Professional Cloud Network Engineer v1.0

Page:    1 / 12   
Exam contains 172 questions
Expand All

You are using a 10-Gbps direct peering connection to Google together with the gsutil tool to upload files to Cloud Storage buckets from on-premises servers. The on-premises servers are 100 milliseconds away from the Google peering point. You notice that your uploads are not using the full 10-Gbps bandwidth available to you. You want to optimize the bandwidth utilization of the connection.
What should you do on your on-premises servers?

  • A. Tune TCP parameters on the on-premises servers.
  • B. Compress files using utilities like tar to reduce the size of data being sent.
  • C. Remove the -m flag from the gsutil command to enable single-threaded transfers.
  • D. Use the perfdiag parameter in your gsutil command to enable faster performance: gsutil perfdiag gs://[BUCKET NAME].


Answer : A

You work for a multinational enterprise that is moving to GCP.
These are the cloud requirements:
"¢ An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us-west1 (primary
HQ) and us-east4 (backup)
"¢ Multiple regional offices in Europe and APAC
"¢ Regional data processing is required in europe-west1 and australia-southeast1
"¢ Centralized Network Administration Team
Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering. You want to deploy the appliance in us- west1.
What should you do?

  • A. "¢ Create 2 VPCs in a Shared VPC Host Project. "¢ Configure a 2-NIC instance in zone us-west1-a in the Host Project. "¢ Attach NIC0 in VPC #1 us-west1 subnet of the Host Project. "¢ Attach NIC1 in VPC #2 us-west1 subnet of the Host Project. "¢ Deploy the instance. "¢ Configure the necessary routes and firewall rules to pass traffic through the instance.
  • B. "¢ Create 2 VPCs in a Shared VPC Host Project. "¢ Configure a 2-NIC instance in zone us-west1-a in the Service Project. "¢ Attach NIC0 in VPC #1 us-west1 subnet of the Host Project. "¢ Attach NIC1 in VPC #2 us-west1 subnet of the Host Project. "¢ Deploy the instance. "¢ Configure the necessary routes and firewall rules to pass traffic through the instance.
  • C. "¢ Create 1 VPC in a Shared VPC Host Project. "¢ Configure a 2-NIC instance in zone us-west1-a in the Host Project. "¢ Attach NIC0 in us-west1 subnet of the Host Project. "¢ Attach NIC1 in us-west1 subnet of the Host Project "¢ Deploy the instance. "¢ Configure the necessary routes and firewall rules to pass traffic through the instance.
  • D. "¢ Create 1 VPC in a Shared VPC Service Project. "¢ Configure a 2-NIC instance in zone us-west1-a in the Service Project. "¢ Attach NIC0 in us-west1 subnet of the Service Project. "¢ Attach NIC1 in us-west1 subnet of the Service Project "¢ Deploy the instance. "¢ Configure the necessary routes and firewall rules to pass traffic through the instance.


Answer : A

You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services. You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.
How should you design this topology?

  • A. Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services. Create a VPC-native cluster and specify those ranges.
  • B. Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services. Create a VPC-native cluster and specify those ranges. When the services are ready to be deployed, resize the subnets.
  • C. Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.
  • D. Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.


Answer : B

Reference:
https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters

Your company has recently expanded their EMEA-based operations into APAC. Globally distributed users report that their SMTP and IMAP services are slow.
Your company requires end-to-end encryption, but you do not have access to the SSL certificates.
Which Google Cloud load balancer should you use?

  • A. SSL proxy load balancer
  • B. Network load balancer
  • C. HTTPS load balancer
  • D. TCP proxy load balancer


Answer : A

Reference:
https://cloud.google.com/security/encryption-in-transit/

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs.
Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)

  • A. VPC peering
  • B. Shared VPC
  • C. Cloud VPN
  • D. Dedicated Interconnect
  • E. Cloud NAT


Answer : CD

Reference:
https://cloud.google.com/vpc/docs/vpc

You have a storage bucket that contains the following objects:
[1]
[1]
[1]
[1]
Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands.
What should you do?

  • A. Add an appropriate lifecycle rule on the storage bucket.
  • B. Issue a cache invalidation command with pattern /folder-a/*.
  • C. Make sure that all the objects with prefix folder-a are not shared publicly.
  • D. Disable Cloud CDN on the storage bucket. Wait 90 seconds. Re-enable Cloud CDN on the storage bucket.


Answer : C

Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances.
Which two products should you incorporate into the solution? (Choose two.)

  • A. VPC flow logs
  • B. Firewall logs
  • C. Cloud Audit logs
  • D. Stackdriver Trace
  • E. Compute Engine instance system logs


Answer : CD

Reference:
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations

You want to apply a new Cloud Armor policy to an application that is deployed in Google Kubernetes Engine (GKE). You want to find out which target to use for your Cloud Armor policy.
Which GKE resource should you use?

  • A. GKE Node
  • B. GKE Pod
  • C. GKE Cluster
  • D. GKE Ingress


Answer : B

Reference:
https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-armor-backendconfig

You need to establish network connectivity between three Virtual Private Cloud networks, Sales, Marketing, and Finance, so that users can access resources in all three VPCs. You configure VPC peering between the Sales VPC and the Finance VPC. You also configure VPC peering between the Marketing VPC and the
Finance VPC. After you complete the configuration, some users cannot connect to resources in the Sales VPC and the Marketing VPC. You want to resolve the problem.
What should you do?

  • A. Configure VPC peering in a full mesh.
  • B. Alter the routing table to resolve the asymmetric route.
  • C. Create network tags to allow connectivity between all three VPCs.
  • D. Delete the legacy network and recreate it to allow transitive peering.


Answer : A

You create multiple Compute Engine virtual machine instances to be used at TFTP servers.
Which type of load balancer should you use?

  • A. HTTP(S) load balancer
  • B. SSL proxy load balancer
  • C. TCP proxy load balancer
  • D. Network load balancer


Answer : D

You want to configure load balancing for an internet-facing, standard voice-over-IP (VOIP) application.
Which type of load balancer should you use?

  • A. HTTP(S) load balancer
  • B. Network load balancer
  • C. Internal TCP/UDP load balancer
  • D. TCP/SSL proxy load balancer


Answer : C

You want to configure a NAT to perform address translation between your on-premises network blocks and GCP.
Which NAT solution should you use?

  • A. Cloud NAT
  • B. An instance with IP forwarding enabled
  • C. An instance configured with iptables DNAT rules
  • D. An instance configured with iptables SNAT rules


Answer : A

Reference:
https://cloud.google.com/nat/docs/overview

You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.
What should you do?

  • A. Upload your public ssh key to the project Metadata.
  • B. Upload your public ssh key to each instance Metadata.
  • C. Create a custom Google Compute Engine image with your public ssh key embedded.
  • D. Use gcloud compute ssh to automatically copy your public ssh key to the instance.


Answer : A

Reference:
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys

In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.
What should you do?

  • A. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
  • B. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
  • C. Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
  • D. Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.


Answer : B

You create a Google Kubernetes Engine private cluster and want to use kubectl to get the status of the pods. In one of your instances you notice the master is not responding, even though the cluster is up and running.
What should you do to solve the problem?

  • A. Assign a public IP address to the instance.
  • B. Create a route to reach the Master, pointing to the default internet gateway.
  • C. Create the appropriate firewall policy in the VPC to allow traffic from Master node IP address to the instance.
  • D. Create the appropriate master authorized network entries to allow the instance to communicate to the master.


Answer : C

Page:    1 / 12   
Exam contains 172 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy