Latest Google Professional-Cloud-Network-Engineer Actual Free Exam Questions & Community Discussion, Page 6

Question #46

You suspect that one of the virtual machines (VMs) in your default Virtual Private Cloud (VPC) is under a denial-of-service attack. You need to analyze the incoming traffic for the VM to understand where the traffic is coming from. What should you do?

A. Enable Data Access audit logs of the subnet. Analyze the logs and get the source IP addresses from the networks.get field.

B. Enable VPC Flow Logs for the subnet. Analyze the logs and get the source IP addresses from the connection field.

C. Enable VPC Flow Logs for the VPC. Analyze the logs and get the source IP addresses from the src_location field.

D. Enable Data Access audit logs of the VPC. Analyze the logs and get the source IP addresses from the subnetworks.get field.

Discussion 0

Correct Answer: B Vote an answer

Question #47

In your project my-project, you have two subnets in a Virtual Private Cloud (VPC): subnet-a with IP range
10.128.0.0/20 and subnet-b with IP range 172.16.0.0/24. You need to deploy database servers in subnet-a.
You will also deploy the application servers and web servers in subnet-b. You want to configure firewall rules that only allow database traffic from the application servers to the database servers. What should you do?

A. Create network tags app-server and db-server. Add the app-server tag to the application servers, and add the db-server tag to the database servers. Run the following command:
gcloud compute firewall-rules create app-db-firewall-rule \
--action allow \
--direction ingress \
--rules tcp:3306 \
--source-ranges 10.128.0.0/20 \
--source-tags app-server \
--target-tags db-server

B. Create service accounts [email protected] and [email protected].
gserviceaccount.com. Associate service account sa-app with the application servers, and associate the service account sa-db with the database servers. Run the following command:
gcloud compute firewall-rules create app-db-firewall-ru
--allow TCP:3306 \
--source-service-accounts sa-app@democloud-idp-
demo.iam.gserviceaccount.com \
--target-service-accounts sa-db@my-
project.iam.gserviceaccount.com

C. Create network tag app-server and service account [email protected]. Add the tag to the application servers, and associate the service account with the database servers. Run the following command:
gcloud compute firewall-rules create app-db-firewall-rule \
--action allow \
--direction ingress \
--rules top:3306 \
--source-tags app-server \
--target-service-accounts sa-db@my-
project.iam.gserviceaccount.com

D. Create service accounts [email protected] and [email protected].
gserviceaccount.com. Associate the service account sa-app with the application servers, and associate the service account sa-db with the database servers. Run the following command:
gcloud compute firewall-rules create app-db-firewall-ru
--allow TCP:3306 \
--source-ranges 10.128.0.0/20 \
--source-service-accounts sa-app@my-
project.iam.gserviceaccount.com \
--target-service-accounts sa-db@my-
project.iam.gserviceaccount.com

Discussion 0

Correct Answer: A Vote an answer

Question #48

You work for a university that is migrating to GCP.
These are the cloud requirements:
* On-premises connectivity with 10 Gbps
* Lowest latency access to the cloud
* Centralized Networking Administration Team
New departments are asking for on-premises connectivity to their projects. You want to deploy the most cost- efficient interconnect solution for connecting the campus to Google Cloud.
What should you do?

A. Use Shared VPC, and deploy the VLAN attachments and Interconnect in the host project.

B. Use Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.

C. Use standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Interconnects.

D. Use standalone projects and deploy the VLAN attachments and Interconnects in each of the individual projects.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #49

You created a new VPC for your development team. You want to allow access to the resources in this VPC via SSH only.
How should you configure your firewall rules?

A. Create two firewall rules: one to block all traffic with priority 0, and another to allow port 22 with priority 1000.

B. Create a single firewall rule to allow port 22 with priority 1000.

C. Create a single firewall rule to allow port 3389 with priority 1000.

D. Create two firewall rules: one to block all traffic with priority 65536, and another to allow port 3389 with priority 1000.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #50

You have the following private Google Kubernetes Engine (GKE) cluster deployment:

You have a virtual machine (VM) deployed in the same VPC in the subnetwork kubernetes-management with internal IP address 192.168.40 2/24 and no external IP address assigned. You need to communicate with the cluster master using kubectl. What should you do?

A. Add the network 192.168.36.0/24 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2

B. Add an external IP address to the VM, and add this IP address in the masterAuthorizedNetworksConfig.Configure kubectl to communicate with the endpoint 35.224.37.17.

C. Add the network 192.168.38.0/28 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2

D. Add the network 192.168.40.0/24 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2.

Discussion 0

Correct Answer: D Vote an answer

Question #51

You have provisioned a Partner Interconnect connection to extend connectivity from your on-premises data center to Google Cloud. You need to configure a Cloud Router and create a VLAN attachment to connect to resources inside your VPC. You need to configure an Autonomous System number (ASN) to use with the associated Cloud Router and create the VLAN attachment.
What should you do?

A. Use a public Google ASN 16550.

B. Use a 2-byte private ASN 64512-65535.

C. Use a 4-byte private ASN 4200000000-4294967294.

D. Use a public Google ASN 15169.

Discussion 0

Correct Answer: B Vote an answer

Question #52

Question:
Your organization wants to deploy HA VPN over Cloud Interconnect to ensure encryption in transit over the Cloud Interconnect connections. You have created a Cloud Router and two encrypted VLAN attachments that have a 5 Gbps capacity and a BGP configuration. The BGP sessions are operational. You need to complete the deployment of the HA VPN over Cloud Interconnect. What should you do?

A. Create an HA VPN gateway and associate the gateway with your two encrypted VLAN attachments.
Configure the HA VPN Cloud Router, peer VPN gateway resources, and HA VPN tunnels. Use the same Cloud Router used for the Cloud Interconnect tier.

B. Enable MACsec on Partner Interconnect.

C. Enable MACsec for Cloud Interconnect on the VLAN attachments.

D. Create an HA VPN gateway and associate the gateway with your two encrypted VLAN attachments.
Create a new dedicated HA VPN Cloud Router peer VPN gateway resources and HA VPN tunnels.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #53

Your organization has a hub and spoke architecture with VPC Network Peering, and hybrid connectivity is centralized at the hub. The Cloud Router in the hub VPC is advertising subnet routes, but the on-premises router does not appear to be receiving any subnet routes from the VPC spokes. You need to resolve this issue.
What should you do?

A. Create custom routes at the Cloud Router in the spokes to advertise the subnets of the VPC spokes.

B. Create custom routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

C. Create a BGP route policy at the Cloud Router, and ensure the subnets of the VPC spokes are being announced towards the on-premises environment.

D. Create custom learned routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #54

Your organization uses a Shared VPC architecture with a host project and three service projects. You have Compute Engine instances that reside in the service projects. You have critical workloads in your on-premises data center. You need to ensure that the Google Cloud instances can resolve on-premises hostnames via the Dedicated Interconnect you deployed to establish hybrid connectivity. What should you do?

A. Configure a Cloud DNS private zone in the host project of the Shared VPC.
Set up DNS forwarding to your Google Cloud private zone on your on-premises DNS servers to point to the inbound forwarder IP address in your host project In your Cloud Router, add a custom route advertisement for the IP 169.254 169 254 to the on-premises environment.

B. Create a Cloud DNS private forwarding zone in the host project of the Shared VPC that forwards the private zone to the on-premises DNS servers.
In your Cloud Router, add a custom route advertisement for the IP 35.199.192.0/19 to the on-premises environment.

C. Configure a Cloud DNS private zone in the host project of the Shared VPC.
Set up DNS forwarding to your Google Cloud private zone on your on-premises DNS servers to point to the inbound forwarder IP address in your host project.
Configure a DNS policy in the Shared VPC to allow inbound query forwarding with your on-premises DNS server as the alternative DNS server.

D. Create a Cloud DNS private forwarding zone in the host project of the Shared VPC that forwards the Private zone to the on-premises DNS servers.
In your Cloud Router, add a custom route advertisement for the IP 169.254 169.254 to the on-premises environment.

Discussion 0

Correct Answer: C Vote an answer

Google Professional-Cloud-Network-Engineer Actual Free Exam Questions & Community Discussion

Download Free Google Professional-Cloud-Network-Engineer Demo