• Home
  • Articles
  • [Q38-Q59] Updated Professional-Cloud-Network-Engineer Dumps PDF - Professional-Cloud-Network-Engineer Real Valid Brain Dumps With 175 Questions!

[Q38-Q59] Updated Professional-Cloud-Network-Engineer Dumps PDF - Professional-Cloud-Network-Engineer Real Valid Brain Dumps With 175 Questions!

Share

Updated Professional-Cloud-Network-Engineer Dumps PDF - Professional-Cloud-Network-Engineer Real Valid Brain Dumps With 175 Questions!

100% Free Professional-Cloud-Network-Engineer Exam Dumps Use Real Google Cloud Platform Dumps


Achieving the Google Professional-Cloud-Network-Engineer certification demonstrates a candidate's expertise and ability to design and implement network solutions on the Google Cloud Platform. Google Cloud Certified - Professional Cloud Network Engineer certification is recognized by employers and industry experts as a valuable credential that validates a candidate's skills and knowledge in networking technologies. Certified professionals are equipped with the tools and knowledge required to design, implement, and manage network solutions on the Google Cloud Platform, making them highly sought after by organizations looking to leverage the power of the cloud for their networking needs.

 

NEW QUESTION # 38
Your company has launched a mobile application that uploads pictures to google cloud storage bucket. The application was successfully uploading the pictures to google cloud storage buckets, but lately the application has become popular and you start seeing 429 errors. Please suggest the ways to address the issue. Please select any two.

  • A. Throttle your client's requests
  • B. Use truncated exponential backoff
  • C. The OAuth access token has expired and needs to be refreshed.
  • D. Use the correct verb with the /upload or /download URLs.

Answer: B

Explanation:
Option A and Option B are the Correct choices because , a 429 error is caused by Too Many Requests.If your application tries to use more than its limit, additional requests will fail. Throttle your client's requests, and/or use truncated exponential backoff.
Option C is Incorrect choice because, a OAuth access token has expiry would result in error
401(Unauthorized)
Option D is Incorrect because, using wrong verb with /upload or /download URLs would lead to
405 (method not allowed error).


NEW QUESTION # 39
Your organization uses a Shared VPC architecture with a host project and three service projects. You have Compute Engine instances that reside in the service projects. You have critical workloads in your on-premises data center. You need to ensure that the Google Cloud instances can resolve on-premises hostnames via the Dedicated Interconnect you deployed to establish hybrid connectivity. What should you do?

  • A. Create a Cloud DNS private forwarding zone in the host project of the Shared VPC that forwards the Private zone to the on-premises DNS servers.
    In your Cloud Router, add a custom route advertisement for the IP 169.254 169.254 to the on-premises environment.
  • B. Configure a Cloud DNS private zone in the host project of the Shared VPC.
    Set up DNS forwarding to your Google Cloud private zone on your on-premises DNS servers to point to the inbound forwarder IP address in your host project In your Cloud Router, add a custom route advertisement for the IP 169.254 169 254 to the on-premises environment.
  • C. Configure a Cloud DNS private zone in the host project of the Shared VPC.
    Set up DNS forwarding to your Google Cloud private zone on your on-premises DNS servers to point to the inbound forwarder IP address in your host project.
    Configure a DNS policy in the Shared VPC to allow inbound query forwarding with your on-premises DNS server as the alternative DNS server.
  • D. Create a Cloud DNS private forwarding zone in the host project of the Shared VPC that forwards the private zone to the on-premises DNS servers.
    In your Cloud Router, add a custom route advertisement for the IP 35.199.192.0/19 to the on-premises environment.

Answer: C


NEW QUESTION # 40
All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys. None of the instances are set with any SSH key, and no project-wide SSH keys have been configured. Firewall rules are set up to allow SSH sessions from any IP address range. You want to SSH into one instance.
What should you do?

  • A. Generate a new SSH key pair. Verify the format of the private key and add it to the instance.
    SSH into the instance using a third-party tool like putty or ssh.
  • B. Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh.
  • C. Generate a new SSH key pair. Verify the format of the public key and add it to the project.
    SSH into the instance using a third-party tool like putty or ssh.
  • D. Open the Cloud Shell SSH into the instance using gcloud compute ssh.

Answer: B

Explanation:
https://cloud.google.com/compute/docs/storing-retrieving-metadata


NEW QUESTION # 41
You are using the gcloud command line tool to create a new custom role in a project by coping a predefined role. You receive this error message:
INVALID_ARGUMENT: Permission resourcemanager.projects.list is not valid What should you do?

  • A. Add the resourcemanager.projects.get permission, and try again.
  • B. Add the resourcemanager.projects.setIamPolicy permission, and try again.
  • C. Try again with a different role with a new name but the same permissions.
  • D. Remove the resourcemanager.projects.list permission, and try again.

Answer: D

Explanation:
Reference:
https://cloud.google.com/iam/docs/understanding-custom-roles


NEW QUESTION # 42
You created a new VPC network named Dev with a single subnet. You added a firewall rule for the network Dev to allow HTTP traffic only and enabled logging. When you try to log in to an instance in the subnet via Remote Desktop Protocol, the login fails. You look for the Firewall rules logs in Stackdriver Logging, but you do not see any entries for blocked traffic. You want to see the logs for blocked traffic.
What should you do?

  • A. Check the VPC flow logs for the instance.
  • B. Create a new firewall rule to allow traffic from port 22, and enable logs.
  • C. Try connecting to the instance via SSH, and check the logs.
  • D. Create a new firewall rule with priority 65500 to deny all traffic, and enable logs.

Answer: A


NEW QUESTION # 43
Your end users are located in close proximity to us-east1 and europe-west1. Their workloads need to communicate with each other. You want to minimize cost and increase network efficiency.
How should you design this topology?

  • A. Create 1 VPC with 2 regional subnets. Deploy workloads in these subnets and have them communicate using private RFC1918 IP addresses.
  • B. Create 1 VPC with 2 regional subnets. Create a global load balancer to establish connectivity between the regions.
  • C. Create 2 VPCs, each with their own regions and individual subnets. Create 2 VPN gateways to establish connectivity between these regions.
  • D. Create 2 VPCs, each with their own region and individual subnets. Use external IP addresses on the instances to establish connectivity between these regions.

Answer: A

Explanation:
VPC Network Peering enables you to peer VPC networks so that workloads in different VPC networks can communicate in private RFC 1918 space. Traffic stays within Google's network and doesn't traverse the public internet.
Reference: https://cloud.google.com/vpc/docs/vpc-peering


NEW QUESTION # 44
You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly.
How should you configure the health check?

  • A. Set proxy-header to the default value, and set hostto include a custom host header that identifies the health check.
  • B. Set request-path to a specific URL used for health checking, and set responseto a string that the backend service will always return in the response body.
  • C. Set request-path to a specific URL used for health checking, and set hostto include a custom host header that identifies the health check.
  • D. Set request-pathto a specific URL used for health checking, and set proxy-headerto PROXY_V1.

Answer: C

Explanation:
https://cloud.google.com/load-balancing/docs/health-checks


NEW QUESTION # 45
You are increasing your usage of Cloud VPN between on-premises and GCP, and you want to support more traffic than a single tunnel can handle. You want to increase the available bandwidth using Cloud VPN.
What should you do?

  • A. Add a second on-premises VPN gateway with a different public IP address. Create a second tunnel on the existing Cloud VPN gateway that forwards the same IP range, but points at the new on-premises gateway IP.
  • B. Create two VPN tunnels on the same Cloud VPN gateway that point to the same destination VPN gateway IP address.
  • C. Add a second Cloud VPN gateway in a different region than the existing VPN gateway. Create a new tunnel on the second Cloud VPN gateway that forwards the same IP range, but points to the existing on-premises VPN gateway IP address.
  • D. Double the MTU on your on-premises VPN gateway from 1460 bytes to 2920 bytes.

Answer: A

Explanation:
https://cloud.google.com/network-connectivity/docs/vpn/concepts/classic-topologies#redundancy-options


NEW QUESTION # 46
You have a web application that is currently hosted in the us-central1 region. Users experience high latency when traveling in Asia. You've configured a network load balancer, but users have not experienced a performance improvement. You want to decrease the latency.
What should you do?

  • A. Configure the TTL for the DNS zone to decrease the time between updates.
  • B. Configure Dynamic Routing for the subnet hosting the application.
  • C. Configure an HTTP load balancer, and direct the traffic to it.
  • D. Configure a policy-based route rule to prioritize the traffic.

Answer: C

Explanation:
https://cloud.google.com/load-balancing/docs/tutorials/optimize-app-latency


NEW QUESTION # 47
Your company's on-premises network is connected to a VPC using a Cloud VPN tunnel. You have a static route of 0.0.0.0/0 with the VPN tunnel as its next hop defined in the VPC. All internet bound traffic currently passes through the on-premises network. You configured Cloud NAT to translate the primary IP addresses of Compute Engine instances in one region. Traffic from those instances will now reach the internet directly from their VPC and not from the on-premises network. Traffic from the virtual machines (VMs) is not translating addresses as expected. What should you do?

  • A. Increase the default min-ports-per-vm setting for the Cloud NAT gateway.
  • B. Lower the TCP Established Connection Idle Timeout for the NAT gateway.
  • C. Add firewall rules that allow ingress and egress of the external NAT IP address, have a target tag that is on the Compute Engine instances, and have a priority value higher than the priority value of the default route to the VPN gateway.
  • D. Add a default static route to the VPC with the default internet gateway as the next hop, the network tag associated with the Compute Engine instances, and a higher priority than the priority of the default route to the VPN tunnel.

Answer: B


NEW QUESTION # 48
You have deployed a proof-of-concept application by manually placing instances in a single Compute Engine zone. You are now moving the application to production, so you need to increase your application availability and ensure it can autoscale.
How should you provision your instances?

  • A. Create a managed instance group for each region, select Single zone for the location, and manually distribute instances across the zones in that region.
  • B. Create a single managed instance group, specify the desired region, and select Multiple zones for the location.
  • C. Create an unmanaged instance group in a single zone, and then create an HTTP load balancer for the instance group.
  • D. Create an unmanaged instance group for each zone, and manually distribute the instances across the desired zones.

Answer: A

Explanation:
https://cloud.google.com/compute/docs/instance-groups/rolling-out-updates-to-managed- instance-groups


NEW QUESTION # 49
You have an application that is running in a managed instance group. Your development team has released an updated instance template which contains a new feature which was not heavily tested. You want to minimize impact to users if there is a bug in the new template.
How should you update your instances?

  • A. Deploy a new instance group and canary the updated template in that group. Verify the new feature in the new canary instance group, and then update the original instance group.
  • B. Manually patch some of the instances, and then perform a rolling restart on the instance group.
  • C. Using the new instance template, perform a rolling update across all instances in the instance group. Verify the new feature once the rollout completes.
  • D. Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new template. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.

Answer: D

Explanation:
https://cloud.google.com/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update
https://cloud.google.com/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups


NEW QUESTION # 50
Your end users are located in close proximity to us-east1 and europe-west1. Their workloads need to communicate with each other. You want to minimize cost and increase network efficiency.
How should you design this topology?

  • A. Create 1 VPC with 2 regional subnets. Deploy workloads in these subnets and have them communicate using private RFC1918 IP addresses.
  • B. Create 1 VPC with 2 regional subnets. Create a global load balancer to establish connectivity between the regions.
  • C. Create 2 VPCs, each with their own regions and individual subnets. Create 2 VPN gateways to establish connectivity between these regions.
  • D. Create 2 VPCs, each with their own region and individual subnets. Use external IP addresses on the instances to establish connectivity between these regions.

Answer: A

Explanation:
https://cloud.google.com/vpc/docs/using-vpc#create-auto-network
We create one VPC network in auto mode that creates one subnet in each Google Cloud region automatically. So, region us-east1 and europe-west1 are in the same network and they can communicate using their internal IP address even though they are in different Regions. They take advantage of Google's global fiber network.


NEW QUESTION # 51
You are creating a new application and require access to Cloud SQL from VPC instances without public IP addresses.
Which two actions should you take? (Choose two.)

  • A. Enable Private Google Access.
  • B. Create a custom static route to allow the traffic to reach the Cloud SQL API.
  • C. Activate the Cloud Datastore API in your project.
  • D. Activate the Service Networking API in your project.
  • E. Create a private connection to a service producer.

Answer: D,E

Explanation:
Explanation/Reference: https://cloud.google.com/sql/docs/mysql/private-ip


NEW QUESTION # 52
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances.
Which two products should you incorporate into the solution? (Choose two.)

  • A. Firewall logs
  • B. Stackdriver Trace
  • C. Compute Engine instance system logs
  • D. Cloud Audit logs
  • E. VPC flow logs

Answer: B,D

Explanation:
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations


NEW QUESTION # 53
You have provisioned a Dedicated Interconnect connection of 20 Gbps with a VLAN attachment of 10 Gbps. You recently noticed a steady increase in ingress traffic on the Interconnect connection from the on-premises data center. You need to ensure that your end users can achieve the full 20 Gbps throughput as quickly as possible. Which two methods can you use to accomplish this? (Choose two.)

  • A. From the Google Cloud Console, request a new Dedicated Interconnect connection of 20 Gbps, and configure a VLAN attachment of 10 Gbps.
  • B. Configure Link Aggregation Control Protocol (LACP) on the on-premises router to use the 20-Gbps Dedicated Interconnect connection.
  • C. Configure an additional VLAN attachment of 10 Gbps in another region. Configure the on-premises router to advertise routes with the same multi-exit discriminator (MED).
  • D. From the Google Cloud Console, modify the bandwidth of the VLAN attachment to 20 Gbps.
  • E. Configure an additional VLAN attachment of 10 Gbps in the same region. Configure the on-premises router to advertise routes with the same multi-exit discriminator (MED).

Answer: B,D


NEW QUESTION # 54
You have configured a Compute Engine virtual machine instance as a NAT gateway. You execute the following command:
gcloud compute routes create no-ip-internet-route \
--network custom-network1 \
--destination-range 0.0.0.0/0 \
--next-hop instance nat-gateway \
--next-hop instance-zone us-central1-a \
--tags no-ip --priority 800
You want existing instances to use the new NAT gateway. Which command should you execute?

  • A. gcloud compute instances add-tags [existing-instance] --tags no-ip
  • B. gcloud builds submit --config=cloudbuild.waml --substitutions=TAG_NAME=no-ip
  • C. gcloud compute instances create example-instance --network custom-network1 \
    --subnet subnet-us-central \
    --no-address \
    --zone us-central1-a \
    --image-family debian-9 \
    --image-project debian-cloud \
    --tags no-ip
  • D. sudo sysctl -w net.ipv4.ip_forward=1

Answer: A

Explanation:
https://cloud.google.com/sdk/gcloud/reference/compute/routes/create
In order to apply a route to an existing instance we should use a tag to bind the route to it.


NEW QUESTION # 55
You ate planning to use Terraform to deploy the Google Cloud infrastructure for your company, The design must meet the following requirements
* Each Google Cloud project must represent an Internal project that your team Will work on
* After an Internal project is finished, the infrastructure must be deleted
* Each Internal project must have Its own Google Cloud project owner to manage the Google Cloud resources.
* You have 10-100 projects deployed at a time
While you are writing the Terraform code, you need to ensure that the deployment is simple and the code is reusable With centralized management What should you do?

  • A. Create a Single project and additional VPCs for each internal project
  • B. Create a Shared VPC and service project for each internal project
  • C. Create a Single project and Single VPC for each internal project
  • D. Create a Single Shared VPC and attach each Google Cloud project as a service project

Answer: B

Explanation:
The correct answer is D because it meets the following requirements:
Each internal project has its own Google Cloud project, which can be easily created and deleted by Terraform using the google_project resource1.
Each internal project has its own Google Cloud project owner, which can be assigned by Terraform using the google_project_iam_member resource1.
The deployment is simple and the code is reusable with centralized management, because the Shared VPC allows you to connect multiple service projects to a single host project that contains the network resources2. This way, you can use Terraform modules to create and manage the network resources in the host project, and then reference them in the service projects3.
Option A is incorrect because it does not create separate Google Cloud projects for each internal project, which makes it harder to delete the infrastructure and assign project owners. Option B is incorrect because it does not create separate Google Cloud projects for each internal project, and also because it attaches the service projects to a Shared VPC, which is not recommended for short-lived projects2. Option C is incorrect because it does not use a Shared VPC, which means that each internal project has to create and manage its own network resources, which increases complexity and reduces reusability.
Reference:
google_project - Terraform Registry
Managing infrastructure as code with Terraform, Cloud Build, and GitOps | Google Cloud Automating your automation by Creating Google Cloud Projects Automatically


NEW QUESTION # 56
You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP- capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.
What should you do?

  • A. * Create a Cloud VPN instance.
    * Create a route-based VPN tunnel.
    * Configure the appropriate local and remote traffic selectors to match your local and remote networks.
    * Configure the appropriate static routes.
  • B. * Create a Cloud VPN instance.
    * Create a route-based VPN tunnel.
    * Configure the appropriate local and remote traffic selectors to 0.0.0.0/0.
    * Configure the appropriate static routes.
  • C. * Create a Cloud VPN instance.
    * Create a policy-based VPN tunnel.
    * Configure the appropriate local and remote traffic selectors to match your local and remote networks.
    * Configure the appropriate static routes.
  • D. * Create a Cloud VPN instance.
    * Create a policy-based VPN tunnel per subnet.
    * Configure the appropriate local and remote traffic selectors to match your local and remote networks.
    * Create the appropriate static routes.

Answer: B

Explanation:
Explanation/Reference: https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing


NEW QUESTION # 57
You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command.
Which next hop should you choose?

  • A. The name and region of the Cloud VPN tunnel
  • B. The IP address of the Cloud VPN gateway
  • C. The IP address of the instance on the remote side of the VPN tunnel
  • D. The default internet gateway

Answer: A

Explanation:
When you create a route based tunnel using the Cloud Console, Classic VPN performs both of the following tasks: Sets the tunnel's local and remote traffic selectors to any IP address (0.0.0.0/0) For each range in Remote network IP ranges, Google Cloud creates a custom static route whose destination (prefix) is the range's CIDR, and whose next hop is the tunnel. https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-static-vpns


NEW QUESTION # 58
A database virtual machine on Google Compute Engine has an ext4-formatted persistent disk for data files. The database is about to run out of storage space How can you remediate the problem with the least amount of downtime?

  • A. In the Cloud Platform Console, increase the size of the persistent disk and use the resize2fs command in Linux.
  • B. Shut down the virtual machine, use the Cloud Platform Console to increase the persistent disk size, then restart the virtual machine.
  • C. In the Cloud Platform Console, create a snapshot of the persistent disk, restore the snapshot to a new larger disk, unmount the old disk, mount the new disk, and restart the database service.
  • D. In the Cloud Platform Console, create a new persistent disk attached to the virtual machine, format and mount it, and configure the database service to move the files to the new disk.
  • E. In the Cloud Platform Console, increase the size of the persistent disk and verify the new space is ready to use with the fdisk command in Linux.

Answer: A

Explanation:
A (Correct answer) - In the Cloud Platform Console, increase the size of the persistent disk and use the resize2fs command in Linux.
Here are the steps: In the Cloud Platform Console, increase the size of the persistent disk; after indicating size increase in console, to make the new size effective, you have two options: restart the VM or configure in the VM's operating systems, Windows or Linux.


NEW QUESTION # 59
......


Manage & Monitor Network Operations

In this part of the exam content, the students should be able to log and monitor with the use of GCP Console or Stackdriver. They must have competence in the management and maintenance of security, which includes firewalls and diagnosing & resolving IAM problems. Besides that, they need to be able to deal with the following objective:

  • Maintain & Troubleshoot Connectivity Issues: It includes the identification of traffic flow topology, redirecting and draining of traffic flows, and cross-connect hand-off for interconnect. It also measures one’s knowledge of the monitoring of egress and ingress traffic with the use of flow logs as well as monitoring firewall logs. This section will also evaluate the learners’ skills in troubleshooting and managing VPNs and troubleshooting peering issues with Cloud Router BGP.

The applicants should also demonstrate competence in troubleshooting, monitoring, and maintaining traffic flow and latency, which include routing issues, network latency testing & throughput, and tracing traffic flow.

 

Pass Your Professional-Cloud-Network-Engineer Exam Easily With 100% Exam Passing Guarantee: https://actualtests.vceprep.com/Professional-Cloud-Network-Engineer-latest-vce-prep.html

Related Articles

more
Google Professional-Cloud-Network-Engineer Certification Practice Exam