Free Professional Cloud Network Engineer Exam Braindumps (page: 27)

Page 26 of 55

Your company has 10 separate Virtual Private Cloud (VPC) networks, with one VPC per project in a single region in Google Cloud. Your security team requires each VPC network to have private connectivity to the main on-premises location via a Partner Interconnect connection in the same region. To optimize cost and operations, the same connectivity must be shared with all projects. You must ensure that all traffic between different projects, on-premises locations, and the internet can be inspected using the same third-party appliances.
What should you do?

  1. Configure the third-party appliances with multiple interfaces and specific Partner Interconnect VLAN attachments per project. Create the relevant routes on the third-party appliances and VPC networks.
  2. Configure the third-party appliances with multiple interfaces, with each interface connected to a separate VPC network. Create separate VPC networks for on- premises and internet connectivity.
    Create the relevant routes on the third-party appliances and VPC networks.
  3. Consolidate all existing projects' subnetworks into a single VP Create separate VPC networks for on-premises and internet connectivity. Configure the third-party appliances with multiple interfaces, with each interface connected to a separate VPC network. Create the relevant routes on the third- party appliances and VPC networks.
  4. Configure the third-party appliances with multiple interfaces. Create a hub VPC network for all projects, and create separate VPC networks for on-premises and internet connectivity. Create the relevant routes on the third-party appliances and VPC networks. Use VPC Network Peering to connect all projects' VPC networks to the hub VPC. Export custom routes from the hub VPC and import on all projects' VPC networks.

Answer(s): D



You have just deployed your infrastructure on Google Cloud. You now need to configure the DNS to meet the following requirements:
Your on-premises resources should resolve your Google Cloud zones. Your Google Cloud resources should resolve your on-premises zones. You need the ability to resolve ". internal" zones provisioned by Google Cloud.
What should you do?

  1. Configure an outbound server policy, and set your alternative name server to be your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.
  2. Configure both an inbound server policy and outbound DNS forwarding zones with the target as the on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.
  3. Configure an outbound DNS server policy, and set your alternative name server to be your on- premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.
  4. Configure Cloud DNS to DNS peer with your on-premises DNS resolver. Configure your on- premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.

Answer(s): A



Your organization uses a hub-and-spoke architecture with critical Compute Engine instances in your Virtual Private Clouds (VPCs). You are responsible for the design of Cloud DNS in Google Cloud. You need to be able to resolve Cloud DNS private zones from your on-premises data center and enable on-premises name resolution from your hub-and-spoke VPC design.
What should you do?

  1. Configure a private DNS zone in the hub VPC, and configure DNS forwarding to the on-premises server.
    Configure DNS peering from the spoke VPCs to the hub VPC.
  2. Configure a DNS policy in the hub VPC to allow inbound query forwarding from the spoke VPCs.
    Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.
  3. Configure a DNS policy in the spoke VPCs, and configure your on-premises DNS as an alternate DNS server.
    Configure the hub VPC with a private zone, and set up DNS peering to each of the spoke VPCs.
  4. Configure a DNS policy in the hub VPC, and configure the on-premises DNS as an alternate DNS server.
    Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.

Answer(s): C



You have a Cloud Storage bucket in Google Cloud project XYZ. The bucket contains sensitive dat

  1. You need to design a solution to ensure that only instances belonging to VPCs under project XYZ can access the data stored in this Cloud Storage bucket.
    What should you do?
  2. Configure Private Google Access to privately access the Cloud Storage service using private IP addresses.
  3. Configure a VPC Service Controls perimeter around project XYZ, and include storage.googleapis.com as a restricted service in the service perimeter.
  4. Configure Cloud Storage with projectPrivate Access Control List (ACL) that gives permission to the project team based on their roles.
  5. Configure Private Service Connect to privately access Cloud Storage from all VPCs under project XYZ.

Answer(s): C






Post your Comments and Discuss Google Professional Cloud Network Engineer exam with other Community members:

Professional Cloud Network Engineer Discussions & Posts