- Expert Verified, Online, Free.

MAIL US

info@examtopicspro.com

Google Professional Cloud Network Engineer Exam Questions

Certification Exams

Downloadable PDF versions

100% Confidential

Updated Regularly

Advanced Features

Number Of Questions

173

$ 39

Description

Exam Name: Professional Cloud Network Engineer
Exam Code: Professional Cloud Network Engineer
Related Certification(s): Google Cloud Certified Certification
Certification Provider: Google
Number of Professional Cloud Network Engineer practice questions in our database: 215 (updated: Jan. 12, 2025)
Expected Professional Cloud Network Engineer Exam Topics, as suggested by Google :

  • Module 1: Managing and monitoring network operations/ Designing a container IP addressing plan for Google Kubernetes Engine
  • Module 2: Optimizing network resources/ Load balancer and CDN location/ Designing a hybrid network. Considerations Using interconnect, Failover and disaster recovery strategy
  • Module 3: Designing the overall network architecture. Considerations Hybrid connectivity, Container networking, Options for high availability
  • Module 4: Implementing a GCP Virtual Private Cloud (VPC)/ Creating a shared VPC and explaining how to share subnets with other projects
  • Module 5: Differences between Google Cloud Networking and other cloud platforms/ Designing, planning, and prototyping a GCP network
  • Module 6: Configuring and maintaining Google Kubernetes Engine clusters/ Configuring and maintaining Google Kubernetes Engine clusters
  • Module 7: Configuring GCP VPC resources/ Failover and disaster recovery strategy/ Target network tags and service accounts
  • Module 8: Shared vs. standalone VPC interconnect access/ Choosing the appropriate load balancing options
  • Module 9: Microsegmentation for security purposes/ Designing a Virtual Private Cloud (VPC)/ VPC-native clusters using alias IPs

Description

Exam Name: Professional Cloud Network Engineer
Exam Code: Professional Cloud Network Engineer
Related Certification(s): Google Cloud Certified Certification
Certification Provider: Google
Number of Professional Cloud Network Engineer practice questions in our database: 215 (updated: Jan. 12, 2025)
Expected Professional Cloud Network Engineer Exam Topics, as suggested by Google :

  • Module 1: Managing and monitoring network operations/ Designing a container IP addressing plan for Google Kubernetes Engine
  • Module 2: Optimizing network resources/ Load balancer and CDN location/ Designing a hybrid network. Considerations Using interconnect, Failover and disaster recovery strategy
  • Module 3: Designing the overall network architecture. Considerations Hybrid connectivity, Container networking, Options for high availability
  • Module 4: Implementing a GCP Virtual Private Cloud (VPC)/ Creating a shared VPC and explaining how to share subnets with other projects
  • Module 5: Differences between Google Cloud Networking and other cloud platforms/ Designing, planning, and prototyping a GCP network
  • Module 6: Configuring and maintaining Google Kubernetes Engine clusters/ Configuring and maintaining Google Kubernetes Engine clusters
  • Module 7: Configuring GCP VPC resources/ Failover and disaster recovery strategy/ Target network tags and service accounts
  • Module 8: Shared vs. standalone VPC interconnect access/ Choosing the appropriate load balancing options
  • Module 9: Microsegmentation for security purposes/ Designing a Virtual Private Cloud (VPC)/ VPC-native clusters using alias IPs

Reviews

There are no reviews yet.

Be the first to review “Google Professional Cloud Network Engineer Exam Questions”

Your email address will not be published. Required fields are marked *

Q1. Your organization recently created a sandbox environment for a new cloud deployment. To have parity with the production environment, a pair of Compute Engine instances with multiple network interfaces (NICs) were deployed. These Compute Engine instances have a NIC in the Untrusted VPC (10.0.0.0/23) and a NIC in the Trusted VPC (10.128.0.0/9). A HA VPN tunnel has been established to the on-premises environment from the Untrusted VPC. Through this pair of VPN tunnels, the on-premises environment receives the route advertisements for the Untrusted and Trusted VPCs. In return, the on-premises environment advertises a number of CIDR ranges to the Untrusted VPC. However, when you tried to access one of the test services from the on-premises environment to the Trusted VPC, you received no response. You need to configure a highly available solution to enable the on-premises users to connect to the services in the Trusted VPC. What should you do?

A.Add both multi-NIC VMs to a new unmanaged instance group, named nva-uig. Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uig unmanaged instance group designated as the backend. Create a custom static route in the Untrusted VPC for destination 10.123.0.0/9 and the next hop ilb-untrusted. Create an internal passthrough Network Load Balancer in the Trusted VPC, named ilb-trusted, with the nva-uig unmanaged instance group designated as the backend. Create a custom static route in the Trusted VPC for destination 0.0.0.0/0 and the next hop ilb-trusted.

B. Add both multi-NIC VMs to a new unmanaged instance group, named nva-uig. Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uig unmanaged instance group designated as the backend. Create a custom static route in the Untrusted VPC for destination 10.128.0.0/9 and the next hop ilb-untrusted. Create an internal passthrough Network Load Balancer in the Trusted VPC, named ilb-trusted, with the nva-uig unmanaged instance group designated as the backend. Create a custom static route in the Trusted VPC for destination 10.0.0.0/23 and the next hop ilb-trusted.

C. Add both multi-NIC VMs to a new unmanaged instance group, named nva-uigO. Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uigO as backend. Create a custom static route in the Untrusted VPC for destination 10.128.0.0/9 and the next hop ilb-untrusted. Add both multi-NIC VMs to a new unmanaged instance group, named nva-uigl. Create an internal passthrough Network Load Balancer in the Trusted VPC, named ilb-trusted, with the nva-uigl as backend. Create a custom static route in the Trusted VPC for destination 0.0.0.0/0 and the next hop ilb-trusted.

D. Add both multi-NIC VMs to a new unmanaged instance group, named nva-uig. Create two custom static routes in the Untrusted VPC for destination 10.128.0.0/9 and set each of the VMs' NIC as the next hop. Create two custom static routes in the Trusted VPC for destination 10.0.0.0/23 and set each of the VMs' NIC as the next hop.

Correct Answer: B

Q2. There are two established Partner Interconnect connections between your on-premises network and Google Cloud. The VPC that hosts the Partner Interconnect connections is named "vpc-a" and contains three VPC subnets across three regions, Compute Engine instances, and a GKE cluster. Your on-premises users would like to resolve records hosted in a Cloud DNS private zone following Google-recommended practices. You need to implement a solution that allows your on-premises users to resolve records that are hosted in Google Cloud. What should you do?

A.Associate the private zone to 'vpc-a.' Create an outbound forwarding policy and associate the policy to 'vpc-a.' Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to 'vpc-a.'

B. Configure a DNS proxy service inside one of the GKE clusters. Expose the DNS proxy service in GKE as an internal load balancer. Configure the on-premises DNS servers to forward queries for the private zone to the IP address of the internal load balancer.

C. Use custom route advertisements to announce 169.254.169.254 via BGP to the on-premises environment. Configure the on-premises DNS servers to forward DNS requests to 169.254.169.254.

D. Associate the private zone to 'vpc-a.' Create an inbound forwarding policy and associate the policy to 'vpc-a.' Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to 'vpc-a.'

Correct Answer: A

Q3. Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?

A.Enable Cloud Armor TLS inspection policy, and associate the policy with the backend VMs.

B. Use Cloud NGFW Enterprise. Create a firewall rule for egress traffic with the tls-inspect flag and associate the firewall rules with the VMs.

C. Configure a TLS agent on every VM to intercept TLS traffic before it reaches the internet. Configure Sensitive Data Protection to analyze and allow/deny the content.

D. Use Cloud NGFW Essentials. Create a firewall rule for egress traffic and enable VPC Flow Logs with the TLS inspect option. Analyze the output logs content and block the outputs that have malicious activities.

Correct Answer: B

Q4. Your organization recently exposed a set of services through a global external Application Load Balancer. After conducting some testing, you observed that responses would intermittently yield a non-HTTP 200 response. You need to identify the error. What should you do? (Choose 2 answers)

A.Delete the load balancer and backend services. Create a new passthrough Network Load Balancer. Configure a failover group of VMs for the backend.

B. Access a VM in the VPC through SSH and try to access a backend VM directly. If the request is successful from the VM, increase the quantity of backends.

C. Enable and review the health check logs. Review the error responses in Cloud Logging.

D. Validate the health of the backend service. Enable logging for the backend service and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.

E. Validate the health of the backend service. Enable logging on the load balancer and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.

Correct Answer: C, E

Frequently Asked Questions

ExamTopics Pro is a premium service offering a comprehensive collection of exam questions and answers for over 1000 certification exams. It is regularly updated and designed to help users pass their certification exams confidently.
Please contact team@examtopics.com and we will provide you with alternative payment options.
The subscriptions at Examtopics.com are recurring according to the Billing Cycle of your Subscription Plan, i.e. after a certain period of time your credit card is re-billed automatically until/unless you cancel your subscription.
Free updates are available for the duration of your subscription, after the subscription is expired, your access will no longer be available.