CertsMasters logo

info@certsmasters.com

Verified Content • 24/7 Access • Free Updates
CertsMasters logo

Exam overview

Google Professional Cloud Network Engineer Exam Questions

certs masters book
Vendor

Google

Exam Code

 Professional Cloud Network Engineer

Actual Exam Duration
TOTAL QUESTIONS

173

Exam Name

 Professional Cloud Network Engineer

Purchase

$ 40

One-time payment • Instant access

  • Verified answers with explanations
  • Practice-friendly layout
  • Updated content focus
  • Support if you get stuck
Get More Questions
View all vendors

Frequently Ask Questions

Hot Exams

 ChromeOS Administrator PDF Dumps
 Professional Cloud Database Engineer PDF Dumps
 Google Workspace Administrator PDF Dumps
 LookML-Developer PDF Dumps
 Looker-Business-Analyst PDF Dumps
 Professional Machine Learning Engineer PDF Dumps
 Associate-Android-Developer PDF Dumps
 Professional Cloud DevOps Engineer PDF Dumps
 GSuite PDF Dumps
 Professional Cloud Developer PDF Dumps
Apigee-API-EngineerRelated Certification(s): Google Cloud Certified – Apigee API EngineerCertification Provider: GoogleActual Exam Duration: 120 MinutesNumber of Apigee-API-Engineer practice questions in our database: 126 PDF Dumps
 Professional Data Engineer PDF Dumps
 Professional Cloud Security Engineer PDF Dumps
 Professional Cloud Architect PDF Dumps
 Cloud Digital Leader PDF Dumps

Exam practice

Exam Q&A

Select an option, then click Show Answer.

Q1: Your organization recently created a sandbox environment for a new cloud deployment. To have parity with the production environment, a pair of Compute Engine instances with multiple network interfaces (NICs) were deployed. These Compute Engine instances have a NIC in the Untrusted VPC (10.0.0.0/23) and a NIC in the Trusted VPC (10.128.0.0/9). A HA VPN tunnel has been established to the on-premises environment from the Untrusted VPC. Through this pair of VPN tunnels, the on-premises environment receives the route advertisements for the Untrusted and Trusted VPCs. In return, the on-premises environment advertises a number of CIDR ranges to the Untrusted VPC. However, when you tried to access one of the test services from the on-premises environment to the Trusted VPC, you received no response. You need to configure a highly available solution to enable the on-premises users to connect to the services in the Trusted VPC. What should you do?

A: Add both multi-NIC VMs to a new unmanaged instance group, named nva-uig. Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uig unmanaged instance group designated as the backend. Create a custom static route in the Untrusted VPC for destination 10.123.0.0/9 and the next hop ilb-untrusted. Create an internal passthrough Network Load Balancer in the Trusted VPC, named ilb-trusted, with the nva-uig unmanaged instance group designated as the backend. Create a custom static route in the Trusted VPC for destination 0.0.0.0/0 and the next hop ilb-trusted.

B: Add both multi-NIC VMs to a new unmanaged instance group, named nva-uig. Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uig unmanaged instance group designated as the backend. Create a custom static route in the Untrusted VPC for destination 10.128.0.0/9 and the next hop ilb-untrusted. Create an internal passthrough Network Load Balancer in the Trusted VPC, named ilb-trusted, with the nva-uig unmanaged instance group designated as the backend. Create a custom static route in the Trusted VPC for destination 10.0.0.0/23 and the next hop ilb-trusted.

C: Add both multi-NIC VMs to a new unmanaged instance group, named nva-uigO. Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uigO as backend. Create a custom static route in the Untrusted VPC for destination 10.128.0.0/9 and the next hop ilb-untrusted. Add both multi-NIC VMs to a new unmanaged instance group, named nva-uigl. Create an internal passthrough Network Load Balancer in the Trusted VPC, named ilb-trusted, with the nva-uigl as backend. Create a custom static route in the Trusted VPC for destination 0.0.0.0/0 and the next hop ilb-trusted.

D: Add both multi-NIC VMs to a new unmanaged instance group, named nva-uig. Create two custom static routes in the Untrusted VPC for destination 10.128.0.0/9 and set each of the VMs' NIC as the next hop. Create two custom static routes in the Trusted VPC for destination 10.0.0.0/23 and set each of the VMs' NIC as the next hop.

Correct Answer: B

Q2: There are two established Partner Interconnect connections between your on-premises network and Google Cloud. The VPC that hosts the Partner Interconnect connections is named "vpc-a" and contains three VPC subnets across three regions, Compute Engine instances, and a GKE cluster. Your on-premises users would like to resolve records hosted in a Cloud DNS private zone following Google-recommended practices. You need to implement a solution that allows your on-premises users to resolve records that are hosted in Google Cloud. What should you do?

A: Associate the private zone to 'vpc-a.' Create an outbound forwarding policy and associate the policy to 'vpc-a.' Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to 'vpc-a.'

B: Configure a DNS proxy service inside one of the GKE clusters. Expose the DNS proxy service in GKE as an internal load balancer. Configure the on-premises DNS servers to forward queries for the private zone to the IP address of the internal load balancer.

C: Use custom route advertisements to announce 169.254.169.254 via BGP to the on-premises environment. Configure the on-premises DNS servers to forward DNS requests to 169.254.169.254.

D: Associate the private zone to 'vpc-a.' Create an inbound forwarding policy and associate the policy to 'vpc-a.' Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to 'vpc-a.'

Correct Answer: A

Q3: Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?

A: Enable Cloud Armor TLS inspection policy, and associate the policy with the backend VMs.

B: Use Cloud NGFW Enterprise. Create a firewall rule for egress traffic with the tls-inspect flag and associate the firewall rules with the VMs.

C: Configure a TLS agent on every VM to intercept TLS traffic before it reaches the internet. Configure Sensitive Data Protection to analyze and allow/deny the content.

D: Use Cloud NGFW Essentials. Create a firewall rule for egress traffic and enable VPC Flow Logs with the TLS inspect option. Analyze the output logs content and block the outputs that have malicious activities.

Correct Answer: B

Q4: Your organization recently exposed a set of services through a global external Application Load Balancer. After conducting some testing, you observed that responses would intermittently yield a non-HTTP 200 response. You need to identify the error. What should you do? (Choose 2 answers)

A: Delete the load balancer and backend services. Create a new passthrough Network Load Balancer. Configure a failover group of VMs for the backend.

B: Access a VM in the VPC through SSH and try to access a backend VM directly. If the request is successful from the VM, increase the quantity of backends.

C: Enable and review the health check logs. Review the error responses in Cloud Logging.

D: Validate the health of the backend service. Enable logging for the backend service and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.

E: Validate the health of the backend service. Enable logging on the load balancer and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.

Correct Answer: C, E

- Testimonials -

Real Results From Real Students

John Doe
John Doe
This site has been a game-changer for my certification journey. The materials are current, reliable, and best of all—free! It's clear they're committed to supporting the IT community.
Emma
Emma
I passed my CompTIA Security+ exam on the first try thanks to this site. Their practice exams and study guides are top-notch. Highly recommend it to anyone serious about IT certifications.
Liam
Liam
I’ve passed three certifications using this site. Their materials are detailed and well-structured, and the fact that it’s free makes it even better.
Isabella
Isabella
If you're studying for any IT certification, this should be your first stop. It’s comprehensive, organized, and constantly updated.
Benjamin
Benjamin
This website helped me prepare for multiple certifications, and today I’m working in cybersecurity. Without their free resources, I wouldn’t be here.