Google Professional-Cloud-Network-Engineer Practice Test : Free Online Preparation

Question 1
- You have several VMs across multiple VPCs in your cloud environment that require access to internetendpoints. These VMs cannot have public IP addresses due to security policies, so you plan to use CloudNAT to provide outbound internet access. Within your VPCs, you have several subnets in each region. Youwant to ensure that only specific subnets have access to the internet through Cloud NAT. You want to avoidany unintentional configuration issues caused by other administrators and align to Google-recommendedpractices. What should you do?
  A : Deploy Cloud NAT in each VPC and configure a custom source range that includes the allowed subnets. Configure Cloud NAT rules to only permit the allowed subnets to egress through Cloud NAT.
  
  B : Create a firewall rule in each VPC at priority 500 that targets all instances in the network and denies egress to the internet (0.0.0.0/0). Create a firewall rule at priority 300 that targets all instances in the network, has a source filter that maps to the allowed subnets, and allows egress to the internet (0.0.0.0 /0). Deploy Cloud NAT and configure all primary and secondary subnet source ranges.
  
  C : Create a firewall rule in each VPC at priority 500 that targets all instances in the network and denies egress to the internet (0.0.0.0/0). Create a firewall rule at priority 300 that targets all instances in the network, has a source filter that maps to the allowed subnets, and allows egress to the internet (0.0.0.0 /0). Deploy Cloud NAT and configure a custom source range that includes the allowed subnets.
  
  D : Create a constraints/compute.restrictCloudNATUsage organizational policy constraint. Attach the constraint to a folder that contains the associated projects. Configure the allowedValues to only contain the subnets that should have internet access. Deploy Cloud NAT and select only the allowed subnets.
  
  Answer: D
Question 2
- You are configuring the firewall endpoints as part of the Cloud Next Generation Firewall (Cloud NGFW) intrusion prevention service in Google Cloud. You have configured a threat prevention security profile, and you now need to create an endpoint for traffic inspection. What should you do?
  A : Attach the profile to the VPC network, create a firewall endpoint within the zone, and use a firewall policy rule to apply the L7 inspection.
  
  B : Create a firewall endpoint within the zone, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.
  
  C : Create a firewall endpoint within the region, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.
  
  D : Create a Private Service Connect endpoint within the zone, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.
  
  Answer: C
Question 3
- You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size
  is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new
  services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services.
  You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.
  How should you design this topology?
  
  A : Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services. Create a VPC-native cluster and specify those ranges.
  
  B : Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services. Create a VPC-native cluster and specify those ranges. When the services are ready to be deployed, resize the subnets.
  
  C : Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.
  
  D : Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.
  
  Answer: A
Question 4
- Recently, your networking team enabled Cloud CDN for one of the external-facing services that is exposed through an external Application Load Balancer. The application team has already defined which content should be cached within the responses. Upon testing the load balancer, you did not observe any change in performance after the Cloud CDN enablement. You need to resolve the issue. What should you do?
  A : Configure the CACHE_MAX_STATIC caching mode on Cloud CDN to ensure Cloud CDN caches content depending on responses from the backends.
  
  B : Configure the USE_ORIGIN_HEADERS caching mode on Cloud CDN to ensure Cloud CDN caches content based on response headers from the backends.
  
  C : Configure the CACHE_ALL_STATIC caching mode on Cloud CDN to ensure Cloud CDN caches all static content as well as content defined by the backends.
  
  D : Configure the FORCE_CACHE_ALL caching mode on Cloud CDN to ensure all appropriate content is cached.
  
  Answer: B
Question 5
- Recently, your networking team enabled Cloud CDN for one of the external-facing services that is exposed through an external Application Load Balancer. The application team has already defined which content should be cached within the responses. Upon testing the load balancer, you did not observe any change in performance after the Cloud CDN enablement. You need to resolve the issue. What should you do?
  A : Configure the CACHE_MAX_STATIC caching mode on Cloud CDN to ensure Cloud CDN caches content depending on responses from the backends.
  
  B : Configure the USE_ORIGIN_HEADERS caching mode on Cloud CDN to ensure Cloud CDN caches content based on response headers from the backends.
  
  C : Configure the CACHE_ALL_STATIC caching mode on Cloud CDN to ensure Cloud CDN caches all static content as well as content defined by the backends.
  
  D : Configure the FORCE_CACHE_ALL caching mode on Cloud CDN to ensure all appropriate content is cached.
  
  Answer: B

Free Google Professional-Cloud-Network-Engineer Exam Questions

Try our Free Demo Practice Tests for Comprehensive Professional-Cloud-Network-Engineer Exam Preparation