Google Professional Cloud Network Engineer Professional Cloud Network Engineer Online Training
Google Professional Cloud Network Engineer Online Training
The questions for Professional Cloud Network Engineer were last updated at Nov 23,2024.
- Exam Code: Professional Cloud Network Engineer
- Exam Name: Professional Cloud Network Engineer
- Certification Provider: Google
- Latest update: Nov 23,2024
You have a storage bucket that contains two objects. Cloud CDN is enabled on the bucket, and both
objects have been successfully cached. Now you want to make sure that one of the two objects will not be cached anymore, and will always be served to the internet directly from the origin.
What should you do?
- A . Ensure that the object you don’t want to be cached anymore is not shared publicly.
- B . Create a new storage bucket, and move the object you don’t want to be checked anymore inside it. Then edit the bucket setting and enable the private attribute.
- C . Add an appropriate lifecycle rule on the storage bucket containing the two objects.
- D . Add a Cache-Control entry with value private to the metadata of the object you don’t want to be cached anymore. Invalidate all the previously cached copies.
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You have recently engaged a traffic-scrubbing service and want to restrict your origin to allow connections only from the traffic-scrubbing service.
What should you do?
- A . Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing
service. - B . Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
- C . Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.
- D . Create IP Tables firewall rules that block all traffic except for the traffic-scrubbing service.
Your software team is developing an on-premises web application that requires direct connectivity to Compute Engine Instances in GCP using the RFC 1918 address space.
You want to choose a connectivity solution from your on-premises environment to GCP, given these specifications:
Your ISP is a Google Partner Interconnect provider.
Your on-premises VPN device’s internet uplink and downlink speeds are 10 Gbps.
A test VPN connection between your on-premises gateway and GCP is performing at a maximum speed of 500 Mbps due to packet losses.
Most of the data transfer will be from GCP to the on-premises environment.
The application can burst up to 1.5 Gbps during peak transfers over the Interconnect.
Cost and the complexity of the solution should be minimal.
How should you provision the connectivity solution?
- A . Provision a Partner Interconnect through your ISP.
- B . Provision a Dedicated Interconnect instead of a VPN.
- C . Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using
ECMP. - D . Use network compression over your VPN to increase the amount of data you can send over your VPN.
Your company has just launched a new critical revenue-generating web application. You deployed the application for scalability using managed instance groups, autoscaling, and a network load balancer as frontend. One day, you notice severe bursty traffic that the caused autoscaling to reach the maximum number of instances, and users of your application cannot complete transactions. After an investigation, you think it as a DDOS attack. You want to quickly restore user access to your application and allow successful transactions while minimizing cost.
Which two steps should you take? (Choose two.)
- A . Use Cloud Armor to blacklist the attacker’s IP addresses.
- B . Increase the maximum autoscaling backend to accommodate the severe bursty traffic.
- C . Create a global HTTP(s) load balancer and move your application backend to this load balancer.
- D . Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline.
- E . SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.
You are creating a new application and require access to Cloud SQL from VPC instances without public IP addresses.
Which two actions should you take? (Choose two.)
- A . Activate the Service Networking API in your project.
- B . Activate the Cloud Datastore API in your project.
- C . Create a private connection to a service producer.
- D . Create a custom static route to allow the traffic to reach the Cloud SQL API.
- E . Enable Private Google Access.
You want to use Cloud Interconnect to connect your on-premises network to a GCP VPC. You cannot meet Google at one of its point-of-presence (POP) locations, and your on-premises router cannot run a Border Gateway Protocol (BGP) configuration.
Which connectivity model should you use?
- A . Direct Peering
- B . Dedicated Interconnect
- C . Partner Interconnect with a layer 2 partner
- D . Partner Interconnect with a layer 3 partner
You have configured a Compute Engine virtual machine instance as a NAT gateway.
You execute the following command:
gcloud compute routes create no-ip-internet-route
–network custom-network1
–destination-range 0.0.0.0/0
–next-hop instance nat-gateway
–next-hop instance-zone us-central1-a
–tags no-ip –priority 800
You want existing instances to use the new NAT gateway.
Which command should you execute?
- A . sudo sysctl -w net.ipv4.ip_forward=1
- B . gcloud compute instances add-tags [existing-instance] –tags no-ip
- C . gcloud builds submit –config=cloudbuild.waml –substitutions=TAG_NAME=no-ip
- D . gcloud compute instances create example-instance –network custom-network1
–subnet subnet-us-central
–no-address
–zone us-central1-a
–image-family debian-9
–image-project debian-cloud –tags no-ip
You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command.
Which next hop should you choose?
- A . The default internet gateway
- B . The IP address of the Cloud VPN gateway
- C . The name and region of the Cloud VPN tunnel
- D . The IP address of the instance on the remote side of the VPN tunnel
You need to enable Cloud CDN for all the objects inside a storage bucket. You want to ensure that all the object in the storage bucket can be served by the CDN.
What should you do in the GCP Console?
- A . Create a new cloud storage bucket, and then enable Cloud CDN on it.
- B . Create a new TCP load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
- C . Create a new SSL proxy load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
- D . Create a new HTTP load balancer, select the storage bucket as a backend, enable Cloud CDN on the backend, and make sure each object inside the storage bucket is shared publicly.
Your company’s Google Cloud-deployed, streaming application supports multiple languages. The application development team has asked you how they should support splitting audio and video traffic to different backend Google Cloud storage buckets. They want to use URL maps and minimize operational overhead.
They are currently using the following directory structure:
/fr/video
/en/video
/es/video
/../video
/fr/audio
/en/audio
/es/audio
/../audio
Which solution should you recommend?
- A . Rearrange the directory structure, create a URL map and leverage a path rule such as /video/* and /audio/*.
- B . Rearrange the directory structure, create DNS hostname entries for video and audio and leverage a path rule such as /video/* and /audio/*.
- C . Leave the directory structure as-is, create a URL map and leverage a path rule such as /[a-z]{2}/video and /[a-z]{2}/audio.
- D . Leave the directory structure as-is, create a URL map and leverage a path rule such as /*/video and /*/ audio.
Latest Professional Cloud Network Engineer Dumps Valid Version with 79 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
