• Home
  • Blogs
  • Updated Jan-2022 Pass Professional-Cloud-Network-Engineer Exam - Real Practice Test Questions [Q15-Q40]

Updated Jan-2022 Pass Professional-Cloud-Network-Engineer Exam - Real Practice Test Questions [Q15-Q40]

Share

Updated Jan-2022 Pass Professional-Cloud-Network-Engineer Exam - Real Practice Test Questions

Download Free Google Professional-Cloud-Network-Engineer Real Exam Questions


Candidates for Google Professional Cloud Network Engineer Certification Exam

The candidates who decide to take the Google Professional Cloud Network Engineer test are those interested in consolidating their knowledge of how to manage the Google Cloud Platform. They already have at least one year of experience working with the architecture and want to leverage their skills in implementing hybrid connectivity, VPCs, and network services. Besides, they are interested in becoming part of cloud teams that include architects specialized in Google Cloud Platform management. In addition, the target audience for this test is formed of individuals who have at least three years of industry experience and want to successfully implement cloud solutions with the help of Google Cloud Platform Console and the command line interface.


Topics of Google Professional Cloud Network Engineer Exam

Candidates must know the exam topics before they start of preparation. because it will really help them in hitting the core. Our Google Professional Cloud Network Engineer Dumps will include the following topics:

Network architectures, this individual ensures successful cloud implementations using the command line interface or the Google Cloud Platform Console.

1. Designing, planning, and prototyping a GCP network

Designing the overall network architecture

  • Meeting business requirements
  • DNS strategy (e.g., on-premises, Cloud DNS, GSLB)
  • Options for high availability
  • Failover and disaster recovery strategy
  • Container networking
  • Optimizing for latency (e.g., MTU size, caches, CDN)
  • Hybrid connectivity (e.g., Google private access for hybrid connectivity)
  • SaaS, PaaS, and IaaS services
  • Choosing the appropriate load balancing options
  • Understanding how quotas are applied per project and per VPC
  • Microsegmentation for security purposes (e.g., using metadata, tags)
  • IAM and security

Designing a Virtual Private Cloud (VPC). Considerations include:

  • Routes
  • Firewall (e.g., service account–based, tag-based)
  • Differences between Google Cloud Networking and other cloud platforms
  • Standalone or shared
  • IP addressing (e.g., static, ephemeral, private)
  • CIDR range for subnets
  • Multiple vs. single
  • Peering
  • Multi-zone and multi-region

Designing a hybrid network. Considerations include:

  • Cross-organizational access
  • IPsec VPN
  • Cloud Router
  • Bandwidth
  • Using interconnect (e.g., dedicated vs. partner)
  • Failover and disaster recovery strategy (e.g., building high availability with BGP using cloud router)
  • Peering options (e.g., direct vs. carrier)
  • Shared vs. standalone VPC interconnect access

Designing a container IP addressing plan for Google Kubernetes Engine

2. Implementing a GCP Virtual Private Cloud (VPC)

Configuring VPCs. Considerations include:

  • Creating a shared VPC and explaining how to share subnets with other projects
  • Configuring VPC flow logs
  • Configuring VPC peering
  • Configuring API access (private, public, NAT GW, proxy)
  • Configuring GCP VPC resources (CIDR range, subnets, firewall rules, etc.)

Configuring routing. Tasks include:

  • Configuring internal static/dynamic routing
  • Configuring NAT (e.g., Cloud NAT, instance-based NAT)
  • Configuring routing policies using tags and priority

Configuring and maintaining Google Kubernetes Engine clusters. Considerations include:

  • Cluster network policy
  • Clusters with shared VPC
  • VPC-native clusters using alias IPs
  • Private clusters
  • Adding authorized networks for cluster master access

Configuring and managing firewall rules. Considerations include:

  • Ingress and egress rules
  • Priority
  • Network protocols
  • Firewall logs
  • Target network tags and service accounts

3. Configuring network services

Configuring load balancing. Considerations include:

  • Network load balancer
  • Internal load balancer
  • TCP and SSL proxy load balancers
  • Firewall and security rules
  • HTTP(S) load balancer: including changing URL maps, backend groups, health checks, CDN, and SSL certs
  • Capacity scaling
  • Creating backend services
  • Session affinity

Configuring Cloud CDN. Considerations include:

  • Cache invalidation
  • Using cache keys
  • Signed URLs
  • Enabling and disabling Cloud CDN

Configuring and maintaining Cloud DNS. Considerations include:

  • Internal DNS
  • DNS Security (DNSSEC)
  • Managing zones and records
  • Cloud DNS
  • Migrating to Cloud DNS
  • Integrating on-premises DNS with GCP
  • Global serving with Anycast

Enabling other network services. Considerations include:

  • Canary (A/B) releases
  • Distributing backend instances using regional managed instance groups
  • Health checks for your instance groups
  • Enabling private API access

4. Implementing hybrid interconnectivity

Configuring interconnect. Considerations include:

  • Bulk storage uploads
  • Virtualizing using VLAN attachments
  • Partner (e.g., layer 2 vs. layer 3 connectivity)

Configuring a site-to-site IPsec VPN (e.g., route-based, policy-based, dynamic or static routing).

Configuring Cloud Router for reliability.

5. Implementing network security

Configuring identity and access management (IAM). Tasks include:

  • Defining custom IAM roles
  • Viewing account IAM assignments
  • Using pre-defined IAM roles (e.g., network admin, network viewer, network user)
  • Assigning IAM roles to accounts or Google Groups

Configuring Cloud Armor policies. Considerations include:

  • IP-based access control

Configuring third-party device insertion into VPC using multi-nic (NGFW)

Managing keys for SSH access

6. Managing and monitoring network operations

Logging and monitoring with Stackdriver or GCP Console

Managing and maintaining security. Considerations include:

  • Diagnosing and resolving IAM issues (shared VPC, security/network admin)
  • Firewalls (e.g., cloud-based, private)

Maintaining and troubleshooting connectivity issues. Considerations include:

  • Troubleshooting Cloud Router BGP peering issues
  • Cross-connect handoff for interconnect
  • Managing and troubleshooting VPNs
  • Draining and redirecting traffic flows
  • Monitoring firewall logs
  • Identifying traffic flow topology (e.g., load balancers, SSL offload, network endpoint groups)
  • Monitoring ingress and egress traffic using flow logs

Monitoring, maintaining, and troubleshooting latency and traffic flow. Considerations include:

Network throughput and latency testing Routing issues Tracing traffic flow

7. Optimizing network resources

Optimizing traffic flow. Considerations include:

  • Load balancer and CDN location
  • Expanding subnet CIDR ranges in service
  • Accommodating workload increases (e.g., autoscaling vs. manual scaling)
  • Global vs. regional dynamic routing

Optimizing for cost and efficiency. Considerations include:

  • Cost optimization (Network Service Tiers, Cloud CDN, autoscaler [max instances])
  • Automation
  • VPN vs. interconnect
  • Bandwidth utilization (e.g., kernel sys tuning parameters)

Google Professional Cloud Network Engineer Certification Path

The Google Professional Cloud Network Engineer Certification is the highest level of certification mainly focussing to the Solution Architect Professional. There is no prerequisite for this exam but still it would be best to follow some sequence in order to prove immense knowledge as a Google Professional Cloud Network Engineer. You can complete Google Associate Certifications then approach for the professional certification. For more information related to Google cloud certification track Google-certification-path

 

NEW QUESTION 15
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances.
Which two products should you incorporate into the solution? (Choose two.)

  • A. VPC flow logs
  • B. Firewall logs
  • C. Stackdriver Trace
  • D. Cloud Audit logs
  • E. Compute Engine instance system logs

Answer: C,D

 

NEW QUESTION 16
Your company has recently expanded their EMEA-based operations into APAC. Globally distributed users report that their SMTP and IMAP services are slow. Your company requires end-to-end encryption, but you do not have access to the SSL certificates.
Which Google Cloud load balancer should you use?

  • A. Network load balancer
  • B. TCP proxy load balancer
  • C. HTTPS load balancer
  • D. SSL proxy load balancer

Answer: D

 

NEW QUESTION 17
You have setup a shared VPC and you have created three projects; Host Project, Service Project-1 and Service Project-2. You have created two subnets, subnet-1 in us-west1 and subnet-
2 in us-central1 in the Host Project. Only subnet-1 has been shared with Service Project -1 but when you go to VPC networks in Service Project-1 you also see subnet-2 which hasn't been shared with Service Project-1. Please select the correct option from below why is subnet-2 available to Service Project-1. Note Host Project is the Host Project in the shared VPC, Service Project-1 and Service project-2 are the Service Projects in the shared VPC.

  • A. It is a bug in Google Cloud, please report it.
  • B. The current user has Shared VPC Admin role and with Shared VPC Admin role all the networks are available.
  • C. Remove Shared Network admin role to the current user.
  • D. By default all subnets are available.

Answer: B

Explanation:
Option A is the Correct choice because , if the current user has Shared VPC Admin role then all the networks in the shared VPC is the available to the user irrespective of subnet level sharing permission with the Service Projects.
Option B is Incorrect because , it is not a bug .
Option C is Incorrect because ,all the subnets would be available if the current user has Shared Admin role.
Option D is Incorrect because ,Shared Network Admin role doesn't exist.

 

NEW QUESTION 18
You are designing a shared VPC architecture. Your network and security team has strict controls over which routes are exposed between departments. Your Production and Staging departments can communicate with each other, but only via specific networks. You want to follow Google- recommended practices.
How should you design this topology?

  • A. Create 2 shared VPCs within the shared VPC Host Project, and create a Cloud VPN/Cloud Router between them.
    Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
  • B. Create 2 shared VPCs within the shared VPC Host Project, and enable VPC peering between them.
    Use firewall rules to filter access between the specific networks.
  • C. Create 2 shared VPCs within the shared VPC Service Project, and create a Cloud VPN/Cloud Router between them.
    Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
  • D. Create 1 VPC within the shared VPC Host Project, and share individual subnets with the Service Projects to filter access between the specific networks.

Answer: D

Explanation:
https://cloud.google.com/vpc/docs/shared-vpc

 

NEW QUESTION 19
Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead.
How should you design the topology?

  • A. Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs.
  • B. Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.
  • C. Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.
  • D. Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.
    Use Shared VPC to connect to a common VPC network. Resources in those projects can communicate with each other securely and efficiently across project boundaries using internal IPs. You can manage shared network resources, such as subnets, routes, and firewalls, from a central host project, enabling you to apply and enforce consistent network policies across the projects.
    With Shared VPC and IAM controls, you can separate network administration from project administration. This separation helps you implement the principle of least privilege. For example, a centralized network team can administer the network without having any permissions into the participating projects. Similarly, the project admins can manage their project resources without any permissions to manipulate the shared network.

Answer: C

 

NEW QUESTION 20
You have recently been put in charge of managing identity and access management for your organization. You have several projects and want to use scripting and automation wherever possible. You want to grant the editor role to a project member.
Which two methods can you use to accomplish this? (Choose two.)

  • A. setIamPolicy() via REST API
  • B. gcloud pubsub add-iam-policy-binding Sprojectname --member user:Susername -- role roles/editor
  • C. GetIamPolicy() via REST API
  • D. gcloud projects add-iam-policy-binding Sprojectname --member user:Susername --role roles/editor
  • E. Enter an email address in the Add members field, and select the desired role from the drop-down menu in the GCP Console.

Answer: D,E

Explanation:
https://cloud.google.com/iam/docs/granting-changing-revoking-access

 

NEW QUESTION 21
Your company has just launched a new critical revenue-generating web application. You deployed the application for scalability using managed instance groups, autoscaling, and a network load balancer as frontend. One day, you notice severe bursty traffic that the caused autoscaling to reach the maximum number of instances, and users of your application cannot complete transactions. After an investigation, you think it as a DDOS attack. You want to quickly restore user access to your application and allow successful transactions while minimizing cost.
Which two steps should you take? (Choose two.)

  • A. Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline.
  • B. Create a global HTTP(s) load balancer and move your application backend to this load balancer.
  • C. Increase the maximum autoscaling backend to accommodate the severe bursty traffic.
  • D. SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.
  • E. Use Cloud Armor to blacklist the attacker's IP addresses.

Answer: C,D

 

NEW QUESTION 22
Your organization requires that metrics from all applications be retained for 5 years for future analysis in possible legal proceedings. Which approach should you use?

  • A. Configure Stackdriver Monitoring for all Projects with the default retention policies.
  • B. Configure Stackdriver Monitoring for all Projects, and export to Google Cloud Storage.
  • C. Grant the security team access to the logs in each Project.
  • D. Configure Stackdriver Monitoring for all Projects, and export to BigQuery.

Answer: B

Explanation:
B and D can be quickly ruled out because none of them is good solution for the requirements
"retained for 5 years"
Between A and C, the different is where to store, BigQuery or Cloud Storage. Since the main concern is extended storing period, C (Correct Answer) is better answer, and the "retained for 5 years for future analysis" further qualifies it, for example, using Coldline storage class.
With regards of BigQuery, while it is also a low-cost storage, but the main purpose is for analysis.
Also, logs in Cloud Storage is easy to transport to BigQuery whenever needed.

 

NEW QUESTION 23
You are deploying a global external TCP load balancing solution and want to preserve the source IP address of the original layer 3 payload.
Which type of load balancer should you use?

  • A. Network load balancer
  • B. HTTP(S) load balancer
  • C. TCP/SSL proxy load balancer
  • D. Internal load balancer

Answer: A

Explanation:
Reference:
https://cloud.google.com/load-balancing/docs/network

 

NEW QUESTION 24
You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.
What should you do?

  • A. Upload your public ssh key to each instance Metadata.
  • B. Upload your public ssh key to the project Metadata.
  • C. Use gcloud compute ssh to automatically copy your public ssh key to the instance.
  • D. Create a custom Google Compute Engine image with your public ssh key embedded.

Answer: B

Explanation:
Overview By creating and managing SSH keys, you can let users access a Linux instance through third-party tools. An SSH key consists of the following files: A public SSH key file that is applied to instance-level metadata or project-wide metadata. A private SSH key file that the user stores on their local devices. If a user presents their private SSH key, they can use a third-party tool to connect to any instance that is configured with the matching public SSH key file, even if they aren't a member of your Google Cloud project. Therefore, you can control which instances a user can access by changing the public SSH key metadata for one or more instances. https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#addkey

 

NEW QUESTION 25
You have a storage bucket that contains two objects. Cloud CDN is enabled on the bucket, and both objects have been successfully cached. Now you want to make sure that one of the two objects will not be cached anymore, and will always be served to the internet directly from the origin.
What should you do?

  • A. Add a Cache-Control entry with value private to the metadata of the object you don't want to be cached anymore. Invalidate all the previously cached copies.
  • B. Create a new storage bucket, and move the object you don't want to be checked anymore inside it. Then edit the bucket setting and enable the private attribute.
  • C. Ensure that the object you don't want to be cached anymore is not shared publicly.
  • D. Add an appropriate lifecycle rule on the storage bucket containing the two objects.

Answer: A

Explanation:
https://cloud.google.com/cdn/docs/invalidating-cached-content

 

NEW QUESTION 26
You want to use Cloud Interconnect to connect your on-premises network to a GCP VPC. You cannot meet Google at one of its point-of-presence (POP) locations, and your on-premises router cannot run a Border Gateway Protocol (BGP) configuration.
Which connectivity model should you use?

  • A. Dedicated Interconnect
  • B. Partner Interconnect with a layer 3 partner
  • C. Partner Interconnect with a layer 2 partner
  • D. Direct Peering

Answer: A

Explanation:
Reference:
https://cloud.google.com/interconnect/docs/support/faq

 

NEW QUESTION 27
Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.
How should you deploy this service in GCP?

  • A. Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.
  • B. Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.
  • C. Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal-priority static routes to the backend servers.
  • D. Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.

Answer: D

 

NEW QUESTION 28
You work for a university that is migrating to GCP.
These are the cloud requirements:
* On-premises connectivity with 10 Gbps
* Lowest latency access to the cloud
* Centralized Networking Administration Team
New departments are asking for on-premises connectivity to their projects. You want to deploy the most cost-efficient interconnect solution for connecting the campus to Google Cloud.
What should you do?

  • A. Use Shared VPC, and deploy the VLAN attachments and Interconnect in the host project.
  • B. Use standalone projects and deploy the VLAN attachments and Interconnects in each of the individual projects.
  • C. Use standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Interconnects.
  • D. Use Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.

Answer: D

 

NEW QUESTION 29
Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.
During troubleshooting you find:
- Each on-premises router is configured with a unique ASN. ?Each on-
premises router is configured with the same routes and priorities.
- Both on-premises routers are configured with a VPN connected to a
single Cloud Router.
- BGP sessions are established between both on-premises routers and the Cloud Router.
- Only 1 of the on-premises router's routes are being added to the
routing table.
What is the most likely cause of this problem?

  • A. A firewall is blocking the traffic across the second VPN connection.
  • B. The ASNs being used on the on-premises routers are different.
  • C. You do not have a load balancer to load-balance the network traffic.
  • D. The on-premises routers are configured with the same routes.

Answer: C

 

NEW QUESTION 30
You want to configure load balancing for an internet-facing, standard voice-over-IP (VOIP) application.
Which type of load balancer should you use?

  • A. Network load balancer
  • B. HTTP(S) load balancer
  • C. Internal TCP/UDP load balancer
  • D. TCP/SSL proxy load balancer

Answer: A

 

NEW QUESTION 31
After a network change window one of your company's applications stops working. The application uses an on-premises database server that no longer receives any traffic from the application. The database server IP address is 10.2.1.25. You examine the change request, and the only change is that 3 additional VPC subnets were created. The new VPC subnets created are 10.1.0.0/16, 10.2.0.0/16, and 10.3.1.0/24/ The on-premises router is advertising 10.0.0.0/8.
What is the most likely cause of this problem?

  • A. The less specific VPC subnet route is taking priority.
  • B. The on-premises router is not advertising a route for the database server.
  • C. The more specific VPC subnet route is taking priority.
  • D. A cloud firewall rule that blocks traffic to the on-premises database server was created during the change.

Answer: D

 

NEW QUESTION 32
You are configuring a new instance of Cloud Router in your Organization's Google Cloud environment to allow connection across a new Dedicated Interconnect to your data center Sales, Marketing, and IT each have a service project attached to the Organization's host project.
Where should you create the Cloud Router instance?

  • A. VPC network in the Host Project
  • B. VPC network in all projects
  • C. VPC network in the IT Project
  • D. VPC network in the Sales, Marketing, and IT Projects

Answer: A

Explanation:
Reference:
https://cloud.google.com/interconnect/docs/how-to/dedicated/using-interconnects-other-projects

 

NEW QUESTION 33
You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services. You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.
How should you design this topology?

  • A. Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.
  • B. Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services.
    Create a VPC-native cluster and specify those ranges. When the services are ready to be deployed, resize the subnets.
  • C. Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.
  • D. Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services.
    Create a VPC-native cluster and specify those ranges.

Answer: B

Explanation:
https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters

 

NEW QUESTION 34
You are increasing your usage of Cloud VPN between on-premises and GCP, and you want to support more traffic than a single tunnel can handle. You want to increase the available bandwidth using Cloud VPN.
What should you do?

  • A. Add a second Cloud VPN gateway in a different region than the existing VPN gateway. Create a new tunnel on the second Cloud VPN gateway that forwards the same IP range, but points to the existing on-premises VPN gateway IP address.
  • B. Create two VPN tunnels on the same Cloud VPN gateway that point to the same destination VPN gateway IP address.
  • C. Add a second on-premises VPN gateway with a different public IP address. Create a second tunnel on the existing Cloud VPN gateway that forwards the same IP range, but points at the new on-premises gateway IP.
  • D. Double the MTU on your on-premises VPN gateway from 1460 bytes to 2920 bytes.

Answer: B

 

NEW QUESTION 35
You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly.
How should you configure the health check?

  • A. Set proxy-header to the default value, and set host to include a custom host header that identifies the health check.
  • B. Set request-path to a specific URL used for health checking, and set response to a string that the backend service will always return in the response body.
  • C. Set request-path to a specific URL used for health checking, and set host to include a custom host header that identifies the health check.
  • D. Set request-path to a specific URL used for health checking, and set proxy-header to PROXY_V1.

Answer: B

Explanation:
https://cloud.google.com/load-balancing/docs/health-check-concepts#content-based_health_checks

 

NEW QUESTION 36
You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services. You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.
How should you design this topology?

  • A. Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.
  • B. Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services. Create a VPC-native cluster and specify those ranges. When the services are ready to be deployed, resize the subnets.
  • C. Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.
  • D. Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services. Create a VPC-native cluster and specify those ranges.

Answer: B

 

NEW QUESTION 37
Your company just completed the acquisition of Altostrat (a current GCP customer). Each company has a separate organization in GCP and has implemented a custom DNS solution.
Each organization will retain its current domain and host names until after a full transition and architectural review is done in one year.
These are the assumptions for both GCP environments.
- Each organization has enabled full connectivity between all of its
projects by using Shared VPC.
- Both organizations strictly use the 10.0.0.0/8 address space for
their instances, except for bastion hosts (for accessing the instances) and load balancers for serving web traffic.
- There are no prefix overlaps between the two organizations.
- Both organizations already have firewall rules that allow all inbound and outbound traffic from the 10.0.0.0/8 address space.
- Neither organization has Interconnects to their on-premises
environment.
You want to integrate networking and DNS infrastructure of both organizations as quickly as possible and with minimal downtime.
Which two steps should you take? (Choose two.)

  • A. Create a third organization with a new host project, and attach all projects from your company and Altostrat to it using shared VPC.
  • B. Set up some variant of DNS forwarding and zone transfers in each organization.
  • C. Use Cloud DNS to create A records of all VMs and resources across all projects in both organizations.
  • D. Connect VPCs in both organizations using Cloud VPN together with Cloud Router.
  • E. Provision Cloud Interconnect to connect both organizations together.

Answer: C,E

 

NEW QUESTION 38
Your company has recently expanded their EMEA-based operations into APAC. Globally distributed users report that their SMTP and IMAP services are slow. Your company requires end-to-end encryption, but you do not have access to the SSL certificates.
Which Google Cloud load balancer should you use?

  • A. Network load balancer
  • B. TCP proxy load balancer
  • C. HTTPS load balancer
  • D. SSL proxy load balancer

Answer: D

Explanation:
https://cloud.google.com/security/encryption-in-transit/

 

NEW QUESTION 39
You are a admin at XYZ organization. Few of your team members need to use BigQuery Data Transfer Service for Amazon S3 . They want to automatically schedule and manage recurring load jobs from Amazon S3 into BigQuery, they want to run the transfer job every week. They have, Amazon S3 URI for the source data, access key ID , secret access key and Read permission on the data source . What necessary permissions are required for the transfer job creators in BigQuery .

  • A. bigquery.transfers.update and bigquery.transfers.get
  • B. bigquery.transfer.get and bigquery.data.sets.update
  • C. bigquery.transfers.update and bigquery.datasets.update
  • D. bigquery.jobs.create and bigquery.transfers.get

Answer: C

Explanation:
Option A is the correct choice because bigquery.transfers.update permissions is needed to create the transfer and bigquery.datasets.update permissions is needed on the target dataset .Also The bigquery.admin predefined Cloud IAM role includes bigquery.transfers.update and bigquery.datasets.update permissions .
Option B is Incorrect because , it is not the required permission for transfer job creators.
Option C and Option D are Incorrect because , they are not the required permission for transfer job creators.

 

NEW QUESTION 40
......

Professional-Cloud-Network-Engineer Dumps 100 Pass Guarantee With Latest Demo: https://www.pass4leader.com/Google/Professional-Cloud-Network-Engineer-exam.html

Pass Your Exam With 100% Verified Professional-Cloud-Network-Engineer Exam Questions: https://drive.google.com/open?id=1BAyNYrORoL9M_976r6Y-xuUb_0YzjQUB

Related Blogs

more
Go To Professional-Cloud-Network-Engineer Questions