Google Professional Cloud Network Engineer Practice Exam PR000116

You are designing a new VPC network that will route traffic to networks in your company’s private data center. You want to ensure that your VPC can support high availability in the future. The data center team requires you to use a routing protocol that can dynamically fail over if there is a link failure in the data center. Your management requires your design to use only native cloud services. Which routing protocol should you use?

Your new project currently requires 5 gigabits per second (Gbps) of egress traffic from your Google Cloud environment to your company’s private data center, but may scale up to 80 Gbps of traffic in the future. You do not have any public addresses to use. Your company is looking for the most cost-effective long-term solution. Which type of connection should you use?

Your company just moved to GCP. You configured separate VPC networks for the Finance and Sales departments. Finance needs access to some resources that are part of the Sales VPC. You want to allow the private RFC 1918 address space traffic to flow between Sales and Finance VPCs without any additional cost and without compromising the security or performance. What should you do?

You create a VPC named Prod in custom mode with two subnets, as shown below. You want to make sure that:
1) Only App VM can access the DB VM instance,
2) Web VM can access App VM,
3) Users outside the VPC can send HTTPS requests to Web VM only. Which two firewall rules should you create?

You created two subnets named Test and Web in the same VPC network. You enabled VPC Flow Logs for the Web subnet. You are trying to connect instances in the Test subnet to the web servers running in the Web subnet, but all of the connections are failing. You do not see any entries in the Stackdriver logs. What should you do?

You need to configure a static route as a backup to an existing static route. You want to ensure that the new route is only used when the existing route is no longer available. What should you do?

You are configuring the backend service for a new Google Cloud HTTPS load balancer. The application requires high availability and multiple subnets and needs to scale automatically. Which backend configuration should you choose?

You have the Google Cloud load balancer backend configuration shown below. You want to reduce your instance group utilization by 20%. Which settings should you use?

You are configuring a hybrid cloud topology for your organization. You are using Cloud VPN and Cloud Router to establish connectivity to your on-premises environment. You need to transfer data from on-premises to a Cloud Storage bucket and to BigQuery. Your organization has a strict security policy that mandates the use of VPN for communication to the cloud. You want to follow Google-recommended practices. What should you do?

You work for a university that is migrating to GCP. You are part of a centralized networking administration team. You require on-premises connectivity with 10 Gbps and lowest-latency access to the cloud. Several applications need to be lifted and shifted with hard-coded IP addresses.You want to connect a small remote campus location that has multiple CIDR ranges to the Cloud using an on-premises BGP-capable VPN Gateway across a public internet link. The on-premises Gateway only supports IKEv1 and has a throughput requirement of up to 3 Gbps. You want to follow Google-recommended practices. What should you do?

You are using a single Cloud Router to exchange routes between your VPC and on-premises network with Dedicated Interconnect. You want to make sure you can still forward traffic, even if all the Cloud Routers in a region go down. What should you do?

You work on a centralized network administration team for a multinational enterprise that is moving to GCP. Your company has on-premises data centers located in the United States in Oregon and New York, with dedicated interconnects to cloud regions us-west1 and us-east4. There are multiple regional offices in Europe and APAC and regional data processing in europe-west1 and australia-southeast1.You want to configure your Cloud Routers so that data from the US data centers can be processed by Compute Engine instances in regional offices in London, UK and Sydney, Australia. How should you configure the topology?

Your manager has asked for a list of all Custom Roles with stage General Availability within Identity Access Management. What should you do?

Your company offers a popular gaming service. The service architecture is shown in the diagram below. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. Your application team wants to expose their test environment to select users outside your organization. You want to integrate the test environment into your existing deployment to reduce management overhead and restrict access to only select users. What should you do?

Your company uses a physical security appliance for intrusion detection in its on-premises data center. Your company wants to collect telemetry data using a VPN that connects the GCP environment with the on-premises data center. You want to implement a solution that will integrate the GCP environment and transfer telemetry data to the on-premises physical security appliance as quickly and effectively as possible. What should you do?

You have a Dedicated Interconnect with two 10-Gbps links. You want to create a Stackdriver alerting policy that will notify you if either of the two links goes down. Which alerts should you add to the policy?

You want to allow access over ports 80 and 443 to servers with the tag “webservers” from external addresses. Currently, there is a firewall rule with priority of 1000 that denies all incoming traffic from an external address on all ports and protocols. You want to allow the desired traffic without deleting the existing rule. What should you do?

One of the secure web applications in your GCP project is currently only serving users in North America. All of the application’s resources are currently hosted in a single GCP region. The application uses a large catalog of graphical assets from a Cloud Storage bucket. You are notified that the application now needs to serve global clients without adding any additional GCP regions or Compute Engine instances. What should you do?

You have implemented an HTTP(S) load balancer to balance requests across Compute Engine Virtual Machine instances. During peak times, your backend instances cannot handle the number of requests per second, which causes some requests to be dropped. Following Google-recommended practices, you want to efficiently scale the instances to avoid this scenario in the future. What should you do?

Your application development team is beta-testing a new application over Dedicated Interconnect. This application uses a single TCP socket and requires 7-Gbps bandwidth for optimal performance. The development team notices that connectivity speed of the application is capped at 3 Gbps over Dedicated Interconnect. You want to resolve this problem. What should you do?