[2022] New Professional-Cloud-Network-Engineer exam dumps Use Updated Google Exam
Verified Professional-Cloud-Network-Engineer Dumps Q&As - Professional-Cloud-Network-Engineer Test Engine with Correct Answers
Implement GCP VPCs
- Configure & Manage Firewall Rules: This part will measure one’s knowledge of priority, firewall logs, ingress & egress rules, network protocols, and target service accounts & network tags.
- Configure VPCs: This subject area requires that the candidates have the ability to configure GCP virtual private Cloud resources; configure VPC peering; create shared VPCs and explain the process of sharing subnets with the other projects;
- Configure & Maintain Google Kubernetes Engine Clusters: This subsection covers the skills in using private clusters, clustered with the shared VPC, VPC-native clustered with the use of alias IPs and including authorized networks for cluster master access;
Conclusion
Your chances to pass the Google Professional Cloud Network Engineer certification exam are higher if you follow an organized training routine. Thus, you can choose from different preparation resources found online. For example, you can start with the learning path provided by Google and get exposed to different areas dedicated to the Google Cloud platform and network processes. Also, you can complete your knowledge with the study guides and books available on Amazon. In all, with the comprehensive materials, we’ve covered above, you’ll easily clear the upcoming validation.
NEW QUESTION 30
You have created a firewall with rules that only allow traffic over HTTP, HTTPS, and SSH ports. While testing, you specifically try to reach the server over multiple ports and protocols; however, you do not see any denied connections in the firewall logs. You want to resolve the issue.
What should you do?
- A. Create an explicit Deny Any rule and enable logging on the new rule.
- B. Create a logging sink forwarding all firewall logs with no filters.
- C. Enable logging on the VM Instances that receive traffic.
- D. Enable logging on the default Deny Any Firewall Rule.
Answer: A
Explanation:
https://cloud.google.com/vpc/docs/firewall-rules-logging#egress_deny_example You can only enable Firewall Rules Logging for rules in a Virtual Private Cloud (VPC) network. Legacy networks are not supported. Firewall Rules Logging only records TCP and UDP connections. Although you can create a firewall rule applicable to other protocols, you cannot log their connections. You cannot enable Firewall Rules Logging for the implied deny ingress and implied allow egress rules. Log entries are written from the perspective of virtual machine (VM) instances. Log entries are only created if a firewall rule has logging enabled and if the rule applies to traffic sent to or from the VM. Entries are created according to the connection logging limits on a best effort basis. The number of connections that can be logged in a given interval is based on the machine type. Changes to firewall rules can be viewed in VPC audit logs. https://cloud.google.com/vpc/docs/firewall-rules-logging#specifications
NEW QUESTION 31
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed.
What is the most likely cause of the problem?
- A. The web servers behind the load balancer are configured with different compression types.
- B. You have configured the web servers and Cloud CDN with different compression types.
- C. You have to configure the web servers to compress responses even if the request has a Via header.
- D. You have not configured compression in Cloud CDN.
Answer: C
Explanation:
If responses served by Cloud CDN are not compressed but should be, check that the web server software running on your instances is configured to compress responses. By default, some web server software will automatically disable compression for requests that include a Via header. The presence of a Via header indicates the request was forwarded by a proxy. HTTP proxies such as HTTP(S) load balancing add a Via header to each request as required by the HTTP specification.
To enable compression, you may have to override your web server's default configuration to tell it to compress responses even if the request had a Via header.
https://cloud.google.com/cdn/docs/troubleshooting-steps
NEW QUESTION 32
You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in your zone.
What should you do?
- A. Disable DNSSEC at your domain registar.
- B. Update the TTL for the zone.
- C. Transfer ownership of the domain to a new registar.
- D. Set the zone to the TRANSFER state.
Answer: A
Explanation:
Before disabling DNSSEC for a managed zone you want to use, you must deactivate DNSSEC at your domain registrar to ensure that DNSSEC-validating resolvers can still resolve names in the zone.
https://cloud.google.com/dns/docs/dnssec-config
NEW QUESTION 33
All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys. None of the instances are set with any SSH key, and no project-wide SSH keys have been configured. Firewall rules are set up to allow SSH sessions from any IP address range. You want to SSH into one instance.
What should you do?
- A. Generate a new SSH key pair. Verify the format of the private key and add it to the instance. SSH into the instance using a third-party tool like putty or ssh.
- B. Generate a new SSH key pair. Verify the format of the public key and add it to the project. SSH into the instance using a third-party tool like putty or ssh.
- C. Open the Cloud Shell SSH into the instance using gcloud compute ssh.
- D. Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh.
Answer: C
NEW QUESTION 34
You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible.
What should you do?
- A. Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.
- B. Grant the read-only privilege to the service account for the Cloud Storage bucket.
- C. Grant the compute.instanceAdmin to your user account.
- D. Grant the iam.serviceAccountUser to your user account.
Answer: D
NEW QUESTION 35
You are using the gcloud command line tool to create a new custom role in a project by coping a predefined role. You receive this error message:
INVALID_ARGUMENT: Permission resourcemanager.projects.list is not valid What should you do?
- A. Remove the resourcemanager.projects.list permission, and try again.
- B. Add the resourcemanager.projects.get permission, and try again.
- C. Add the resourcemanager.projects.setIamPolicy permission, and try again.
- D. Try again with a different role with a new name but the same permissions.
Answer: A
Explanation:
Reference:
https://cloud.google.com/iam/docs/understanding-custom-roles
NEW QUESTION 36
Your company has recently expanded their EMEA-based operations into APAC. Globally distributed users report that their SMTP and IMAP services are slow. Your company requires end-to-end encryption, but you do not have access to the SSL certificates.
Which Google Cloud load balancer should you use?
- A. TCP proxy load balancer
- B. Network load balancer
- C. SSL proxy load balancer
- D. HTTPS load balancer
Answer: C
Explanation:
https://cloud.google.com/security/encryption-in-transit/
NEW QUESTION 37
You have an application that is running in a managed instance group. Your development team has released an updated instance template which contains a new feature which was not heavily tested. You want to minimize impact to users if there is a bug in the new template.
How should you update your instances?
- A. Using the new instance template, perform a rolling update across all instances in the instance group. Verify the new feature once the rollout completes.
- B. Manually patch some of the instances, and then perform a rolling restart on the instance group.
- C. Deploy a new instance group and canary the updated template in that group. Verify the new feature in the new canary instance group, and then update the original instance group.
- D. Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new template. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.
Answer: C
Explanation:
Explanation/Reference: https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances
NEW QUESTION 38
You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic listed.
During troubleshooting you find:
- Flow logs are enabled for the VPC subnet, and all firewall rules are
set to log.
- The subnetwork logs are not excluded from Stackdriver.
- The instance that is hosting the application can communicate outside
the subnet.
- Other instances within the subnet can communicate outside the subnet.
- The external resource initiates communication.
What is the most likely cause of the missing log lines?
- A. The traffic is matching the expected ingress rule.
- B. The traffic is matching the expected egress rule.
- C. The traffic is not matching the expected ingress rule.
- D. The traffic is not matching the expected egress rule.
Answer: C
NEW QUESTION 39
You want to use Cloud Interconnect to connect your on-premises network to a GCP VPC. You cannot meet Google at one of its point-of-presence (POP) locations, and your on-premises router cannot run a Border Gateway Protocol (BGP) configuration.
Which connectivity model should you use?
- A. Partner Interconnect with a layer 3 partner
- B. Partner Interconnect with a layer 2 partner
- C. Dedicated Interconnect
- D. Direct Peering
Answer: A
Explanation:
https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview For Layer 3 connections, your service provider establishes a BGP session between your Cloud Routers and their edge routers for each VLAN attachment. You don't need to configure BGP on your on-premises router. Google and your service provider automatically set the correct configurations.
https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview#connectivity-type
NEW QUESTION 40
Your company has recently expanded their EMEA-based operations into APAC. Globally distributed users report that their SMTP and IMAP services are slow. Your company requires end-to-end encryption, but you do not have access to the SSL certificates.
Which Google Cloud load balancer should you use?
- A. SSL proxy load balancer
- B. Network load balancer
- C. TCP proxy load balancer
- D. HTTPS load balancer
Answer: C
Explanation:
https://cloud.google.com/security/encryption-in-transit/ Automatic encryption between GFEs and backends For the following load balancer types, Google automatically encrypts traffic between Google Front Ends (GFEs) and your backends that reside within Google Cloud VPC networks: HTTP(S) Load Balancing TCP Proxy Load Balancing SSL Proxy Load Balancing
NEW QUESTION 41
You are migrating to Cloud DNS and want to import your BIND zone file.
Which command should you use?
- A. gcloud dns record-sets import ZONE_FILE --zone-file-format --zone MANAGED_ZONE
- B. gcloud dns record-sets import ZONE_FILE --delete-all-existing --zone MANAGED ZONE
- C. gcloud dns record-sets import ZONE_FILE --zone MANAGED_ZONE
- D. gcloud dns record-sets import ZONE_FILE --replace-origin-ns --zone MANAGED_ZONE
Answer: A
Explanation:
https://cloud.google.com/sdk/gcloud/reference/dns/record-sets/import
NEW QUESTION 42
You have a storage bucket that contains the following objects:
- folder-a/image-a-1.jpg
- folder-a/image-a-2.jpg
- folder-b/image-b-1.jpg
- folder-b/image-b-2.jpg
Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands.
What should you do?
- A. Make sure that all the objects with prefix folder-a are not shared publicly.
- B. Issue a cache invalidation command with pattern /folder-a/*.
- C. Disable Cloud CDN on the storage bucket. Wait 90 seconds. Re-enable Cloud CDN on the storage bucket.
- D. Add an appropriate lifecycle rule on the storage bucket.
Answer: B
Explanation:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html
NEW QUESTION 43
You are deploying a global external TCP load balancing solution and want to preserve the source IP address of the original layer 3 payload.
Which type of load balancer should you use?
- A. TCP/SSL proxy load balancer
- B. Network load balancer
- C. HTTP(S) load balancer
- D. Internal load balancer
Answer: B
Explanation:
Reference:
https://cloud.google.com/load-balancing/docs/network
NEW QUESTION 44
Your software team is developing an on-premises web application that requires direct connectivity to Compute Engine Instances in GCP using the RFC 1918 address space. You want to choose a connectivity solution from your on-premises environment to GCP, given these specifications:
* Your ISP is a Google Partner Interconnect provider.
* Your on-premises VPN device's internet uplink and downlink speeds are 10 Gbps.
* A test VPN connection between your on-premises gateway and GCP is performing at a maximum speed of
500 Mbps due to packet losses.
* Most of the data transfer will be from GCP to the on-premises environment.
* The application can burst up to 1.5 Gbps during peak transfers over the Interconnect.
* Cost and the complexity of the solution should be minimal.
How should you provision the connectivity solution?
- A. Provision a Partner Interconnect through your ISP.
- B. Provision a Dedicated Interconnect instead of a VPN.
- C. Use network compression over your VPN to increase the amount of data you can send over your VPN.
- D. Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using ECMP.
Answer: D
NEW QUESTION 45
......
Pass Your Professional-Cloud-Network-Engineer Dumps as PDF Updated on 2022 With 80 Questions: https://torrentvce.exam4free.com/Professional-Cloud-Network-Engineer-valid-dumps.html
