CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Professional Cloud Network Engineer

Free Professional Cloud Network Engineer Exam Braindumps (page: 15)

Page 14 of 55
PDF with 215 Questions

Your software team is developing an on-premises web application that requires direct connectivity to Compute Engine Instances in GCP using the RFC 1918 address space. You want to choose a connectivity solution from your on-premises environment to GCP, given these specifications:

Your ISP is a Google Partner Interconnect provider.
Your on-premises VPN device's internet uplink and downlink speeds are 10 Gbps. A test VPN connection between your on-premises gateway and GCP is performing at a maximum speed of 500 Mbps due to packet losses.
Most of the data transfer will be from GCP to the on-premises environment. The application can burst up to 1.5 Gbps during peak transfers over the Interconnect. Cost and the complexity of the solution should be minimal.

How should you provision the connectivity solution?

  1. Provision a Partner Interconnect through your ISP.
  2. Provision a Dedicated Interconnect instead of a VPN.
  3. Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using ECMP.
  4. Use network compression over your VPN to increase the amount of data you can send over your VPN.

Answer(s): A

Explanation:

Direct Interconnect will be too expensive and also an overkill for this requirement. Managing multiple tunnels that too with packet loss consideration is complex also.
Whereas partner interconnect fits the bill with providing required bandwidth but not super expensive also once setup not too complex too manage.



Your company has just launched a new critical revenue-generating web application. You deployed the application for scalability using managed instance groups, autoscaling, and a network load balancer as frontend. One day, you notice severe bursty traffic that the caused autoscaling to reach the maximum number of instances, and users of your application cannot complete transactions. After an investigation, you think it as a DDOS attack. You want to quickly restore user access to your application and allow successful transactions while minimizing cost.

Which two steps should you take? (Choose two.)

  1. Use Cloud Armor to blacklist the attacker's IP addresses.
  2. Increase the maximum autoscaling backend to accommodate the severe bursty traffic.
  3. Create a global HTTP(s) load balancer and move your application backend to this load balancer.
  4. Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline.
  5. SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.

Answer(s): B,E



You are creating a new application and require access to Cloud SQL from VPC instances without public IP addresses.

Which two actions should you take? (Choose two.)

  1. Activate the Service Networking API in your project.
  2. Activate the Cloud Datastore API in your project.
  3. Create a private connection to a service producer.
  4. Create a custom static route to allow the traffic to reach the Cloud SQL API.
  5. Enable Private Google Access.

Answer(s): C,E

Explanation:

https://cloud.google.com/sql/docs/mysql/configure-private-services-access#console_1

C: If you are using private IP for any of your Cloud SQL instances, you only need to configure private services access one time for every Google Cloud project that has or needs to connect to a Cloud SQL instance. If your Google Cloud project has a Cloud SQL instance, you can either configure it yourself or let Cloud SQL do it for you to use private IP. Cloud SQL configures private services access for you when all the conditions below are true: https://cloud.google.com/sql/docs/postgres/configure- private-services-access#before_you_begin
E: You can enable Private Google access on a subnet level and any VMs on that subnet can access Google APIs by using their internal IP address. https://cloud.google.com/vpc/docs/configure-private- google-access



You want to use Cloud Interconnect to connect your on-premises network to a GCP VPC. You cannot meet Google at one of its point-of-presence (POP) locations, and your on-premises router cannot run a Border Gateway Protocol (BGP) configuration.

Which connectivity model should you use?

  1. Direct Peering
  2. Dedicated Interconnect
  3. Partner Interconnect with a layer 2 partner
  4. Partner Interconnect with a layer 3 partner

Answer(s): D

Explanation:

https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview For Layer 3 connections, your service provider establishes a BGP session between your Cloud Routers and their edge routers for each VLAN attachment. You don't need to configure BGP on your on-premises router. Google and your service provider automatically set the correct configurations.

https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner- overview#connectivity-type






Post your Comments and Discuss Google Professional Cloud Network Engineer exam with other Community members:

Professional Cloud Network Engineer Discussions & Posts