Free Professional-Cloud-Network-Engineer Exam Questions - Easiest Way for Success

Prepare for the Google Professional-Cloud-Network-Engineer exam questions with our authentic preparation materials, including free Professional-Cloud-Network-Engineer practice exam questions and answers. TheExamsLab provides all the support you need to succeed in the Professional Cloud Network Engineer Professional-Cloud-Network-Engineer exam. This dedication to student success is why we have the most satisfied Professional-Cloud-Network-Engineer certification exam candidates worldwide.

Page: 1 / 36

Total 180 Questions | Updated On: Sep 14, 2024

Add To Cart

Question 1

Your company's security team wants to limit the type of inbound traffic that can reach your web servers to protect against security threats. You need to configure the firewall rules on the web servers within your Virtual Private Cloud (VPC) to handle HTTP and HTTPS web traffic for TCP only What should you do?

A : Create an allow on match ingress firewall rule with the target tag 'web-sewer to allow all IP addresses for TCP port 80.

B : Create an allow on match egress firewall rule with the target tag 'web-sewer to allow all IP addresses for TCP port 80.

C : Create an allow on match ingress firewall rule with the target tag `web-server° to allow all IP addresses for TCP ports 80 and 443.

D : Create an allow on match egress firewall rule with the target tag 'web-sewer" to allow web server IP addresses for TCP ports 60 and 443.

Answer: C

Question 2

You have an application that is running in a managed instance group. Your development team has released an

updated instance template which contains a new feature which was not heavily tested. You want to minimize

impact to users if there is a bug in the new template.

How should you update your instances?

A : Manually patch some of the instances, and then perform a rolling restart on the instance group.

B : Using the new instance template, perform a rolling update across all instances in the instance group. Verify the new feature once the rollout completes

C : Deploy a new instance group and canary the updated template in that group. Verify the new feature in the new canary instance group, and then update the original instance group

D : Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new template. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.

Answer: D

Question 3

Your company recently migrated to Google Cloud in a Single region. You configured separate Virtual Private

Cloud (VPC) networks for two departments. Department A and Department B. Department A has requested

access to resources that are part Of Department Bis VPC. You need to configure the traffic from private IP

addresses to flow between the VPCs using multi-NIC virtual machines (VMS) to meet security requirements

Your configuration also must

• Support both TCP and UDP protocols

• Provide fully automated failover

• Include health-checks

Require minimal manual Intervention In the client VMS

Which approach should you take?

A : Create the VMS In the same zone, and configure static routes With IP addresses as next hops.

B : Create the VMS in different zones, and configure static routes with instance names as next hops

C : Create an Instance template and a managed instance group. Configure a Single internal load balancer, and define a custom static route with the Internal TCP/UDP load balancer as the next hop

D : Create an instance template and a managed instance group. Configure two separate internal TCP/IJDP load balancers for each protocol (TCP!UDP), and configure the client VIVIS to use the internal load balancers' virtual IP addresses

Answer: D

Question 4

Your company recently migrated to Google Cloud in a Single region. You configured separate Virtual Private

Cloud (VPC) networks for two departments. Department A and Department B. Department A has requested

access to resources that are part Of Department Bis VPC. You need to configure the traffic from private IP

addresses to flow between the VPCs using multi-NIC virtual machines (VMS) to meet security requirements

Your configuration also must

• Support both TCP and UDP protocols

• Provide fully automated failover

• Include health-checks

Require minimal manual Intervention In the client VMS

Which approach should you take?

A : Create the VMS In the same zone, and configure static routes With IP addresses as next hops.

B : Create the VMS in different zones, and configure static routes with instance names as next hops

C : Create an Instance template and a managed instance group. Configure a Single internal load balancer, and define a custom static route with the Internal TCP/UDP load balancer as the next hop

Answer: D

Question 5

You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size

is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new

services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services.

You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.

How should you design this topology?

A : Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services. Create a VPC-native cluster and specify those ranges.

B : Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services. Create a VPC-native cluster and specify those ranges. When the services are ready to be deployed, resize the subnets.

C : Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.

D : Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.

Answer: A

Page: 1 / 36

Total 180 Questions | Updated On: Sep 14, 2024

Add To Cart