Curious about Actual Google Professional Cloud Network Engineer Exam Questions?

Here are sample Google Professional Cloud Network Engineer (Professional-Cloud-Network-Engineer) Exam questions from real exam. You can get more Google Cloud Certified (Professional-Cloud-Network-Engineer) Exam premium practice questions at TestInsights.

Page: 1 /
Total 173 questions

Want more questions? Get Premium Access.

Question 1

You are responsible for configuring firewall policies for your company in Google Cloud. Your security team has a strict set of requirements that must be met to configure firewall rules.

Always allow Secure Shell (SSH) from your corporate IP address.

Restrict SSH access from all other IP addresses.

There are multiple projects and VPCs in your Google Cloud organization. You need to ensure that other VPC firewall rules cannot bypass the security team's requirements. What should you do?

AConfigure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 0.
Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 1.

BConfigure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 0.
Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 1.

CConfigure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 1.
Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 0.

DConfigure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 1
Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 0.

Correct : A

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

BConfigure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 0.
Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 1.

CConfigure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 1.
Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 0.

0 / 1500

Question 2

You are designing a new application that has backends internally exposed on port 800. The application will be exposed externally using both IPv4 and IPv6 via TCP on port 700. You want to ensure high availability for this application. What should you do?

ACreate a network load balancer that used backend services containing one instance group with two instances.

BCreate a network load balancer that uses a target pool backend with two instances.

CCreate a TCP proxy that uses a zonal network endpoint group containing one instance.

DCreate a TCP proxy that uses backend services containing an instance group with two instances.

Correct : D

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ACreate a network load balancer that used backend services containing one instance group with two instances.

BCreate a network load balancer that uses a target pool backend with two instances.

CCreate a TCP proxy that uses a zonal network endpoint group containing one instance.

DCreate a TCP proxy that uses backend services containing an instance group with two instances.

0 / 1500

Question 3

You work for a university that is migrating to Google Cloud.

These are the cloud requirements:

On-premises connectivity with 10 Gbps

Lowest latency access to the cloud

Centralized Networking Administration Team

New departments are asking for on-premises connectivity to their projects. You want to deploy the most cost-efficient interconnect solution for connecting the campus to Google Cloud.

What should you do?

AUse Shared VPC, and deploy the VLAN attachments and Dedicated Interconnect in the host project.

BUse Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.

CUse standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Dedicated Interconnects.

DUse standalone projects and deploy the VLAN attachments and Dedicated Interconnects in each of the individual projects.

Correct : A

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AUse Shared VPC, and deploy the VLAN attachments and Dedicated Interconnect in the host project.

BUse Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.

CUse standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Dedicated Interconnects.

DUse standalone projects and deploy the VLAN attachments and Dedicated Interconnects in each of the individual projects.

0 / 1500

Question 4

You have several microservices running in a private subnet in an existing Virtual Private Cloud (VPC). You need to create additional serverless services that use Cloud Run and Cloud Functions to access the microservices. The network traffic volume between your serverless services and private microservices is low. However, each serverless service must be able to communicate with any of your microservices. You want to implement a solution that minimizes cost. What should you do?

ADeploy your serverless services to the serverless VPC. Peer the serverless service VPC to the existing VPC. Configure firewall rules to allow traffic between the serverless services and your existing microservices.

BCreate a serverless VPC access connector for each serverless service. Configure the connectors to allow traffic between the serverless services and your existing microservices.

CDeploy your serverless services to the existing VPC. Configure firewall rules to allow traffic between the serverless services and your existing microservices.

DCreate a serverless VPC access connector. Configure the serverless service to use the connector for communication to the microservices.

Correct : D

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

BCreate a serverless VPC access connector for each serverless service. Configure the connectors to allow traffic between the serverless services and your existing microservices.

CDeploy your serverless services to the existing VPC. Configure firewall rules to allow traffic between the serverless services and your existing microservices.

DCreate a serverless VPC access connector. Configure the serverless service to use the connector for communication to the microservices.

0 / 1500

Question 5

You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible, To ease the transition, you decided to use the same architecture as your on-premises network' a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic IS sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

AConnect all the spokes to the hub with Cloud VPN.

BConnect all the spokes to the hub with VPC Network Peering.

CConnect all the spokes to the hub With Cloud VPN. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes

DConnect all the spokes to the hub with VPC Network Peering. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.

Correct : D

The correct answer is D because it meets the following requirements:

It matches the hub-and-spoke model of the on-premises network, where each spoke is a separate VPC network that is connected to a central hub VPC network.

It minimizes management overhead and cost, because VPC Network Peering is a simple and low-cost way to connect VPC networks without using any external IP addresses or VPN gateways1.

It uses default networking quotas and limits, because VPC Network Peering does not consume any quota or limit for VPN tunnels, external IP addresses, or forwarding rules2.

It prevents connectivity between the spokes, because VPC Network Peering is non-transitive by default, meaning that a spoke can only communicate with the hub, not with other spokes1.To enforce this restriction, a third-party network appliance can be used as a default gateway in each spoke VPC network, which can filter out any traffic destined for other spokes3.

Option A is incorrect because it does not minimize cost, as Cloud VPN charges for egress traffic and requires external IP addresses for the VPN gateways4.Option B is incorrect because it does not prevent connectivity between the spokes, as VPC Network Peering allows direct communication between peered VPC networks by default1. Option C is incorrect because it does not minimize cost or use default quotas and limits, for the same reasons as option A.

VPC Network Peering overview | VPC

Quotas and limits | VPC

Hub-and-spoke network architecture | Cloud Architecture Center

Cloud VPN overview | Google Cloud

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AConnect all the spokes to the hub with Cloud VPN.

BConnect all the spokes to the hub with VPC Network Peering.

CConnect all the spokes to the hub With Cloud VPN. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes

DConnect all the spokes to the hub with VPC Network Peering. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.

0 / 1500

Page: 1 / 35
Total 173 questions

Unlock Full
Professional-Cloud-Network-Engineer Exam Features

In Just $49 You can Access

All Official Question Types
Interactive Web-Based Practice Test Software
No Installation or 3rd Party Software Required
Customize your practice sessions (Free Demo)
24/7 Customer Support

Get Full Access Now

Marked Questions
Professional-Cloud-Network-Engineer Exam

Professional-Cloud-Network-Engineer Exam Question 1
Professional-Cloud-Network-Engineer Exam Question 2
Professional-Cloud-Network-Engineer Exam Question 3
Professional-Cloud-Network-Engineer Exam Question 4
Professional-Cloud-Network-Engineer Exam Question 5

Download PDF File Demo

Try Web-Based Exam Practice Software Demo

Commenting

In order to participate in the comments you need to be logged-in.
You can sign-up or login