최신 Professional-Cloud-Network-Engineer 무료덤프 - Google Cloud Certified

문제1

You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP-capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.
What should you do?

A. * Create a Cloud VPN instance.* Create a route-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to 0.0.0.0/0.* Configure the appropriate static routes.

B. * Create a Cloud VPN instance.* Create a route-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Configure the appropriate static routes.

C. * Create a Cloud VPN instance.* Create a policy-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Configure the appropriate static routes.

D. * Create a Cloud VPN instance.* Create a policy-based VPN tunnel per subnet.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Create the appropriate static routes.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제2

You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.
What should you do?

A. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.

B. Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.

C. Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.

D. Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제3

Recently, your networking team enabled Cloud CDN for one of the external-facing services that is exposed through an external Application Load Balancer. The application team has already defined which content should be cached within the responses. Upon testing the load balancer, you did not observe any change in performance after the Cloud CDN enablement. You need to resolve the issue. What should you do?

A. Configure the FORCE_CACHE_ALL caching mode on Cloud CDN to ensure all appropriate content is cached.

B. Configure the USE_ORIGIN_HEADERS caching mode on Cloud CDN to ensure Cloud CDN caches content based on response headers from the backends.

C. Configure the CACHE_MAX_STATIC caching mode on Cloud CDN to ensure Cloud CDN caches content depending on responses from the backends.

D. Configure the CACHE_ALL_STATIC caching mode on Cloud CDN to ensure Cloud CDN caches all static content as well as content defined by the backends.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제4

Your organization has distributed geographic applications with significant data volumes. You need to create a design that exposes the HTTPS workloads globally and keeps traffic costs to a minimum. What should you do?

A. Deploy a regional external Application Load Balancer with Standard Network Service Tier.

B. Deploy a global external Application Load Balancer with Premium Network Service Tier.

C. Deploy a global external proxy Network Load Balancer with Standard Network Service Tier.

D. Deploy a regional external Application Load Balancer with Premium Network Service Tier.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제5

In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.
What should you do?

A. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.

B. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.

C. Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.

D. Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.

정답: B

문제6

Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?

A. Use Cloud NGFW Essentials. Create a firewall rule for egress traffic and enable VPC Flow Logs with the TLS inspect option. Analyze the output logs content and block the outputs that have malicious activities.

B. Enable Cloud Armor TLS inspection policy, and associate the policy with the backend VMs.

C. Configure a TLS agent on every VM to intercept TLS traffic before it reaches the internet. Configure Sensitive Data Protection to analyze and allow/deny the content.

D. Use Cloud NGFW Enterprise. Create a firewall rule for egress traffic with the tls-inspect flag and associate the firewall rules with the VMs.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제7

You work for a multinational enterprise that is moving to GCP.
These are the cloud requirements:
* An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us-west1 (primary HQ) and us-east4 (backup)
* Multiple regional offices in Europe and APAC
* Regional data processing is required in europe-west1 and australia-southeast1
* Centralized Network Administration Team
Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering. You want to deploy the appliance in us-west1.
What should you do?

A. * Create 2 VPCs in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Service Project.* Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.* Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.

B. * Create 2 VPCs in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Host Project.* Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.* Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.

C. * Create 1 VPC in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Host Project.* Attach NIC0 in us-west1 subnet of the Host Project.* Attach NIC1 in us-west1 subnet of the Host Project* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.

D. * Create 1 VPC in a Shared VPC Service Project.* Configure a 2-NIC instance in zone us-west1-a in the Service Project.* Attach NIC0 in us-west1 subnet of the Service Project.* Attach NIC1 in us-west1 subnet of the Service Project* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제8

You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command.
Which next hop should you choose?

A. The IP address of the Cloud VPN gateway

B. The IP address of the instance on the remote side of the VPN tunnel

C. The default internet gateway

D. The name and region of the Cloud VPN tunnel

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제9

You have provisioned a Partner Interconnect connection to extend connectivity from your on-premises data center to Google Cloud. You need to configure a Cloud Router and create a VLAN attachment to connect to resources inside your VPC. You need to configure an Autonomous System number (ASN) to use with the associated Cloud Router and create the VLAN attachment.
What should you do?

A. Use a 2-byte private ASN 64512-65535.

B. Use a public Google ASN 15169.

C. Use a public Google ASN 16550.

D. Use a 4-byte private ASN 4200000000-4294967294.

정답: A

문제10

Your organization has a new security policy that requires you to monitor all egress traffic payloads from your virtual machines in the us-west2 region. You deployed an intrusion detection system (IDS) virtual appliance in the same region to meet the new policy. You now need to integrate the IDS into the environment to monitor all egress traffic payloads from us-west2. What should you do?

A. Create an internal HTTP(S) load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.

B. Enable VPC Flow Logs. Create a sink in Cloud Logging to send filtered egress VPC Flow Logs to the IDS.

C. Create an internal TCP/UDP load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.

D. Enable firewall logging and forward all filtered egress firewall logs to the IDS.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제11

You have the following private Google Kubernetes Engine (GKE) cluster deployment:

You have a virtual machine (VM) deployed in the same VPC in the subnetwork kubernetes-management with internal IP address 192.168.40 2/24 and no external IP address assigned. You need to communicate with the cluster master using kubectl. What should you do?

A. Add an external IP address to the VM, and add this IP address in the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 35.224.37.17.

B. Add the network 192.168.36.0/24 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2

C. Add the network 192.168.38.0/28 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2

D. Add the network 192.168.40.0/24 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2.

정답: D

문제12

Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances.
Which two products should you incorporate into the solution? (Choose two.)

A. VPC flow logs

B. Firewall logs

C. Compute Engine instance system logs

D. Stackdriver Trace

E. Cloud Audit logs

정답: A,B

설명: (DumpTOP 회원만 볼 수 있음)

문제13

You create multiple Compute Engine virtual machine instances to be used as TFTP servers.
Which type of load balancer should you use?

A. TCP proxy load balancer

B. Network load balancer

C. HTTP(S) load balancer

D. SSL proxy load balancer

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

최신 Professional-Cloud-Network-Engineer 무료덤프 - Google Cloud Certified - Professional Cloud Network Engineer

우리와 연락하기

유용한 링크

최신 업데이트