Free Google Professional-Cloud-Network-Engineer Exam Questions

Question 1

You are configuring the firewall endpoints as part of the Cloud Next Generation Firewall (Cloud NGFW) intrusion prevention service in Google Cloud. You have configured a threat prevention security profile, and you now need to create an endpoint for traffic inspection. What should you do?

A : Attach the profile to the VPC network, create a firewall endpoint within the zone, and use a firewall policy rule to apply the L7 inspection.

B : Create a firewall endpoint within the zone, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.

C : Create a firewall endpoint within the region, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.

D : Create a Private Service Connect endpoint within the zone, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.

Answer: C

Question 2

You have an application that is running in a managed instance group. Your development team has released an

updated instance template which contains a new feature which was not heavily tested. You want to minimize

impact to users if there is a bug in the new template.

How should you update your instances?

A : Manually patch some of the instances, and then perform a rolling restart on the instance group.

B : Using the new instance template, perform a rolling update across all instances in the instance group. Verify the new feature once the rollout completes

C : Deploy a new instance group and canary the updated template in that group. Verify the new feature in the new canary instance group, and then update the original instance group

D : Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new template. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.

Answer: D

Question 3

You recently noticed a recurring daily spike in network usage in your Google Cloud project. You need to identify the virtual machine NM) instances and type of traffic causing the spike in traffic utilization while minimizing the cost and management overhead required. What should you do?

A : able VPC Flow Logs and send the output to BigQuery for analysis

B : able Firewall Rules Logging for all allowed traffic and send the output to BigQuery for analysis

C : nfigure Packet Mirroring to send all traffic to a VM. Use Wireshark on the VM to identity traffic utilization for each VM in the VPC.

D : ploy a third-party network appliance and configure it as the default gateway. Use the third-party network appliance to identify users with high network traffic.

Answer: A

Question 4

Your company recently migrated to Google Cloud in a Single region. You configured separate Virtual Private

Cloud (VPC) networks for two departments. Department A and Department B. Department A has requested

access to resources that are part Of Department Bis VPC. You need to configure the traffic from private IP

addresses to flow between the VPCs using multi-NIC virtual machines (VMS) to meet security requirements

Your configuration also must

• Support both TCP and UDP protocols

• Provide fully automated failover

• Include health-checks

Require minimal manual Intervention In the client VMS

Which approach should you take?

A : Create the VMS In the same zone, and configure static routes With IP addresses as next hops.

B : Create the VMS in different zones, and configure static routes with instance names as next hops

C : Create an Instance template and a managed instance group. Configure a Single internal load balancer, and define a custom static route with the Internal TCP/UDP load balancer as the next hop

D : Create an instance template and a managed instance group. Configure two separate internal TCP/IJDP load balancers for each protocol (TCP!UDP), and configure the client VIVIS to use the internal load balancers' virtual IP addresses

Answer: D

Question 5

Recently, your networking team enabled Cloud CDN for one of the external-facing services that is exposed through an external Application Load Balancer. The application team has already defined which content should be cached within the responses. Upon testing the load balancer, you did not observe any change in performance after the Cloud CDN enablement. You need to resolve the issue. What should you do?

A : Configure the CACHE_MAX_STATIC caching mode on Cloud CDN to ensure Cloud CDN caches content depending on responses from the backends.

B : Configure the USE_ORIGIN_HEADERS caching mode on Cloud CDN to ensure Cloud CDN caches content based on response headers from the backends.

C : Configure the CACHE_ALL_STATIC caching mode on Cloud CDN to ensure Cloud CDN caches all static content as well as content defined by the backends.

D : Configure the FORCE_CACHE_ALL caching mode on Cloud CDN to ensure all appropriate content is cached.

Answer: B