CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Google
  5. Professional Cloud Network Engineer

Free Professional Cloud Network Engineer Exam Braindumps (page: 6)

Page 5 of 55
PDF with 215 Questions

Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren't certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users.

What should you do?

  1. Create a Cloud Armor Policy rule that denies traffic and review necessary logs.
  2. Create a Cloud Armor Policy rule that denies traffic, enable preview mode, and review necessary logs.
  3. Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to disabled, and review necessary logs.
  4. Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to enabled, and review necessary logs.

Answer(s): B

Explanation:

https://cloud.google.com/armor/docs/security-policy-concepts#preview_mode



Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.

How should you deploy this service in GCP?

  1. Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.
  2. Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.
  3. Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.
  4. Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal-priority static routes to the backend servers.

Answer(s): B



You decide to set up Cloud NAT. After completing the configuration, you find that one of your instances is not using the Cloud NAT for outbound NAT.

What is the most likely cause of this problem?

  1. The instance has been configured with multiple interfaces.
  2. An external IP address has been configured on the instance.
  3. You have created static routes that use RFC1918 ranges.
  4. The instance is accessible by a load balancer external IP address.

Answer(s): B



You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BGP) session, and the other one acts as a standby.

Which BGP attribute should you use on your on-premises router?

  1. AS-Path
  2. Community
  3. Local Preference
  4. Multi-exit Discriminator

Answer(s): D






Post your Comments and Discuss Google Professional Cloud Network Engineer exam with other Community members:

Professional Cloud Network Engineer Discussions & Posts