Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

Professional-Cloud-Network-Engineer Exam Dumps - Google Cloud Certified - Professional Cloud Network Engineer

Go to page:
Question # 33

You create a Google Kubernetes Engine private cluster and want to use kubectl to get the status of the pods. In one of your instances you notice the master is not responding, even though the cluster is up and running.

What should you do to solve the problem?

A.

Assign a public IP address to the instance.

B.

Create a route to reach the Master, pointing to the default internet gateway.

C.

Create the appropriate firewall policy in the VPC to allow traffic from Master node IP address to the instance.

D.

Create the appropriate master authorized network entries to allow the instance to communicate to the master.

Full Access
Question # 34

You want to configure a NAT to perform address translation between your on-premises network blocks and GCP.

Which NAT solution should you use?

A.

Cloud NAT

B.

An instance with IP forwarding enabled

C.

An instance configured with iptables DNAT rules

D.

An instance configured with iptables SNAT rules

Full Access
Question # 35

Your organization has a single project that contains multiple Virtual Private Clouds (VPCs). You need to secure API access to your Cloud Storage buckets and BigQuery datasets by allowing API access only from resources in your corporate public networks. What should you do?

A.

Create an access context policy that allows your VPC and corporate public network IP ranges, and then attach the policy to Cloud Storage and BigQuery.

B.

Create a VPC Service Controls perimeter for your project with an access context policy that allows your corporate public network IP ranges.

C.

Create a firewall rule to block API access to Cloud Storage and BigQuery from unauthorized networks.

D.

Create a VPC Service Controls perimeter for each VPC with an access context policy that allows your corporate public network IP ranges.

Full Access
Question # 36

You work for a multinational enterprise that is moving to GCP.

These are the cloud requirements:

• An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us-west1 (primary HQ) and us-east4 (backup)

• Multiple regional offices in Europe and APAC

• Regional data processing is required in europe-west1 and australia-southeast1

• Centralized Network Administration Team

Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering. You want to deploy the appliance in us-west1.

What should you do?

A.

• Create 2 VPCs in a Shared VPC Host Project.• Configure a 2-NIC instance in zone us-west1-a in the Host Project.• Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.• Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.• Deploy the instance.• Configure the necessary routes and firewall rules to pass traffic through the instance.

B.

• Create 2 VPCs in a Shared VPC Host Project.• Configure a 2-NIC instance in zone us-west1-a in the Service Project.• Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.• Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.• Deploy the instance.• Configure the necessary routes and firewall rules to pass traffic through the instance.

C.

• Create 1 VPC in a Shared VPC Host Project.• Configure a 2-NIC instance in zone us-west1-a in the Host Project.• Attach NIC0 in us-west1 subnet of the Host Project.• Attach NIC1 in us-west1 subnet of the Host Project• Deploy the instance.• Configure the necessary routes and firewall rules to pass traffic through the instance.

D.

• Create 1 VPC in a Shared VPC Service Project.• Configure a 2-NIC instance in zone us-west1-a in the Service Project.• Attach NIC0 in us-west1 subnet of the Service Project.• Attach NIC1 in us-west1 subnet of the Service Project• Deploy the instance.• Configure the necessary routes and firewall rules to pass traffic through the instance.

Full Access
Question # 37

You have provisioned a Partner Interconnect connection to extend connectivity from your on-premises data center to Google Cloud. You need to configure a Cloud Router and create a VLAN attachment to connect to resources inside your VPC. You need to configure an Autonomous System number (ASN) to use with the associated Cloud Router and create the VLAN attachment.

What should you do?

A.

Use a 4-byte private ASN 4200000000-4294967294.

B.

Use a 2-byte private ASN 64512-65535.

C.

Use a public Google ASN 15169.

D.

Use a public Google ASN 16550.

Full Access
Question # 38

You are the Organization Admin for your company. One of your engineers is responsible for setting up multiple host projects across multiple folders and sharing subnets with service projects. You need to enable the engineer's Identity and Access Management (IAM) configuration to complete their task in the fewest number of steps. What should you do?

A.

Set up the engineer with Compute Shared VPC Admin IAM role at the folder level.

B.

Set up the engineer with Compute Shared VPC Admin IAM role at the organization level.

C.

Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the folder level.

D.

Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the organization level.

Full Access
Question # 39

You recently deployed Cloud VPN to connect your on-premises data center to Google Cloud. You need to monitor the usage of this VPN and set up alerts in case traffic exceeds the maximum allowed. You need to be able to quickly decide whether to add extra links or move to a Dedicated Interconnect. What should you do?

A.

In the Monitoring section of the Google Cloud console, use the Dashboard section to select a default dashboard for VPN usage.

B.

In Network Intelligence Center, check for the number of packet drops on the VPN.

C.

In the VPN section of the Google Cloud console, select the VPN under hybrid connectivity and then select monitoring to display utilization on the dashboard.

D.

In the Google Cloud console, use Monitoring Query Language to create a custom alert for bandwidth utilization.

Full Access
Question # 40

Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead.

How should you design the topology?

A.

Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.

B.

Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs.

C.

Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.

D.

Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.

Full Access
Go to page: