Google Professional Cloud Network Engineer Practice Exam PR000116
gcp-examquestions2020-08-25T10:43:23+07:00Notes: Hi all, Google Professional Cloud Network Engineer Practice Exam will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take Google Professional Cloud Network Engineer Guarantee Part because it includes real questions and highlighted answers are collected in our exam. It will help you pass the exam in an easier way.
For PDF Version: https://gcp-examquestions.com/gcp-pro-network-engineer-practice/
Quiz-summary
0 of 20 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
Information
GCP-NETWORK-ENGINEER-PART1
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 20 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- Answered
- Review
- Question 1 of 20
1. Question
You are designing a new VPC network that will route traffic to networks in your company’s private data center. You want to ensure that your VPC can support high availability in the future. The data center team requires you to use a routing protocol that can dynamically fail over if there is a link failure in the data center. Your management requires your design to use only native cloud services. Which routing protocol should you use?
CorrectIncorrectHint
Answers: A is correct because BGP is the only routing protocol supported by Google Cloud Router . You will need to use cloud router given the restriction of only using cloud native services.
https://cloud.google.com/router/docs/concepts/overview - Question 2 of 20
2. Question
Your new project currently requires 5 gigabits per second (Gbps) of egress traffic from your Google Cloud environment to your company’s private data center, but may scale up to 80 Gbps of traffic in the future. You do not have any public addresses to use. Your company is looking for the most cost-effective long-term solution. Which type of connection should you use?
CorrectIncorrectHint
Answers: C is correct because while you only need 5Gbps now, your future capacity will require more than a single 10Gbps connection can handle.
https://cloud.google.com/interconnect/docs/how-to/choose-type
https://cloud.google.com/interconnect/ - Question 3 of 20
3. Question
Your company just moved to GCP. You configured separate VPC networks for the Finance and Sales departments. Finance needs access to some resources that are part of the Sales VPC. You want to allow the private RFC 1918 address space traffic to flow between Sales and Finance VPCs without any additional cost and without compromising the security or performance. What should you do?
CorrectIncorrectHint
Answers: B is correct because VPC network peering allows traffic to flow between two vpcs over private 1918 address space without compromising the security or performance at no additional cost.
- Question 4 of 20
4. Question
You create a VPC named Prod in custom mode with two subnets, as shown below. You want to make sure that:
1) Only App VM can access the DB VM instance,
2) Web VM can access App VM,
3) Users outside the VPC can send HTTPS requests to Web VM only. Which two firewall rules should you create?
CorrectIncorrectHint
Answers: C is correct because this rule will allow traffic from app VM to db VM.
Answers: D is correct because this will allow outside users to send request to web VM.
https://cloud.google.com/vpc/docs/using-flow-logs - Question 5 of 20
5. Question
You created two subnets named Test and Web in the same VPC network. You enabled VPC Flow Logs for the Web subnet. You are trying to connect instances in the Test subnet to the web servers running in the Web subnet, but all of the connections are failing. You do not see any entries in the Stackdriver logs. What should you do?
CorrectIncorrectHint
Answers: C is correct because the traffic is being blocked by the firewall rule. Once configured, the request will reach to the VM and the flow will be logged in the stackdriver.
https://cloud.google.com/vpc/docs/using-flow-logs
https://cloud.google.com/vpc/docs/using-vpc - Question 6 of 20
6. Question
You need to configure a static route as a backup to an existing static route. You want to ensure that the new route is only used when the existing route is no longer available. What should you do?
CorrectIncorrectHint
Answers: C is correct because the higher value will make the route take effect only when the lower value route is not available.
https://cloud.google.com/vpc/docs/routes#routeselection
https://cloud.google.com/vpc/docs/routes#individualroutes - Question 7 of 20
7. Question
You are configuring the backend service for a new Google Cloud HTTPS load balancer. The application requires high availability and multiple subnets and needs to scale automatically. Which backend configuration should you choose?
CorrectIncorrectHint
Answers: B is correct because it allows the application to be deployed in multiple zones within a region.
https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances
https://cloud.google.com/compute/docs/instance-groups/distributing-instances-with-regional-instance-groups
https://cloud.google.com/compute/docs/instance-groups/#unmanaged_instance_groups
https://cloud.google.com/load-balancing/docs/negs/ - Question 8 of 20
8. Question
You have the Google Cloud load balancer backend configuration shown below. You want to reduce your instance group utilization by 20%. Which settings should you use?
CorrectIncorrectHint
Answers: B is correct because you are changing the overall instance group utilization by 20%.
https://cloud.google.com/load-balancing/docs/backend-service
https://cloud.google.com/compute/docs/autoscaler/scaling-cpu-load-balancing#scaling_based_on_https_load_balancing_serving_capacity - Question 9 of 20
9. Question
You are configuring a hybrid cloud topology for your organization. You are using Cloud VPN and Cloud Router to establish connectivity to your on-premises environment. You need to transfer data from on-premises to a Cloud Storage bucket and to BigQuery. Your organization has a strict security policy that mandates the use of VPN for communication to the cloud. You want to follow Google-recommended practices. What should you do?
CorrectIncorrectHint
Answers: C Is correct because it enables On-Prem Private API access, allowing VPN and Interconnect customers to reach APIs such as bigquery and cloud storage natively across an interconnect/VPN connection.
https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid - Question 10 of 20
10. Question
You work for a university that is migrating to GCP. You are part of a centralized networking administration team. You require on-premises connectivity with 10 Gbps and lowest-latency access to the cloud. Several applications need to be lifted and shifted with hard-coded IP addresses.You want to connect a small remote campus location that has multiple CIDR ranges to the Cloud using an on-premises BGP-capable VPN Gateway across a public internet link. The on-premises Gateway only supports IKEv1 and has a throughput requirement of up to 3 Gbps. You want to follow Google-recommended practices. What should you do?
CorrectIncorrectHint
Answers: C is correct because using Cloud VPN using Dynamic Routes allows you to support IKEv1 with multiple CIDR blocks. Also, 2 VPN gateways is enough to support 3Gbps.
https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing#route-alignment - Question 11 of 20
11. Question
You are using a single Cloud Router to exchange routes between your VPC and on-premises network with Dedicated Interconnect. You want to make sure you can still forward traffic, even if all the Cloud Routers in a region go down. What should you do?
CorrectIncorrectHint
Answers: C is correct because global routing allows a Cloud Router in a different region to announce another region’s routes.
https://cloud.google.com/interconnect/docs/tutorials/dedicated-creating-9999-availability - Question 12 of 20
12. Question
You work on a centralized network administration team for a multinational enterprise that is moving to GCP. Your company has on-premises data centers located in the United States in Oregon and New York, with dedicated interconnects to cloud regions us-west1 and us-east4. There are multiple regional offices in Europe and APAC and regional data processing in europe-west1 and australia-southeast1.You want to configure your Cloud Routers so that data from the US data centers can be processed by Compute Engine instances in regional offices in London, UK and Sydney, Australia. How should you configure the topology?
CorrectIncorrectHint
Answers: C is correct, use Global Routing to leverage interconnections in the US and use our Global Backbone to route traffic to the remote EU/APAC regions.
https://cloud.google.com/router/docs/concepts/overview
https://cloud.google.com/interconnect/docs/how-to/dedicated/creating-vlan-attachments - Question 13 of 20
13. Question
Your manager has asked for a list of all Custom Roles with stage General Availability within Identity Access Management. What should you do?
CorrectIncorrectHint
Answers: B is Correct because this command will return a value in the Stage field.
https://cloud.google.com/iam/docs/creating-custom-roles - Question 14 of 20
14. Question
Your company offers a popular gaming service. The service architecture is shown in the diagram below. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. Your application team wants to expose their test environment to select users outside your organization. You want to integrate the test environment into your existing deployment to reduce management overhead and restrict access to only select users. What should you do?
CorrectIncorrectHint
Answers: D is correct because this provides integration and support for multiple backend services.
https://cloud.google.com/armor/docs/configure-security-policies#enabling_ip_blacklistwhitelist_for_https_load_balancing - Question 15 of 20
15. Question
Your company uses a physical security appliance for intrusion detection in its on-premises data center. Your company wants to collect telemetry data using a VPN that connects the GCP environment with the on-premises data center. You want to implement a solution that will integrate the GCP environment and transfer telemetry data to the on-premises physical security appliance as quickly and effectively as possible. What should you do?
CorrectIncorrectHint
Answers: D is correct because it is the best and recommended way to deploy specific requirements such as this.
- Question 16 of 20
16. Question
You have a Dedicated Interconnect with two 10-Gbps links. You want to create a Stackdriver alerting policy that will notify you if either of the two links goes down. Which alerts should you add to the policy?
CorrectIncorrectHint
Answers: A is correct because the Circuit Operational Status tracks both of two circuits.
https://cloud.google.com/monitoring/api/metrics_gcp#gcp-interconnect - Question 17 of 20
17. Question
You want to allow access over ports 80 and 443 to servers with the tag “webservers” from external addresses. Currently, there is a firewall rule with priority of 1000 that denies all incoming traffic from an external address on all ports and protocols. You want to allow the desired traffic without deleting the existing rule. What should you do?
CorrectIncorrectHint
Answers: B is correct because the firewall will allow traffic to pass with the proper allow ingress rule with a priority lower than the default value of 1000.
https://cloud.google.com/vpc/docs/firewalls#priority_order_for_firewall_rules - Question 18 of 20
18. Question
One of the secure web applications in your GCP project is currently only serving users in North America. All of the application’s resources are currently hosted in a single GCP region. The application uses a large catalog of graphical assets from a Cloud Storage bucket. You are notified that the application now needs to serve global clients without adding any additional GCP regions or Compute Engine instances. What should you do?
CorrectIncorrectHint
Answers: A is correct because Cloud CDN will front a Cloud Storage bucket and move the graphical resources closest to the users.
https://cloud.google.com/cdn/docs/overview
https://cloud.google.com/load-balancing/docs/tutorials/optimize-app-latency#optimizing_https_load_balancing - Question 19 of 20
19. Question
You have implemented an HTTP(S) load balancer to balance requests across Compute Engine Virtual Machine instances. During peak times, your backend instances cannot handle the number of requests per second, which causes some requests to be dropped. Following Google-recommended practices, you want to efficiently scale the instances to avoid this scenario in the future. What should you do?
CorrectIncorrectHint
Answers: D is correct because the autoscaling method leverages the load balancer and efficiently scales the instances.
https://cloud.google.com/compute/docs/autoscaler/scaling-cpu-load-balancing - Question 20 of 20
20. Question
Your application development team is beta-testing a new application over Dedicated Interconnect. This application uses a single TCP socket and requires 7-Gbps bandwidth for optimal performance. The development team notices that connectivity speed of the application is capped at 3 Gbps over Dedicated Interconnect. You want to resolve this problem. What should you do?
CorrectIncorrectHint
Answers: C is correct because striping traffic over multiple flows will increase the amount of bandwidth consumed by the application.
https://cloud.google.com/interconnect/quotas
Leave a Reply