CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Professional Cloud Network Engineer

Free Professional Cloud Network Engineer Exam Braindumps (page: 24)

Page 23 of 55
PDF with 215 Questions

You are the network administrator responsible for hybrid connectivity at your organization. Your developer team wants to use Cloud SQL in the us-west1 region in your Shared VPC. You configured a Dedicated Interconnect connection and a Cloud Router in us-west1, and the connectivity between your Shared VPC and on-premises data center is working as expected. You just created the private services access connection required for Cloud SQL using the reserved IP address range and default settings. However, your developers cannot access the Cloud SQL instance from on-premises. You want to resolve the issue.
What should you do?

  1. Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes.
    Create a custom route advertisement in your Cloud Router to advertise the Cloud SQL IP address range.
  2. Change the VPC routing mode to global.
    Create a custom route advertisement in your Cloud Router to advertise the Cloud SQL IP address range.
  3. Create an additional Cloud Router in us-west2.
    Create a new Border Gateway Protocol (BGP) peering connection to your on-premises data center.
    Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes.
  4. Change the VPC routing mode to global.
    Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes.

Answer(s): A



Your company has separate Virtual Private Cloud (VPC) networks in a single region for two departments: Sales and Finance. The Sales department's VPC network already has connectivity to on- premises locations using HA VPN, and you have confirmed that the subnet ranges do not overlap. You plan to peer both VPC networks to use the same HA tunnels for on-premises connectivity, while providing internet connectivity for the Google Cloud workloads through Cloud NAT. Internet access from the on-premises locations should not flow through Google Cloud. You need to propagate all routes between the Finance department and on-premises locations.
What should you do?

  1. Peer the two VPCs, and use the default configuration for the Cloud Routers.
  2. Peer the two VPCs, and use Cloud Router's custom route advertisements to announce the peered VPC network ranges to the on-premises locations.
  3. Peer the two VPCs. Configure VPC Network Peering to export custom routes from Sales and import custom routes on Finance's VPC network. Use Cloud Router's custom route advertisements to announce a default route to the on-premises locations.
  4. Peer the two VPCs. Configure VPC Network Peering to export custom routes from Sales and import custom routes on Finance's VPC network. Use Cloud Router's custom route advertisements to announce the peered VPC network ranges to the on-premises locations.

Answer(s): A



You recently noticed a recurring daily spike in network usage in your Google Cloud project. You need to identify the virtual machine (VM) instances and type of traffic causing the spike in traffic utilization while minimizing the cost and management overhead required.
What should you do?

  1. Enable VPC Flow Logs and send the output to BigQuery for analysis.
  2. Enable Firewall Rules Logging for all allowed traffic and send the output to BigQuery for analysis.
  3. Configure Packet Mirroring to send all traffic to a VM. Use Wireshark on the VM to identity traffic utilization for each VM in the VP
  4. Deploy a third-party network appliance and configure it as the default gateway. Use the third- party network appliance to identify users with high network traffic.

Answer(s): C



You need to enable Private Google Access for use by some subnets within your Virtual Private Cloud (VPC). Your security team set up the VPC to send all internet-bound traffic back to the on- premises data center for inspection before egressing to the internet, and is also implementing VPC Service Controls in the environment for API-level security control. You have already enabled the subnets for Private Google Access.
What configuration changes should you make to enable Private Google Access while adhering to your security team's requirements?

  1. Create a private DNS zone with a CNAME record for *.googleapis.com to restricted.googleapis.com, with an A record pointing to Google's restricted API address range.
    Create a custom route that points Google's restricted API address range to the default internet gateway as the next hop.
  2. Create a private DNS zone with a CNAME record for *.googleapis.com to restricted.googleapis.com, with an A record pointing to Google's restricted API address range.
    Change the custom route that points the default route (0/0) to the default internet gateway as the next hop.
  3. Create a private DNS zone with a CNAME record for *.googleapis.com to private.googleapis.com, with an A record painting to Google's private AP address range.
    Change the custom route that points the default route (0/0) to the default internet gateway as the next hop.
  4. Create a private DNS zone with a CNAME record for *.googleapis.com to private.googleapis.com, with an A record pointing to Google's private API address range.
    Create a custom route that points Google's private API address range to the default internet gateway as the next hop.

Answer(s): C






Post your Comments and Discuss Google Professional Cloud Network Engineer exam with other Community members:

Professional Cloud Network Engineer Discussions & Posts