Free Professional Cloud Network Engineer Exam Professional-Cloud-Network-Engineer Exam Practice Test

You need to define an address plan for a future new GKE cluster in your VPC. This will be a VPC native cluster, and the default Pod IP range allocation will be used. You must pre-provision all the needed VPC subnets and their respective IP address ranges before cluster creation. The cluster will initially have a single node, but it will be scaled to a maximum of three nodes if necessary. You want to allocate the minimum number of Pod IP addresses.Which subnet mask should you use for the Pod IP address range?

• /21
• /22
• /23
• /25

You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in your zone.What should you do?

• Update the TTL for the zone.
• Set the zone to the TRANSFER state.
• Disable DNSSEC at your domain registar.
• Transfer ownership of the domain to a new registar.

Your organization's security policy requires that all internet-bound traffic return to your on-premises data center through HA VPN tunnels before egressing to the internet, while allowing virtual machines (VMs) to leverage private Google APIs using private virtual IP addresses 199.36.153.4/30. You need to configure the routes to enable these traffic flows. What should you do?

• Configure a custom route 0.0.0.0/0 with a priority of 500 whose next hop is the default internet gateway. Configure another custom route 199.36.153.4/30 with priority of 1000 whose next hop is the VPN tunnel back to the on-premises data center.
• Configure a custom route 0.0.0.0/0 with a priority of 1000 whose next hop is the internet gateway. Configure another custom route 199.36.153.4/30 with a priority of 500 whose next hop is the VPN tunnel back to the on-premises data center.
• Announce a 0.0.0.0/0 route from your on-premises router with a MED of 1000. Configure a custom route 199.36.153.4/30 with a priority of 1000 whose next hop is the default internet gateway.
• Announce a 0.0.0.0/0 route from your on-premises router with a MED of 500. Configure another custom route 199.36.153.4/30 with a priority of 1000 whose next hop is the VPN tunnel back to the on- premises data center.

You have applications running in the us-west1 and us-east1 regions. You want to build a highly available VPN that provides 99.99% availability to connect your applications from your project to the cloud services provided by your partner's project while minimizing the amount of infrastructure required. Your partner's services are also in the us-west1 and us-east1 regions. You want to implement the simplest solution. What should you do?

• Create one Cloud Router and one HA VPN gateway in each region of your VPC and your partner's VPC. Connect your VPN gateways to the partner's gateways. Enable global dynamic routing in each VPC.
• Create one Cloud Router and one HA VPN gateway in the us-west1 region of your VPC. Create one OpenVPN Access Server in each region of your partner's VPC. Connect your VPN gateway to your partner's servers.
• Create one OpenVPN Access Server in each region of your VPC and your partner's VPC. Connect your servers to the partner's servers.
• Create one Cloud Router and one HA VPN gateway in the us-west1 region of your VPC and your partner's VPC. Connect your VPN gateways to the partner's gateways with a pair of tunnels. Enable global dynamic routing in each VPC.

Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren't certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users.What should you do?

• Create a Cloud Armor Policy rule that denies traffic and review necessary logs.
• Create a Cloud Armor Policy rule that denies traffic, enable preview mode, and review necessary logs.
• Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to disabled, and review necessary logs.
• Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to enabled, and review necessary logs.

Your software team is developing an on-premises web application that requires direct connectivity to Compute Engine Instances in GCP using the RFC 1918 address space. You want to choose a connectivity solution from your on-premises environment to GCP, given these specifications:Your ISP is a Google Partner Interconnect provider.Your on-premises VPN device's internet uplink and downlink speeds are 10 Gbps.A test VPN connection between your on-premises gateway and GCP is performing at a maximum speed of 500 Mbps due to packet losses.Most of the data transfer will be from GCP to the on-premises environment.The application can burst up to 1.5 Gbps during peak transfers over the Interconnect.Cost and the complexity of the solution should be minimal.How should you provision the connectivity solution?

• Provision a Partner Interconnect through your ISP.
• Provision a Dedicated Interconnect instead of a VPN.
• Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using ECMP.
• Use network compression over your VPN to increase the amount of data you can send over your VPN.

You create multiple Compute Engine virtual machine instances to be used as TFTP servers.Which type of load balancer should you use?

• HTTP(S) load balancer
• SSL proxy load balancer
• TCP proxy load balancer
• Network load balancer

You recently noticed a recurring daily spike in network usage in your Google Cloud project. You need to identify the virtual machine (VM) instances and type of traffic causing the spike in traffic utilization while minimizing the cost and management overhead required. What should you do?

• Enable VPC Flow Logs and send the output to BigQuery for analysis.
• Enable Firewall Rules Logging for all allowed traffic and send the output to BigQuery for analysis.
• Configure Packet Mirroring to send all traffic to a VM. Use Wireshark on the VM to identity traffic utilization for each VM in the VPC.
• Deploy a third-party network appliance and configure it as the default gateway. Use the third-party network appliance to identify users with high network traffic.

Your company's on-premises network is connected to a VPC using a Cloud VPN tunnel. You have a static route of 0.0.0.0/0 with the VPN tunnel as its next hop defined in the VPC. All internet bound traffic currently passes through the on-premises network. You configured Cloud NAT to translate the primary IP addresses of Compute Engine instances in one region. Traffic from those instances will now reach the internet directly from their VPC and not from the on-premises network. Traffic from the virtual machines (VMs) is not translating addresses as expected. What should you do?

• Lower the TCP Established Connection Idle Timeout for the NAT gateway.
• Add firewall rules that allow ingress and egress of the external NAT IP address, have a target tag that is on the Compute Engine instances, and have a priority value higher than the priority value of the default route to the VPN gateway.
• Add a default static route to the VPC with the default internet gateway as the next hop, the network tag associated with the Compute Engine instances, and a higher priority than the priority of the default route to the VPN tunnel.
• Increase the default min-ports-per-vm setting for the Cloud NAT gateway.

You are configuring load balancing for a standard three-tier (web, application, and database) application. You have configured an external HTTP(S) load balancer for the web servers. You need to configure load balancing for the application tier of servers. What should you do?

• Configure a forwarding rule on the existing load balancer for the application tier.
• Configure equal cost multi-path routing on the application servers.
• Configure a new internal HTTP(S) load balancer for the application tier.
• Configure a URL map on the existing load balancer to route traffic to the application tier.