Google certsexpert google Cloud Platform Professional-cloud-network-engineer Google Study Notes by Ariah q153 vce pdf

Page: 3 / 15

Exam Name:	Google Cloud Certified - Professional Cloud Network Engineer
Exam Code:	Professional-Cloud-Network-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Platform
Questions:	215 Q&A's	Shared By:	ariah

Question 12

You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.

What should you do?

Options:

Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.

Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.

Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.

Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.

Discussion

Question 13

Your company's security team tends to use managed services when possible. You need to build a dashboard to show the number of deny hits that occur against configured firewall rules without increasing operational overhead. What should you do?

Options:

Configure Firewall Rules Logging. Use Firewall Insights to display the number of hits.

Configure Firewall Rules Logging. View the logs in Cloud Logging, and create a custom dashboard in Cloud Monitoring to display the number of hits.

Configure a firewall appliance from the Google Cloud Marketplace. Route all traffic through this appliance, and apply the firewall rules at this layer. Use the firewall appliance to display the number of hits.

Configure Packet Mirroring on the VPC. Apply a filter with an IP address list of the Denied Firewall rules. Configure an intrusion detection system (IDS) appliance as the receiver to display the number of hits.

Discussion

Josephine

I want to ask about their study material and Customer support? Can anybody guide me?

Zayd Oct 22, 2024

Yes, the dumps or study material provided by them are authentic and up to date. They have a dedicated team to assist students and make sure they have a positive experience.

Kingsley

Do anyone guide my how these dumps would be helpful for new students like me?

Haris Sep 11, 2024

Absolutely! They are highly recommended for anyone looking to pass their certification exam. The dumps are easy to understand and follow, making it easier for you to study and retain the information.

Peyton

Hey guys. Guess what? I passed my exam. Thanks a lot Cramkey, your provided information was relevant and reliable.

Coby Sep 6, 2024

Thanks for sharing your experience. I think I'll give Cramkey a try for my next exam.

Everleigh

I must say that they are updated regularly to reflect the latest exam content, so you can be sure that you are getting the most accurate information. Plus, they are easy to use and understand, so even new students can benefit from them.

Huxley Aug 26, 2024

That's great to know. So, you think new students should buy these dumps?

Question 14

You created a VPC network named Retail in auto mode. You want to create a VPC network named Distribution and peer it with the Retail VPC.

How should you configure the Distribution VPC?

Options:

Create the Distribution VPC in auto mode. Peer both the VPCs via network peering.

Create the Distribution VPC in custom mode. Use the CIDR range 10.0.0.0/9. Create the necessary subnets, and then peer them via network peering.

Create the Distribution VPC in custom mode. Use the CIDR range 10.128.0.0/9. Create the necessary subnets, and then peer them via network peering.

Rename the default VPC as "Distribution" and peer it via network peering.

Discussion

Question 15

Your organization recently created a sandbox environment for a new cloud deployment. To have parity with the production environment, a pair of Compute Engine instances with multiple network interfaces (NICs) were deployed. These Compute Engine instances have a NIC in the Untrusted VPC (10.0.0.0/23) and a NIC in the Trusted VPC (10.128.0.0/9). A HA VPN tunnel has been established to the on-premises environment from the Untrusted VPC. Through this pair of VPN tunnels, the on-premises environment receives the route advertisements for the Untrusted and Trusted VPCs. In return, the on-premises environment advertises a number of CIDR ranges to the Untrusted VPC. However, when you tried to access one of the test services from the on-premises environment to the Trusted VPC, you received no response. You need to configure a highly available solution to enable the on-premises users to connect to the services in the Trusted VPC. What should you do?

Options:

Add both multi-NIC VMs to a new unmanaged instance group, named nva-uig.

Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uig unmanaged instance group designated as the backend.

Create a custom static route in the Untrusted VPC for destination 10.123.0.0/9 and the next hop ilb-untrusted.

Create an internal passthrough Network Load Balancer in the Trusted VP

Add both multi-NIC VMs to a new unmanaged instance group, named nva-uig.

Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uig unmanaged instance group designated as the backend.

Create a custom static route in the Untrusted VPC for destination 10.128.0.0/9 and the next hop ilb-untrusted.

Create an internal passthrough Network Load Balancer in the Trusted VP

Add both multi-NIC VMs to a new unmanaged instance group, named nva-uigO.

Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uigO as backend.

Create a custom static route in the Untrusted VPC for destination 10.128.0.0/9 and the next hop ilb-untrusted.

Add both multi-NIC VMs to a new unmanaged instance group, named nva-uigl.

Create an internal passthrou

Add both multi-NIC VMs to a new unmanaged instance group, named nva-uig.

Create two custom static routes in the Untrusted VPC for destination 10.128.0.0/9 and set each of the VMs’ NIC as the next hop.

Create two custom static routes in the Trusted VPC for destination 10.0.0.0/23 and set each of the VMs' NIC as the next hop.