMEA-based operations into APAC. Globally distributed users report that their SMTP and IMAP services are slow. Your company requires end-to-end encryption, but you do not have access to the SSL certificates.
Which Google Cloud load balancer should you use?

  • A. HTTPS load balancer
  • B. Network load balancer
  • C. SSL proxy load balancer
  • D. TCP proxy load balancer

Answer: C

Explanation:
Explanation/Reference: https://cloud.google.com/security/encryption-in-transit/


NEW QUESTION # 65
You need to configure a Google Kubernetes Engine (GKE) cluster. The initial deployment should have 5 nodes with the potential to scale to 10 nodes. The maximum number of Pods per node is 8. The number of services could grow from 100 to up to 1024. How should you design the IP schema to optimally meet this requirement?

  • A. Configure a /28 primary IP address range for the node IP addresses. Configure a (25 secondary IP range for the Pods. Configure a /22 secondary IP range for the Services.
  • B. Configure a /28 primary IP address range for the node IP addresses. Configure a /25 secondary IP range for the Pods. Configure a /21 secondary IP range for the Services.
  • C. Configure a /28 primary IP address range for the node IP addresses. Configure a /24 secondary IP range for the Pads. Configure a /22 secondary IP range for the Services.
  • D. Configure a /28 primary IP address range for the node IP addresses. Configure a /28 secondary IP range for the Pods. Configure a /21 secondary IP range for the Services.

Answer: A


NEW QUESTION # 66
You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.
What should you do?

  • A. Upload your public ssh key to each instance Metadata.
  • B. Create a custom Google Compute Engine image with your public ssh key embedded.
  • C. Upload your public ssh key to the project Metadata.
  • D. Use gcloud compute sshto automatically copy your public ssh key to the instance.

Answer: C

Explanation:
Explanation/Reference: https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys


NEW QUESTION # 67
You have a Cloud Storage bucket in Google Cloud project XYZ. The bucket contains sensitive dat a. You need to design a solution to ensure that only instances belonging to VPCs under project XYZ can access the data stored in this Cloud Storage bucket. What should you do?

  • A. Configure Cloud Storage with projectPrivate Access Control List (ACL) that gives permission to the project team based on their roles.
  • B. Configure Private Google Access to privately access the Cloud Storage service using private IP addresses.
  • C. Configure a VPC Service Controls perimeter around project XYZ, and include storage.googleapis.com as a restricted service in the service perimeter.
  • D. Configure Private Service Connect to privately access Cloud Storage from all VPCs under project XYZ.

Answer: A


NEW QUESTION # 68
You want to configure load balancing for an internet-facing, standard voice-over-IP (VOIP) application.
Which type of load balancer should you use?

  • A. TCP/SSL proxy load balancer
  • B. Internal TCP/UDP load balancer
  • C. Network load balancer
  • D. HTTP(S) load balancer

Answer: B


NEW QUESTION # 69
You are migrating to Cloud DNS and want to import your BIND zone file.
Which command should you use?

  • A. gcloud dns record-sets import ZONE_FILE --zone-file-format --zone MANAGED_ZONE
  • B. gcloud dns record-sets import ZONE_FILE --delete-all-existing --zone MANAGED ZONE
  • C. gcloud dns record-sets import ZONE_FILE --zone MANAGED_ZONE
  • D. gcloud dns record-sets import ZONE_FILE --replace-origin-ns --zone MANAGED_ZONE

Answer: A

Explanation:
Once you have the exported file from your other provider, you can use the gcloud dns record-sets import command to import it into your managed zone.
To import record-sets, you use the dns record-sets import command. The --zone-file-format flag tells importto expect a BIND zone formatted file. If you omit this flag, import expects a YAML- formatted records file.
https://medium.com/@prashantapaudel/gcp-certification-series-2-4-planning-and-configuring- network-resources-8045ac2cc2ac


NEW QUESTION # 70
You have a storage bucket that contains two objects. Cloud CDN is enabled on the bucket, and both objects have been successfully cached. Now you want to make sure that one of the two objects will not be cached anymore, and will always be served to the internet directly from the origin.
What should you do?

  • A. Ensure that the object you don't want to be cached anymore is not shared publicly.
  • B. Create a new storage bucket, and move the object you don't want to be checked anymore inside it. Then edit the bucket setting and enable the private attribute.
  • C. Add an appropriate lifecycle rule on the storage bucket containing the two objects.
  • D. Add a Cache-Control entry with value private to the metadata of the object you don't want to be cached anymore. Invalidate all the previously cached copies.

Answer: A

Explanation:
Reference:
https://developers.google.com/web/ilt/pwa/caching-files-with-service-worker


NEW QUESTION # 71
You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly.
How should you configure the health check?

  • A. Set proxy-header to the default value, and set hostto include a custom host header that identifies the health check.
  • B. Set request-path to a specific URL used for health checking, and set responseto a string that the backend service will always return in the response body.
  • C. Set request-path to a specific URL used for health checking, and set hostto include a custom host header that identifies the health check.
  • D. Set request-pathto a specific URL used for health checking, and set proxy-headerto PROXY_V1.

Answer: C

Explanation:
Explanation/Reference: https://cloud.google.com/load-balancing/docs/health-checks


NEW QUESTION # 72
Your company's logo is published as an image file across multiple websites that are hosted by your company You have implemented Cloud CDN, however, you want to improve the performance of the cache hit ratio associated with this image file. What should you do?

  • A. Configure the default time to live (TTL) as O for the image file.
  • B. Configure custom cache keys for the backend service that holds the image file, and clear the Host and Protocol checkboxes-
  • C. Configure versioned IJRLs for each domain to serve users the *mage file before the cache entry expires
  • D. Configure Cloud Storage as a custom origin backend to host the image file, and select multi-region as the location type

Answer: B

Explanation:
This answer meets the requirement of improving the performance of the cache hit ratio associated with the image file. The reason is:
Custom cache keys allow you to control which parts of the request URL are used to build the cache key. The cache key is a unique identifier that Cloud CDN uses to store and retrieve cached content1.
By default, Cloud CDN uses the complete request URL, including the protocol (http or https) and the host (the domain name), to build the cache key. This means that if the same image file is requested from different domains or protocols, Cloud CDN will cache multiple copies of it, which reduces the cache hit ratio1.
By clearing the Host and Protocol checkboxes, you can tell Cloud CDN to ignore these parts of the request URL when building the cache key. This way, Cloud CDN will cache only one copy of the image file, regardless of which domain or protocol it is requested from, which improves the cache hit ratio1.
Option B is incorrect because configuring Cloud Storage as a custom origin backend does not affect the cache hit ratio. It only affects how Cloud CDN retrieves the content from the origin if it is not cached. Option C is incorrect because configuring versioned URLs for each domain does not improve the cache hit ratio. It actually worsens it, because it creates more variations of the request URL that Cloud CDN has to cache separately. Option D is incorrect because configuring the default TTL as 0 for the image file means that Cloud CDN will not cache it at all, which defeats the purpose of using Cloud CDN.
Reference:
Custom cache keys | Cloud CDN | Google Cloud


NEW QUESTION # 73
All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys. None of the instances are set with any SSH key, and no project-wide SSH keys have been configured. Firewall rules are set up to allow SSH sessions from any IP address range. You want to SSH into one instance.
What should you do?

  • A. Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh.
  • B. Generate a new SSH key pair. Verify the format of the private key and add it to the instance. SSH into the instance using a third-party tool like putty or ssh.
  • C. Generate a new SSH key pair. Verify the format of the public key and add it to the project. SSH into the instance using a third-party tool like putty or ssh.
  • D. Open the Cloud Shell SSH into the instance using gcloud compute ssh.

Answer: D


NEW QUESTION # 74
Your on-premises data center has 2 routers connected to your GCP through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.
During troubleshooting you find:
* Each on-premises router is configured with the same ASN.
* Each on-premises router is configured with the same routes and priorities.
* Both on-premises routers are configured with a VPN connected to a single Cloud Router.
* The VPN logs have no-proposal-chosen lines when the VPNs are connecting.
* BGP session is not established between one on-premises router and the Cloud Router.
What is the most likely cause of this problem?

  • A. BGP sessions are not established between both on-premises routers and the Cloud Router.
  • B. One of the VPN sessions is configured incorrectly.
  • C. A firewall is blocking the traffic across the second VPN connection.
  • D. You do not have a load balancer to load-balance the network traffic.

Answer: D


NEW QUESTION # 75
You are developing an HTTP API hosted on a Compute Engine virtual machine instance that must be invoked only by multiple clients within the same Virtual Private Cloud (VPC). You want clients to be able to get the IP address of the service. What should you do?

  • A. Reserve a static external IP address and assign it to an HTTP(S) load balancing service's forwarding rule. Clients should use this IP address to connect to the service.
  • B. Ensure that clients use Compute Engine internal DNS by connecting to the instance name with the url https://[INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal/.
  • C. Reserve a static external IP address and assign it to an HTTP(S) load balancing service's forwarding rule. Then, define an A record in Cloud DNS. Clients should use the name of the A record to connect to the service.
  • D. Ensure that clients use Compute Engine internal DNS by connecting to the instance name with the url https://[API_NAME]/[API_VERSION]/.

Answer: C


NEW QUESTION # 76
You are deploying a global external TCP load balancing solution and want to preserve the source IP address of the original layer 3 payload.
Which type of load balancer should you use?

  • A. TCP/SSL proxy load balancer
  • B. Network load balancer
  • C. Internal load balancer
  • D. HTTP(S) load balancer

Answer: A

Explanation:
By default TCP/SSL proxy load balancer original client IP address and port information is not preserved, but it can be preserved using the PROXY protocol: https://cloud.google.com/load-balancing/docs/tcp#target-proxies
https://medium.com/google-cloud/preserving-client-ips-through-google-clouds-global-tcp-and-ssl-proxy-load-balancers-3697d76feeb1


NEW QUESTION # 77
......

100% Passing Guarantee - Brilliant Professional-Cloud-Network-Engineer Exam Questions PDF: https://www.updatedumps.com/Google/Professional-Cloud-Network-Engineer-updated-exam-dumps.html

Professional-Cloud-Network-Engineer Dumps 2024 - NewGoogle Exam Questions: https://drive.google.com/open?id=1BnJH5XhS15aIQr3M_zIWoodulYxUzRxL

Related Articles

more
Google Professional-Cloud-Network-Engineer Certification Practice Exam