Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dealsixty

Professional-Cloud-Network-Engineer Exam Dumps - Google Cloud Platform Questions and Answers

Question # 64

You are troubleshooting connectivity issues between Google Cloud and a public SaaS provider. Connectivity between the two environments is through the public internet. Your users are reporting intermittent connection errors when using TCP to connect; however, ICMP tests show no failures. According to users, errors occur around the same time every day. You want to troubleshoot and gather information by using Google Cloud tools that are most likely to provide insights into what is occurring within Google Cloud. What should you do?

Options:

A.

Enable the Firewall Insights API. Set the deny rule insights observation period to one day. Review the insights to assure there are no firewall rules denying traffic.

B.

Enable and review Cloud Logging on your Cloud NAT gateway. Look for logs with errors matching the destination IP address of the public SaaS provider.

C.

Create a Connectivity Test by using TCP, the source IP address of your test VM, and the destination IP address of the public SaaS provider. Review the live data plane analysis and take the next steps based on the test results.

D.

Enable and review Cloud Logging for Cloud Armor. Look for logs with errors matching the destination IP address of the public SaaS provider.

Buy Now
Question # 65

There are two established Partner Interconnect connections between your on-premises network and Google Cloud. The VPC that hosts the Partner Interconnect connections is named "vpc-a" and contains three VPC subnets across three regions, Compute Engine instances, and a GKE cluster. Your on-premises users would like to resolve records hosted in a Cloud DNS private zone following Google-recommended practices. You need to implement a solution that allows your on-premises users to resolve records that are hosted in Google Cloud. What should you do?

Options:

A.

Associate the private zone to "vpc-a." Create an outbound forwarding policy and associate the policy to "vpc-a." Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to "vpc-a."

B.

Configure a DNS proxy service inside one of the GKE clusters. Expose the DNS proxy service in GKE as an internal load balancer. Configure the on-premises DNS servers to forward queries for the private zone to the IP address of the internal load balancer.

C.

Use custom route advertisements to announce 169.254.169.254 via BGP to the on-premises environment. Configure the on-premises DNS servers to forward DNS requests to 169.254.169.254.

D.

Associate the private zone to "vpc-a." Create an inbound forwarding policy and associate the policy to "vpc-a." Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to "vpc-a."

Buy Now
Question # 66

Your organization wants to set up hybrid connectivity with VLAN attachments that terminate in a single Cloud Router with 99.9% uptime. You need to create a network design for your on-premises router that meets those requirements and has an active/passive configuration that uses only one VLAN attachment at a time. What should you do?

Options:

A.

Create a design that uses a BGP multi-exit discriminator (MED) attribute to influence the egress path from Google Cloud to the on-premises environment.

B.

Create a design that uses the as_path BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

C.

Create a design that uses an equal-cost multipath (ECMP) with flow-based hashing on your on-premises devices.

D.

Create a design that uses the local_pref BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

Buy Now
Question # 67

Question:

Your organization wants to seamlessly migrate a global external web application from Compute Engine to GKE. You need to deploy a simple, cloud-first solution that exposes both applications and sends 10% of the requests to the new application. What should you do?

Options:

A.

Configure a global external Application Load Balancer with a Service Extension that points to an application running in a VM, which controls which requests go to each application.

B.

Configure a global external Application Load Balancer with weighted traffic splitting.

C.

Configure two separate global external Application Load Balancers, and use Cloud DNS geolocation routing policies.

D.

Configure a global external Application Load Balancer with weighted request mirroring.

Buy Now
Question # 68

Your company has defined a resource hierarchy that includes a parent folder with subfolders for each department. Each department defines their respective project and VPC in the assigned folder and has the appropriate permissions to create Google Cloud firewall rules. The VPCs should not allow traffic to flow between them. You need to block all traffic from any source, including other VPCs, and delegate only the intra-VPC firewall rules to the respective departments. What should you do?

Options:

A.

Create a VPC firewall rule in each VPC to block traffic from any source, with priority 0.

B.

Create a VPC firewall rule in each VPC to block traffic from any source, with priority 1000.

C.

Create two hierarchical firewall policies per department's folder with two rules in each: a high-priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to allow, and another lower-priority rule that blocks traffic from any other source.

D.

Create two hierarchical firewall policies per department's folder with two rules in each: a high-priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to goto_next, and another lower-priority rule that blocks traffic from any other source.

Buy Now
Question # 69

You have recently been put in charge of managing identity and access management for your organization. You have several projects and want to use scripting and automation wherever possible. You want to grant the editor role to a project member.

Which two methods can you use to accomplish this? (Choose two.)

Options:

A.

GetIamPolicy() via REST API

B.

setIamPolicy() via REST API

C.

gcloud pubsub add-iam-policy-binding Sprojectname --member user:Susername --role roles/editor

D.

gcloud projects add-iam-policy-binding Sprojectname --member user:Susername --role roles/editor

E.

Enter an email address in the Add members field, and select the desired role from the drop-down menu in the GCP Console.

Buy Now
Exam Name: Google Cloud Certified - Professional Cloud Network Engineer
Last Update: Apr 25, 2025
Questions: 220
Professional-Cloud-Network-Engineer pdf

Professional-Cloud-Network-Engineer PDF

$34  $84.99
Professional-Cloud-Network-Engineer Engine

Professional-Cloud-Network-Engineer Testing Engine

$38  $94.99
Professional-Cloud-Network-Engineer PDF + Engine

Professional-Cloud-Network-Engineer PDF + Testing Engine

$54  $134.99