Valid Professional-Cloud-Network-Engineer Exam Q&A PDF Professional-Cloud-Network-Engineer Dump is Ready (Updated 80 Questions) [Q31-Q56]

Valid Professional-Cloud-Network-Engineer Exam Q&A PDF Professional-Cloud-Network-Engineer Dump is Ready (Updated 80 Questions)

Exam Questions and Answers for  Professional-Cloud-Network-Engineer Study Guide

Who should take the Google Professional Cloud Network Engineer exam

Individuals should pursue the Google Professional Cloud Network Engineer Exam if they want to demonstrate their expertise and ability to design, plan, and prototype a GCP Network , implement a GCP Virtual Private Cloud (VPC), implement network security. It’s perfect for network engineers, systems administrators or operations team members or simply any professional who wants in on this specific area of IT and cloud.

How to book Google Professional Cloud Network Engineer Exams

The registration for the Google Professional Cloud Network Engineer Exam follows the steps given below.

• Step 1: Visit the Google Cloud Webassessor Website
• Step 2: Sign in or sign up to your Google Cloud Webassessor account
• Step 3: Search for the exam name Google Professional Cloud Network Engineer
• Step 4: Take the date of the exam, choose exam center and make further payment using payment method like credit/debit etc.

 

NEW QUESTION 31
You need to enable Cloud CDN for all the objects inside a storage bucket. You want to ensure that all the object in the storage bucket can be served by the CDN.
What should you do in the GCP Console?

• A. Create a new TCP load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.
• B. Create a new cloud storage bucket, and then enable Cloud CDN on it.
• C. Create a new HTTP load balancer, select the storage bucket as a backend, enable Cloud CDN on the backend, and make sure each object inside the storage bucket is shared publicly.
• D. Create a new SSL proxy load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.

Answer: B

 

NEW QUESTION 32
You have recently been put in charge of managing identity and access management for your organization. You have several projects and want to use scripting and automation wherever possible. You want to grant the editor role to a project member.
Which two methods can you use to accomplish this? (Choose two.)
GetIamPolicy() via REST API

• A. gcloud pubsub add-iam-policy-binding $projectname --member user:$username --
• B. role roles/editor
  gcloud projects add-iam-policy-binding $projectname --member user:$username --
• C. setIamPolicy() via REST API
• D. role roles/editor
• E. Enter an email address in the Add members field, and select the desired role from the drop-down menu in the GCP Console.

Answer: D,E

Explanation:
Explanation/Reference: https://cloud.google.com/iam/docs/granting-changing-revoking-access

 

NEW QUESTION 33
You have recently been put in charge of managing identity and access management for your organization. You have several projects and want to use scripting and automation wherever possible. You want to grant the editor role to a project member.
Which two methods can you use to accomplish this? (Choose two.)
GetIamPolicy() via REST API

• A. setIamPolicy() via REST API
• B. gcloud pubsub add-iam-policy-binding Sprojectname --member user:Susername --
• C. role roles/editor
• D. role roles/editor
  gcloud projects add-iam-policy-binding Sprojectname --member user:Susername --
• E. Enter an email address in the Add members field, and select the desired role from the drop-down menu in the GCP Console.

Answer: C,E

Explanation:
Explanation/Reference: https://cloud.google.com/iam/docs/granting-changing-revoking-access

 

NEW QUESTION 34
You are using a 10-Gbps direct peering connection to Google together with the gsutil tool to upload files to Cloud Storage buckets from on-premises servers. The on-premises servers are 100 milliseconds away from the Google peering point. You notice that your uploads are not using the full 10-Gbps bandwidth available to you. You want to optimize the bandwidth utilization of the connection.
What should you do on your on-premises servers?

• A. Tune TCP parameters on the on-premises servers.
• B. Remove the -m flag from the gsutil command to enable single-threaded transfers.
• C. Compress files using utilities like tar to reduce the size of data being sent.
• D. Use the perfdiag parameter in your gsutil command to enable faster performance: gsutil perfdiag gs://[BUCKET NAME].

Answer: D

Explanation:
Explanation/Reference: https://cloud.google.com/solutions/transferring-big-data-sets-to-gcp

 

NEW QUESTION 35
Your company has a security team that manages firewalls and SSL certificates. It also has a networking team that manages the networking resources. The networking team needs to be able to read firewall rules, but should not be able to create, modify, or delete them.
How should you set up permissions for the networking team?

• A. Assign members of the networking team a custom role with only the compute.networks.* and the compute.firewalls.list permissions.
• B. Assign members of the networking team the compute.networkViewer role, and add the compute.networks.use permission.
• C. Assign members of the networking team the compute.networkUser role.
• D. Assign members of the networking team the compute.networkAdmin role.

Answer: D

 

NEW QUESTION 36
You are configuring a new instance of Cloud Router in your Organization's Google Cloud environment to allow connection across a new Dedicated Interconnect to your data center Sales, Marketing, and IT each have a service project attached to the Organization's host project.
Where should you create the Cloud Router instance?

• A. VPC network in the Host Project
• B. VPC network in all projects
• C. VPC network in the IT Project
• D. VPC network in the Sales, Marketing, and IT Projects

Answer: A

 

NEW QUESTION 37
You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BGP) session, and the other one acts as a standby.
Which BGP attribute should you use on your on-premises router?

• A. AS-Path
• B. Community
• C. Multi-exit Discriminator
• D. Local Preference

Answer: C

 

NEW QUESTION 38
You have a storage bucket that contains the following objects:
- folder-a/image-a-1.jpg
- folder-a/image-a-2.jpg
- folder-b/image-b-1.jpg
- folder-b/image-b-2.jpg
Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached.
You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands.
What should you do?

• A. Add an appropriate lifecycle rule on the storage bucket.
• B. Disable Cloud CDN on the storage bucket. Wait 90 seconds. Re-enable Cloud CDN on the storage bucket.
• C. Issue a cache invalidation command with pattern /folder-a/*.
• D. Make sure that all the objects with prefix folder-a are not shared publicly.

Answer: D

 

NEW QUESTION 39
You are migrating to Cloud DNS and want to import your BIND zone file.
Which command should you use?

• A. gcloud dns record-sets import ZONE_FILE --zone-file-format --zone MANAGED_ZONE
• B. gcloud dns record-sets import ZONE_FILE --delete-all-existing --zone MANAGED ZONE
• C. gcloud dns record-sets import ZONE_FILE --zone MANAGED_ZONE
• D. gcloud dns record-sets import ZONE_FILE --replace-origin-ns --zone MANAGED_ZONE

Answer: A

Explanation:
https://cloud.google.com/sdk/gcloud/reference/dns/record-sets/import

 

NEW QUESTION 40
You need to create a new VPC network that allows instances to have IP addresses in both the 10.1.1.0/24 network and the 172.16.45.0/24 network.
What should you do?

• A. Configure an alias-IP range of 172.16.45.0/24 on the virtual instances within the VPC subnet of 10.1.1.0/24.
• B. Use VPC peering to allow traffic to route between the 10.1.0.0/24 network and the 172.16.45.0/24 network.
• C. Create unique DNS records for each service that sends traffic to the desired IP address.
• D. Configure global load balancing to point 172.16.45.0/24 to the correct instance.

Answer: A

 

NEW QUESTION 41
You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.
What should you do?

• A. Upload your public ssh key to each instance Metadata.
• B. Upload your public ssh key to the project Metadata.
• C. Use gcloud compute ssh to automatically copy your public ssh key to the instance.
• D. Create a custom Google Compute Engine image with your public ssh key embedded.

Answer: B

 

NEW QUESTION 42
You want to create a service in GCP using IPv6.
What should you do?

• A. Create the instance with the designated IPv6 address.
• B. Configure an internal load balancer with the designated IPv6 address.
• C. Configure a TCP Proxy with the designated IPv6 address.
• D. Configure a global load balancer with the designated IPv6 address.

Answer: D

 

NEW QUESTION 43
You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services. You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.
How should you design this topology?

• A. Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.
• B. Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services. Create a VPC-native cluster and specify those ranges. When the services are ready to be deployed, resize the subnets.
• C. Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.
• D. Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services. Create a VPC-native cluster and specify those ranges.

Answer: B

 

NEW QUESTION 44
Your end users are located in close proximity to us-east1 and europe-west1. Their workloads need to communicate with each other. You want to minimize cost and increase network efficiency.
How should you design this topology?

• A. Create 2 VPCs, each with their own region and individual subnets.
  Use external IP addresses on the instances to establish connectivity between these regions.
• B. Create 1 VPC with 2 regional subnets.
  Create a global load balancer to establish connectivity between the regions.
• C. Create 1 VPC with 2 regional subnets.
  Deploy workloads in these subnets and have them communicate using private RFC1918 IP addresses.
• D. Create 2 VPCs, each with their own regions and individual subnets.
  Create 2 VPN gateways to establish connectivity between these regions.

Answer: C

Explanation:
VPC Network Peering enables you to peer VPC networks so that workloads in different VPC networks can communicate in private RFC 1918 space. Traffic stays within Google's network and doesn't traverse the public internet.
https://cloud.google.com/vpc/docs/vpc-peering

 

NEW QUESTION 45
You have an application that is running in a managed instance group. Your development team has released an updated instance template which contains a new feature which was not heavily tested. You want to minimize impact to users if there is a bug in the new template.
How should you update your instances?

• A. Using the new instance template, perform a rolling update across all instances in the instance group. Verify the new feature once the rollout completes.
• B. Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new template. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.
• C. Deploy a new instance group and canary the updated template in that group. Verify the new feature in the new canary instance group, and then update the original instance group.
• D. Manually patch some of the instances, and then perform a rolling restart on the instance group.

Answer: C

Explanation:
Explanation/Reference: https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances

 

NEW QUESTION 46
You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.
What should you do?

• A. Upload your public ssh key to each instance Metadata.
• B. Upload your public ssh key to the project Metadata.
• C. Use gcloud compute ssh to automatically copy your public ssh key to the instance.
• D. Create a custom Google Compute Engine image with your public ssh key embedded.

Answer: B

Explanation:
Overview By creating and managing SSH keys, you can let users access a Linux instance through third-party tools. An SSH key consists of the following files: A public SSH key file that is applied to instance-level metadata or project-wide metadata. A private SSH key file that the user stores on their local devices. If a user presents their private SSH key, they can use a third-party tool to connect to any instance that is configured with the matching public SSH key file, even if they aren't a member of your Google Cloud project. Therefore, you can control which instances a user can access by changing the public SSH key metadata for one or more instances. https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#addkey

 

NEW QUESTION 47
In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.
What should you do?

• A. Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.
• B. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
• C. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
• D. Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.

Answer: B

 

NEW QUESTION 48
You have ordered Dedicated Interconnect in the GCP Console and need to give the Letter of Authorization/Connecting Facility Assignment (LOA-CFA) to your cross-connect provider to complete the physical connection.
Which two actions can accomplish this? (Choose two.)

• A. Run gcloud compute interconnects describe <interconnect>.
• B. Contact your cross-connect provider and inform them that Google automatically sent the LOA/CFA to them via email, and to complete the connection.
• C. Open a Cloud Support ticket under the Cloud Interconnect category.
• D. Download the LOA-CFA from the Hybrid Connectivity section of the GCP Console.
• E. Check the email for the account of the NOC contact that you specified during the ordering process.

Answer: B,E

Explanation:
https://cloud.google.com/network-connectivity/docs/interconnect/how-to/dedicated/retrieving-loas

 

NEW QUESTION 49
Your company has recently expanded their EMEA-based operations into APAC. Globally distributed users report that their SMTP and IMAP services are slow. Your company requires end-to-end encryption, but you do not have access to the SSL certificates.
Which Google Cloud load balancer should you use?

• A. Network load balancer
• B. TCP proxy load balancer
• C. HTTPS load balancer
• D. SSL proxy load balancer

Answer: D

Explanation:
Explanation/Reference: https://cloud.google.com/security/encryption-in-transit/

 

NEW QUESTION 50
You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.
Which two actions should you take? (Choose two.)

• A. Turn on Private Google Access at the subnet level.
• B. Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.
• C. Turn on Private Services Access at the VPC level.
• D. Turn on Private Google Access at the VPC level.
• E. Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.

Answer: C,E

Explanation:
https://cloud.google.com/vpc/docs/private-access-options

 

NEW QUESTION 51
You want to establish a dedicated connection to Google that can access Cloud SQL via a public IP address and that does not require a third-party service provider.
Which connection type should you choose?

• A. Partner Interconnect
• B. Dedicated Interconnect
• C. Carrier Peering
• D. Direct Peering

Answer: D

Explanation:
When established, Direct Peering provides a direct path from your on-premises network to Google services, including Google Cloud products that can be exposed through one or more public IP addresses. Traffic from Google's network to your on-premises network also takes that direct path, including traffic from VPC networks in your projects. Google Cloud customers must request that direct egress pricing be enabled for each of their projects after they have established Direct Peering with Google. For more information, see Pricing.

 

NEW QUESTION 52
You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible.
What should you do?

• A. Grant the read-only privilege to the service account for the Cloud Storage bucket.
• B. Grant the iam.serviceAccountUser to your user account.
• C. Grant the compute.instanceAdmin to your user account.
• D. Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.

Answer: A

 

NEW QUESTION 53
You created a new VPC for your development team. You want to allow access to the resources in this VPC via SSH only.
How should you configure your firewall rules?

• A. Create two firewall rules: one to block all traffic with priority 0, and another to allow port 22 with priority
  1000.
• B. Create two firewall rules: one to block all traffic with priority 65536, and another to allow port 3389 with priority 1000.
• C. Create a single firewall rule to allow port 22 with priority 1000.
• D. Create a single firewall rule to allow port 3389 with priority 1000.

Answer: C

Explanation:
Explanation/Reference: https://geekflare.com/gcp-firewall-configuration/

 

NEW QUESTION 54
You decide to set up Cloud NAT. After completing the configuration, you find that one of your instances is not using the Cloud NAT for outbound NAT.
What is the most likely cause of this problem?

• A. The instance has been configured with multiple interfaces.
• B. An external IP address has been configured on the instance.
• C. You have created static routes that use RFC1918 ranges.
• D. The instance is accessible by a load balancer external IP address.

Answer: B

Explanation:
Explanation/Reference: https://www.sovereignsolutionscorp.com/google-cloud-nat/

 

NEW QUESTION 55
You want to configure a NAT to perform address translation between your on-premises network blocks and GCP.
Which NAT solution should you use?

• A. An instance with IP forwarding enabled
• B. An instance configured with iptables SNAT rules
• C. An instance configured with iptables DNAT rules
• D. Cloud NAT

Answer: D

Explanation:
Explanation/Reference: https://cloud.google.com/nat/docs/overview

 

NEW QUESTION 56
......

Certification dumps - Google Cloud Platform Professional-Cloud-Network-Engineer guides - 100% valid: https://www.examdumpsvce.com/Professional-Cloud-Network-Engineer-valid-exam-dumps.html

100% Pass Your Professional-Cloud-Network-Engineer Google Cloud Certified - Professional Cloud Network Engineer at First Attempt with ExamDumpsVCE: https://drive.google.com/open?id=1O6GqyqGsIkrIV6lpfQBg1pAUF-no6to3