최신 Professional-Cloud-Network-Engineer 무료덤프 - Google Cloud Certified

문제1

Your organization wants to set up hybrid connectivity with VLAN attachments that terminate in a single Cloud Router with 99.9% uptime. You need to create a network design for your on-premises router that meets those requirements and has an active/passive configuration that uses only one VLAN attachment at a time. What should you do?

A. Create a design that uses the as_path BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

B. Create a design that uses the local_pref BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

C. Create a design that uses a BGP multi-exit discriminator (MED) attribute to influence the egress path from Google Cloud to the on-premises environment.

D. Create a design that uses an equal-cost multipath (ECMP) with flow-based hashing on your on-premises devices.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제2

You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command.
Which next hop should you choose?

A. The IP address of the Cloud VPN gateway

B. The IP address of the instance on the remote side of the VPN tunnel

C. The default internet gateway

D. The name and region of the Cloud VPN tunnel

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제3

Your organization has distributed geographic applications with significant data volumes. You need to create a design that exposes the HTTPS workloads globally and keeps traffic costs to a minimum. What should you do?

A. Deploy a regional external Application Load Balancer with Standard Network Service Tier.

B. Deploy a global external Application Load Balancer with Premium Network Service Tier.

C. Deploy a global external proxy Network Load Balancer with Standard Network Service Tier.

D. Deploy a regional external Application Load Balancer with Premium Network Service Tier.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제4

You are troubleshooting connectivity issues between Google Cloud and a public SaaS provider. Connectivity between the two environments is through the public internet. Your users are reporting intermittent connection errors when using TCP to connect; however, ICMP tests show no failures. According to users, errors occur around the same time every day. You want to troubleshoot and gather information by using Google Cloud tools that are most likely to provide insights into what is occurring within Google Cloud. What should you do?

A. Enable and review Cloud Logging on your Cloud NAT gateway. Look for logs with errors matching the destination IP address of the public SaaS provider.

B. Create a Connectivity Test by using TCP, the source IP address of your test VM, and the destination IP address of the public SaaS provider. Review the live data plane analysis and take the next steps based on the test results.

C. Enable and review Cloud Logging for Cloud Armor. Look for logs with errors matching the destination IP address of the public SaaS provider.

D. Enable the Firewall insights API. Set the deny rule insights observation period to one day. Review the insights to assure there are no firewall rules denying traffic.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제5

You have several microservices running in a private subnet in an existing Virtual Private Cloud (VPC). You need to create additional serverless services that use Cloud Run and Cloud Functions to access the microservices. The network traffic volume between your serverless services and private microservices is low. However, each serverless service must be able to communicate with any of your microservices. You want to implement a solution that minimizes cost. What should you do?

A. Create a serverless VPC access connector for each serverless service. Configure the connectors to allow traffic between the serverless services and your existing microservices.

B. Deploy your serverless services to the serverless VPC. Peer the serverless service VPC to the existing VPC. Configure firewall rules to allow traffic between the serverless services and your existing microservices.

C. Deploy your serverless services to the existing VPC. Configure firewall rules to allow traffic between the serverless services and your existing microservices.

D. Create a serverless VPC access connector. Configure the serverless service to use the connector for communication to the microservices.

정답: D

문제6

You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements:
IP ranges for pods and services must be as small as possible.
The nodes and the master must not be reachable from the internet.
You must be able to use kubectl commands from on-premises subnets to manage the cluster.
How should you create the GKE cluster?

A. * Create a VPC-native GKE cluster using user-managed IP ranges.
* Enable a GKE cluster network policy, set the pod and service ranges as /24.
* Set up a network proxy to access the master.
* Enable master authorized networks.

B. * Create a VPC-native GKE cluster using user-managed IP ranges.
* Enable privateEndpoint on the cluster master.
* Set the pod and service ranges as /24.
* Set up a network proxy to access the master.

C. * Create a private cluster that uses VPC advanced routes.
* Set the pod and service ranges as /24.
* Set up a network proxy to access the master.

D. * Create a VPC-native GKE cluster using GKE-managed IP ranges.
* Set the pod IP range as /21 and service IP range as /24.
* Set up a network proxy to access the master.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제7

After a network change window one of your company's applications stops working. The application uses an on-premises database server that no longer receives any traffic from the application. The database server IP address is 10.2.1.25. You examine the change request, and the only change is that 3 additional VPC subnets were created. The new VPC subnets created are 10.1.0.0/16, 10.2.0.0/16, and 10.3.1.0/24/ The on-premises router is advertising 10.0.0.0/8.
What is the most likely cause of this problem?

A. The on-premises router is not advertising a route for the database server.

B. The more specific VPC subnet route is taking priority.

C. A cloud firewall rule that blocks traffic to the on-premises database server was created during the change.

D. The less specific VPC subnet route is taking priority.

정답: B

문제8

Your frontend application VMs and your backend database VMs are all deployed in the same VPC but across different subnets. Global network firewall policy rules are configured to allow traffic from the frontend VMs to the backend VMs. Based on a recent compliance requirement, this traffic must now be inspected by network virtual appliances (NVAs) firewalls that are deployed in the same VPC. The NVAs are configured to be full network proxies and will source NAT-allowed traffic. You need to configure VPC routing to allow the NVAs to inspect the traffic between subnets. What should you do?

A. Place your NVAs behind an internal passthrough Network Load Balancer named ilb1. Add global network firewall policy rules to allow traffic through your NVAs. Create a custom static route with the destination IP range of the backend VM subnet, frontend instance tag, and the next hop of ilb1. Add a frontend network tag to your frontend VMs.

B. Place your NVAs behind an internal passthrough Network Load Balancer named ilb1. Add the global network firewall policy rules to allow traffic through your NVAs. Create a policy-based route (PBR) with the source IP range of the backend VM subnet, destination IP range of the frontend VM subnet, and the next hop of ilb1. Scope the PBR to the VMs with the backend network tag. Add a backend network tag to your backend servers.

C. Create your NVA with multiple interfaces. Configure NIC0 for NVA in the backend subnet. Configure NIC1 for NVA in the frontend subnet. Place your NVAs behind an internal passthrough Network Load Balancer named ilb1. Add global network firewall policy rules to allow traffic through your NVAs. Create a custom static route with the destination IP range of the backend VM subnet, frontend instance tag, and the next hop of ilb1. Add a frontend network tag to your frontend VMs.

D. Place your NVAs behind an internal passthrough Network Load Balancer named ilb1. Add global network firewall policy rules to allow traffic through your NVAs. Create a policy-based route (PBR) with the source IP range of the frontend VM subnet, destination IP range of the backend VM subnet, and the next hop of ilb1. Scope the PBR to the VMs with the frontend network tag. Add a frontend network tag to your frontend servers.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제9

You want to establish a dedicated connection to Google that can access Cloud SQL via a public IP address and that does not require a third-party service provider.
Which connection type should you choose?

A. Carrier Peering

B. Dedicated Interconnect

C. Partner Interconnect

D. Direct Peering

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제10

Your organization is implementing a new security policy to control how firewall rules are applied to control flows between virtual machines (VMs). Using Google-recommended practices, you need to set up a firewall rule to enforce strict control of traffic between VM A and VM B. You must ensure that communications flow only from VM A to VM B within the VPC, and no other communication paths are allowed. No other firewall rules exist in the VPC. Which firewall rule should you configure to allow only this communication path?

A. Firewall rule direction: ingress
Action: allow
Target: VM B service account
Source ranges: VM A service account
Priority: 1000

B. Firewall rule direction: ingress
Action: allow
Target: specific VM A tag
Source ranges: VM B tag and VM B source IP address
Priority: 100

C. Firewall rule direction: ingress
Action: allow
Target: specific VM B tag
Source ranges: VM A tag and VM A source IP address
Priority: 1000

D. Firewall rule direction: ingress
Action: allow
Target: VM A service account
Source ranges: VM B service account and VM B source IP address
Priority: 100

정답: B

문제11

You have deployed a proof-of-concept application by manually placing instances in a single Compute Engine zone. You are now moving the application to production, so you need to increase your application availability and ensure it can autoscale.
How should you provision your instances?

A. Create a managed instance group for each region, select Single zone for the location, and manually distribute instances across the zones in that region.

B. Create a single managed instance group, specify the desired region, and select Multiple zones for the location.

C. Create an unmanaged instance group for each zone, and manually distribute the instances across the desired zones.

D. Create an unmanaged instance group in a single zone, and then create an HTTP load balancer for the instance group.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제12

You have the following Shared VPC design VPC Flow Logs is configured for Subnet-1 In the host VPC. You also want to monitor flow logs for Subnet-2. What should you do?

A. Configure a firewall rule to permit Subnet-2 IP addresses outbound in the host protect VPC.

B. Configure VPC Flow Logs in the service project VPC for Subnet-2.

C. Configure Packet Mirroring in both the host and service project VPCs.

D. Configure a VPC Flow Logs filter for Subnet-2 in the host project VPC.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제13

You deployed a hub-and-spoke architecture in your Google Cloud environment that uses VPC Network Peering to connect the spokes to the hub. For security reasons, you deployed a private Google Kubernetes Engine (GKE) cluster in one of the spoke projects with a private endpoint for the control plane. You configured authorized networks to be the subnet range where the GKE nodes are deployed. When you attempt to reach the GKE control plane from a different spoke project, you cannot access it. You need to allow access to the GKE control plane from the other spoke projects. What should you do?

A. Add a firewall rule that allows port 443 from the other spoke projects.

B. Enable Private Google Access on the subnet where the GKE nodes are deployed.

C. Configure the authorized networks to be the subnet ranges of the other spoke projects.

D. Deploy a proxy in the spoke project where the GKE nodes are deployed and connect to the control plane through the proxy.

정답: C

문제14

You are configuring the final elements of a migration effort where resources have been moved from on-premises to Google Cloud. While reviewing the deployed architecture, you noticed that DNS resolution is failing when queries are being sent to the on-premises environment. You log in to a Compute Engine instance, try to resolve an on-premises hostname, and the query fails. DNS queries are not arriving at the on-premises DNS server. You need to use managed services to reconfigure Cloud DNS to resolve the DNS error. What should you do?

A. Validate that there is network connectivity to the on-premises environment and that the Compute Engine instances can reach other on-premises resources. If errors persist, remove the VPC Network Peerings and recreate the peerings after validating the routes.

B. Ensure that the operating systems of the Compute Engine instances are configured to send DNS queries to the on-premises DNS servers directly.

C. Validate that the Compute Engine instances are using the Metadata Service IP address as their resolver. Configure an outbound forwarding zone for the on-premises domain pointing to the on-premises DNS server. Configure Cloud Router to advertise the Cloud DNS proxy range to the on-premises network.

D. Review the existing Cloud DNS zones, and validate that there is a route in the VPC directing traffic destined to the IP address of the DNS servers. Recreate the existing DNS forwarding zones to forward all queries to the on-premises DNS servers.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제15

Your organization has a Google Cloud Virtual Private Cloud (VPC) with subnets in us-east1, us-west4, and europe-west4 that use the default VPC configuration. Employees in a branch office in Europe need to access the resources in the VPC using HA VPN. You configured the HA VPN associated with the Google Cloud VPC for your organization with a Cloud Router deployed in europe-west4. You need to ensure that the users in the branch office can quickly and easily access all resources in the VPC. What should you do?

A. Set the advertised routes to Global for the Cloud Router.

B. Configure each subnet's VPN connections to use Cloud VPN to connect to the branch office.

C. Configure the VPC dynamic routing mode to Global.

D. Create custom advertised routes for each subnet.

정답: C

문제16

You built a web application with several containerized microservices. You want to run those microservices on Cloud Run. You must also ensure that the services are highly available to your customers with low latency. What should you do?

A. Deploy the Cloud Run services to multiple regions. Create serverless network endpoint groups (NEGs) that point to the services. Create a global HTTPS load balancer, and attach the serverless NEGs as backend services of the load balancer.

B. Deploy the Cloud Run services to multiple availability zones. Create a global TCP load balancer. Add the Cloud Run endpoints to its backend service.

C. Deploy the Cloud Run services to multiple availability zones. Create Cloud Endpoints that point to the services. Create a global HTTPS load balancer, and attach the Cloud Endpoints to its backend

D. Deploy the Cloud Run services to multiple regions. Configure a round-robin A record in Cloud DNS.

정답: A

문제17

Your company is planning a migration to Google Kubernetes Engine. Your application team informed you that they require a minimum of 60 Pods per node and a maximum of 100 Pods per node Which Pod per node CIDR range should you use?

A. /26

B. /28

C. /24

D. /25

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제18

You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements:
All access to your on-premises network must go through the network virtual appliances.
Allow on-premises access in the event of a single network virtual appliance failure.
Both network virtual appliances must be used simultaneously.
Which method should you use to accomplish this?

A. Configure two routes for 10.0.0.0/8 with different priorities, each pointing to separate network virtual appliances.

B. Configure an internal TCP/UDP load balancer with the two network virtual appliances as backends. Configure a route for 10.0.0.0/8 with the internal load balancer as the next hop.

C. Configure a network load balancer for the two network virtual appliances. Configure a route for 10.0.0.0/8 with the network load balancer as the next hop.

D. Configure an internal HTTP(S) load balancer with the two network virtual appliances as backends. Configure a route for 10.0.0.0/8 with the internal HTTP(S) load balancer as the next hop.

정답: D

최신 Professional-Cloud-Network-Engineer 무료덤프 - Google Cloud Certified - Professional Cloud Network Engineer

우리와 연락하기

유용한 링크

최신 업데이트