Google certsexpert google Cloud Platform Professional-cloud-network-engineer Google Study Notes by Ariah q153 vce pdf

Page: 3 / 15

Exam Name:	Google Cloud Certified - Professional Cloud Network Engineer
Exam Code:	Professional-Cloud-Network-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Platform
Questions:	215 Q&A's	Shared By:	ariah

Question 12

You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.

What should you do?

Options:

Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.

Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.

Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.

Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.

Discussion

Question 13

Your company's security team tends to use managed services when possible. You need to build a dashboard to show the number of deny hits that occur against configured firewall rules without increasing operational overhead. What should you do?

Options:

Configure Firewall Rules Logging. Use Firewall Insights to display the number of hits.

Configure Firewall Rules Logging. View the logs in Cloud Logging, and create a custom dashboard in Cloud Monitoring to display the number of hits.

Configure a firewall appliance from the Google Cloud Marketplace. Route all traffic through this appliance, and apply the firewall rules at this layer. Use the firewall appliance to display the number of hits.

Configure Packet Mirroring on the VPC. Apply a filter with an IP address list of the Denied Firewall rules. Configure an intrusion detection system (IDS) appliance as the receiver to display the number of hits.

Discussion

Question 14

You created a VPC network named Retail in auto mode. You want to create a VPC network named Distribution and peer it with the Retail VPC.

How should you configure the Distribution VPC?

Options:

Create the Distribution VPC in auto mode. Peer both the VPCs via network peering.

Create the Distribution VPC in custom mode. Use the CIDR range 10.0.0.0/9. Create the necessary subnets, and then peer them via network peering.

Create the Distribution VPC in custom mode. Use the CIDR range 10.128.0.0/9. Create the necessary subnets, and then peer them via network peering.

Rename the default VPC as "Distribution" and peer it via network peering.

Discussion

Question 15

Your organization recently created a sandbox environment for a new cloud deployment. To have parity with the production environment, a pair of Compute Engine instances with multiple network interfaces (NICs) were deployed. These Compute Engine instances have a NIC in the Untrusted VPC (10.0.0.0/23) and a NIC in the Trusted VPC (10.128.0.0/9). A HA VPN tunnel has been established to the on-premises environment from the Untrusted VPC. Through this pair of VPN tunnels, the on-premises environment receives the route advertisements for the Untrusted and Trusted VPCs. In return, the on-premises environment advertises a number of CIDR ranges to the Untrusted VPC. However, when you tried to access one of the test services from the on-premises environment to the Trusted VPC, you received no response. You need to configure a highly available solution to enable the on-premises users to connect to the services in the Trusted VPC. What should you do?

Options:

Add both multi-NIC VMs to a new unmanaged instance group, named nva-uig.

Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uig unmanaged instance group designated as the backend.

Create a custom static route in the Untrusted VPC for destination 10.123.0.0/9 and the next hop ilb-untrusted.

Create an internal passthrough Network Load Balancer in the Trusted VP

Add both multi-NIC VMs to a new unmanaged instance group, named nva-uig.

Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uig unmanaged instance group designated as the backend.

Create a custom static route in the Untrusted VPC for destination 10.128.0.0/9 and the next hop ilb-untrusted.

Create an internal passthrough Network Load Balancer in the Trusted VP

Add both multi-NIC VMs to a new unmanaged instance group, named nva-uigO.

Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uigO as backend.

Create a custom static route in the Untrusted VPC for destination 10.128.0.0/9 and the next hop ilb-untrusted.

Add both multi-NIC VMs to a new unmanaged instance group, named nva-uigl.

Create an internal passthrou

Add both multi-NIC VMs to a new unmanaged instance group, named nva-uig.

Create two custom static routes in the Untrusted VPC for destination 10.128.0.0/9 and set each of the VMs’ NIC as the next hop.

Create two custom static routes in the Trusted VPC for destination 10.0.0.0/23 and set each of the VMs' NIC as the next hop.

Discussion

Vienna

I highly recommend them. They are offering exact questions that we need to prepare our exam.

Jensen Oct 9, 2024

That's great. I think I'll give Cramkey a try next time I take a certification exam. Thanks for the recommendation!

Josephine

I want to ask about their study material and Customer support? Can anybody guide me?

Zayd Oct 22, 2024

Yes, the dumps or study material provided by them are authentic and up to date. They have a dedicated team to assist students and make sure they have a positive experience.

Marley

Hey, I heard the good news. I passed the certification exam!

Jaxson Oct 5, 2024

Yes, I passed too! And I have to say, I couldn't have done it without Cramkey Dumps.

River

Hey, I used Cramkey Dumps to prepare for my recent exam and I passed it.

Lewis Sep 11, 2024

Yeah, I used these dumps too. And I have to say, I was really impressed with the results.

Page: 3 / 15

Title

Questions

Posted