CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Professional Cloud Network Engineer

Free Professional Cloud Network Engineer Exam Braindumps (page: 4)

Page 3 of 55
PDF with 215 Questions

You have deployed a new internal application that provides HTTP and TFTP services to on-premises hosts. You want to be able to distribute traffic across multiple Compute Engine instances, but need to ensure that clients are sticky to a particular instance across both services.

Which session affinity should you choose?

  1. None
  2. Client IP
  3. Client IP and protocol
  4. Client IP, port and protocol

Answer(s): B



You created a new VPC network named Dev with a single subnet. You added a firewall rule for the network Dev to allow HTTP traffic only and enabled logging.
When you try to log in to an instance in the subnet via Remote Desktop Protocol, the login fails. You look for the Firewall rules logs in Stackdriver Logging, but you do not see any entries for blocked traffic. You want to see the logs for blocked traffic.

What should you do?

  1. Check the VPC flow logs for the instance.
  2. Try connecting to the instance via SSH, and check the logs.
  3. Create a new firewall rule to allow traffic from port 22, and enable logs.
  4. Create a new firewall rule with priority 65500 to deny all traffic, and enable logs.

Answer(s): D

Explanation:

Ingress packets in VPC Flow Logs are sampled after ingress firewall rules. If an ingress firewall rule denies inbound packets, those packets are not sampled by VPC Flow Logs. We want to see the logs for blocked traffic so we have to look for them in firewall logs. https://cloud.google.com/vpc/docs/flow-logs#key_properties



You are trying to update firewall rules in a shared VPC for which you have been assigned only Network Admin permissions. You cannot modify the firewall rules. Your organization requires using the least privilege necessary.

Which level of permissions should you request?

  1. Security Admin privileges from the Shared VPC Admin.
  2. Service Project Admin privileges from the Shared VPC Admin.
  3. Shared VPC Admin privileges from the Organization Admin.
  4. Organization Admin privileges from the Organization Admin.

Answer(s): A

Explanation:

A Shared VPC Admin can define a Security Admin by granting an IAM member the Security Admin (compute.securityAdmin) role to the host project. Security Admins manage firewall rules and SSL certificates.



You want to create a service in GCP using IPv6.

What should you do?

  1. Create the instance with the designated IPv6 address.
  2. Configure a TCP Proxy with the designated IPv6 address.
  3. Configure a global load balancer with the designated IPv6 address.
  4. Configure an internal load balancer with the designated IPv6 address.

Answer(s): C

Explanation:

https://cloud.google.com/load-balancing/docs/load-balancing-overview mentions to use global load balancer for IPv6 termination.






Post your Comments and Discuss Google Professional Cloud Network Engineer exam with other Community members:

Professional Cloud Network Engineer Discussions & Posts