Free Google Professional-Cloud-Network-Engineer Exam Questions

Question 1

You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements: All access to your on-premises network must go through the network virtual appliances. Allow on-premises access in the event of a single network virtual appliance failure. Both network virtual appliances must be used simultaneously. Which method should you use to accomplish this?

A : Configure two routes for 10.0.0.0/8 with different priorities, each pointing to separate network virtual appliances.

B : Configure an internal HTTP(S) load balancer with the two network virtual appliances as backends. Configure a route for 10.0.0.0/8 with the internal HTTP(S) load balancer as the next hop.

C : Configure a network load balancer for the two network virtual appliances. Configure a route for 10.0.0.0 /8 with the network load balancer as the next hop.

D : Configure an internal TCP/UDP load balancer with the two network virtual appliances as backends. Configure a route for 10.0.0.0/8 with the internal load balancer as the next hop.

Answer: B

Question 2

Your company's current network architecture has two VPCs that are connected by a dual-NIC instance that acts as a bump-in-the-wire firewall between the two VPCs. Flows between pairs of subnets across the two VPCs are working correctly. Suddenly, you receive an alert that none of the flows between the two VPCs are working anymore. You need to troubleshoot the problem. What should you do? (Choose 2 answers)

A : Verify that the dual-NIC instance has not been added to a backend service.

B : Verify that a public IP address has not been assigned to any network interface of the dual-NIC instance.

C : Use Cloud Logging to verify that there were no modifications to the VPC firewall rules or policies that were applied to the two network interfaces of the dual-NIC instance.

D : Verify that a VPC Service Controls perimeter has not been enabled for the project that contains the two VPCs and the dual-NIC instance.

E : Verify that the dual-NIC instance has the --can-ip-forward attribute enabled.

Answer: C,E

Question 3

Your company's current network architecture has two VPCs that are connected by a dual-NIC instance that acts as a bump-in-the-wire firewall between the two VPCs. Flows between pairs of subnets across the two VPCs are working correctly. Suddenly, you receive an alert that none of the flows between the two VPCs are working anymore. You need to troubleshoot the problem. What should you do? (Choose 2 answers)

A : Verify that the dual-NIC instance has not been added to a backend service.

B : Verify that a public IP address has not been assigned to any network interface of the dual-NIC instance.

C : Use Cloud Logging to verify that there were no modifications to the VPC firewall rules or policies that were applied to the two network interfaces of the dual-NIC instance.

D : Verify that a VPC Service Controls perimeter has not been enabled for the project that contains the two VPCs and the dual-NIC instance.

E : Verify that the dual-NIC instance has the --can-ip-forward attribute enabled.

Answer: C,E

Question 4

You work for a university that is migrating to GCP. These are the cloud requirements: • On-premises connectivity with 10 Gbps • Lowest latency access to the cloud • Centralized Networking Administration Team New departments are asking for on-premises connectivity to their projects. You want to deploy the most costefficient interconnect solution for connecting the campus to Google Cloud. What should you do?

A : Use Shared VPC, and deploy the VLAN attachments and Interconnect in the host project.

B : Use Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.

C : Use standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Interconnects.

D : Use standalone projects and deploy the VLAN attachments and Interconnects in each of the individual projects.

Answer: A

Question 5

You are designing a packet mirroring policy as pan of your network security architecture for your gaming workload. Your Infrastructure is located in the us-west2 region and deployed across several zones: us-west2- a. us-west2-b. and us-west2-c The Infrastructure Is running a web-based application on TCP ports 80 and 443 with other game servers that utilize the UDP protocol. You need to deploy packet mirroring policies and collector instances to monitor web application traffic while minimizing inter-zonal network egress costs. Following Google-recommended practices, how should you deploy the packet mirroring policies and collector instances?

A : Create three packet mirroring policies: one for each zone. Create three groups of collector instances: one group for each zone. Configure each policy to match traffic for Its zone based on instance-tags, and create a filter for TCP traffic.

B : Create three packet mirroring policies: one for each zone. Create three groups of collector instances: one group for each zone. Configure each policy to match traffic for its zone based on subnets, and create a filter for TCP traffic

C : Create one packet mirroring policy for the us-west2 region. Create one group of collector instances for the us-west2 region Configure the packet mirroring policy to match traffic for web server instances based on instance-tags, and create a filter for TCP traffic.

D : Create three packet mirroring policies: one for each zone. Create one group of collector instances for the us-west2 region. Configure each packet mirroring policy to match traffic for its zone based on instance-tags, and create a filter for TCP traffic

Answer: D