CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Professional Cloud Network Engineer

Free Professional Cloud Network Engineer Exam Braindumps (page: 29)

Page 28 of 55
PDF with 215 Questions

You recently deployed Compute Engine instances in regions us-west1 and us-east1 in a Virtual Private Cloud (VPC) with default routing configurations. Your company security policy mandates that virtual machines (VMs) must not have public IP addresses attached to them. You need to allow your instances to fetch updates from the internet while preventing external access.
What should you do?

  1. Create a Cloud NAT gateway and Cloud Router in both us-west1 and us-east1.
  2. Create a single global Cloud NAT gateway and global Cloud Router in the VPC.
  3. Change the instances' network interface external IP address from None to Ephemeral.
  4. Create a firewall rule that allows egress to destination 0.0.0.0/0.

Answer(s): A



You are designing a new global application using Compute Engine instances that will be exposed by a global HTTP(S) load balancer. You need to secure your application from distributed denial-of-service and application layer (layer 7) attacks.
What should you do?

  1. Configure VPC Service Controls and create a secure perimeter. Define fine-grained perimeter controls and enforce that security posture across your Google Cloud services and projects.
  2. Configure a Google Cloud Armor security policy in your project, and attach it to the backend service to secure the application.
  3. Configure VPC firewall rules to protect the Compute Engine instances against distributed denial-of- service attacks.
  4. Configure hierarchical firewall rules for the global HTTP(S) load balancer public IP address at the organization level.

Answer(s): C



Your organization's security policy requires that all internet-bound traffic return to your on-premises data center through HA VPN tunnels before egressing to the internet, while allowing virtual machines (VMs) to leverage private Google APIs using private virtual IP addresses 199.36.153.4/30. You need to configure the routes to enable these traffic flows.
What should you do?

  1. Configure a custom route 0.0.0.0/0 with a priority of 500 whose next hop is the default internet gateway. Configure another custom route 199.36.153.4/30 with priority of 1000 whose next hop is the VPN tunnel back to the on-premises data center.
  2. Configure a custom route 0.0.0.0/0 with a priority of 1000 whose next hop is the internet gateway.
    Configure another custom route 199.36.153.4/30 with a priority of 500 whose next hop is the VPN tunnel back to the on-premises data center.
  3. Announce a 0.0.0.0/0 route from your on-premises router with a MED of 1000. Configure a custom route 199.36.153.4/30 with a priority of 1000 whose next hop is the default internet gateway.
  4. Announce a 0.0.0.0/0 route from your on-premises router with a MED of 500. Configure another custom route 199.36.153.4/30 with a priority of 1000 whose next hop is the VPN tunnel back to the on-
    premises data center.

Answer(s): A



Your company has defined a resource hierarchy that includes a parent folder with subfolders for each department. Each department defines their respective project and VPC in the assigned folder and has the appropriate permissions to create Google Cloud firewall rules. The VPCs should not allow traffic to flow between them. You need to block all traffic from any source, including other VPCs, and delegate only the intra-VPC firewall rules to the respective departments.
What should you do?

  1. Create a VPC firewall rule in each VPC to block traffic from any source, with priority 0.
  2. Create a VPC firewall rule in each VPC to block traffic from any source, with priority 1000.
  3. Create two hierarchical firewall policies per department's folder with two rules in each: a high- priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to allow, and another lower-priority rule that blocks traffic from any other source.
  4. Create two hierarchical firewall policies per department's folder with two rules in each: a high- priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to goto_next, and another lower-priority rule that blocks traffic from any other source.

Answer(s): B






Post your Comments and Discuss Google Professional Cloud Network Engineer exam with other Community members:

Professional Cloud Network Engineer Discussions & Posts