Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
• For a full set of 500+ questions. Go to https://skillcertpro.com/product/google-professional-cloud-network-engineer-exam-questions/ • SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. • It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. • SkillCertPro updates exam questions every 2 weeks. • You will get life time access and life time free updates • SkillCertPro assures 100% pass guarantee in first attempt.
Typology: Exercises
1 / 10
Google Professional Cloud Network Engineer Certification Practice Tests 2023. Contains 500+ exam questions to pass the exam in first attempt. SkillCertPro offers real exam questions for practice for all major IT certifications.
For a full set of 5 00 + questions. Go to https://skillcertpro.com/product/google-professional-cloud-network- engineer-exam-questions/ SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. SkillCertPro updates exam questions every 2 weeks. You will get life time access and life time free updates SkillCertPro assures 100% pass guarantee in first attempt.
Below are the free 10 sample questions.
Which of the following allows on-premises instances to access Cloud Storage & BigQuery, over a Cloud VPN connection without external IP addresses?
A. Cloud NAT. B. Private Google Access. C. Google Services Access D. Google Private Access for on-premises hosts.
Options A & B are incorrect because they provide access to Google APIs with external IPs, for GCE instances with no external IPs in GCP subnets.
Option C is incorrect as this is used by GCE instances to access services like Cloud SQL which have private IPs.
Option D is correct, this is used for on-premises to access google APIs.
See https://cloud.google.com/vpc/docs/private-access-options to understand the variety of google APIs access for private instances.
You have been asked to restrict the communications between the GKE Cluster and specified networks (on-premises network) such that only specified networks are allowed to communicate with your GKE cluster. Which of the following can be used to achieve this? Choose two.
A. Network Policy. B. Ingress. C. master authorized networks. D. firewall rules.
Option A is incorrect, this is how to restrict pod communications in GKE
Option B is incorrect, ingress is used to expose services externally via a HTTPS Load balancing.
Option C is correct, Enable master authorized networks is used to allow GCP or non-GCP source IPs to access the Kubernetes master.
Options D is correct, firewall rules are used to allow or deny traffic.
https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters explains how to create a private GKE cluster.
A hybrid connectivity has been setup between GCP and on-premises network using a single Classic Cloud VPN tunnel. They need to increase the throughput of the connection, which of the following configurations give the highest throughput and redundancy?
A. Two Cloud VPN gateways and two tunnels each B. Two Cloud VPN gateways and one tunnel each C. Single Cloud VPN gateways and three tunnels D. Single Cloud VPN gateway and two tunnels each.
Option A is correct, this provide f0ur tunnels between GCP and the on-premises network. This gives a maximum throughput of 12 Gbps (3 Gbps per tunnel) and redundancy on both sides.
Option B is incorrect, this does not give the maximum throughput
Option C is incorrect, this does not give the maximum throughput and there is no redundancy on GCP end.
Options D is incorrect, this does not give the maximum throughput and there is no redundancy on GCP end.
https://cloud.google.com/network-connectivity/docs/vpn/concepts/topologies gives reference architectures for Cloud VPN connectivity.
A hybrid connectivity has been setup between GCP and on-premises network using a Cloud Interconnect. You need to setup a tunnel from the VPC to the interconnect to enable communication to and from the on-premises. Which of this is needed? Choose two.
A. VLAN Attachments B. Cloud Router C. HTTP(S) Load balancer D. Custom routes.
Option A is correct, this determines which VPC can reach your on-premises network through the interconnect
Option B is correct, this dynamically exchanges routes with your on-premises network.
Option C is incorrect, this is used to load balancer across multiple GCE instances.
Options D is incorrect, this is not needed as routes are dynamically added by Cloud Router
https://cloud.google.com/network-connectivity/docs/interconnect/how- to/dedicated/creating-vlan-attachments shows how to set up a VLAN Attachment.
As the network engineer for a firm considering using Cloud VPN for connectivity between GCP and its on-premises network. What is the recommended Maximum Transmission Unit (bytes) to be configured on your peer VPN gateway?
Option A, B and D are incorrect, the MTU must not be greater than 1460 bytes.
Option C is correct.
https://cloud.google.com/network-connectivity/docs/vpn/concepts/mtu- considerations discusses MTU considerations.
For a full set of 500+ questions. Go to https://skillcertpro.com/product/google-professional-cloud-network- engineer-exam-questions/ SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. SkillCertPro updates exam questions every 2 weeks. You will get life time access and life time free updates SkillCertPro assures 100% pass guarantee in first attempt.
A firm is planning on deploying its applications on VMs in GCP to leverage the elasticity of the cloud. Some instances have been tagged as webserver and others ordering-system. Which of the firewall rules will allow users to reach the webserver instances from the internet using https?
A. Create an egress rule to allow traffic from 0.0.0.0/0 with ordering-system as the Target on TCP Port 80 B. Create an egress rule to allow traffic from 0.0.0.0/0 with webserver as the Target on TCP Port 80 C. Create an ingress rule to allow traffic from 0.0.0.0/0 with ordering-system as the Target on TCP Port 443 D. Create an ingress rule to allow traffic from 0.0.0.0/0 with webserver as the Target on TCP Port 443
Options A and B are incorrect simply because they are egress rules and the port is 80 which is http.
Option C is incorrect. Because the target should be webserver.
Option D is correct. It is an ingress rule on Port 443 (https) and the target is webserver.
https://cloud.google.com/vpc/docs/firewalls
As the network engineer in your company, you manage the GCP firewall rules & logs in all projects. Which of the following statements is not true about firewall logs in GCP?
A. You cannot enable Firewall Rules Logging for the implied deny ingress rules. B. You cannot enable Firewall Rules Logging for the implied allow egress rules. C. You can enable Firewall Rules Logging for rules in a Virtual Private Cloud (VPC) network and legacy networks. D. Firewall Rules Logging only records TCP and UDP connections.
Options A, B and D are incorrect, these are part of the specifications for Firewall Rules logging
Options C is correct, firewall rules logging is not supported for legacy networks
Reference
https://cloud.google.com/vpc/docs/firewall-rules-logging#specifications
A GCP VPC design has four subnets. The design stipulates that all the subnets have the same number of host IP addresses. You have been provided an IP CIDR of 10.20.0.0/23. Which CIDR should each subnet have to satisfy the IP addressing requirement?
/23 gives 512 addresses. Divide 512 into 4 gives 128. /25 gives 128 addresses
Options A, B and D is incorrect
Option C is correct, this gives the required IP CIDR.
A firm has chosen to use Cloud VPN for its hybrid connectivity between GCP and its on-premises network. Due to the critical nature of the workloads, they have opted for a HA VP gateway for its SLA of 99.99%. Which of the following is true for Cloud HA VPN gateway? Choose two.
A. GCP automatically reserves two IP addresses for the gateway interfaces B. You need to reserve two external IP for the interfaces of the HA VPN C. You can only specify the on-premises or Non Google as the Peer VPN gateway D. You can choose one of the two options for Peer VPN gateway, Non Google Cloud and Google Cloud.
Option A is correct, External IPs created from a pool. No forwarding rules required
Option B is incorrect, this is done for Classic VPN
Option C is incorrect, the peer gateway can be GCP or Non GCP.
Options D is correct, the peer gateway can either be GCP or Non GCP
https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview explains the requirements for Cloud HA VPN.
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed. What is the most likely cause of the problem?
A. You have not configured compression in Cloud CDN. B. You have configured the web servers and Cloud CDN with different compression types. C. The web servers behind the load balancer are configured with different compression types. D. You have to configure the web servers to compress responses even if the request has a Via header.
If responses served by Cloud CDN are not compressed but should be, check that the web server software running on your instances is configured to compress
responses. By default, some web server software will automatically disable compression for requests that include a Via header. The presence of a Via header indicates the request was forwarded by a proxy. HTTP proxies such as HTTP(S) load balancing add a Via header to each request as required by the HTTP specification. To enable compression, you may have to override your web server’s default configuration to tell it to compress responses even if the request had a Via header.
Reference: https://cloud.google.com/cdn/docs/troubleshooting-steps
For a full set of 500+ questions. Go to https://skillcertpro.com/product/google-professional-cloud-network- engineer-exam-questions/ SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. SkillCertPro updates exam questions every 2 weeks. You will get life time access and life time free updates SkillCertPro assures 100% pass guarantee in first attempt.