Welcome to your gcpprofessionalnetworkenginer
Q1.You have configured your Cloud Routers for high availability. The Cloud Routers in us-central1 are advertising subnets in two different regions us-central1 and us-west1. VMs in each of the VPC Network regions learn about on-premises hosts automatically. How would you describe this Cloud Routing mode and configuration?
Q2.While on vacation, a manager in the sales department used a computer in the business center of a hotel to access their Google Workspace account. They cannot remember whether they signed out and closed the browser. You should investigate a potential breach and strongly secure the account with the least amount of disruption to the sales manager. What should you do?
Q3.There is one application that has been utilizing a lot of bandwidth – sending out large packets. This particular app attempts to control the TCP window size so that it can maximize its own performance, to the detriment of other services running on the same VM. Which Linux tunable below would you adjust to set the maximum OS send buffer size for all connections?
Q4.Your organization's development team has requested access to Bigtable and BigQuery for a project hosted in Google Cloud VM instances. These services do not require the VMs to have external IP addresses and they will not need one. As the VPC network admin, what would be the best solution for configuring private API access for the services?
Q5.The program manager for patient experience at a health facility will be leaving the organization in less than a week. The new program manager will need access to the historical email of the former program manager. How will you transfer the email between accounts?
Q6.Your company would like to establish a direct, private connection between your on-premise network with Google networks, to connect with GCP resources without transmitting over the public internet. However, your on-premise network is too far from a Google colocation facility to establish a physical connection. You also expect your network topology to change in the next 18 months, so you will need to update all on-premise destination IP addresses. You would like this update to be entirely managed by your company's employees, even though you will need to connect through a service provider. Which GCP Hybrid Connectivity option will allow you to establish your desired network connection, and independently manage your upcoming network updates?
Q7.Your organization has deployed resources in a shared VPC. Now you need to peer it with another shared VPC that is used by a distributed team. The additional shared VPC will contain pooled resources for a large project. However, you quickly discover that peering between the shared VPCs as they are is impossible. What could have happened during the setup of these shared VPCs that would keep you from connecting them now?
Q8.You have created a Cloud Armor allowlisting rule intended to only allow IPs from a specified CIDR range access to external HTTP(S) Load balancers. You have not created a denylisting rule. Which of the following statements about your Cloud Armor rule are false?
Q9.You've recently configured a new developer’s role in Cloud IAM. They've come back to you because they cannot access a resource they need to begin work. What three pieces of information do you need from the developer to troubleshoot their issue?
Q10.You are designing a VPN solution to connect your firms on-premises data center to Google Cloud. You have a BGP-capable VPN gateway installed in the data center and require 99.99% availability for the VPN link. What Cloud VPN configuration meets these requirements while requiring the least setup and maintenance?
Q11.To reduce latency, you will be replacing an existing Cloud VPN Classic VPN connection. You will connect your organization’s on premises data center to Google Cloud resources in a VPC network with all resources in a single subnet and region using private/internal IP connectivity. The connection will need to support 1.5 Gbps of traffic. Due to cost considerations, you would like to order the option that provides just enough bandwidth and not more but must have significantly lower latency than the existing Cloud VPN connection. What should you use?
Q12.You are selecting Google Cloud locations to deploy Google Cloud VMs. You have general requirements to maximize availability and reduce average user latency with a lower priority goal of reducing networking costs. The users served by these VMs will be in Toronto and Montreal. You must deploy workloads requiring instances at 99.5% availability in Toronto and 99.99% availability in Montreal. These instances all exchange a large amount of traffic among themselves. Which deployment option satisfies these requirements?
Q13.Your employer has decided to switch from your current DNS provider to Cloud DNS, and you have been tasked with migrating the existing domain to Cloud DNS. You have already created a managed zone to contain your DNS records. You also have the exported DNS configuration file in YAML records format from the current provider. What is the next step in the migration process?
Q14.A team leader has put in a help desk request to allow IP addresses within a specified CIDR range to have access to a GKE cluster control plane using HTTPS. They specifically do not want any other nodes within the VPC to have access to the control plane. What solution do you offer?
Q15.You are trying to determine which firewall rule(s) is/are incorrectly blocking requests between two VMs running within a VPC network: VM1 and VM2. Firewall logging is enabled for all firewall rules, including metadata. The Firewall Insights and Recommendations API also have been enabled. All insights have been enabled, and observation period set over a period capturing the blocked requests. Select a valid troubleshooting approach to find the incorrectly configured firewall rule.
A.Go to Logs Explorer or Legacy Logs Viewer page, view the firewall logs and filter for logs matching the source and destination VMs VM1 and VM2 using the jsonPayload.instance.project_id, jsonPayload.instance.vm_name, jsonPayload.instance.region, and jsonPayload.instance.zone, jsonPayload.remote_instance.vm_name, jsonPayload.remote_instance.region, and jsonPayload.remote_instance.zone
B.Go to Logs Explorer or Legacy Logs Viewer page, view the firewall logs and filter for logs matching the destination VM2 in the VPC using the jsonPayload.instance.project_id, jsonPayload.instance.vm_name, jsonPayload.instance.region, and jsonPayload.instance.zone fields.
C.Go to the Firewall Insights landing page of the Cloud Console. Find the names of the deny firewall rules with hits, to identify rules that are blocking requests. Go to the Legacy Logs Viewer or Logs Explorer page, view the firewall logs and filter for logs matching those rules by name using jsonPayload.rule_details.reference field, matching the names of the deny firewall rules with hits.
D.Go to the Firewall Insights landing page of the Cloud Console and find the names of the allow firewall rules with no hits (to identify rules that are not allowing requests) and then go to the Logs Viewer or Explorer page to view the firewall logs and filter for logs matching those rules by name using jsonPayload.rule_details.reference field (matching the names of the allow firewall rules with no hits).
None
Q16.You are using the gcloud tool to create a Classic VPN with static routing and a route-based tunnel. The on-premises resources are all in the 192.168.1.0/24 range. You have issued commands to create the VPN gateway, IP addresses, forwarding rules, and the VPN tunnel. Select the correct final resource that must be created.
Q17.Your Organization would like to achieve 99.99% availability for their Dedicated Interconnect link from an on-premises network to their VPC. Select the configuration that will achieve this.
Q18.You are setting up a Dedicated Interconnect connection and need to provide the highest capacity possible. Select the circuit configuration that achieves this.
Q19.A telecoms company is connecting one of their Shared VPC networks to their on-premise network via Dedicated Interconnect. Select the recommended approach for configuring their VLAN attachments and Cloud Routers.
Q20.Top Executives in your organization come to you as the network administrator because they believe that Google Cloud Premium Tier is not necessary for the company’s purposes. They are trying to make a final decision, and they want you to explain the difference between the load balancing options at the Premium Tier and what you would get at the Standard Tier. How would you best explain it?
Q21.Which GCP Hybrid Connectivity service can connect your GCP and on-premise networks with the highest level of availability, the lowest level of latency, and the least potential points of network failure?
Q22.You are creating a regional managed instance group (MIG) with VMs in 3 zones. You would like to specify which zone the VMs will be deployed. Which gcloud command would give you the desired MIG setup?
Q23.Within your organization, there is currently one Shared VPC. A newly created team owns a single standalone project, and your executives have decided to combine the new team with an existing team, and they have asked you to make sure the standalone project is brought into the Shared VPC. Which of the following solutions will ensure the resource hierarchy is correct, and the newly combined teams have access to their projects under the current development host project?
Q24.You have configured a network endpoint group specifically as a backend service for deploying containers on VMs. This also gives you granularity in distributing traffic to applications on the VM. This NEG works perfectly as a backend to an external HTTP(S) load balancer. Which type of network endpoint group have you configured?
Q25.You have Endpoint-Independent Mapping enable on Cloud NAT, and you have deployed a TURN server for NAT traversal. How would you explain how a TURN server permits communication between two VMs behind NAT?
Q26.Your organization would like to get a high level topological graph of their Google Cloud network infrastructure. You also want to see the typical latencies and throughputs of traffic between elements of the infrastructure. What is the best tool for this purpose?
Q27.You are debugging a Layer 2 Partner Interconnect connection that is indicating a failure to create a BGP session in the Cloud Router for the associated VLAN attachments. Select the most likely cause to investigate when troubleshooting this issue.
Q28.You are using VPC flow logs to analyze traffic arriving at a subnet. You need to capture approximately 10% of the traffic and determine how much traffic originates from outside the subnet. The VPC flow logs have already been enabled for the subnet. You want to use the least expensive process. How should you configure the VPC flow logs?
