• Home
  • Articles
  • [Mar-2022] Updated Google Professional-Cloud-Network-Engineer Dumps - PDF & Online Engine [Q14-Q29]

[Mar-2022] Updated Google Professional-Cloud-Network-Engineer Dumps - PDF & Online Engine [Q14-Q29]

Share

[Mar-2022] Updated Google Professional-Cloud-Network-Engineer Dumps – PDF & Online Engine

Professional-Cloud-Network-Engineer.pdf - Questions Answers PDF Sample Questions Reliable


The certification exam will measure the skills and knowledge of the candidates across seven different domains. The highlights of these areas are as follows:

Design, Plan, and Prototype GCP Networks

  • Design Hybrid Networks: The questions from this subtopic will measure the expertise of the learners in peering options, IPsec VPN, using interconnects, cross-organization access, standalone versus shared VPC interconnect access, Cloud router, as well as failover & disaster recovery strategy.
  • Design Overall Network Architectures: The consideration for this topic include alternatives for high availability, failover & disaster recovery plan, DNS strategy, container networking, hybrid connectivity, and optimizing for latency. The certification exam also requires competence in selecting the relevant load balancing options, meeting the business prerequisites, Micro-segmentation for security reasons, IAM & security, and understanding of the way quotas are applied based on project and VPC;
  • Design Virtual Private Cloud: This section covers the individuals’ skills in peering, multiple versus single, shared or standalone, CIDR range for the subnets, and IP address. It also focuses on the concepts, such as routes, firewall, and the differences between other Cloud platforms and Google Cloud Networking;

 

NEW QUESTION 14
You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.
What should you do?

  • A. Upload your public ssh key to each instance Metadata.
  • B. Use gcloud compute sshto automatically copy your public ssh key to the instance.
  • C. Create a custom Google Compute Engine image with your public ssh key embedded.
  • D. Upload your public ssh key to the project Metadata.

Answer: D

Explanation:
Explanation/Reference: https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys

 

NEW QUESTION 15
You have a web application that is currently hosted in the us-central1 region. Users experience high latency when traveling in Asia. You've configured a network load balancer, but users have not experienced a performance improvement. You want to decrease the latency.
What should you do?

  • A. Configure the TTL for the DNS zone to decrease the time between updates.
  • B. Configure a policy-based route rule to prioritize the traffic.
  • C. Configure Dynamic Routing for the subnet hosting the application.
  • D. Configure an HTTP load balancer, and direct the traffic to it.

Answer: D

Explanation:
Explanation/Reference: https://cloud.google.com/load-balancing/docs/tutorials/optimize-app-latency

 

NEW QUESTION 16
You have a data workflow which consists of data ingestion layer, data transformation layer, data analytics layer and data storage layer. You are looking for a service that would ease the tasks of creating, scheduling, monitoring and managing workflows without dealing with the management of the infrastructure .Please select the right service that would fulfil the requirement.

  • A. Cloud Composer
  • B. Istio
  • C. Apache Airflow
  • D. Stackdriver

Answer: A

Explanation:
Option B is the Correct choice because, Cloud Composer is a managed Apache Airflow service that helps you create, schedule, monitor and manage workflows.
Option A is Incorrect choice because, you could install Apache Airflow on a VM instance but it would mean you will have to manage the infrastructure.
Option C is Incorrect because, Istio an open platform to connect, monitor, and secure microservices.
Option D is Incorrect because, Stackdriver is a monitoring and management for services, containers, applications, and infrastructure.

 

NEW QUESTION 17
You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.
What should you do?

  • A. Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.
  • B. Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.
  • C. Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.
  • D. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.

Answer: A

Explanation:
https://cloud.google.com/load-balancing/docs/https/setting-up-https#sendtraffic

 

NEW QUESTION 18
You have created several preemptible Linux virtual machine instances using Google Compute Engine. You want to properly shut down your application before the virtual machines are preempted. What should you do?

  • A. Create a shutdown script and use it as the value for a new metadata entry with the key shutdown- script in the Cloud Platform Console when you create the new virtual machine instance.
  • B. Create a shutdown script named shutdown in the /etc/ directory.
  • C. Create a shutdown script, registered as a xinetd service in Linux, and use the gcloud compute instances add-metadata command to specify the service URL as the value for a new metadata entry with the key shutdown-script-url
  • D. Create a shutdown script registered as a xinetd service in Linux and configure a StackDriver endpoint check to call the service.

Answer: A

Explanation:
Running Shutdown Scripts "Create and run shutdown scripts that execute commands right before an instance is terminated or restarted, on a best-effort basis. This is useful if you rely on automated scripts to start up and shut down instances, allowing instances time to clean up or perform tasks, such as exporting logs, or syncing with other systems."
https://cloud.google.com/compute/docs/shutdownscript
To setup Shutdown Scripts, go to GCP console and follow the steps:
Compute Engine -> VM instance -> Create Instance -> (Expand) Management, disks, networking, SSH keys Enter the key "shutdown-script" and proper value

 

NEW QUESTION 19
You have setup a shared VPC and you have created three projects; Host Project, Service Project-1 and Service Project-2. You have created two subnets, subnet-1 in us-west1 and subnet-
2 in us-central1 in the Host Project. Only subnet-1 has been shared with Service Project -1 but when you go to VPC networks in Service Project-1 you also see subnet-2 which hasn't been shared with Service Project-1. Please select the correct option from below why is subnet-2 available to Service Project-1. Note Host Project is the Host Project in the shared VPC, Service Project-1 and Service project-2 are the Service Projects in the shared VPC.

  • A. It is a bug in Google Cloud, please report it.
  • B. Remove Shared Network admin role to the current user.
  • C. The current user has Shared VPC Admin role and with Shared VPC Admin role all the networks are available.
  • D. By default all subnets are available.

Answer: C

Explanation:
Option A is the Correct choice because , if the current user has Shared VPC Admin role then all the networks in the shared VPC is the available to the user irrespective of subnet level sharing permission with the Service Projects.
Option B is Incorrect because , it is not a bug .
Option C is Incorrect because ,all the subnets would be available if the current user has Shared Admin role.
Option D is Incorrect because ,Shared Network Admin role doesn't exist.

 

NEW QUESTION 20
You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.
What should you do?

  • A. Upload your public ssh key to each instance Metadata.
  • B. Use gcloud compute ssh to automatically copy your public ssh key to the instance.
  • C. Create a custom Google Compute Engine image with your public ssh key embedded.
  • D. Upload your public ssh key to the project Metadata.

Answer: D

Explanation:
Overview By creating and managing SSH keys, you can let users access a Linux instance through third-party tools. An SSH key consists of the following files: A public SSH key file that is applied to instance-level metadata or project-wide metadata. A private SSH key file that the user stores on their local devices. If a user presents their private SSH key, they can use a third-party tool to connect to any instance that is configured with the matching public SSH key file, even if they aren't a member of your Google Cloud project. Therefore, you can control which instances a user can access by changing the public SSH key metadata for one or more instances. https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#addkey

 

NEW QUESTION 21
You want to use Partner Interconnect to connect your on-premises network with your VPC. You already have an Interconnect partner.
What should you first?

  • A. Ask your Interconnect partner to provision a physical connection to Google.
  • B. Log in to your partner's portal and request the VLAN attachment there.
  • C. Create a Partner Interconnect type VLAN attachment in the GCP Console and retrieve the pairing key.
  • D. Run gcloud compute interconnect attachments partner update <attachment> / -- region <region> --admin-enabled.

Answer: A

Explanation:
Reference:
https://cloudplatform.googleblog.com/2018/06/Partner-Interconnect-now-generally-available.html

 

NEW QUESTION 22
You need to create a new VPC network that allows instances to have IP addresses in both the 10.1.1.0/24 network and the 172.16.45.0/24 network.
What should you do?

  • A. Create unique DNS records for each service that sends traffic to the desired IP address.
  • B. Configure global load balancing to point 172.16.45.0/24 to the correct instance.
  • C. Configure an alias-IP range of 172.16.45.0/24 on the virtual instances within the VPC subnet of 10.1.1.0/24.
  • D. Use VPC peering to allow traffic to route between the 10.1.0.0/24 network and the 172.16.45.0/24 network.

Answer: A

Explanation:
Explanation/Reference:

 

NEW QUESTION 23
You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.
Which two actions should you take? (Choose two.)

  • A. Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.
  • B. Turn on Private Services Access at the VPC level.
  • C. Turn on Private Google Access at the subnet level.
  • D. Turn on Private Google Access at the VPC level.
  • E. Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.

Answer: A,B

Explanation:
https://cloud.google.com/vpc/docs/private-access-options

 

NEW QUESTION 24
Datachamps is an organization resource and it has many projects under it .The company uses BigQuery for data analysis. They want a user named admin-bigquery to be the admin for all BigQuery data across all of the projects under the Datachamps organization . Monitorbigquery is a service account that's responsible for monitoring the size of all the tables across all projects in the Datachamps organization. What predefined roles must be given to admin-bigquery (user) and Monitorbigquery (service account) .

  • A. bigquery.admin to admin-bigquery and bigquery.dataOwner to Monitorbigquery service account.
  • B. bigquery.connectionAdmin to admin-bigquery and bigquery.dataEditor to Monitoringbigquery service account .
  • C. bigquery.admin to admin-bigquery and bigquery.dataViewer to Monitorbigquery service account.
  • D. bigquery.user to admin-bigquery and bigquery.dataViewer to Monitorbigquery service

Answer: C

Explanation:
Option B is the Correct choice because, On organization Datachamps add admin-bigquery to the predefined role bigquery.admin this provides permissions to manage all resources across the project and manage all data across the project, and can cancel jobs from other users running across the project.. Add Monitorbigquery to the predefined role bigquery.dataViewer ,when applied at the project or organization level, this role can also enumerate all datasets in the project and this the appropriate role to fulfil the objective of monitoring tables across all projects .

 

NEW QUESTION 25
Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead.
How should you design the topology?

  • A. Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.
  • B. Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.
  • C. Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.
  • D. Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs.

Answer: A

Explanation:
Use Shared VPC to connect to a common VPC network. Resources in those projects can communicate with each other securely and efficiently across project boundaries using internal IPs. You can manage shared network resources, such as subnets, routes, and firewalls, from a central host project, enabling you to apply and enforce consistent network policies across the projects.
With Shared VPC and IAM controls, you can separate network administration from project administration.
This separation helps you implement the principle of least privilege. For example, a centralized network team can administer the network without having any permissions into the participating projects. Similarly, the project admins can manage their project resources without any permissions to manipulate the shared network.
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations

 

NEW QUESTION 26
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements:
* IP ranges for pods and services must be as small as possible.
* The nodes and the master must not be reachable from the internet.
* You must be able to use kubectl commands from on-premises subnets to manage the cluster.
How should you create the GKE cluster?

  • A. * Create a private cluster that uses VPC advanced routes.
    * Set the pod and service ranges as /24.
    * Set up a network proxy to access the master.
  • B. * Create a VPC-native GKE cluster using user-managed IP ranges.
    * Enable a GKE cluster network policy, set the pod and service ranges as /24.
    * Set up a network proxy to access the master.
    * Enable master authorized networks.
  • C. * Create a VPC-native GKE cluster using GKE-managed IP ranges.
    * Set the pod IP range as /21 and service IP range as /24.
    * Set up a network proxy to access the master.
  • D. * Create a VPC-native GKE cluster using user-managed IP ranges.
    * Enable privateEndpoint on the cluster master.
    * Set the pod and service ranges as /24.
    * Set up a network proxy to access the master.
    * Enable master authorized networks.

Answer: B

Explanation:
Reference:
https://cloud.google.com/kubernetes-engine/docs/how-to/alias-ips

 

NEW QUESTION 27
You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly.
How should you configure the health check?

  • A. Set request-pathto a specific URL used for health checking, and set proxy-headerto PROXY_V1.
  • B. Set request-path to a specific URL used for health checking, and set hostto include a custom host header that identifies the health check.
  • C. Set request-path to a specific URL used for health checking, and set responseto a string that the backend service will always return in the response body.
  • D. Set proxy-header to the default value, and set hostto include a custom host header that identifies the health check.

Answer: B

Explanation:
https://cloud.google.com/load-balancing/docs/health-checks

 

NEW QUESTION 28
You created a VPC network named Retail in auto mode. You want to create a VPC network named Distribution and peer it with the Retail VPC.
How should you configure the Distribution VPC?

  • A. Create the Distribution VPC in auto mode.
    Peer both the VPCs via network peering.
  • B. Rename the default VPC as "Distribution" and peer it via network peering.
  • C. Create the Distribution VPC in custom mode.
    Use the CIDR range 10.0.0.0/9. Create the necessary subnets, and then peer them via network peering.
  • D. Create the Distribution VPC in custom mode.
    Use the CIDR range 10.128.0.0/9.
    Create the necessary subnets, and then peer them via network peering.

Answer: C

Explanation:
https://cloud.google.com/vpc/docs/using-vpc

 

NEW QUESTION 29
......

Google Professional-Cloud-Network-Engineer Dumps PDF Are going to be The Best Score: https://passleader.testpassking.com/Professional-Cloud-Network-Engineer-exam-testking-pass.html

Related Articles

more
Google Professional-Cloud-Network-Engineer Certification Practice Exam

Copyright © 2026 TestPassKing NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy