Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Google Professional Cloud Network Engineer

Google Professional Cloud Network Engineer Exam Practice Questions (P. 4)

  • Full Access (237 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #16
You have ordered Dedicated Interconnect in the GCP Console and need to give the Letter of Authorization/Connecting Facility Assignment (LOA-CFA) to your cross-connect provider to complete the physical connection.
Which two actions can accomplish this? (Choose two.)
  1. A
    Open a Cloud Support ticket under the Cloud Interconnect category.
  2. B
    Download the LOA-CFA from the Hybrid Connectivity section of the GCP Console.
  3. C
    Run gcloud compute interconnects describe <interconnect>.
  4. D
    Check the email for the account of the NOC contact that you specified during the ordering process.
  5. E
    Contact your cross-connect provider and inform them that Google automatically sent the LOA/CFA to them via email, and to complete the connection.

Correct Answer:
DE
chatbot-img GPT-4o - Answer
Regarding the LOA-CFA for Dedicated Interconnect after ordering from GCP: the document is primarily sent via email to the listed NOC contact, so ensure to check this mailbox. You can directly forward the LOA-CFA to your cross-connect provider from here. Additionally, though not primarily mentioned, it's possible to download the LOA-CFA from the Hybrid Connectivity section in the Google Cloud Console, if necessary. Thus, keeping an eye on the email and facilitating the document to your provider will be your main actions to enable the physical connection set-up.

Question #17
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren't certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users.
What should you do?
  1. A
    Create a Cloud Armor Policy rule that denies traffic and review necessary logs.
  2. B
    Create a Cloud Armor Policy rule that denies traffic, enable preview mode, and review necessary logs.
  3. C
    Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to disabled, and review necessary logs.
  4. D
    Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to enabled, and review necessary logs.

Correct Answer:
D
chatbot-img GPT-4o - Answer
The best approach in this situation is to utilize Google Cloud Armor's preview mode, as detailed in Cloud Armor’s documentation regarding security policies. This method allows for the logging of suspect IPs without obstructing traffic—ensuring no legitimate users are inadvertently affected while investigating potential threats. Cloud Armor provides visibility at the application layer, which is critical when dealing with services exposed through a Global Load Balancer, where application-level inspection is essential to pinpoint the original client's IP address.

Question #18
Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend.
You want to use a GCP-native solution when possible.
How should you deploy this service in GCP?
  1. A
    Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.
  2. B
    Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.
  3. C
    Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.
  4. D
    Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal-priority static routes to the backend servers.

Correct Answer:
B
Reference:
https://cloud.google.com/compute/docs/instance-groups/adding-an-instance-group-to-a-load-balancer

Question #19
You decide to set up Cloud NAT. After completing the configuration, you find that one of your instances is not using the Cloud NAT for outbound NAT.
What is the most likely cause of this problem?
  1. A
    The instance has been configured with multiple interfaces.
  2. B
    An external IP address has been configured on the instance.
  3. C
    You have created static routes that use RFC1918 ranges.
  4. D
    The instance is accessible by a load balancer external IP address.

Correct Answer:
B
Reference:
https://www.sovereignsolutionscorp.com/google-cloud-nat/

Question #20
You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BGP) session, and the other one acts as a standby.
Which BGP attribute should you use on your on-premises router?
  1. A
    AS-Path
  2. B
    Community
  3. C
    Local Preference
  4. D
    Multi-exit Discriminator

Correct Answer:
D
Reference:
https://cloud.google.com/router/docs/concepts/overview

Previous Questions Next Questions

All Pages