You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command. Which next hop should you choose?
A. The default internet gateway
B. The IP address of the Cloud VPN gateway
C. The name and region of the Cloud VPN tunnel
D. The IP address of the instance on the remote side of the VPN tunnel
Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-
balanced across the 2 connections as desired.
During troubleshooting you find:
1.
Each on-premises router is configured with a unique ASN.
2.
Each on-premises router is configured with the same routes and priorities.
3.
Both on-premises routers are configured with a VPN connected to a single Cloud Router.
4.
BGP sessions are established between both on-premises routers and the Cloud Router.
5.
Only 1 of the on-premises router's routes are being added to the routing table. What is the most likely cause of this problem?
A. The on-premises routers are configured with the same routes.
B. A firewall is blocking the traffic across the second VPN connection.
C. You do not have a load balancer to load-balance the network traffic.
D. The ASNs being used on the on-premises routers are different.
You need to create a new VPC network that allows instances to have IP addresses in both the 10.1.1.0/24 network and the 172.16.45.0/24 network. What should you do?
A. Configure global load balancing to point 172.16.45.0/24 to the correct instance.
B. Create unique DNS records for each service that sends traffic to the desired IP address.
C. Configure an alias-IP range of 172.16.45.0/24 on the virtual instances within the VPC subnet of 10.1.1.0/24.
D. Use VPC peering to allow traffic to route between the 10.1.0.0/24 network and the 172.16.45.0/24 network.
You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP-capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.
What should you do?
A. ?Create a Cloud VPN instance.?Create a policy-based VPN tunnel per subnet.?Configure the appropriate local and remote traffic selectors to match your local and remote networks.?Create the appropriate static routes.
B. ?Create a Cloud VPN instance.?Create a policy-based VPN tunnel.?Configure the appropriate local and remote traffic selectors to match your local and remote networks.?Configure the appropriate static routes.
C. ?Create a Cloud VPN instance.?Create a route-based VPN tunnel.?Configure the appropriate local and remote traffic selectors to match your local and remote networks.?Configure the appropriate static routes.
D. ?Create a Cloud VPN instance.?Create a route-based VPN tunnel.?Configure the appropriate local and remote traffic selectors to 0.0.0.0/0.?Configure the appropriate static routes.
You suspect that one of the virtual machines (VMs) in your default Virtual Private Cloud (VPC) is under a denial-of-service attack. You need to analyze the incoming traffic for the VM to understand where the traffic is coming from. What should you do?
A. Enable Data Access audit logs of the VPC. Analyze the logs and get the source IP addresses from the subnetworks.get field.
B. Enable VPC Flow Logs for the subnet. Analyze the logs and get the source IP addresses from the connection field.
C. Enable VPC Flow Logs for the VPC. Analyze the logs and get the source IP addresses from the src_location field.
D. Enable Data Access audit logs of the subnet. Analyze the logs and get the source IP addresses from the networks.get field.
You are using the gcloud command line tool to create a new custom role in a project by coping a predefined role. You receive this error message:
INVALID_ARGUMENT: Permission resourcemanager.projects.list is not valid
What should you do?
A. Add the resourcemanager.projects.get permission, and try again.
B. Try again with a different role with a new name but the same permissions.
C. Remove the resourcemanager.projects.list permission, and try again.
D. Add the resourcemanager.projects.setIamPolicy permission, and try again.
You have created a firewall with rules that only allow traffic over HTTP, HTTPS, and SSH ports. While testing, you specifically try to reach the server over multiple ports and protocols; however, you do not see any denied connections in the firewall logs. You want to resolve the issue.
What should you do?
A. Enable logging on the default Deny Any Firewall Rule.
B. Enable logging on the VM Instances that receive traffic.
C. Create a logging sink forwarding all firewall logs with no filters.
D. Create an explicit Deny Any rule and enable logging on the new rule.
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements:
IP ranges for pods and services must be as small as possible. The nodes and the master must not be reachable from the internet. You must be able to use kubectl commands from on-premises subnets to manage the cluster.
How should you create the GKE cluster?
A. Create a private cluster that uses VPC advanced routes. Set the pod and service ranges as /24. Set up a network proxy to access the master.
B. Create a VPC-native GKE cluster using GKE-managed IP ranges. Set the pod IP range as /21 and service IP range as /24. Set up a network proxy to access the master.
C. Create a VPC-native GKE cluster using user-managed IP ranges. Enable a GKE cluster network policy, set the pod and service ranges as /24. Eet up a network proxy to access the master. Enable master authorized networks.
D. Create a VPC-native GKE cluster using user-managed IP ranges. Enable privateEndpoint on the cluster master. Set the pod and service ranges as /24. Set up a network proxy to access the master. Enable master authorized networks.
Your company has 10 separate Virtual Private Cloud (VPC) networks, with one VPC per project in a single region in Google Cloud. Your security team requires each VPC network to have private connectivity to the main on-premises location via a Partner Interconnect connection in the same region. To optimize cost and operations, the same connectivity must be shared with all projects. You must ensure that all traffic between different projects, on-premises locations, and the internet can be inspected using the same third-party appliances. What should you do?
A. Configure the third-party appliances with multiple interfaces and specific Partner Interconnect VLAN attachments per project. Create the relevant routes on the third-party appliances and VPC networks.
B. Configure the third-party appliances with multiple interfaces, with each interface connected to a separate VPC network. Create separate VPC networks for on-premises and internet connectivity. Create the relevant routes on the third-party appliances and VPC networks.
C. Consolidate all existing projects' subnetworks into a single VPC. Create separate VPC networks for on-premises and internet connectivity. Configure the third-party appliances with multiple interfaces, with each interface connected to a separate VPC network. Create the relevant routes on the third-party appliances and VPC networks.
D. Configure the third-party appliances with multiple interfaces. Create a hub VPC network for all projects, and create separate VPC networks for on-premises and internet connectivity. Create the relevant routes on the third-party appliances and VPC networks. Use VPC Network Peering to connect all projects' VPC networks to the hub VPC. Export custom routes from the hub VPC and import on all projects' VPC networks.
You want to configure load balancing for an internet-facing, standard voice-over-IP (VOIP) application.
Which type of load balancer should you use?
A. HTTP(S) load balancer
B. Network load balancer
C. Internal TCP/UDP load balancer
D. TCP/SSL proxy load balancer
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.