• Home
  • Articles
  • 100% Pass Top-selling Professional-Cloud-Network-Engineer Exams - New 2024 Google Pratice Exam [Q38-Q56]

100% Pass Top-selling Professional-Cloud-Network-Engineer Exams - New 2024 Google Pratice Exam [Q38-Q56]

Share

100% Pass Top-selling Professional-Cloud-Network-Engineer Exams - New 2024 Google Pratice Exam

Google Cloud Platform Dumps Professional-Cloud-Network-Engineer Exam for Full Questions - Exam Study Guide

NEW QUESTION # 38
You have configured a Compute Engine virtual machine instance as a NAT gateway. You execute the following command:
gcloud compute routes create no-ip-internet-route \
--network custom-network1 \
--destination-range 0.0.0.0/0 \
--next-hop instance nat-gateway \
--next-hop instance-zone us-central1-a \
--tags no-ip --priority 800
You want existing instances to use the new NAT gateway. Which command should you execute?

  • A. gcloud builds submit --config=cloudbuild.waml --substitutions=TAG_NAME=no-ip
  • B. gcloud compute instances create example-instance --network custom-network1 \
  • C. gcloud compute instances add-tags [existing-instance] --tags no-ip
  • D. sudo sysctl -w net.ipv4.ip_forward=1

Answer: C

Explanation:
--subnet subnet-us-central \
--no-address \
--zone us-central1-a \
--image-family debian-9 \
--image-project debian-cloud \
--tags no-ip
Explanation:
https://cloud.google.com/sdk/gcloud/reference/compute/routes/create
In order to apply a route to an existing instance we should use a tag to bind the route to it.


NEW QUESTION # 39
You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in your zone.
What should you do?

  • A. Transfer ownership of the domain to a new registar.
    Before disabling DNSSEC for a managed zone you want to use, you must deactivate DNSSEC at your domain registrar to ensure that DNSSEC-validating resolvers can still resolve names in the zone.
  • B. Set the zone to the TRANSFER state.
  • C. Update the TTL for the zone.
  • D. Disable DNSSEC at your domain registar.

Answer: D


NEW QUESTION # 40
You configured Cloud VPN with dynamic routing via Border Gateway Protocol (BGP). You added a custom route to advertise a network that is reachable over the VPN tunnel. However, the on-premises clients still cannot reach the network over the VPN tunnel. You need to examine the logs in Cloud Logging to confirm that the appropriate routers are being advertised over the VPN tunnel. Which filter should you use in Cloud Logging to examine the logs?

  • A. resource.type= "gce_router"
  • B. resource.type= "gce_network_region"
  • C. resource.type= "vpn_tunnel"
  • D. resource.type= "vpn_gateway"

Answer: C


NEW QUESTION # 41
You are trying to update firewall rules in a shared VPC for which you have been assigned only Network Admin permissions. You cannot modify the firewall rules. Your organization requires using the least privilege necessary.
Which level of permissions should you request?

  • A. Service Project Admin privileges from the Shared VPC Admin.
  • B. Security Admin privileges from the Shared VPC Admin.
  • C. Organization Admin privileges from the Organization Admin.
  • D. Shared VPC Admin privileges from the Organization Admin.

Answer: B

Explanation:
Explanation/Reference: https://cloud.google.com/vpc/docs/shared-vpc


NEW QUESTION # 42
You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.
What should you do?

  • A. Create a custom Google Compute Engine image with your public ssh key embedded.
  • B. Use gcloud compute ssh to automatically copy your public ssh key to the instance.
  • C. Upload your public ssh key to each instance Metadata.
  • D. Upload your public ssh key to the project Metadata.

Answer: D


NEW QUESTION # 43
You need to create a new VPC network that allows instances to have IP addresses in both the 10.1.1.0/24 network and the 172.16.45.0/24 network.
What should you do?

  • A. Use VPC peering to allow traffic to route between the 10.1.0.0/24 network and the 172.16.45.0/24 network.
  • B. Configure global load balancing to point 172.16.45.0/24 to the correct instance.
  • C. Configure an alias-IP range of 172.16.45.0/24 on the virtual instances within the VPC subnet of 10.1.1.0/24.
  • D. Create unique DNS records for each service that sends traffic to the desired IP address.

Answer: D


NEW QUESTION # 44
You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.
What should you do?

  • A. Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.
  • B. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.
  • C. Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.
  • D. Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.

Answer: D

Explanation:
https://cloud.google.com/load-balancing/docs/https/setting-up-https#sendtraffic


NEW QUESTION # 45
You work for a university that is migrating to GCP.
These are the cloud requirements:
* On-premises connectivity with 10 Gbps
* Lowest latency access to the cloud
* Centralized Networking Administration Team
New departments are asking for on-premises connectivity to their projects. You want to deploy the most cost- efficient interconnect solution for connecting the campus to Google Cloud.
What should you do?

  • A. Use standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Interconnects.
  • B. Use standalone projects and deploy the VLAN attachments and Interconnects in each of the individual projects.
  • C. Use Shared VPC, and deploy the VLAN attachments and Interconnect in the host project.
  • D. Use Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.

Answer: C


NEW QUESTION # 46
You are maintaining a Shared VPC in a host project. Several departments within your company have infrastructure in different service projects attached to the Shared VPC and use Identity and Access Management (IAM) permissions to manage the cloud resources in those projects. VPC Network Peering is also set up between the Shared VPC and a common services VPC that is not in a service project. Several users are experiencing failed connectivity between certain instances in different Shared VPC service projects and between certain instances and the internet. You need to validate the network configuration to identify whether a misconfiguration is the root cause of the problem. What should you do?

  • A. Enable VPC Flow Logs for all VPCs, and review the logs in Cloud Logging for the affected instances.
  • B. Run Connectivity Tests from Network Intelligence Center to check connectivity between the affected endpoints in your network and the internet.
  • C. Use Secure Shell (SSH) to connect to the affected Compute Engine instances, and run a series of PING tests to the other affected endpoints and the 8.8.8.8 IPv4 address.
  • D. Review the VPC audit logs in Cloud Logging for the affected instances.

Answer: B


NEW QUESTION # 47
You decide to set up Cloud NAT. After completing the configuration, you find that one of your instances is not using the Cloud NAT for outbound NAT.
What is the most likely cause of this problem?

  • A. The instance has been configured with multiple interfaces.
  • B. You have created static routes that use RFC1918 ranges.
  • C. An external IP address has been configured on the instance.
  • D. The instance is accessible by a load balancer external IP address.

Answer: C


NEW QUESTION # 48
A database virtual machine on Google Compute Engine has an ext4-formatted persistent disk for data files. The database is about to run out of storage space How can you remediate the problem with the least amount of downtime?

  • A. In the Cloud Platform Console, create a new persistent disk attached to the virtual machine, format and mount it, and configure the database service to move the files to the new disk.
  • B. In the Cloud Platform Console, increase the size of the persistent disk and verify the new space is ready to use with the fdisk command in Linux.
  • C. Shut down the virtual machine, use the Cloud Platform Console to increase the persistent disk size, then restart the virtual machine.
  • D. In the Cloud Platform Console, increase the size of the persistent disk and use the resize2fs command in Linux.
  • E. In the Cloud Platform Console, create a snapshot of the persistent disk, restore the snapshot to a new larger disk, unmount the old disk, mount the new disk, and restart the database service.

Answer: D

Explanation:
A (Correct answer) - In the Cloud Platform Console, increase the size of the persistent disk and use the resize2fs command in Linux.
Here are the steps: In the Cloud Platform Console, increase the size of the persistent disk; after indicating size increase in console, to make the new size effective, you have two options: restart the VM or configure in the VM's operating systems, Windows or Linux.


NEW QUESTION # 49
You created a VPC network named Retail in auto mode. You want to create a VPC network named Distribution and peer it with the Retail VPC.
How should you configure the Distribution VPC?

  • A. Create the Distribution VPC in custom mode. Use the CIDR range 10.0.0.0/9. Create the necessary subnets, and then peer them via network peering.
  • B. Create the Distribution VPC in custom mode. Use the CIDR range 10.128.0.0/9. Create the necessary subnets, and then peer them via network peering.
  • C. Create the Distribution VPC in auto mode. Peer both the VPCs via network peering.
  • D. Rename the default VPC as "Distribution" and peer it via network peering.

Answer: A

Explanation:
https://cloud.google.com/vpc/docs/vpc#ip-ranges


NEW QUESTION # 50
You work for a multinational enterprise that is moving to GCP.
These are the cloud requirements:
* An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us-west1 (primary HQ) and us-east4 (backup)
* Multiple regional offices in Europe and APAC
* Regional data processing is required in europe-west1 and australia-southeast1
* Centralized Network Administration Team
Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering. You want to deploy the appliance in us-west1.
What should you do?

  • A. * Create 1 VPC in a Shared VPC Service Project.
    * Configure a 2-NIC instance in zone us-west1-a in the Service Project.
    * Attach NIC0 in us-west1 subnet of the Service Project.
    * Attach NIC1 in us-west1 subnet of the Service Project
    * Deploy the instance.
    * Configure the necessary routes and firewall rules to pass traffic through the instance.
  • B. * Create 2 VPCs in a Shared VPC Host Project.
    * Configure a 2-NIC instance in zone us-west1-a in the Service Project.
    * Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.
    * Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.
    * Deploy the instance.
    * Configure the necessary routes and firewall rules to pass traffic through the instance.
  • C. * Create 2 VPCs in a Shared VPC Host Project.
    * Configure a 2-NIC instance in zone us-west1-a in the Host Project.
    * Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.
    * Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.
    * Deploy the instance.
    * Configure the necessary routes and firewall rules to pass traffic through the instance.
  • D. * Create 1 VPC in a Shared VPC Host Project.
    * Configure a 2-NIC instance in zone us-west1-a in the Host Project.
    * Attach NIC0 in us-west1 subnet of the Host Project.
    * Attach NIC1 in us-west1 subnet of the Host Project
    * Deploy the instance.
    * Configure the necessary routes and firewall rules to pass traffic through the instance.

Answer: C


NEW QUESTION # 51
Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead.
How should you design the topology?

  • A. Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.
  • B. Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs.
  • C. Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.
  • D. Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.

Answer: A

Explanation:
https://cloud.google.com/vpc/docs/vpc-peering


NEW QUESTION # 52
You have configured a service on Google Cloud that connects to an on-premises service via a Dedicated Interconnect. Users are reporting recent connectivity issues. You need to determine whether the traffic is being dropped because of firewall rules or a routing decision. What should you do?

  • A. Configure a Compute Engine instance on the same VPC as the service running on Google Cloud to run a traceroute targeted at the on-premises service.
  • B. Use Network Intelligence Center Network Topology to check the traffic flow, and replay the traffic from the time period when the connectivity issue occurred.
  • C. Use the Network Intelligence Center Connectivity Tests to test the connectivity between the VPC and the on-premises network.
  • D. Configure VPC Flow Logs. Review the logs by filtering on the source and destination.

Answer: B


NEW QUESTION # 53
After a network change window one of your company's applications stops working. The application uses an on-premises database server that no longer receives any traffic from the application. The database server IP address is 10.2.1.25. You examine the change request, and the only change is that 3 additional VPC subnets were created. The new VPC subnets created are 10.1.0.0/16, 10.2.0.0/16, and 10.3.1.0/24/ The on-premises router is advertising 10.0.0.0/8.
What is the most likely cause of this problem?

  • A. The on-premises router is not advertising a route for the database server.
  • B. A cloud firewall rule that blocks traffic to the on-premises database server was created during the change.
  • C. The less specific VPC subnet route is taking priority.
  • D. The more specific VPC subnet route is taking priority.

Answer: B


NEW QUESTION # 54
You have ordered Dedicated Interconnect in the GCP Console and need to give the Letter of Authorization/Connecting Facility Assignment (LOA-CFA) to your cross-connect provider to complete the physical connection.
Which two actions can accomplish this? (Choose two.)

  • A. Open a Cloud Support ticket under the Cloud Interconnect category.
  • B. Check the email for the account of the NOC contact that you specified during the ordering process.
  • C. Contact your cross-connect provider and inform them that Google automatically sent the LOA/CFA to them via email, and to complete the connection.
  • D. Run gcloud compute interconnects describe <interconnect>.
  • E. Download the LOA-CFA from the Hybrid Connectivity section of the GCP Console.

Answer: B,E


NEW QUESTION # 55
In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.
What should you do?

  • A. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
  • B. Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
  • C. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
  • D. Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.

Answer: C

Explanation:
Explanation/Reference:


NEW QUESTION # 56
......

Authentic Best resources for Professional-Cloud-Network-Engineer Online Practice Exam: https://www.itpassleader.com/Google/Professional-Cloud-Network-Engineer-dumps-pass-exam.html

Professional-Cloud-Network-Engineer Test Engine Practice Exam: https://drive.google.com/open?id=1wwImfpHzXrZwVv9kxnLPYjLeeCHPgb0m

Related Articles

more
Google Professional-Cloud-Network-Engineer Certification Practice Exam
0
0
0
0