[Nov 19, 2021] Latest Professional-Cloud-Network-Engineer PDF Dumps & Real Tests Free Updated Today [Q29-Q51]

[Nov 19, 2021]  Latest Professional-Cloud-Network-Engineer PDF Dumps & Real Tests Free Updated Today

Professional-Cloud-Network-Engineer Dumps With 100% Verified Q&As - Pass Guarantee or Full Refund

Google Professional Cloud Network Engineer Certified Professional salary

The average salary of a Google Professional Cloud Network Engineer Certified Expert in

• India - 27,42,327 INR
• Europe - 145,347 EURO
• England - 135,632 POUND
• United State - 181,247 USD

Evaluation and Its Structure

The Google Professional Cloud Network Engineer exam includes both multiple-choice and multiple-answer inquiries. The vendor doesn’t give details on the number of questions that the candidates will need to respond to. Still, it mentions that the allotted time for each candidate to accomplish the actual test will be 2 hours. Besides, the exam-takers will have to pay an enrollment fee of $200 plus any applicable tax that might be necessary. In addition, such an exam is available in the English language only. As for the delivery mode, the candidates can take the proctored exam online. Still, they should first check the testing requirements and make sure they comply with them for a smooth exam process. The second option would be to take the official validation in a test center so the exam-takers should check the closest testing center to their current location. When it comes to the prerequisites, Google doesn’t mention any specific conditions. However, as it was highlighted above, the vendor recommends that candidates have a minimum of 3 years of experience in the industry. During this period, they should have also gathered at least 1 year of experience in using GCP for solution management and design.

Topics Assessed in Final Test

You can succeed in the actual Google Professional Cloud Network Engineer exam if you manage to demonstrate that you developed the following skills and expertise:

• Ensuring network resources optimization.
• Monitoring and managing network operations;
• Gaining knowledge of how to plan, design, and create a GCP network prototype;
• Implementing and configuring a Virtual Private Cloud using the GCP network;
• Configuring Google Cloud features to implement network security;
• Discerning how to configure network services;
• Implementing and configuring hybrid interconnectivity;

 

NEW QUESTION 29
Your end users are located in close proximity to us-east1 and europe-west1. Their workloads need to communicate with each other. You want to minimize cost and increase network efficiency.
How should you design this topology?

• A. Create 2 VPCs, each with their own region and individual subnets.
  Use external IP addresses on the instances to establish connectivity between these regions.
• B. Create 1 VPC with 2 regional subnets.
  Create a global load balancer to establish connectivity between the regions.
• C. Create 1 VPC with 2 regional subnets.
  Deploy workloads in these subnets and have them communicate using private RFC1918 IP addresses.
• D. Create 2 VPCs, each with their own regions and individual subnets.
  Create 2 VPN gateways to establish connectivity between these regions.

Answer: C

Explanation:
VPC Network Peering enables you to peer VPC networks so that workloads in different VPC networks can communicate in private RFC 1918 space. Traffic stays within Google's network and doesn't traverse the public internet.
https://cloud.google.com/vpc/docs/vpc-peering

 

NEW QUESTION 30
You work for a multinational enterprise that is moving to GCP.
These are the cloud requirements:
* An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us-west1 (primary HQ) and us-east4 (backup)
* Multiple regional offices in Europe and APAC
* Regional data processing is required in europe-west1 and australia-southeast1
* Centralized Network Administration Team
Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering. You want to deploy the appliance in us-west1.
What should you do?

• A. * Create 1 VPC in a Shared VPC Host Project.
  * Configure a 2-NIC instance in zone us-west1-a in the Host Project.
  * Attach NIC0 in us-west1 subnet of the Host Project.
  * Attach NIC1 in us-west1 subnet of the Host Project
  * Deploy the instance.
  * Configure the necessary routes and firewall rules to pass traffic through the instance.
• B. * Create 1 VPC in a Shared VPC Service Project.
  * Configure a 2-NIC instance in zone us-west1-a in the Service Project.
  * Attach NIC0 in us-west1 subnet of the Service Project.
  * Attach NIC1 in us-west1 subnet of the Service Project
  * Deploy the instance.
  * Configure the necessary routes and firewall rules to pass traffic through the instance.
• C. * Create 2 VPCs in a Shared VPC Host Project.
  * Configure a 2-NIC instance in zone us-west1-a in the Service Project.
  * Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.
  * Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.
  * Deploy the instance.
  * Configure the necessary routes and firewall rules to pass traffic through the instance.
• D. * Create 2 VPCs in a Shared VPC Host Project.
  * Configure a 2-NIC instance in zone us-west1-a in the Host Project.
  * Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.
  * Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.
  * Deploy the instance.
  * Configure the necessary routes and firewall rules to pass traffic through the instance.

Answer: D

 

NEW QUESTION 31
Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs.
Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)

• A. Dedicated Interconnect
• B. Cloud VPN
• C. VPC peering
• D. Shared VPC
• E. Cloud NAT

Answer: A,B

Explanation:
https://cloud.google.com/vpc/docs/vpc

 

NEW QUESTION 32
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You have recently engaged a traffic-scrubbing service and want to restrict your origin to allow connections only from the traffic-scrubbing service.
What should you do?

• A. Create IPTables firewall rules that block all traffic except for the traffic-scrubbing service.
• B. Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
• C. Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.
• D. Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.

Answer: C

Explanation:
Global load balancer will proxy the connection . thus no trace of session origin IP. you should use Cloud Armor to geofence your service.
https://cloud.google.com/load-balancing/docs/https

 

NEW QUESTION 33
You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP-capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.
What should you do?

• A. * Create a Cloud VPN instance.* Create a route-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to 0.0.0.0/0.* Configure the appropriate static routes.
• B. * Create a Cloud VPN instance.* Create a policy-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Configure the appropriate static routes.
• C. * Create a Cloud VPN instance.* Create a policy-based VPN tunnel per subnet.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Create the appropriate static routes.
• D. * Create a Cloud VPN instance.* Create a route-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Configure the appropriate static routes.

Answer: B

Explanation:
https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-static-vpns#creating_a_gateway_and_tunnel

 

NEW QUESTION 34
You have recently been put in charge of managing identity and access management for your organization. You have several projects and want to use scripting and automation wherever possible. You want to grant the editor role to a project member.
Which two methods can you use to accomplish this? (Choose two.)
GetIamPolicy() via REST API

• A. setIamPolicy() via REST API
• B. gcloud pubsub add-iam-policy-binding Sprojectname --member user:Susername --
• C. role roles/editor
• D. role roles/editor
  gcloud projects add-iam-policy-binding Sprojectname --member user:Susername --
• E. Enter an email address in the Add members field, and select the desired role from the drop-down menu in the GCP Console.

Answer: C,E

Explanation:
Explanation/Reference: https://cloud.google.com/iam/docs/granting-changing-revoking-access

 

NEW QUESTION 35
You created a new VPC network named Dev with a single subnet. You added a firewall rule for the network Dev to allow HTTP traffic only and enabled logging. When you try to log in to an instance in the subnet via Remote Desktop Protocol, the login fails. You look for the Firewall rules logs in Stackdriver Logging, but you do not see any entries for blocked traffic. You want to see the logs for blocked traffic.
What should you do?

• A. Try connecting to the instance via SSH, and check the logs.
• B. Create a new firewall rule with priority 65500 to deny all traffic, and enable logs.
• C. Check the VPC flow logs for the instance.
• D. Create a new firewall rule to allow traffic from port 22, and enable logs.

Answer: B

Explanation:
Ingress packets in VPC Flow Logs are sampled after ingress firewall rules. If an ingress firewall rule denies inbound packets, those packets are not sampled by VPC Flow Logs. We want to see the logs for blocked traffic so we have to look for them in firewall logs. https://cloud.google.com/vpc/docs/flow-logs#key_properties

 

NEW QUESTION 36
Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.
How should you deploy this service in GCP?

• A. Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.
• B. Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.
• C. Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal-priority static routes to the backend servers.
• D. Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.

Answer: D

 

NEW QUESTION 37
Your company has recently expanded their EMEA-based operations into APAC. Globally distributed users report that their SMTP and IMAP services are slow. Your company requires end-to-end encryption, but you do not have access to the SSL certificates.
Which Google Cloud load balancer should you use?

• A. SSL proxy load balancer
• B. Network load balancer
• C. HTTPS load balancer
• D. TCP proxy load balancer

Answer: D

Explanation:
https://cloud.google.com/security/encryption-in-transit/ Automatic encryption between GFEs and backends For the following load balancer types, Google automatically encrypts traffic between Google Front Ends (GFEs) and your backends that reside within Google Cloud VPC networks: HTTP(S) Load Balancing TCP Proxy Load Balancing SSL Proxy Load Balancing

 

NEW QUESTION 38
You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BGP) session, and the other one acts as a standby.
Which BGP attribute should you use on your on-premises router?

• A. AS-Path
• B. Community
• C. Multi-exit Discriminator
• D. Local Preference

Answer: C

 

NEW QUESTION 39
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed.
What is the most likely cause of the problem?

• A. The web servers behind the load balancer are configured with different compression types.
• B. You have not configured compression in Cloud CDN.
• C. You have configured the web servers and Cloud CDN with different compression types.
• D. You have to configure the web servers to compress responses even if the request has a Via header.

Answer: D

Explanation:
If responses served by Cloud CDN are not compressed but should be, check that the web server software running on your instances is configured to compress responses. By default, some web server software will automatically disable compression for requests that include a Via header. The presence of a Via header indicates the request was forwarded by a proxy. HTTP proxies such as HTTP(S) load balancing add a Via header to each request as required by the HTTP specification. To enable compression, you may have to override your web server's default configuration to tell it to compress responses even if the request had a Via header.

 

NEW QUESTION 40
You are trying to update firewall rules in a shared VPC for which you have been assigned only Network Admin permissions. You cannot modify the firewall rules. Your organization requires using the least privilege necessary.
Which level of permissions should you request?

• A. Security Admin privileges from the Shared VPC Admin.
• B. Shared VPC Admin privileges from the Organization Admin.
• C. Service Project Admin privileges from the Shared VPC Admin.
• D. Organization Admin privileges from the Organization Admin.

Answer: A

Explanation:
https://cloud.google.com/vpc/docs/shared-vpc

 

NEW QUESTION 41
You work for a multinational enterprise that is moving to GCP.
These are the cloud requirements:
* An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us-west1 (primary HQ) and us-east4 (backup)
* Multiple regional offices in Europe and APAC
* Regional data processing is required in europe-west1 and australia-southeast1
* Centralized Network Administration Team
Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering. You want to deploy the appliance in us-west1.
What should you do?

• A. * Create 2 VPCs in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Host Project.* Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.* Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.
• B. * Create 2 VPCs in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Service Project.* Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.* Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.
• C. * Create 1 VPC in a Shared VPC Service Project.* Configure a 2-NIC instance in zone us-west1-a in the Service Project.* Attach NIC0 in us-west1 subnet of the Service Project.* Attach NIC1 in us-west1 subnet of the Service Project* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.
• D. * Create 1 VPC in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Host Project.* Attach NIC0 in us-west1 subnet of the Host Project.* Attach NIC1 in us-west1 subnet of the Host Project* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.

Answer: A

 

NEW QUESTION 42
You are trying to update firewall rules in a shared VPC for which you have been assigned only Network Admin permissions. You cannot modify the firewall rules. Your organization requires using the least privilege necessary.
Which level of permissions should you request?

• A. Security Admin privileges from the Shared VPC Admin.
• B. Shared VPC Admin privileges from the Organization Admin.
• C. Service Project Admin privileges from the Shared VPC Admin.
• D. Organization Admin privileges from the Organization Admin.

Answer: A

Explanation:
A Shared VPC Admin can define a Security Admin by granting an IAM member the Security Admin (compute.securityAdmin) role to the host project. Security Admins manage firewall rules and SSL certificates.

 

NEW QUESTION 43
You are using the gcloud command line tool to create a new custom role in a project by coping a predefined role. You receive this error message:
INVALID_ARGUMENT: Permission resourcemanager.projects.list is not valid What should you do?

• A. Add the resourcemanager.projects.setIamPolicy permission, and try again.
• B. Add the resourcemanager.projects.get permission, and try again.
• C. Try again with a different role with a new name but the same permissions.
• D. Remove the resourcemanager.projects.list permission, and try again.

Answer: D

Explanation:
Reference:
https://cloud.google.com/iam/docs/understanding-custom-roles

 

NEW QUESTION 44
All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys. None of the instances are set with any SSH key, and no project-wide SSH keys have been configured. Firewall rules are set up to allow SSH sessions from any IP address range. You want to SSH into one instance.
What should you do?

• A. Generate a new SSH key pair. Verify the format of the private key and add it to the instance.
  SSH into the instance using a third-party tool like putty or ssh.
• B. Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh.
• C. Open the Cloud Shell SSH into the instance using gcloud compute ssh.
• D. Generate a new SSH key pair. Verify the format of the public key and add it to the project.
  SSH into the instance using a third-party tool like putty or ssh.

Answer: B

Explanation:
https://cloud.google.com/compute/docs/storing-retrieving-metadata

 

NEW QUESTION 45
In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.
What should you do?

• A. Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.
• B. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
• C. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
• D. Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.

Answer: B

 

NEW QUESTION 46
You want to configure a NAT to perform address translation between your on-premises network blocks and GCP.
Which NAT solution should you use?

• A. An instance with IP forwarding enabled
• B. An instance configured with iptables SNAT rules
• C. An instance configured with iptables DNAT rules
• D. Cloud NAT

Answer: D

 

NEW QUESTION 47
You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible.
What should you do?

• A. Grant the read-only privilege to the service account for the Cloud Storage bucket.
• B. Grant the compute.instanceAdmin to your user account.
• C. Grant the iam.serviceAccountUser to your user account.
• D. Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.

Answer: C

Explanation:
https://cloud.google.com/compute/docs/access/iam

 

NEW QUESTION 48
You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command.
Which next hop should you choose?

• A. The IP address of the Cloud VPN gateway
• B. The default internet gateway
• C. The IP address of the instance on the remote side of the VPN tunnel
• D. The name and region of the Cloud VPN tunnel

Answer: D

Explanation:
Reference:
https://cloud.google.com/vpn/docs/how-to/creating-static-vpns

 

NEW QUESTION 49
You have ordered Dedicated Interconnect in the GCP Console and need to give the Letter of Authorization/Connecting Facility Assignment (LOA-CFA) to your cross-connect provider to complete the physical connection.
Which two actions can accomplish this? (Choose two.)

• A. Run gcloud compute interconnects describe <interconnect>.
• B. Contact your cross-connect provider and inform them that Google automatically sent the LOA/CFA to them via email, and to complete the connection.
• C. Open a Cloud Support ticket under the Cloud Interconnect category.
• D. Download the LOA-CFA from the Hybrid Connectivity section of the GCP Console.
• E. Check the email for the account of the NOC contact that you specified during the ordering process.

Answer: B,E

Explanation:
https://cloud.google.com/network-connectivity/docs/interconnect/how-to/dedicated/retrieving-loas

 

NEW QUESTION 50
You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.
Which two actions should you take? (Choose two.)

• A. Turn on Private Google Access at the subnet level.
• B. Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.
• C. Turn on Private Services Access at the VPC level.
• D. Turn on Private Google Access at the VPC level.
• E. Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.

Answer: C,E

Explanation:
https://cloud.google.com/vpc/docs/private-access-options

 

NEW QUESTION 51
......

2021 Valid Professional-Cloud-Network-Engineer  test answers & Google Exam PDF: https://www.dumpsvalid.com/Professional-Cloud-Network-Engineer-still-valid-exam.html

Pass Google Professional-Cloud-Network-Engineer Exam With  Practice Test Questions Dumps Bundle: https://drive.google.com/open?id=1A04T-7cc2VPVRLPhMlfJ_3Yn-mSX5jNv