Google dumpsboss changed Professional-cloud-network-engineer Exam Questions by Ian q15 vce pdf

Page: 6 / 15

Exam Name:	Google Cloud Certified - Professional Cloud Network Engineer
Exam Code:	Professional-Cloud-Network-Engineer Dumps
Vendor:	Google	Certification:	Google Cloud Platform
Questions:	215 Q&A's	Shared By:	ian

Question 24

Question:

You are troubleshooting connectivity issues between Google Cloud and a public SaaS provider. Connectivity between the two environments is through the public internet. Your users are reporting intermittent connection errors when using TCP to connect; however, ICMP tests show no failures. According to users, errors occur around the same time every day. You want to troubleshoot and gather information by using Google Cloud tools that are most likely to provide insights into what is occurring within Google Cloud. What should you do?

Options:

Create a Connectivity Test by using TCP, the source IP address of your test VM, and the destination IP address of the public SaaS provider. Review the live data plane analysis and take the next steps based on the test results.

Enable and review Cloud Logging on your Cloud NAT gateway. Look for logs with errors matching the destination IP address of the public SaaS provider.

Enable the Firewall insights API. Set the deny rule insights observation period to one day. Review the insights to assure there are no firewall rules denying traffic.

Enable and review Cloud Logging for Cloud Armor. Look for logs with errors matching the destination IP address of the public SaaS provider.

Discussion

Lois

I passed my exam with wonderful score. Their dumps are 100% valid and I felt confident during the exam.

Ernie Oct 29, 2024

Absolutely. The best part is, the answers in the dumps were correct. So, I felt confident and well-prepared for the exam.

Cody

I used Cramkey Dumps to prepare and a lot of the questions on the exam were exactly what I found in their study materials.

Eric Sep 13, 2024

Really? That's great to hear! I used Cramkey Dumps too and I had the same experience. The questions were almost identical.

Miriam

Highly recommended Dumps. 100% authentic and reliable. Passed my exam with wonderful score.

Milan Sep 24, 2024

I see. Thanks for the information. I'll definitely keep Cramkey in mind for my next exam.

Miley

Hey, I tried Cramkey Dumps for my IT certification exam. They are really awesome and helped me pass my exam with wonderful score.

Megan Aug 30, 2024

That’s great!!! I’ll definitely give it a try. Thanks!!!

Yusra

I passed my exam. Cramkey Dumps provides detailed explanations for each question and answer, so you can understand the concepts better.

Alisha Aug 29, 2024

I recently used their dumps for the certification exam I took and I have to say, I was really impressed.

Question 25

Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.

How should you deploy this service in GCP?

Options:

Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.

Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.

Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.

Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal-priority static routes to the backend servers.

Discussion

Question 26

After a network change window one of your company’s applications stops working. The application uses an on-premises database server that no longer receives any traffic from the application. The database server IP address is 10.2.1.25. You examine the change request, and the only change is that 3 additional VPC subnets were created. The new VPC subnets created are 10.1.0.0/16, 10.2.0.0/16, and 10.3.1.0/24/ The on-premises router is advertising 10.0.0.0/8.

What is the most likely cause of this problem?

Options:

The less specific VPC subnet route is taking priority.

The more specific VPC subnet route is taking priority.

The on-premises router is not advertising a route for the database server.

A cloud firewall rule that blocks traffic to the on-premises database server was created during the change.

Discussion

Question 27

In your project my-project, you have two subnets in a Virtual Private Cloud (VPC): subnet-a with IP range 10.128.0.0/20 and subnet-b with IP range 172.16.0.0/24. You need to deploy database servers in subnet-a. You will also deploy the application servers and web servers in subnet-b. You want to configure firewall rules that only allow database traffic from the application servers to the database servers. What should you do?

Options:

Create network tag app-server and service account sa-db@my-project.iam.gserviceaccount.com. Add the tag to the application servers, and associate the service account with the database servers. Run the following command:

gcloud compute firewall-rules create app-db-firewall-rule \

--action allow \

--direction ingress \

--rules top:3306 \

--source-tags app-server \

--target-service-accounts sa-db@my-<

Create service accounts sa-app@my-project.iam.gserviceaccount.com and sa-db@my-project.iam.gserviceaccount.com. Associate service account sa-app with the application servers, and associate the

service account sa-db with the database servers. Run the following command:

gcloud compute firewall-rules create app-db-firewall-ru

--allow TCP:3306 \

--source-service-accounts sa-app@democloud-idp-

demo.iam.gserv

Create service accounts sa-app@my-project.iam.gserviceaccount.com and sa-db@my-project.iam.gserviceaccount.com. Associate the service account sa-app with the application servers, and associate

the service account sa-db with the database servers. Run the following command:

gcloud compute firewall-rules create app-db-firewall-ru

--allow TCP:3306 \

--source-ranges 10.128.0.0/20 \

--source-service-accounts

Create network tags app-server and db-server. Add the app-server tag to the application servers, and add the db-server tag to the database servers. Run the following command:

gcloud compute firewall-rules create app-db-firewall-rule \

--action allow \

--direction ingress \

--rules tcp:3306 \

--source-ranges 10.128.0.0/20 \

--source-tags app-server \

--target-tags db-server

Discussion

Page: 6 / 15

Title

Questions

Posted