Question # 1 Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with on-premises connectivity already in place. You are deploying a new application using Google Kubernetes Engine (GKE), which must be accessible only from the same VPC network and on-premises locations. You must ensure that the GKE control plane is exposed to a predefined list of on-premises subnets through private connectivity only. What should you do?
A. Create a GKE private cluster with a private endpoint for the control plane. Configure VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers. Configure authorized networks to specify the desired on-premises subnets.
B. Create a GKE private cluster with a public endpoint for the control plane. Configure VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers.
C. Create a GKE private cluster with a private endpoint for the control plane. Configure authorized networks to specify the desired on-premises subnets.
D. Create a GKE public cluster. Configure authorized networks to specify the desired onpremises subnets.
Click for Answer
C. Create a GKE private cluster with a private endpoint for the control plane. Configure authorized networks to specify the desired on-premises subnets.
Question # 2 Your company has separate Virtual Private Cloud (VPC) networks in a single region for two departments: Sales and Finance. The Sales department's VPC network already has connectivity to on-premises locations using HA VPN, and you have confirmed that the subnet ranges do not overlap. You plan to peer both VPC networks to use the same HA tunnels for on-premises connectivity, while providing internet connectivity for the Google Cloud workloads through Cloud NAT. Internet access from the on-premises locations should not flow through Google Cloud. You need to propagate all routes between the Finance department and on-premises locations. What should you do?
A. Peer the two VPCs, and use the default configuration for the Cloud Routers.
B. Peer the two VPCs, and use Cloud Router’s custom route advertisements to announce the peered VPC network ranges to the on-premises locations.
C. Peer the two VPCs. Configure VPC Network Peering to export custom routes from Sales and import custom routes on Finance's VPC network. Use Cloud Router’s custom route advertisements to announce a default route to the on-premises locations.
D. Peer the two VPCs. Configure VPC Network Peering to export custom routes from Sales and import custom routes on Finance's VPC network. Use Cloud Router’s custom route advertisements to announce the peered VPC network ranges to the on-premises locations.
Click for Answer
A. Peer the two VPCs, and use the default configuration for the Cloud Routers.
Question # 3 In your Google Cloud organization, you have two folders: Dev and Prod. You want a scalable and consistent way to enforce the following firewall rules for all virtual machines (VMs) with minimal cost: Port 8080 should always be open for VMs in the projects in the Dev folder. Any traffic to port 8080 should be denied for all VMs in your projects in the Prod folder. What should you do?
A. Create and associate a firewall policy with the Dev folder with a rule to open port 8080. Create and associate a firewall policy with the Prod folder with a rule to deny traffic to port 8080.
B. Create a Shared VPC for the Dev projects and a Shared VPC for the Prod projects. Create a VPC firewall rule to open port 8080 in the Shared VPC for Dev. Create a firewall rule to deny traffic to port 8080 in the Shared VPC for Prod. Deploy VMs to those Shared VPCs.
C. In all VPCs for the Dev projects, create a VPC firewall rule to open port 8080. In all VPCs for the Prod projects, create a VPC firewall rule to deny traffic to port 8080.
D. Use Anthos Config Connector to enforce a security policy to open port 8080 on the Dev VMs and deny traffic to port 8080 on the Prod VMs.
Click for Answer
A. Create and associate a firewall policy with the Dev folder with a rule to open port 8080. Create and associate a firewall policy with the Prod folder with a rule to deny traffic to port 8080.
Question # 4 Your company has defined a resource hierarchy that includes a parent folder with subfolders for each department. Each department defines their respective project and VPC in the assigned folder and has the appropriate permissions to create Google Cloud firewall rules. The VPCs should not allow traffic to flow between them. You need to block all traffic from any source, including other VPCs, and delegate only the intra-VPC firewall rules to the respective departments. What should you do?
A. Create a VPC firewall rule in each VPC to block traffic from any source, with priority 0.
B. Create a VPC firewall rule in each VPC to block traffic from any source, with priority 1000.
C. Create two hierarchical firewall policies per department's folder with two rules in each: a high-priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to allow, and another lower-priority rule that blocks traffic from any other source.
D. Create two hierarchical firewall policies per department's folder with two rules in each: a high-priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to goto_next, and another lower-priority rule that blocks traffic from any other source.
Click for Answer
B. Create a VPC firewall rule in each VPC to block traffic from any source, with priority 1000.
Question # 5 Your company has just launched a new critical revenue-generating web application. You deployed the application for scalability using managed instance groups, autoscaling, and a network load balancer as frontend. One day, you notice severe bursty traffic that the caused autoscaling to reach the maximum number of instances, and users of your application cannot complete transactions. After an investigation, you think it as a DDOS attack. You want to quickly restore user access to your application and allow successful transactions while minimizing cost. Which two steps should you take? (Choose two.)
A. Use Cloud Armor to blacklist the attacker’s IP addresses
B. Increase the maximum autoscaling backend to accommodate the severe bursty traffic
C. Create a global HTTP(s) load balancer and move your application backend to this load balancer.
D. Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline
E. SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.
Click for Answer
B. Increase the maximum autoscaling backend to accommodate the severe bursty traffic
E. SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.
Question # 6 You are deploying a global external TCP load balancing solution and want to preserve the source IP address of the original layer 3 payload. Which type of load balancer should you use?
A. HTTP(S) load balancer
B. Network load balancer
C. Internal load balancer
D. TCP/SSL proxy load balancer
Click for Answer
D. TCP/SSL proxy load balancer
Answer Description By default TCP/SSL proxy load balancer original client IP address and port information is not preserved, but it can be preserved using the PROXY protocol: https://cloud.google.com/load-balancing/docs/tcp#target-proxies https://medium.com/google-cloud/preserving-client-ips-through-google-clouds-global-tcpand- ssl-proxy-load-balancers-3697d76feeb1 Reference: https://cloud.google.com/load-balancing/docs/network
Question # 7 You need to establish network connectivity between three Virtual Private Cloud networks, Sales, Marketing, and Finance, so that users can access resources in all three VPCs. You configure VPC peering between the Sales VPC and the Finance VPC. You also configure VPC peering between the Marketing VPC and the Finance VPC. After you complete the configuration, some users cannot connect to resources in the Sales VPC and the Marketing VPC. You want to resolve the problem. What should you do?
A. Configure VPC peering in a full mesh.
B. Alter the routing table to resolve the asymmetric route
C. Create network tags to allow connectivity between all three VPCs.
D. Delete the legacy network and recreate it to allow transitive peering.
Click for Answer
A. Configure VPC peering in a full mesh.
Question # 8 You successfully provisioned a single Dedicated Interconnect. The physical connection is at a colocation facility closest to us-west2. Seventy-five percent of your workloads are in us-east4, and the remaining twenty-five percent of your workloads are in us-central1. All workloads have the same network traffic profile. You need to minimize data transfer costs when deploying VLAN attachments. What should you do?
A. Keep the existing Dedicated interconnect. Deploy a VLAN attachment to a Cloud Router in us-west2, and use VPC global routing to access workloads in us-east4 and us-central1.
B. Keep the existing Dedicated Interconnect. Deploy a VLAN attachment to a Cloud Router in us-east4, and deploy another VLAN attachment to a Cloud Router in us-central1.
C. Order a new Dedicated Interconnect for a colocation facility closest to us-east4, and use VPC global routing to access workloads in us-central1.
D. Order a new Dedicated Interconnect for a colocation facility closest to us-central1, and use VPC global routing to access workloads in us-east4.
Click for Answer
C. Order a new Dedicated Interconnect for a colocation facility closest to us-east4, and use VPC global routing to access workloads in us-central1.
Up-to-Date
We always provide up-to-date Professional-Cloud-Network-Engineer exam dumps to our clients. Keep checking website for updates and download.
Excellence
Quality and excellence of our Google Cloud Certified - Professional Cloud Network Engineer practice questions are above customers expectations. Contact live chat to know more.
Success
Your SUCCESS is assured with the Professional-Cloud-Network-Engineer exam questions of passin1day.com. Just Buy, Prepare and PASS!
Quality
All our braindumps are verified with their correct answers. Download Google Cloud Platform Practice tests in a printable PDF format.
Basic
$80
Any 3 Exams of Your Choice
3 Exams PDF + Online Test Engine
Buy Now
Premium
$100
Any 4 Exams of Your Choice
4 Exams PDF + Online Test Engine
Buy Now
Gold
$125
Any 5 Exams of Your Choice
5 Exams PDF + Online Test Engine
Buy Now
Passin1Day has a big success story in last 12 years with a long list of satisfied customers.
We are UK based company, selling Professional-Cloud-Network-Engineer practice test questions answers. We have a team of 34 people in Research, Writing, QA, Sales, Support and Marketing departments and helping people get success in their life.
We dont have a single unsatisfied Google customer in this time. Our customers are our asset and precious to us more than their money.
Professional-Cloud-Network-Engineer Dumps
We have recently updated Google Professional-Cloud-Network-Engineer dumps study guide. You can use our Google Cloud Platform braindumps and pass your exam in just 24 hours. Our Google Cloud Certified - Professional Cloud Network Engineer real exam contains latest questions. We are providing Google Professional-Cloud-Network-Engineer dumps with updates for 3 months. You can purchase in advance and start studying. Whenever Google update Google Cloud Certified - Professional Cloud Network Engineer exam, we also update our file with new questions. Passin1day is here to provide real Professional-Cloud-Network-Engineer exam questions to people who find it difficult to pass exam
Google Cloud Platform can advance your marketability and prove to be a key to differentiating you from those who have no certification and Passin1day is there to help you pass exam with Professional-Cloud-Network-Engineer dumps. Google Certifications demonstrate your competence and make your discerning employers recognize that Google Cloud Certified - Professional Cloud Network Engineer certified employees are more valuable to their organizations and customers. We have helped thousands of customers so far in achieving their goals. Our excellent comprehensive Google exam dumps will enable you to pass your certification Google Cloud Platform exam in just a single try. Passin1day is offering Professional-Cloud-Network-Engineer braindumps which are accurate and of high-quality verified by the IT professionals. Candidates can instantly download Google Cloud Platform dumps and access them at any device after purchase. Online Google Cloud Certified - Professional Cloud Network Engineer practice tests are planned and designed to prepare you completely for the real Google exam condition. Free Professional-Cloud-Network-Engineer dumps demos can be available on customer’s demand to check before placing an order.
What Our Customers Say
Jeff Brown
Thanks you so much passin1day.com team for all the help that you have provided me in my Google exam. I will use your dumps for next certification as well.
Mareena Frederick
You guys are awesome. Even 1 day is too much. I prepared my exam in just 3 hours with your Professional-Cloud-Network-Engineer exam dumps and passed it in first attempt :)
Ralph Donald
I am the fully satisfied customer of passin1day.com. I have passed my exam using your Google Cloud Certified - Professional Cloud Network Engineer braindumps in first attempt. You guys are the secret behind my success ;)
Lilly Solomon
I was so depressed when I get failed in my Cisco exam but thanks GOD you guys exist and helped me in passing my exams. I am nothing without you.