[2021] Use Valid Professional-Cloud-Network-Engineer Exam - Actual Exam Question & Answer [Q36-Q52]

[2021] Use Valid Professional-Cloud-Network-Engineer Exam - Actual Exam Question & Answer

Test Engine to Practice Professional-Cloud-Network-Engineer Test Questions

What is the duration, language, and format of Google Professional Cloud Network Engineer Exam

• Format: Multiple choices, multiple select
• Length of Examination: 120 minutes
• Recommended experience: 3+ years of industry experience including 1+ years designing and managing solutions using GCP.
• Number of Questions: 50-60
• Language: English
• Passing score: 80%

The certification exam will measure the skills and knowledge of the candidates across seven different domains. The highlights of these areas are as follows:

Design, Plan, and Prototype GCP Networks

• Design Overall Network Architectures: The consideration for this topic include alternatives for high availability, failover & disaster recovery plan, DNS strategy, container networking, hybrid connectivity, and optimizing for latency. The certification exam also requires competence in selecting the relevant load balancing options, meeting the business prerequisites, Micro-segmentation for security reasons, IAM & security, and understanding of the way quotas are applied based on project and VPC;
• Design Hybrid Networks: The questions from this subtopic will measure the expertise of the learners in peering options, IPsec VPN, using interconnects, cross-organization access, standalone versus shared VPC interconnect access, Cloud router, as well as failover & disaster recovery strategy.
• Design Virtual Private Cloud: This section covers the individuals’ skills in peering, multiple versus single, shared or standalone, CIDR range for the subnets, and IP address. It also focuses on the concepts, such as routes, firewall, and the differences between other Cloud platforms and Google Cloud Networking;

The benefit of obtaining the Google Professional Cloud Network Engineer Exam Certification

• Google Professional Cloud Network Engineer Certification is distinguished among competitors. Google Professional Cloud Network Engineer certification can give them an edge at that time easily when candidates appear for employment interview, employers are very fascinated to note one thing that differentiates the individual from all other candidates.
• Google Professional Cloud Network Engineer Certifications provide opportunities to get a job easily in which they are interested in instead of wasting years and ending without getting any experience.
• Google Professional Cloud Network Engineer Certification provides practical experience to candidates from all the aspects to be a proficient worker in the organization.
• Google Professional Cloud Network Engineer certification has more useful and relevant networks that help them in setting career goals for themselves. Google Professional Cloud Network Engineer networks provide them with the correct career guidance than non certified generally are unable to get.
• Google Professional Cloud Network Engineer Exam provide proven knowledge to use the tools to complete the task efficiently and cost effectively than the other non-certified professionals lack in doing so.
• Google Professional Cloud Network Engineer will be confident and stand different from others as their skills are more trained than non-certified professionals.

 

NEW QUESTION 36
You need to enable Cloud CDN for all the objects inside a storage bucket. You want to ensure that all the object in the storage bucket can be served by the CDN.
What should you do in the GCP Console?

• A. Create a new cloud storage bucket, and then enable Cloud CDN on it.
• B. Create a new HTTP load balancer, select the storage bucket as a backend, enable Cloud CDN on the backend, and make sure each object inside the storage bucket is shared publicly.
• C. Create a new SSL proxy load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
• D. Create a new TCP load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.

Answer: B

Explanation:
https://cloud.google.com/load-balancing/docs/https/adding-backend-buckets-to-load-balancers#using_cloud_cdn_with_cloud_storage_buckets Cloud CDN needs HTTP(S) Load Balancers and Cloud Storage bucket has to be shared publicly. https://cloud.google.com/cdn/docs/setting-up-cdn-with-bucket

 

NEW QUESTION 37
Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs.
Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)

• A. Cloud NAT
• B. Cloud VPN
• C. Dedicated Interconnect
• D. VPC peering
• E. Shared VPC

Answer: B,C

Explanation:
https://cloud.google.com/vpc/docs/vpc

 

NEW QUESTION 38
You created a new VPC for your development team. You want to allow access to the resources in this VPC via SSH only.
How should you configure your firewall rules?

• A. Create a single firewall rule to allow port 3389 with priority 1000.
• B. Create two firewall rules: one to block all traffic with priority 0, and another to allow port 22 with priority 1000.
• C. Create a single firewall rule to allow port 22 with priority 1000.
• D. Create two firewall rules: one to block all traffic with priority 65536, and another to allow port 3389 with priority 1000.

Answer: C

Explanation:
Reference:
https://geekflare.com/gcp-firewall-configuration/

 

NEW QUESTION 39
Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.
During troubleshooting you find:
* Each on-premises router is configured with a unique ASN.
* Each on-premises router is configured with the same routes and priorities.
* Both on-premises routers are configured with a VPN connected to a single Cloud Router.
* BGP sessions are established between both on-premises routers and the Cloud Router.
* Only 1 of the on-premises router's routes are being added to the routing table.
What is the most likely cause of this problem?

• A. You do not have a load balancer to load-balance the network traffic.
• B. A firewall is blocking the traffic across the second VPN connection.
• C. The ASNs being used on the on-premises routers are different.
• D. The on-premises routers are configured with the same routes.

Answer: C

 

NEW QUESTION 40
Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.
How should you deploy this service in GCP?

• A. Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.
• B. Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal-priority static routes to the backend servers.
• C. Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.
• D. Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.

Answer: C

 

NEW QUESTION 41
You want to create a service in GCP using IPv6.
What should you do?

• A. Configure an internal load balancer with the designated IPv6 address.
• B. Configure a TCP Proxy with the designated IPv6 address.
• C. Create the instance with the designated IPv6 address.
• D. Configure a global load balancer with the designated IPv6 address.

Answer: D

Explanation:
https://cloud.google.com/load-balancing/docs/ipv6

 

NEW QUESTION 42
You work for a multinational enterprise that is moving to GCP.
These are the cloud requirements:
- An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us- west1 (primary HQ) and us-east4 (backup)
- Multiple regional offices in Europe and APAC
- Regional data processing is required in europe-west1 and australia-
southeast1
- Centralized Network Administration Team
Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering. You want to deploy the appliance in us-west1.
What should you do?

• A. Create 1 VPC in a Shared VPC Host Project.
  Configure a 2-NIC instance in zone us-west1-a in the Host Project.
  Attach NIC0 in us-west1 subnet of the Host Project.
  Attach NIC1 in us-west1 subnet of the Host Project
  Deploy the instance.
  Configure the necessary routes and firewall rules to pass traffic through the instance.
• B. Create 2 VPCs in a Shared VPC Host Project.
  Configure a 2-NIC instance in zone us-west1-a in the Service Project.
  Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.
  Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.
  Deploy the instance.
  Configure the necessary routes and firewall rules to pass traffic through the instance.
• C. Create 1 VPC in a Shared VPC Service Project.
  Configure a 2-NIC instance in zone us-west1-a in the Service Project.
  Attach NIC0 in us-west1 subnet of the Service Project.
  Attach NIC1 in us-west1 subnet of the Service Project ?Deploy the instance.
  Configure the necessary routes and firewall rules to pass traffic through the instance.
• D. Create 2 VPCs in a Shared VPC Host Project.
  Configure a 2-NIC instance in zone us-west1-a in the Host Project.
  Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.
  Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.
  Deploy the instance.
  Configure the necessary routes and firewall rules to pass traffic through the instance.

Answer: D

 

NEW QUESTION 43
You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage. You want to ensure that none of the application instances have external IP addresses.
Which two methods can you use to accomplish this? (Choose two.)

• A. Enable Private Google Access on all the subnets.
• B. Create network peering between your VPC and BigQuery.
• C. Enable Private Google Access on the VPC.
• D. Enable Private Services Access on the VPC.
• E. Create a Cloud NAT, and route the application traffic via NAT gateway.

Answer: A,E

Explanation:
https://cloud.google.com/nat/docs/overview#interaction-pga Specifications https://cloud.google.com/vpc/docs/configure-private-google-access#specifications

 

NEW QUESTION 44
You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command.
Which next hop should you choose?

• A. The name and region of the Cloud VPN tunnel
• B. The IP address of the instance on the remote side of the VPN tunnel
• C. The IP address of the Cloud VPN gateway
• D. The default internet gateway

Answer: A

Explanation:
When you create a route based tunnel using the Cloud Console, Classic VPN performs both of the following tasks: Sets the tunnel's local and remote traffic selectors to any IP address (0.0.0.0/0) For each range in Remote network IP ranges, Google Cloud creates a custom static route whose destination (prefix) is the range's CIDR, and whose next hop is the tunnel. https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-static-vpns

 

NEW QUESTION 45
You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic listed.
During troubleshooting you find:
* Flow logs are enabled for the VPC subnet, and all firewall rules are set to log.
* The subnetwork logs are not excluded from Stackdriver.
* The instance that is hosting the application can communicate outside the subnet.
* Other instances within the subnet can communicate outside the subnet.
* The external resource initiates communication.
What is the most likely cause of the missing log lines?

• A. The traffic is not matching the expected egress rule.
• B. The traffic is matching the expected ingress rule.
• C. The traffic is matching the expected egress rule.
• D. The traffic is not matching the expected ingress rule.

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 46
You have ordered Dedicated Interconnect in the GCP Console and need to give the Letter of Authorization/Connecting Facility Assignment (LOA-CFA) to your cross-connect provider to complete the physical connection.
Which two actions can accomplish this? (Choose two.)

• A. Download the LOA-CFA from the Hybrid Connectivity section of the GCP Console.
• B. Open a Cloud Support ticket under the Cloud Interconnect category.
• C. Run gcloud compute interconnects describe <interconnect>.
• D. Contact your cross-connect provider and inform them that Google automatically sent the LOA/CFA to them via email, and to complete the connection.
• E. Check the email for the account of the NOC contact that you specified during the ordering process.

Answer: A,E

 

NEW QUESTION 47
Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.
During troubleshooting you find:
- Each on-premises router is configured with a unique ASN. ?Each on-
premises router is configured with the same routes and priorities.
- Both on-premises routers are configured with a VPN connected to a
single Cloud Router.
- BGP sessions are established between both on-premises routers and the Cloud Router.
- Only 1 of the on-premises router's routes are being added to the
routing table.
What is the most likely cause of this problem?

• A. The ASNs being used on the on-premises routers are different.
• B. A firewall is blocking the traffic across the second VPN connection.
• C. You do not have a load balancer to load-balance the network traffic.
• D. The on-premises routers are configured with the same routes.

Answer: C

 

NEW QUESTION 48
One instance in your VPC is configured to run with a private IP address only. You want to ensure that even if this instance is deleted, its current private IP address will not be automatically assigned to a different instance.
In the GCP Console, what should you do?

• A. Change the instance's current internal IP address to static.
• B. Assign a public IP address to the instance.
• C. Add custom metadata to the instance with key internal-address and value reserved.
• D. Assign a new reserved internal IP address to the instance.

Answer: A

Explanation:
https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address#reservenewip Since here https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address#reservenewip it is written that "automatically allocated or an unused address from an existing subnet".

 

NEW QUESTION 49
You are migrating to Cloud DNS and want to import your BIND zone file.
Which command should you use?

• A. gcloud dns record-sets import ZONE_FILE --delete-all-existing --zone MANAGED ZONE
• B. gcloud dns record-sets import ZONE_FILE --replace-origin-ns --zone MANAGED_ZONE
• C. gcloud dns record-sets import ZONE_FILE --zone-file-format --zone MANAGED_ZONE
• D. gcloud dns record-sets import ZONE_FILE --zone MANAGED_ZONE

Answer: C

Explanation:
https://cloud.google.com/sdk/gcloud/reference/dns/record-sets/import

 

NEW QUESTION 50
You want to configure a NAT to perform address translation between your on-premises network blocks and GCP.
Which NAT solution should you use?

• A. An instance with IP forwarding enabled
• B. An instance configured with iptables SNAT rules
• C. Cloud NAT
• D. An instance configured with iptables DNAT rules

Answer: C

 

NEW QUESTION 51
You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.
Which two actions should you take? (Choose two.)

• A. Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.
• B. Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.
• C. Turn on Private Google Access at the subnet level.
• D. Turn on Private Services Access at the VPC level.
• E. Turn on Private Google Access at the VPC level.

Answer: A,C

Explanation:
https://cloud.google.com/vpc/docs/private-access-options#pga Private Google Access VM instances that only have internal IP addresses (no external IP addresses) can use Private Google Access. They can reach the _external IP addresses_ of Google APIs and services.

 

NEW QUESTION 52
......

Professional-Cloud-Network-Engineer Actual Questions Answers PDF 100% Cover Real Exam Questions: https://www.vcedumps.com/Professional-Cloud-Network-Engineer-examcollection.html

Professional-Cloud-Network-Engineer Real Exam Questions Test Engine Dumps Training With 80 Questions: https://drive.google.com/open?id=1OPYWYSr1jIVpOTV6HsN4aV0gK9aaFPTJ