Most Recent Google Professional-Cloud-Network-Engineer Exam Questions & Answers

Prepare for the Google Professional Cloud Network Engineer exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Google Professional-Cloud-Network-Engineer exam and achieve success.

The questions for Professional-Cloud-Network-Engineer were last updated on Dec 19, 2024.

Viewing page 1 out of 43 pages.
Viewing questions 1-5 out of 215 questions

Get All 215 Questions & Answers

Question No. 1

You are in the process of deploying an internal HTTP(S) load balancer for your web server virtual machine (VM) Instances What two prerequisite tasks must be completed before creating the load balancer?

Choose 2 answers

AChoose a region.

Breate firewall rules for health checks

CReserve a static IP address for the load balancer

DDetermine the subnet mask for a proxy-only subnet.

EDetermine the subnet mask for Serverless VPC Access.

Show Answer

Correct Answer: B, C

The correct answer is B and C. You must create firewall rules for health checks and reserve a static IP address for the load balancer before creating the internal HTTP(S) load balancer.

The other options are not correct because:

Option A is not a prerequisite task. You can choose a region when you create the load balancer, but you do not need to do it beforehand.

Option D is not a prerequisite task. You can determine the subnet mask for a proxy-only subnet when you create the subnet, but you do not need to do it beforehand.

Option E is not related to the internal HTTP(S) load balancer. Serverless VPC Access is a feature that allows you to connect your serverless applications to your VPC network, but it is not required for the load balancer.

Question No. 2

You have several microservices running in a private subnet in an existing Virtual Private Cloud (VPC). You need to create additional serverless services that use Cloud Run and Cloud Functions to access the microservices. The network traffic volume between your serverless services and private microservices is low. However, each serverless service must be able to communicate with any of your microservices. You want to implement a solution that minimizes cost. What should you do?

ADeploy your serverless services to the serverless VPC. Peer the serverless service VPC to the existing VPC. Configure firewall rules to allow traffic between the serverless services and your existing microservices.

BCreate a serverless VPC access connector for each serverless service. Configure the connectors to allow traffic between the serverless services and your existing microservices.

CDeploy your serverless services to the existing VPC. Configure firewall rules to allow traffic between the serverless services and your existing microservices.

DCreate a serverless VPC access connector. Configure the serverless service to use the connector for communication to the microservices.

Show Answer

Correct Answer: D

Question No. 3

You are designing a new global application using Compute Engine instances that will be exposed by a global HTTP(S) load balancer. You need to secure your application from distributed denial-of-service and application layer (layer 7) attacks. What should you do?

AConfigure VPC Service Controls and create a secure perimeter. Define fine-grained perimeter controls and enforce that security posture across your Google Cloud services and projects.

BConfigure a Google Cloud Armor security policy in your project, and attach it to the backend service to secure the application.

CConfigure VPC firewall rules to protect the Compute Engine instances against distributed denial-of-service attacks.

DConfigure hierarchical firewall rules for the global HTTP(S) load balancer public IP address at the organization level.

Show Answer

Correct Answer: C

Question No. 4

Your organization uses a hub-and-spoke architecture with critical Compute Engine instances in your Virtual Private Clouds (VPCs). You are responsible for the design of Cloud DNS in Google Cloud. You need to be able to resolve Cloud DNS private zones from your on-premises data center and enable on-premises name resolution from your hub-and-spoke VPC design. What should you do?

AConfigure a private DNS zone in the hub VPC, and configure DNS forwarding to the on-premises server.
Configure DNS peering from the spoke VPCs to the hub VPC.

BConfigure a DNS policy in the hub VPC to allow inbound query forwarding from the spoke VPCs.
Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.

CConfigure a DNS policy in the spoke VPCs, and configure your on-premises DNS as an alternate DNS server.
Configure the hub VPC with a private zone, and set up DNS peering to each of the spoke VPCs.

DConfigure a DNS policy in the hub VPC, and configure the on-premises DNS as an alternate DNS server.
Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.

Show Answer

Correct Answer: C

Question No. 5

Your organization wants to deploy HA VPN over Cloud Interconnect to ensure encryption in transit over the Cloud Interconnect connections. You have created a Cloud Router and two encrypted VLAN attachments that have a 5 Gbps capacity and a BGP configuration. The BGP sessions are operational. You need to complete the deployment of the HA VPN over Cloud Interconnect. What should you do?

AEnable MACsec on Partner Interconnect.

BCreate an HA VPN gateway and associate the gateway with your two encrypted VLAN attachments. Configure the HA VPN Cloud Router, peer VPN gateway resources, and HA VPN tunnels. Use the same Cloud Router used for the Cloud Interconnect tier.

CCreate an HA VPN gateway and associate the gateway with your two encrypted VLAN attachments. Create a new dedicated HA VPN Cloud Router peer VPN gateway resources and HA VPN tunnels.

DEnable MACsec for Cloud Interconnect on the VLAN attachments.

Show Answer

Correct Answer: B

For secure traffic over Cloud Interconnect, you configure an HA VPN gateway to work with existing VLAN attachments and use the same Cloud Router. This setup integrates seamlessly, leveraging the established BGP sessions for VPN tunnel configurations.

Unlock All Questions for Google Professional-Cloud-Network-Engineer Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 215 Questions & Answers