New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. Google
  3. Google Cloud Platform
  4. Professional-Cloud-Network-Engineer - Google Cloud Certified - Professional Cloud Network Engineer

Professional-Cloud-Network-Engineer Exam Dumps - Google Cloud Certified - Professional Cloud Network Engineer

Go to page:
Question # 41

You created a new VPC for your development team. You want to allow access to the resources in this VPC via SSH only.

How should you configure your firewall rules?

A.

Create two firewall rules: one to block all traffic with priority 0, and another to allow port 22 with priority 1000.

B.

Create two firewall rules: one to block all traffic with priority 65536, and another to allow port 3389 with priority 1000.

C.

Create a single firewall rule to allow port 22 with priority 1000.

D.

Create a single firewall rule to allow port 3389 with priority 1000.

Full Access
Question # 42

You are responsible for configuring firewall policies for your company in Google Cloud. Your security team has a strict set of requirements that must be met to configure firewall rules.

Always allow Secure Shell (SSH) from your corporate IP address.

Restrict SSH access from all other IP addresses.

There are multiple projects and VPCs in your Google Cloud organization. You need to ensure that other VPC firewall rules cannot bypass the security team’s requirements. What should you do?

A.

Configure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 0.

Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 1.

B.

Configure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 0.

Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 1.

C.

Configure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 1.

Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 0.

D.

Configure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 1

Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 0.

Full Access
Question # 43

You are designing a shared VPC architecture. Your network and security team has strict controls over which routes are exposed between departments. Your Production and Staging departments can communicate with each other, but only via specific networks. You want to follow Google-recommended practices.

How should you design this topology?

A.

Create 2 shared VPCs within the shared VPC Host Project, and enable VPC peering between them. Use firewall rules to filter access between the specific networks.

B.

Create 2 shared VPCs within the shared VPC Host Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.

C.

Create 2 shared VPCs within the shared VPC Service Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.

D.

Create 1 VPC within the shared VPC Host Project, and share individual subnets with the Service Projects to filter access between the specific networks.

Full Access
Question # 44

Your organization has a new security policy that requires you to monitor all egress traffic payloads from your virtual machines in region us-west2. You deployed an intrusion detection system (IDS) virtual appliance in the same region to meet the new policy. You now need to integrate the IDS into the environment to monitor all egress traffic payloads from us-west2. What should you do?

A.

Enable firewall logging, and forward all filtered egress firewall logs to the IDS.

B.

Enable VPC Flow Logs. Create a sink in Cloud Logging to send filtered egress VPC Flow Logs to the IDS.

C.

Create an internal TCP/UDP load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.

D.

Create an internal HTTP(S) load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.

Full Access
Question # 45

You have an HA VPN connection with two tunnels running in active/passive mode between your Virtual Private Cloud (VPC) and on-premises network. Traffic over the connection has recently increased from 1 gigabit per second (Gbps) to 4 Gbps, and you notice that packets are being dropped. You need to configure your VPN connection to Google Cloud to support 4 Gbps. What should you do?

A.

Configure the remote autonomous system number (ASN) to 4096.

B.

Configure a second Cloud Router to scale bandwidth in and out of the VPC.

C.

Configure the maximum transmission unit (MTU) to its highest supported value.

D.

Configure a second set of active/passive VPN tunnels.

Full Access
Question # 46

Your on-premises data center has 2 routers connected to your GCP through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.

During troubleshooting you find:

•Each on-premises router is configured with the same ASN.

•Each on-premises router is configured with the same routes and priorities.

•Both on-premises routers are configured with a VPN connected to a single Cloud Router.

•The VPN logs have no-proposal-chosen lines when the VPNs are connecting.

•BGP session is not established between one on-premises router and the Cloud Router.

What is the most likely cause of this problem?

A.

One of the VPN sessions is configured incorrectly.

B.

A firewall is blocking the traffic across the second VPN connection.

C.

You do not have a load balancer to load-balance the network traffic.

D.

BGP sessions are not established between both on-premises routers and the Cloud Router.

Full Access
Question # 47

You recently deployed Cloud VPN to connect your on-premises data canter to Google Cloud. You need to monitor the usage of this VPN and set up alerts in case traffic exceeds the maximum allowed. You need to be able to quickly decide whether to add extra links or move to a Dedicated Interconnect. What should you do?

A.

In the Network Intelligence Canter, check for the number of packet drops on the VPN.

B.

In the Google Cloud Console, use Monitoring Query Language to create a custom alert for bandwidth utilization.

C.

In the Monitoring section of the Google Cloud Console, use the Dashboard section to select a default dashboard for VPN usage.

D.

In the VPN section of the Google Cloud Console, select the VPN under hybrid connectivity, and then select monitoring to display utilization on the dashboard.

Full Access
Question # 48

Your company has a security team that manages firewalls and SSL certificates. It also has a networking team that manages the networking resources. The networking team needs to be able to read firewall rules, but should not be able to create, modify, or delete them.

How should you set up permissions for the networking team?

A.

Assign members of the networking team the compute.networkUser role.

B.

Assign members of the networking team the compute.networkAdmin role.

C.

Assign members of the networking team a custom role with only the compute.networks.* and the compute.firewalls.list permissions.

D.

Assign members of the networking team the compute.networkViewer role, and add the compute.networks.use permission.

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps