Google Certified Professional Cloud Network Engineer Practice Questions Second Edition Part 3

Your team has built a custom VPC to migrate its applications to GCP. The network design calls for a subnet as a DMZ, with a security appliance deployed. Which of the following is the smallest possible IP range for a subnet?

Which of the following services does not provide private, hybrid connectivity between GCP and your on-premises or colocation environment?

Your team needs to use a custom VPC for the deployment of its applications. Which of the following is true when a custom VPC is created?

Your custom VPC network has four GCE instances and two firewall rules with the configuration shown below.

1. VM1 has an external IP and network tag = allow-inbound.
2. VM2 has an external IP
3. VM3 has no external IP and a network tag = server
4. VM4 has no external IP and a network tag = client

Which of the options below is not true?

What is a scalable method for providing GCP compute engine instances with IPv4 access to the Internet without the need for network administration?

Which option provides the least amount of network jitter and latency when connecting an on-premises network to GCP APIs?

Which of the following will reuse existing network equipment and Internet connections if your team wants to connect the on-premises network to GCP?

Which of the following GCP tools can be used to capture traffic’s source and destination IP addresses?

Your application team has created a new GCP application. For the application to be fully tested, the team requires a bandwidth of 40Gbps over a dedicated interconnect.
How many physical circuits are needed in the interconnect deployment?

Your team is in charge of GCP VPC networking and hybrid connectivity to the on-premises network. According to Google best practices, which of the following is the recommended routing method for hybrid connectivity between the VPC and non-GCP networks?

Your team is in charge of the network security of a three-tier (app, web, and database) application deployed on a single subnet. The web tier and the app tier can communicate, and the app tier can communicate with the database tier. Other forms of communication between the tiers are not permitted.
Which of the following does not qualify as a valid firewall rule for these conditions?

Network security is critical for securing applications and client data as a network engineer. Which of the following does not qualify as a service that can be used to secure apps?

Your team is in charge of configuring the backend services for an HTTP(S) Load Balancer with a managed instance group serving as the backend. The servers are in London, but users are expected to connect to the application from anywhere in the world.
Which of the following services, by reducing traffic to instances, provides a cost-effective way to improve performance and lower latency for users?

Your team is in charge of an application deployed behind a load balancer, and content is cached closer to users worldwide using the Cloud CDN. A recent backend content update used the incorrect files, and there is an urgent need to clear that content from all caches globally. Which of the following is the most cost-effective solution, as advised by Google?

Your team manages an application’s networking resources on both GCP and the on-premises network. The company has decided to have the on-premises DNS server handle all DNS resolutions for its private hosted zone, both in GCP and on-premises.
Which of the following is not needed for this approach to work?

A growing company is considering hybrid cloud connectivity between its on-premises network and GCP to benefit from the Cloud’s scale. An on-premises DNS server currently manages DNS resolution for the company’s network.
Which of the following is not a viable strategy for DNS resolution management in a hybrid environment?

From its on-premises servers, your company provides a popular gaming service. The company intends to migrate to GCP but has chosen infrastructure as a service to deploy its two-tier (web and database) application. The web tier must be load-balanced to handle the traffic. Additionally, the database will be sharded into several persistent discs, and the database tier’s state must be preserved.
Which of the following configurations is appropriate for deployment? Choose two option.

You work as a network engineer for your company. The company has requested that you provide methods for managing user access to its Linux instances in GCP.
What is Google’s suggested method for controlling user access to GCE VMs?

Your company has a strategy for managing its users’ access to VMs using OS Login. At the project level, a new administrator has deployed a new set of GCE VMs in your company’s GCP VPC, setting enable-oslogin to false in the VM metadata.
Which of the following statements is correct in light of the above configuration?

Which of the following methods for managing user access to Linux VMs in GCP is the most efficient, secure, and scalable? Choose two options.

As the hybrid connectivity between your company’s VPC and the on-premises network, you have a Dedicated Interconnect. A single Cloud Router is used to exchange routes between the two networks on the fly. The GCP VPC has one subnet with deployed resources. You have been tasked with increasing the Cloud Router’s availability in the event of a regional failure.
Which of these will improve the Cloud Router’s current availability?

As the hybrid connectivity between your company’s VPC and the on-premises network, you have a Dedicated Interconnect. A single Cloud Router is used to exchange routes between the two networks on the fly. The GCP VPC has one subnet with deployed resources. You have been tasked with increasing the Cloud Router’s availability in the event of a regional failure.
Which of these will improve the Cloud Router’s current availability?

Which of the following is not a technical requirement in your on-premises devices to create a 10 Gbps GCP Dedicated Interconnect connection as the network engineer on a GCP hybrid connectivity project?

As a member of a network team in charge of the GCP VPC networks, the networks are custom VPCs or auto mode VPCs. There is a design request to expand the IP range of the auto mode network’s subnets. What is the broadest possible prefix (subnet mask)?

You are a member of a team that manages the networking of a rapidly expanding application. The application is hosted on a Managed Instance Group (MIG) and is served by an HTTP(S) Load Balancer. You have been tasked with updating the MIG’s autoscaler.
Which of the following metrics does not apply to autoscaling MIG instances?

Your team has created an auto mode VPC to facilitate the migration of its applications to GCP. The network design calls for one of the subnets to serve as a DMZ, with a security appliance installed. Which of the following is the highest possible subnet mask for a subnet?

You have been tasked with creating a custom network in GCP with three subnets, each with a maximum of 300 usable IP addresses. You must select a CIDR block that can accomplish this without wasting a large number of addresses.
Which of the CIDR blocks listed below would you recommend for each subnet?

Which of the following is not required to provide Cloud Storage and BigQuery access from your on-premises network?

As part of a growing company’s networking strategy, they chose Shared VPC to have more centralized control over the networking components in the GCP organization.
Which of these is not true about Shared VPC?

Your company’s applications have been moved to GCP. They have distinct VPC networks for each department. You have been tasked with designing network connectivity between various VPCs so that GCE instances can communicate using private RFC 1918 addresses.
Which of the following methods can be used to connect VPCs? Choose two option.

Your company has assigned you the task of establishing a VPN connection from GCP to the on-premises network. You are using Cloud HA VPN on GCP and will need to purchase a new VPN termination device for your on-premises network. Which of the following must be supported by the hardware deployed in the on-premises network for VPN termination? Choose two options.

Your company has chosen GCP to migrate its applications to the cloud. You require on-premises connectivity with 30 Gbps and low-latency cloud access. Each VLAN attachment on the dedicated interconnects must have a bandwidth of 1 Gbps, as specified by the network administrator.
Which of the following configurations is possible, and what is the maximum number of attachments per connection?

Your company has ordered a dedicated interconnect from Google for its hybrid connectivity between the on-premises and GCP. Your vendor has requested a copy of the Letter of Authorization and Connecting Facility Assignment (LOA-CFA).
Where can you retrieve this? Choose two options.

Your company has chosen GCP to migrate its applications to the cloud. You require on-premises connectivity with 30 Gbps and low-latency cloud access. Each VLAN attachment on the dedicated interconnects must have a bandwidth of 1 Gbps, as specified by the network administrator.
Which of the following configurations is possible, and what is the maximum number of attachments per connection?

Your company is preparing to migrate its on-premises network to GCP. You have been tasked with determining the various roles and permissions that multiple groups will require to carry out tasks in the GCP organization.
Which of the following is not a type of role available in GCP IAM as a network engineer?

You are in charge of an app that is becoming increasingly popular. It is currently deployed in a Managed Instance Group behind an HTTP(S) load balancer. You have been asked to think about using a content distribution network to improve the app’s performance, which contains a lot of streaming content.
What is the default time-to-live (TTL) for Cloud CDN cache content caching?

You are in charge of an application that has a global user base. A global load balancer with content delivery enabled serves the application backend. Your company intends to make some private content available via signed URLs.
Which of the following statements about using signed URLs in Cloud CDN is false?

You are in charge of your company’s DNS service. They have decided to migrate the DNS from their current provider to Cloud DNS, including creating a managed zone in Cloud DNS and importing the DNS configuration.
What zone file formats does Cloud DNS support? Choose two options.

You are the network engineer on a GCP project, and you have been tasked with managing the DNS record creation process in Cloud DNS.
In Cloud DNS, which of the following is not a type of DNS record?

Your application development team wants to beta-test a new application that will run behind a load balancer on Managed Instance Groups. They have provided the following specifications for the external-facing load balancer:

• Preserves the source IP addresses of packets
• Supports any destination port
• SSL traffic is decrypted by the backend

Your application development team wants to beta-test a new application that will run behind a load balancer on Managed Instance Groups. They have provided the following specifications for the external-facing load balancer:
• Preserves the source IP addresses of packets
• Supports any destination port
• SSL traffic is decrypted by the backend
Which load balancer meets these requirements?

Your team is preparing to migrate an on-premises application to GCE VMs in a single region in stages. The first step is to use a load balancer on GCP to expose the application and redirect traffic to the on-premises backend (VMs). Which load balancers are suitable for use?

You have been asked to provide a hybrid connectivity option between GCP VPC and the firm’s on-premises network that provides bandwidth ranging from 100 Mbps to 5 Gbps without requiring the company to install and maintain routing equipment at a colocation facility. Which of these networking alternatives satisfies the criteria?

As users of a shopping application, your team managers have been reporting that they are losing progress when visiting your application, which has been configured as load-balanced with autoscaling enabled. Which feature will address this issue and enhance the consumer experience?

To take advantage of the reusability, your team has opted to automate the creation of GCP resources across several projects. In Deployment Manager, which of the following is supported for building templates? Choose two options.

Your team has tasked you with examining logs from a specified VPC subnet’s VPC flow logs for suspicious activity. Which of the following is not a part of the log records’ Connection field format?

Between numerous VPCs, a corporation is considering employing a third-party device as a Next Generation Firewall. Which GCP feature enables the creation of this device?

A network design is required for a VPC-native cluster. The following specifications have been provided to you.
• There is a maximum of 32 pods per node, with a total of 1600 pods in the cluster
• The number of services could increase to 4000
Which of the architectures achieves the IP range requirements for nodes, pods, and services with the least amount of IP address waste?

A network design is required for a VPC-native cluster. The following specifications have been provided to you.
• Each node can have a maximum of 50 pods, with a total of 500 pods in the cluster
• To do this, user-managed secondary IP ranges with the smallest CIDR blocks are used
• The number of services provided could reach 1000
Which of the architectures achieves the IP range requirements for nodes, pods, and services with the least amount of IP address waste?

You have a global secure web application hosted on a Compute Engine unmanaged instance group. The application is recently installed in us-central1-a. However, due to company development, most of your new customers are geographically closer to the europe-west2 region. You want to implement a solution that lets the application automatically scale to meet future customers’ demands and also follows Google-recommended practices. What must you do?