Professional-Cloud-Network-Engineer Exam Dumps - Google Cloud Platform Questions and Answers

Enable the Firewall Insights API. Set the deny rule insights observation period to one day. Review the insights to assure there are no firewall rules denying traffic.

Enable and review Cloud Logging on your Cloud NAT gateway. Look for logs with errors matching the destination IP address of the public SaaS provider.

Create a Connectivity Test by using TCP, the source IP address of your test VM, and the destination IP address of the public SaaS provider. Review the live data plane analysis and take the next steps based on the test results.

Enable and review Cloud Logging for Cloud Armor. Look for logs with errors matching the destination IP address of the public SaaS provider.

Associate the private zone to "vpc-a." Create an outbound forwarding policy and associate the policy to "vpc-a." Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to "vpc-a."

Configure a DNS proxy service inside one of the GKE clusters. Expose the DNS proxy service in GKE as an internal load balancer. Configure the on-premises DNS servers to forward queries for the private zone to the IP address of the internal load balancer.

Use custom route advertisements to announce 169.254.169.254 via BGP to the on-premises environment. Configure the on-premises DNS servers to forward DNS requests to 169.254.169.254.

Associate the private zone to "vpc-a." Create an inbound forwarding policy and associate the policy to "vpc-a." Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to "vpc-a."

Create a design that uses a BGP multi-exit discriminator (MED) attribute to influence the egress path from Google Cloud to the on-premises environment.

Create a design that uses the as_path BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

Create a design that uses an equal-cost multipath (ECMP) with flow-based hashing on your on-premises devices.

Create a design that uses the local_pref BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

Configure a global external Application Load Balancer with a Service Extension that points to an application running in a VM, which controls which requests go to each application.

Configure a global external Application Load Balancer with weighted traffic splitting.

Configure two separate global external Application Load Balancers, and use Cloud DNS geolocation routing policies.

Configure a global external Application Load Balancer with weighted request mirroring.

Create a VPC firewall rule in each VPC to block traffic from any source, with priority 0.

Create a VPC firewall rule in each VPC to block traffic from any source, with priority 1000.

Create two hierarchical firewall policies per department's folder with two rules in each: a high-priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to allow, and another lower-priority rule that blocks traffic from any other source.

Create two hierarchical firewall policies per department's folder with two rules in each: a high-priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to goto_next, and another lower-priority rule that blocks traffic from any other source.

GetIamPolicy() via REST API

setIamPolicy() via REST API

gcloud pubsub add-iam-policy-binding Sprojectname --member user:Susername --role roles/editor

gcloud projects add-iam-policy-binding Sprojectname --member user:Susername --role roles/editor

Enter an email address in the Add members field, and select the desired role from the drop-down menu in the GCP Console.