Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Google Professional Cloud Network Engineer

Google Professional Cloud Network Engineer Exam Practice Questions (P. 5)

  • Full Access (237 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
You are increasing your usage of Cloud VPN between on-premises and GCP, and you want to support more traffic than a single tunnel can handle. You want to increase the available bandwidth using Cloud VPN.
What should you do?
  1. A
    Double the MTU on your on-premises VPN gateway from 1460 bytes to 2920 bytes.
  2. B
    Create two VPN tunnels on the same Cloud VPN gateway that point to the same destination VPN gateway IP address.
  3. C
    Add a second on-premises VPN gateway with a different public IP address. Create a second tunnel on the existing Cloud VPN gateway that forwards the same IP range, but points at the new on-premises gateway IP.
  4. D
    Add a second Cloud VPN gateway in a different region than the existing VPN gateway. Create a new tunnel on the second Cloud VPN gateway that forwards the same IP range, but points to the existing on-premises VPN gateway IP address.

Correct Answer:
C
chatbot-img GPT-4o - Answer
To effectively scale your Cloud VPN for higher throughput, the best practice is to deploy a second on-premises VPN gateway with a distinct public IP. Then, establish an additional VPN tunnel from your existing Cloud VPN gateway to this new gateway. This setup doesn't just provide redundancy but also enhances overall bandwidth capabilities by leveraging multiple tunnels concurrently, each routed through separate gateways. This approach is supported by Google's recommended VPN topologies for achieving higher throughput and load balancing. Ensure both gateways and tunnels are correctly configured to handle the specified IP ranges for seamless connectivity and optimal performance.

Question #22
You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in your zone.
What should you do?
  1. A
    Update the TTL for the zone.
  2. B
    Set the zone to the TRANSFER state.
  3. C
    Disable DNSSEC at your domain registrar.
  4. D
    Transfer ownership of the domain to a new registrar.

Correct Answer:
C
Before disabling DNSSEC for a managed zone you want to use, you must deactivate DNSSEC at your domain registrar to ensure that DNSSEC-validating resolvers can still resolve names in the zone.
Reference:
https://cloud.google.com/dns/docs/dnssec-config

Question #23
You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic listed.
During troubleshooting you find:
"¢ Flow logs are enabled for the VPC subnet, and all firewall rules are set to log.
"¢ The subnetwork logs are not excluded from Stackdriver.
"¢ The instance that is hosting the application can communicate outside the subnet.
"¢ Other instances within the subnet can communicate outside the subnet.
"¢ The external resource initiates communication.
What is the most likely cause of the missing log lines?
  1. A
    The traffic is matching the expected ingress rule.
  2. B
    The traffic is matching the expected egress rule.
  3. C
    The traffic is not matching the expected ingress rule.
  4. D
    The traffic is not matching the expected egress rule.

Correct Answer:
C
chatbot-img GPT-4o - Answer
The correct analysis indicates that the traffic from the external resource is indeed incoming (ingress), which means it tries to match on ingress rules in your firewall settings. When no appropriate allow rule matches this incoming traffic, it is blocked by the default implicit deny rule, which by design does not log such traffic. This scenario leads to a lack of logged entries as observed because standard ingress deny rules, including implicit deny, do not initiate log captures for blocked traffic in Google Cloud environments. It's important to ensure correct ingress rules are explicitly defined for all intended communications.

Question #24
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed.
What is the most likely cause of the problem?
  1. A
    You have not configured compression in Cloud CDN.
  2. B
    You have configured the web servers and Cloud CDN with different compression types.
  3. C
    The web servers behind the load balancer are configured with different compression types.
  4. D
    You have to configure the web servers to compress responses even if the request has a Via header.

Correct Answer:
D
If responses served by Cloud CDN are not compressed but should be, check that the web server software running on your instances is configured to compress responses. By default, some web server software will automatically disable compression for requests that include a Via header. The presence of a Via header indicates the request was forwarded by a proxy. HTTP proxies such as HTTP(S) load balancing add a Via header to each request as required by the HTTP specification. To enable compression, you may have to override your web server's default configuration to tell it to compress responses even if the request had a
Via header.
Reference:
https://cloud.google.com/cdn/docs/troubleshooting-steps

Question #25
You have a web application that is currently hosted in the us-central1 region. Users experience high latency when traveling in Asia. You've configured a network load balancer, but users have not experienced a performance improvement. You want to decrease the latency.
What should you do?
  1. A
    Configure a policy-based route rule to prioritize the traffic.
  2. B
    Configure an HTTP load balancer, and direct the traffic to it.
  3. C
    Configure Dynamic Routing for the subnet hosting the application.
  4. D
    Configure the TTL for the DNS zone to decrease the time between updates.

Correct Answer:
B
Reference:
https://cloud.google.com/load-balancing/docs/tutorials/optimize-app-latency

Previous Questions Next Questions

All Pages