Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dealsixty

Professional-Cloud-Network-Engineer Exam Dumps - Google Cloud Platform Questions and Answers

Question # 44

You want to apply a new Cloud Armor policy to an application that is deployed in Google Kubernetes Engine (GKE). You want to find out which target to use for your Cloud Armor policy.

Which GKE resource should you use?

Options:

A.

GKE Node

B.

GKE Pod

C.

GKE Cluster

D.

GKE Ingress

Buy Now
Question # 45

Your software team is developing an on-premises web application that requires direct connectivity to Compute Engine Instances in GCP using the RFC 1918 address space. You want to choose a connectivity solution from your on-premises environment to GCP, given these specifications:

    Your ISP is a Google Partner Interconnect provider.

    Your on-premises VPN device’s internet uplink and downlink speeds are 10 Gbps.

    A test VPN connection between your on-premises gateway and GCP is performing at a maximum speed of 500 Mbps due to packet losses.

    Most of the data transfer will be from GCP to the on-premises environment.

    The application can burst up to 1.5 Gbps during peak transfers over the Interconnect.

    Cost and the complexity of the solution should be minimal.

How should you provision the connectivity solution?

Options:

A.

Provision a Partner Interconnect through your ISP.

B.

Provision a Dedicated Interconnect instead of a VPN.

C.

Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using ECMP.

D.

Use network compression over your VPN to increase the amount of data you can send over your VPN.

Buy Now
Question # 46

Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.

During troubleshooting you find:

• Each on-premises router is configured with a unique ASN.

• Each on-premises router is configured with the same routes and priorities.

• Both on-premises routers are configured with a VPN connected to a single Cloud Router.

• BGP sessions are established between both on-premises routers and the Cloud Router.

• Only 1 of the on-premises router’s routes are being added to the routing table.

What is the most likely cause of this problem?

Options:

A.

The on-premises routers are configured with the same routes.

B.

A firewall is blocking the traffic across the second VPN connection.

C.

You do not have a load balancer to load-balance the network traffic.

D.

The ASNs being used on the on-premises routers are different.

Buy Now
Question # 47

You have a web application that is currently hosted in the us-central1 region. Users experience high latency when traveling in Asia. You've configured a network load balancer, but users have not experienced a performance improvement. You want to decrease the latency.

What should you do?

Options:

A.

Configure a policy-based route rule to prioritize the traffic.

B.

Configure an HTTP load balancer, and direct the traffic to it.

C.

Configure Dynamic Routing for the subnet hosting the application.

D.

Configure the TTL for the DNS zone to decrease the time between updates.

Buy Now
Question # 48

Your team deployed two applications in GKE that are exposed through an external Application Load Balancer. When queries are sent to www.mountkirkgames.com/sales and www.mountkirkgames.com/get-an-analysis, the correct pages are displayed. However, you have received complaints that www.mountkirkgames.com yields a 404 error. You need to resolve this error. What should you do?

Options:

A.

Review the Ingress YAML file. Define the default backend. Reapply the YAML.

B.

Review the Ingress YAML file. Add a new path rule for the * character that directs to the base service. Reapply the YAML.

C.

Review the Service YAML file. Define a default backend. Reapply the YAML.

D.

Review the Service YAML file. Add a new path rule for the * character that directs to the base service. Reapply the YAML.

Buy Now
Question # 49

Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with access from on-premises locations using Cloud Interconnect connections. Your company must be able to send traffic to Cloud Storage only through the Interconnect links while accessing other Google APIs and services over the public internet. What should you do?

Options:

A.

Use the default public domains for all Google APIs and services.

B.

Use Private Service Connect to access Cloud Storage, and use the default public domains for all other Google APIs and services.

C.

Use Private Google Access, with restricted.googleapis.com virtual IP addresses for Cloud Storage and private.googleapis.com for all other Google APIs and services.

D.

Use Private Google Access, with private.googleapis.com virtual IP addresses for Cloud Storage and restricted.googleapis.com virtual IP addresses for all other Google APIs and services.

Buy Now
Question # 50

You converted an auto mode VPC network to custom mode. Since the conversion, some of your Cloud Deployment Manager templates are no longer working. You want to resolve the problem.

What should you do?

Options:

A.

Apply an additional IAM role to the Google API’s service account to allow custom mode networks.

B.

Update the VPC firewall to allow the Cloud Deployment Manager to access the custom mode networks.

C.

Explicitly reference the custom mode networks in the Cloud Armor whitelist.

D.

Explicitly reference the custom mode networks in the Deployment Manager templates.

Buy Now
Question # 51

Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead.

How should you design the topology?

Options:

A.

Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.

B.

Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs.

C.

Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.

D.

Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.

Buy Now
Question # 52

Your organization has resources in two different VPCs, each in different Google Cloud projects, and requires connectivity between the resources in the two VPCs. You have already determined that there is no IP address overlap; however, one VPC uses privately used public IP (PUPI) ranges. You would like to enable connectivity between these resources by using a lower cost and higher performance method. What should you do?

Options:

A.

Create an HA VPN between the two VPCs that includes the PUPI ranges in the custom route advertisements of the Cloud Router. Create the necessary ingress VPC firewall rules that target the specific resources by using IP ranges as the source filter.

B.

Create a VPC Network Peering connection between the two VPCs that allows the export and import of custom routes for public IP addresses. Create the necessary ingress VPC firewall rules that target the specific resources by using service accounts as the source filter.

C.

Create a VPC Network Peering connection between the two VPCs that allows the export and import of subnet routes with public IP addresses. Create the necessary ingress VPC firewall rules that target the specific resources by using IP ranges as the source filter.

D.

Create a VPC Network Peering connection between the two VPCs that allows the export and import of subnet routes with public IP addresses. Create the necessary ingress VPC firewall rules that target the specific resources by using network tags as the source filter.

Buy Now
Question # 53

You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic listed.

During troubleshooting you find:

• Flow logs are enabled for the VPC subnet, and all firewall rules are set to log.

• The subnetwork logs are not excluded from Stackdriver.

• The instance that is hosting the application can communicate outside the subnet.

• Other instances within the subnet can communicate outside the subnet.

• The external resource initiates communication.

What is the most likely cause of the missing log lines?

Options:

A.

The traffic is matching the expected ingress rule.

B.

The traffic is matching the expected egress rule.

C.

The traffic is not matching the expected ingress rule.

D.

The traffic is not matching the expected egress rule.

Buy Now
Exam Name: Google Cloud Certified - Professional Cloud Network Engineer
Last Update: Apr 25, 2025
Questions: 220
Professional-Cloud-Network-Engineer pdf

Professional-Cloud-Network-Engineer PDF

$34  $84.99
Professional-Cloud-Network-Engineer Engine

Professional-Cloud-Network-Engineer Testing Engine

$38  $94.99
Professional-Cloud-Network-Engineer PDF + Engine

Professional-Cloud-Network-Engineer PDF + Testing Engine

$54  $134.99