Professional-Cloud-Network-Engineer Exam Dumps - Google Cloud Certified - Professional Cloud Network Engineer

Go to page:

<< First
Prev
1
2
3
4
5
6
7
8
Next
Last >>

Question # 9

Question:

Your organization is developing a landing zone architecture with the following requirements:

No communication between production and non-production environments.

Communication between applications within an environment may be necessary.

Network administrators should centrally manage all network resources, including subnets, routes, and firewall rules.

Each application should be billed separately.

Developers of an application within a project should have the autonomy to create their compute resources.

Up to 1000 applications are expected per environment.

What should you do?

Create a design that has a Shared VPC for each project. Implement hierarchical firewall policies to apply micro-segmentation between VPCs.

Create a design where each project has its own VPC. Ensure all VPCs are connected by a Network Connectivity Center hub that is centrally managed by the network team.

Create a design that implements a single Shared VPC. Use VPC firewall rules with secure tags to enforce micro-segmentation between environments.

Create a design that has one host project with a Shared VPC for the production environment, another host project with a Shared VPC for the non-production environment, and a service project that is associated with the corresponding host project for each initiative.

Full Access

Question # 10

You have a storage bucket that contains the following objects:

- folder-a/image-a-1.jpg

- folder-a/image-a-2.jpg

- folder-b/image-b-1.jpg

- folder-b/image-b-2.jpg

Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands.

What should you do?

Add an appropriate lifecycle rule on the storage bucket.

Issue a cache invalidation command with pattern /folder-a/*.

Make sure that all the objects with prefix folder-a are not shared publicly.

Disable Cloud CDN on the storage bucket. Wait 90 seconds. Re-enable Cloud CDN on the storage bucket.

Full Access

Question # 11

Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with access from on-premises locations using Cloud Interconnect connections. Your company must be able to send traffic to Cloud Storage only through the Interconnect links while accessing other Google APIs and services over the public internet. What should you do?

Use the default public domains for all Google APIs and services.

Use Private Service Connect to access Cloud Storage, and use the default public domains for all other Google APIs and services.

Use Private Google Access, with restricted.googleapis.com virtual IP addresses for Cloud Storage and private.googleapis.com for all other Google APIs and services.

Use Private Google Access, with private.googleapis.com virtual IP addresses for Cloud Storage and restricted.googleapis.com virtual IP addresses for all other Google APIs and services.

Full Access

Question # 12

You have the following firewall ruleset applied to all instances in your Virtual Private Cloud (VPC):

You need to update the firewall rule to add the following rule to the ruleset:

You are using a new user account. You must assign the appropriate identity and Access Management (IAM) user roles to this new user account before updating the firewall rule. The new user account must be able to apply the update and view firewall logs. What should you do?

Assign the compute.securityAdmin and logging.viewer rule to the new user account. Apply the new firewall rule with a priority of 50.

Assign the compute.securityAdmin and logging.bucketWriter role to the new user account. Apply the new firewall rule with a priority of 150.

Assign the compute.orgSecurityPolicyAdmin and logging.viewer role to the new user account. Apply the new firewall rule with a priority of 50.

Assign the compute.orgSecurityPolicyAdmin and logging.bucketWriter role to the new user account. Apply the new firewall rule with a priority of 150.

Full Access

Question # 13

You have enabled HTTP(S) load balancing for your application, and your application developers have reported that HTTP(S) requests are not being distributed correctly to your Compute Engine Virtual Machine instances. You want to find data about how the request are being distributed.

Which two methods can accomplish this? (Choose two.)

On the Load Balancer details page of the GCP Console, click on the Monitoring tab, select your backend service, and look at the graphs.

In Stackdriver Error Reporting, look for any unacknowledged errors for the Cloud Load Balancers service.

In Stackdriver Monitoring, select Resources > Metrics Explorer and search for https/request_bytes_count metric.

In Stackdriver Monitoring, select Resources > Google Cloud Load Balancers and review the Key Metrics graphs in the dashboard.

In Stackdriver Monitoring, create a new dashboard and track the https/backend_request_count metric for the load balancer.

Full Access

Question # 14

Your company's security team tends to use managed services when possible. You need to build a dashboard to show the number of deny hits that occur against configured firewall rules without increasing operational overhead. What should you do?

Configure Firewall Rules Logging. Use Firewall Insights to display the number of hits.

Configure Firewall Rules Logging. View the logs in Cloud Logging, and create a custom dashboard in Cloud Monitoring to display the number of hits.

Configure a firewall appliance from the Google Cloud Marketplace. Route all traffic through this appliance, and apply the firewall rules at this layer. Use the firewall appliance to display the number of hits.

Configure Packet Mirroring on the VPC. Apply a filter with an IP address list of the Denied Firewall rules. Configure an intrusion detection system (IDS) appliance as the receiver to display the number of hits.

Full Access

Question # 15

You decide to set up Cloud NAT. After completing the configuration, you find that one of your instances is not using the Cloud NAT for outbound NAT.

What is the most likely cause of this problem?

The instance has been configured with multiple interfaces.

An external IP address has been configured on the instance.

You have created static routes that use RFC1918 ranges.

The instance is accessible by a load balancer external IP address.

Full Access

Question # 16

You need to configure a Google Kubernetes Engine (GKE) cluster. The initial deployment should have 5 nodes with the potential to scale to 10 nodes. The maximum number of Pods per node is 8. The number of services could grow from 100 to up to 1024. How should you design the IP schema to optimally meet this requirement?

Configure a /28 primary IP address range for the node IP addresses. Configure a (25 secondary IP range for the Pods. Configure a /22 secondary IP range for the Services.

Configure a /28 primary IP address range for the node IP addresses. Configure a /25 secondary IP range for the Pods. Configure a /21 secondary IP range for the Services.

Configure a /28 primary IP address range for the node IP addresses. Configure a /28 secondary IP range for the Pods. Configure a /21 secondary IP range for the Services.

Configure a /28 primary IP address range for the node IP addresses. Configure a /24 secondary IP range for the Pads. Configure a /22 secondary IP range for the Services.

Full Access

Go to page: