Most Recent Google Professional-Cloud-Network-Engineer Exam Questions & Answers

Prepare for the Google Professional Cloud Network Engineer exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Google Professional-Cloud-Network-Engineer exam and achieve success.

The questions for Professional-Cloud-Network-Engineer were last updated on Nov 19, 2024.

Viewing page 1 out of 43 pages.
Viewing questions 1-5 out of 215 questions

Get All 215 Questions & Answers

Question No. 1

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs.

Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)

AVPC peering

BShared VPC

CCloud VPN

DDedicated Interconnect

ECloud NAT

Show Answer

Correct Answer: A, C

Google Cloud VPC Network Peering allows internal IP address connectivity across two Virtual Private Cloud (VPC) networks regardless of whether they belong to the same project or the same organization.

Question No. 2

You are the Organization Admin for your company. One of your engineers is responsible for setting up multiple host projects across multiple folders and sharing subnets with service projects. You need to enable the engineer's Identity and Access Management (IAM) configuration to complete their task in the fewest number of steps. What should you do?

ASet up the engineer with Compute Shared VPC Admin IAM role at the folder level.

BSet up the engineer with Compute Shared VPC Admin IAM role at the organization level.

CSet up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the folder level.

DSet up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the organization level.

Show Answer

Correct Answer: B

Question No. 3

Your company has defined a resource hierarchy that includes a parent folder with subfolders for each department. Each department defines their respective project and VPC in the assigned folder and has the appropriate permissions to create Google Cloud firewall rules. The VPCs should not allow traffic to flow between them. You need to block all traffic from any source, including other VPCs, and delegate only the intra-VPC firewall rules to the respective departments. What should you do?

ACreate a VPC firewall rule in each VPC to block traffic from any source, with priority 0.

BCreate a VPC firewall rule in each VPC to block traffic from any source, with priority 1000.

CCreate two hierarchical firewall policies per department's folder with two rules in each: a high-priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to allow, and another lower-priority rule that blocks traffic from any other source.

DCreate two hierarchical firewall policies per department's folder with two rules in each: a high-priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to goto_next, and another lower-priority rule that blocks traffic from any other source.

Show Answer

Correct Answer: B

Question No. 4

You have several VMs across multiple VPCs in your cloud environment that require access to internet endpoints. These VMs cannot have public IP addresses due to security policies, so you plan to use Cloud NAT to provide outbound internet access. Within your VPCs, you have several subnets in each region. You want to ensure that only specific subnets have access to the internet through Cloud NAT. You want to avoid any unintentional configuration issues caused by other administrators and align to Google-recommended practices. What should you do?

ADeploy Cloud NAT in each VPC and configure a custom source range that includes the allowed subnets. Configure Cloud NAT rules to only permit the allowed subnets to egress through Cloud NAT.

BCreate a firewall rule in each VPC at priority 500 that targets all instances in the network and denies egress to the internet (0.0.0.0/0). Create a firewall rule at priority 300 that targets all instances in the network, has a source filter that maps to the allowed subnets, and allows egress to the internet (0.0.0.0/0). Deploy Cloud NAT and configure all primary and secondary subnet source ranges.

CCreate a firewall rule in each VPC at priority 500 that targets all instances in the network and denies egress to the internet (0.0.0.0/0). Create a firewall rule at priority 300 that targets all instances in the network, has a source filter that maps to the allowed subnets, and allows egress to the internet (0.0.0.0/0). Deploy Cloud NAT and configure a custom source range that includes the allowed subnets.

DCreate a constraints/compute.restrictCloudNATUsage organizational policy constraint. Attach the constraint to a folder that contains the associated projects. Configure the allowedValues to only contain the subnets that should have internet access. Deploy Cloud NAT and select only the allowed subnets.

Show Answer

Correct Answer: D

Using an organizational policy with the restrictCloudNATUsage constraint allows you to limit Cloud NAT usage to specific subnets, ensuring that only the necessary subnets can access the internet. This method aligns with Google-recommended practices for controlling Cloud NAT configurations across multiple VPCs and regions.

Question No. 5

You need to enable Cloud CDN for all the objects inside a storage bucket. You want to ensure that all the object in the storage bucket can be served by the CDN.

What should you do in the GCP Console?

ACreate a new cloud storage bucket, and then enable Cloud CDN on it.

BCreate a new TCP load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.

CCreate a new SSL proxy load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.

DCreate a new HTTP load balancer, select the storage bucket as a backend, enable Cloud CDN on the backend, and make sure each object inside the storage bucket is shared publicly.

Show Answer

Correct Answer: D

https://cloud.google.com/load-balancing/docs/https/adding-backend-buckets-to-load-balancers#using_cloud_cdn_with_cloud_storage_buckets

Cloud CDN needs HTTP(S) Load Balancers and Cloud Storage bucket has to be shared publicly. https://cloud.google.com/cdn/docs/setting-up-cdn-with-bucket

Unlock All Questions for Google Professional-Cloud-Network-Engineer Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 215 Questions & Answers