Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. Google
  3. Google Cloud Platform
  4. Professional-Cloud-Network-Engineer - Google Cloud Certified - Professional Cloud Network Engineer

Professional-Cloud-Network-Engineer Exam Dumps - Google Cloud Certified - Professional Cloud Network Engineer

Go to page:
Question # 49

Question:

Your organization recently exposed a set of services through a global external Application Load Balancer. After conducting some testing, you observed that responses would intermittently yield a non-HTTP 200 response. You need to identify the error. What should you do? (Choose 2 answers)

A.

Access a VM in the VPC through SSH, and try to access a backend VM directly. If the request is successful from the VM, increase the quantity of backends.

B.

Enable and review the health check logs. Review the error responses in Cloud Logging.

C.

Validate the health of the backend service. Enable logging on the load balancer, and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.

D.

Delete the load balancer and backend services. Create a new passthrough Network Load Balancer. Configure a failover group of VMs for the backend.

E.

Validate the health of the backend service. Enable logging for the backend service, and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.

Full Access
Question # 50

Question:

Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?

A.

Enable Cloud Armor TLS inspection policy, and associate the policy with the backend VMs.

B.

Use Cloud NGFW Enterprise. Create a firewall rule for egress traffic with the tls-inspect flag and associate the firewall rules with the VMs.

C.

Configure a TLS agent on every VM to intercept TLS traffic before it reaches the internet. Configure Sensitive Data Protection to analyze and allow/deny the content.

D.

Use Cloud NGFW Essentials. Create a firewall rule for egress traffic and enable VPC Flow Logs with the TLS inspect option. Analyze the output logs content and block the outputs that have malicious activities.

Full Access
Question # 51

You want Cloud CDN to serve the https://www.example.com/images/spacetime.png static image file that is hosted in a private Cloud Storage bucket, You are using the VSE ORIG.-X_NZADERS cache mode You receive an HTTP 403 error when opening the file In your browser and you see that the HTTP response has a Cache-control: private, max-age=O header How should you correct this Issue?

A.

Configure a Cloud Storage bucket permission that gives the Storage Legacy Object Reader role

B.

Change the cache mode to cache all content.

C.

Increase the default time-to-live (TTL) for the backend service.

D.

Enable negative caching for the backend bucket

Full Access
Question # 52

You created a new VPC for your development team. You want to allow access to the resources in this VPC via SSH only.

How should you configure your firewall rules?

A.

Create two firewall rules: one to block all traffic with priority 0, and another to allow port 22 with priority 1000.

B.

Create two firewall rules: one to block all traffic with priority 65536, and another to allow port 3389 with priority 1000.

C.

Create a single firewall rule to allow port 22 with priority 1000.

D.

Create a single firewall rule to allow port 3389 with priority 1000.

Full Access
Question # 53

You create a Google Kubernetes Engine private cluster and want to use kubectl to get the status of the pods. In one of your instances you notice the master is not responding, even though the cluster is up and running.

What should you do to solve the problem?

A.

Assign a public IP address to the instance.

B.

Create a route to reach the Master, pointing to the default internet gateway.

C.

Create the appropriate firewall policy in the VPC to allow traffic from Master node IP address to the instance.

D.

Create the appropriate master authorized network entries to allow the instance to communicate to the master.

Full Access
Question # 54

All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys. None of the instances are set with any SSH key, and no project-wide SSH keys have been configured. Firewall rules are set up to allow SSH sessions from any IP address range. You want to SSH into one instance.

What should you do?

A.

Open the Cloud Shell SSH into the instance using gcloud compute ssh.

B.

Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh.

C.

Generate a new SSH key pair. Verify the format of the private key and add it to the instance. SSH into the instance using a third-party tool like putty or ssh.

D.

Generate a new SSH key pair. Verify the format of the public key and add it to the project. SSH into the instance using a third-party tool like putty or ssh.

Full Access
Question # 55

Your company's security team wants to limit the type of inbound traffic that can reach your web servers to protect against security threats. You need to configure the firewall rules on the web servers within your Virtual Private Cloud (VPC) to handle HTTP and HTTPS web traffic for TCP only. What should you do?

A.

Create an allow on match ingress firewall rule with the target tag “web-server” to allow all IP addresses for TCP port 80.

B.

Create an allow on match egress firewall rule with the target tag “web-server” to allow all IP addresses for TCP port 80.

C.

Create an allow on match ingress firewall rule with the target tag “web-server” to allow all IP addresses for TCP ports 80 and 443.

D.

Create an allow on match egress firewall rule with the target tag “web-server" to allow web server IP addresses for TCP ports 60 and 443.

Full Access
Question # 56

You have several VMs across multiple VPCs in your cloud environment that require access to internet endpoints. These VMs cannot have public IP addresses due to security policies, so you plan to use Cloud NAT to provide outbound internet access. Within your VPCs, you have several subnets in each region. You want to ensure that only specific subnets have access to the internet through Cloud NAT. You want to avoid any unintentional configuration issues caused by other administrators and align to Google-recommended practices. What should you do?

A.

Deploy Cloud NAT in each VPC and configure a custom source range that includes the allowed subnets. Configure Cloud NAT rules to only permit the allowed subnets to egress through Cloud NAT.

B.

Create a firewall rule in each VPC at priority 500 that targets all instances in the network and denies egress to the internet (0.0.0.0/0). Create a firewall rule at priority 300 that targets all instances in the network, has a source filter that maps to the allowed subnets, and allows egress to the internet (0.0.0.0/0). Deploy Cloud NAT and configure all primary and secondary subnet source ranges.

C.

Create a firewall rule in each VPC at priority 500 that targets all instances in the network and denies egress to the internet (0.0.0.0/0). Create a firewall rule at priority 300 that targets all instances in the network, has a source filter that maps to the allowed subnets, and allows egress to the internet (0.0.0.0/0). Deploy Cloud NAT and configure a custom source range that includes the allowed subnets.

D.

Create a constraints/compute.restrictCloudNATUsage organizational policy constraint. Attach the constraint to a folder that contains the associated projects. Configure the allowedValues to only contain the subnets that should have internet access. Deploy Cloud NAT and select only the allowed subnets.

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps