Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dealsixty

Professional-Cloud-Network-Engineer Exam Dumps - Google Cloud Platform Questions and Answers

Question # 54

Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides separate projects for each team. You must also make sure the solution can scale. What should you do?

Options:

A.

Configure VPC Network Peering, and peer one of the VPCs to the service project.

B.

Configure a Shared VPC, and create a VPC network in the service project.

C.

Configure a Shared VPC, and create a VPC network in the host project.

D.

Configure Policy-based Routing for each team.

Buy Now
Question # 55

You are designing a shared VPC architecture. Your network and security team has strict controls over which routes are exposed between departments. Your Production and Staging departments can communicate with each other, but only via specific networks. You want to follow Google-recommended practices.

How should you design this topology?

Options:

A.

Create 2 shared VPCs within the shared VPC Host Project, and enable VPC peering between them. Use firewall rules to filter access between the specific networks.

B.

Create 2 shared VPCs within the shared VPC Host Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.

C.

Create 2 shared VPCs within the shared VPC Service Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.

D.

Create 1 VPC within the shared VPC Host Project, and share individual subnets with the Service Projects to filter access between the specific networks.

Buy Now
Question # 56

You want to use Partner Interconnect to connect your on-premises network with your VPC. You already have an Interconnect partner.

What should you first?

Options:

A.

Log in to your partner’s portal and request the VLAN attachment there.

B.

Ask your Interconnect partner to provision a physical connection to Google.

C.

Create a Partner Interconnect type VLAN attachment in the GCP Console and retrieve the pairing key.

D.

Run gcloud compute interconnect attachments partner update / -- region --admin-enabled.

Buy Now
Question # 57

You are configuring a new HTTP application that will be exposed externally behind both IPv4 and IPv6 virtual IP addresses, using ports 80, 8080, and 443. You will have backends in two regions: us-west1 and us-east1. You want to serve the content with the lowest-possible latency while ensuring high availability and autoscaling, and create native content-based rules using the HTTP hostname and request path. The IP addresses of the clients that connect to the load balancer need to be visible to the backends. Which configuration should you use?

Options:

A.

Use Network Load Balancing

B.

Use TCP Proxy Load Balancing with PROXY protocol enabled

C.

Use External HTTP(S) Load Balancing with URL Maps and custom headers

D.

Use External HTTP(S) Load Balancing with URL Maps and an X-Forwarded-For header

Buy Now
Question # 58

All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys. None of the instances are set with any SSH key, and no project-wide SSH keys have been configured. Firewall rules are set up to allow SSH sessions from any IP address range. You want to SSH into one instance.

What should you do?

Options:

A.

Open the Cloud Shell SSH into the instance using gcloud compute ssh.

B.

Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh.

C.

Generate a new SSH key pair. Verify the format of the private key and add it to the instance. SSH into the instance using a third-party tool like putty or ssh.

D.

Generate a new SSH key pair. Verify the format of the public key and add it to the project. SSH into the instance using a third-party tool like putty or ssh.

Buy Now
Question # 59

You are designing a packet mirroring policy as pan of your network security architecture for your gaming workload. Your Infrastructure is located in the us-west2 region and deployed across several zones: us-west2-a. us-west2-b. and us-west2-c The Infrastructure Is running a web-based application on TCP ports 80 and 443 with other game servers that utilize the UDP protocol. You need to deploy packet mirroring policies and collector instances to monitor web application traffic while minimizing inter-zonal network egress costs.

Following Google-recommended practices, how should you deploy the packet mirroring policies and collector instances?

Options:

A.

Create three packet mirroring policies: one for each zone. Create three groups of collector instances: one group for each zone. Configure each policy to match traffic for Its zone based on instance-tags, and create a filter for TCP traffic.

B.

Create three packet mirroring policies: one for each zone. Create three groups of collector instances: one group for each zone. Configure

each policy to match traffic for its zone based on subnets, and create a filter for TCP traffic

C.

Create one packet mirroring policy for the us-west2 region. Create one group of collector instances for the us-west2 region Configure the

packet mirroring policy to match traffic for web server instances based on instance-tags, and create a filter for TCP traffic.

D.

Create three packet mirroring policies: one for each zone. Create one group of collector instances for the us-west2 region. Configure each packet mirroring policy to match traffic for its zone based on instance-tags, and create a filter for TCP traffic

Buy Now
Question # 60

You are designing the network architecture for your organization. Your organization has three developer teams: Web, App, and Database. All of the developer teams require access to Compute Engine instances to perform their critical tasks. You are part of a small network and security team that needs to provide network access to the developers. You need to maintain centralized control over network resources, including subnets, routes, and firewalls. You want to minimize operational overhead. How should you design this topology?

Options:

A.

Configure a host project with a Shared VPC. Create service projects for Web, App, and Database.

B.

Configure one VPC for Web, one VPC for App, and one VPC for Database. Configure HA VPN between each VPC.

C.

Configure three Shared VPC host projects, each with a service project: one for Web, one for App, and one for Database.

D.

Configure one VPC for Web, one VPC for App, and one VPC for Database. Use VPC Network Peering to connect all VPCs in a full mesh.

Buy Now
Question # 61

You want to create a service in GCP using IPv6.

What should you do?

Options:

A.

Create the instance with the designated IPv6 address.

B.

Configure a TCP Proxy with the designated IPv6 address.

C.

Configure a global load balancer with the designated IPv6 address.

D.

Configure an internal load balancer with the designated IPv6 address.

Buy Now
Question # 62

You are in the process of deploying an internal HTTP(S) load balancer for your web server virtual machine (VM) Instances What two prerequisite tasks must be completed before creating the load balancer?

Choose 2 answers

Options:

A.

Choose a region.

B.

Create firewall rules for health checks

C.

Reserve a static IP address for the load balancer

D.

Determine the subnet mask for a proxy-only subnet.

E.

Determine the subnet mask for Serverless VPC Access.

Buy Now
Question # 63

Your company's logo is published as an image file across multiple websites that are hosted by your company You have implemented Cloud CDN, however, you want to improve the performance of the cache hit ratio associated with this image file. What should you do?

Options:

A.

Configure custom cache keys for the backend service that holds the image file, and clear the Host and Protocol checkboxes-

B.

Configure Cloud Storage as a custom origin backend to host the image file, and select multi-region as the location type

C.

Configure versioned IJRLs for each domain to serve users the •mage file before the cache entry expires

D.

Configure the default time to live (TTL) as O for the image file.

Buy Now
Exam Name: Google Cloud Certified - Professional Cloud Network Engineer
Last Update: Apr 25, 2025
Questions: 220
Professional-Cloud-Network-Engineer pdf

Professional-Cloud-Network-Engineer PDF

$34  $84.99
Professional-Cloud-Network-Engineer Engine

Professional-Cloud-Network-Engineer Testing Engine

$38  $94.99
Professional-Cloud-Network-Engineer PDF + Engine

Professional-Cloud-Network-Engineer PDF + Testing Engine

$54  $134.99