[Mar-2023] Professional-Cloud-Network-Engineer Exam Dumps Pass with Updated 2023 Google Cloud Certified - Professional Cloud Network Engineer [Q19-Q35]

[Mar-2023] Professional-Cloud-Network-Engineer Exam Dumps Pass with Updated 2023 Google Cloud Certified - Professional Cloud Network Engineer

Free Professional-Cloud-Network-Engineer Exam Dumps to Pass Exam Easily

NEW QUESTION 19
Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.
How should you deploy this service in GCP?

• A. Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.
• B. Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.
• C. Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal-priority static routes to the backend servers.
• D. Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.

Answer: D

NEW QUESTION 20
Your organization has Compute Engine instances in us-east1, us-west2, and us-central1. Your organization also has an existing Cloud Interconnect physical connection in the East Coast of the United States with a single VLAN attachment and Cloud Router in us-east1. You need to provide a design with high availability and ensure that if a region goes down, you still have access to all your other Virtual Private Cloud (VPC) subnets. You need to accomplish this in the most cost-effective manner possible. What should you do?

• A. Configure your VPC routing in regional mode.
  Add an additional Cloud Interconnect VLAN attachment in the us-east1 region, and configure a Cloud Router in us-east1.
• B. Configure your VPC routing in global mode.
  Add an additional Cloud Interconnect VLAN attachment in the us-east1 region, and configure a Cloud Router in us-east1.
• C. Configure your VPC routing in global mode.
  Add an additional Cloud Interconnect VLAN attachment in the us-west2 region, and configure a Cloud Router in us-west2.
• D. Configure your VPC routing in regional mode.
  Add additional Cloud Interconnect VLAN attachments in the us-west2 and us-central1 regions, and configure Cloud Routers in us-west2 and us-central1.

Answer: B

NEW QUESTION 21
You have recently been put in charge of managing identity and access management for your organization. You have several projects and want to use scripting and automation wherever possible. You want to grant the editor role to a project member.
Which two methods can you use to accomplish this? (Choose two.)
GetIamPolicy() via REST API

• A. setIamPolicy() via REST API
• B. role roles/editor
  gcloud projects add-iam-policy-binding Sprojectname --member user:Susername --
• C. role roles/editor
• D. Enter an email address in the Add members field, and select the desired role from the drop-down menu in the GCP Console.
• E. gcloud pubsub add-iam-policy-binding Sprojectname --member user:Susername --

Answer: C,D

Explanation:
Explanation/Reference: https://cloud.google.com/iam/docs/granting-changing-revoking-access

NEW QUESTION 22
Your organization's security policy requires that all internet-bound traffic return to your on-premises data center through HA VPN tunnels before egressing to the internet, while allowing virtual machines (VMs) to leverage private Google APIs using private virtual IP addresses 199.36.153.4/30. You need to configure the routes to enable these traffic flows. What should you do?

• A. Configure a custom route 0.0.0.0/0 with a priority of 1000 whose next hop is the internet gateway. Configure another custom route 199.36.153.4/30 with a priority of 500 whose next hop is the VPN tunnel back to the on-premises data center.
• B. Announce a 0.0.0.0/0 route from your on-premises router with a MED of 1000. Configure a custom route 199.36.153.4/30 with a priority of 1000 whose next hop is the default internet gateway.
• C. Announce a 0.0.0.0/0 route from your on-premises router with a MED of 500. Configure another custom route 199.36.153.4/30 with a priority of 1000 whose next hop is the VPN tunnel back to the on-
• D. Configure a custom route 0.0.0.0/0 with a priority of 500 whose next hop is the default internet gateway. Configure another custom route 199.36.153.4/30 with priority of 1000 whose next hop is the VPN tunnel back to the on-premises data center.

Answer: D

Explanation:
premises data center.

NEW QUESTION 23
You work for a organization called cloudtech5 . Your organization has decided to implement continuous integration and delivery (CI/CD) pipeline on Google Cloud Platform using only hosted products and the popular GitOps methodology . The architecture includes many microservices that are updated frequently and rolled back . Please select the products that should be used.

• A. Cloud Source repositories, Jenkins on Compute Engine , Container Registry , Google Kubernetes Engine.
• B. Cloud Source repositories, Cloud Build ,Container Registry,Google Kubernetes Engine
• C. BitBucket , Cloud Build , Container Registry , Google Kubernetes Engine.
• D. Cloud Storage , Cloud Dataflow,Compute Engine.

Answer: B

Explanation:
Option A is the Correct choice because , Cloud Source repositories is a a fully featured, scalable, private Git repository hosted on Google Cloud . Cloud Build is a service that executes your builds on Google Cloud Platform infrastructure. Cloud Build can import source code from Google Cloud Storage, Cloud Source Repositories, GitHub, or Bitbucket, execute a build to your specifications, and produce artifacts such as Docker containers or Java archives. Container Registry is a private container image registry that runs on Google Cloud Platform. Google Kuberenetes Engine is ideal for deploying small services that can be updated and rolled back quickly.
Option B is Incorrect because , BitBucket isn't Google Cloud hosted service but it can be used to achieve the same results .
Option C is Incorrect because Jenkins on Compute Engine isn't Google hosted product , Cloud build is the right choice because it is a service managed by Google Cloud .
Option D is Incorrect because , the objective is to implement CI/CD pipeline not data processing pipeline .

NEW QUESTION 24
In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.
What should you do?

• A. Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
• B. Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.
• C. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
• D. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.

Answer: D

Explanation:
Explanation/Reference:

NEW QUESTION 25
An application development team believes their current logging tool will not meet their needs for their new cloud-based product. They want a better tool to capture errors and help them analyze their historical log data. You want to help them find a solution that meets their needs, what should you do?

• A. Help them define their requirements and assess viable logging tools.
• B. Help them upgrade their current tool to take advantage of any new features.
• C. Direct them to download and install the Google StackDriver logging agent.
• D. Send them a list of online resources about logging best practices.

Answer: A

Explanation:
A and D can be ruled out for them are not general IT good practices. They need your help, not just simply to sell your products, or point them to the crowded resource without explains.
B (Correct Answer) - Help them define their requirements and assess viable logging tools. They know the requirements and the existing tools' problems. While it's true StackDriver Logging and Error Reporting meet all their requirements, they need you to provide expertise to make assessment for new tools, specifically, logging tools that can capture errors and help them analyze their historical log data?
C - Help them upgrade their current tool to take advantage of any new features. They have already used and know those tools' shortcomings. They need your help to find better one. Simply help them upgrade for new features is not enough and may not resolve the problems

NEW QUESTION 26
You need to define an address plan for a future new GKE cluster in your VPC. This will be a VPC native cluster, and the default Pod IP range allocation will be used. You must pre-provision all the needed VPC subnets and their respective IP address ranges before cluster creation. The cluster will initially have a single node, but it will be scaled to a maximum of three nodes if necessary. You want to allocate the minimum number of Pod IP addresses.
Which subnet mask should you use for the Pod IP address range?

• A. /23
• B. /22
• C. /25
• D. /21

Answer: C

Explanation:
Reference:
https://cloud.google.com/kubernetes-engine/docs/how-to/alias-ips

NEW QUESTION 27
You suspect that one of the virtual machines (VMs) in your default Virtual Private Cloud (VPC) is under a denial-of-service attack. You need to analyze the incoming traffic for the VM to understand where the traffic is coming from. What should you do?

• A. Enable Data Access audit logs of the subnet. Analyze the logs and get the source IP addresses from the networks.get field.
• B. Enable VPC Flow Logs for the VPC. Analyze the logs and get the source IP addresses from the src_location field.
• C. Enable VPC Flow Logs for the subnet. Analyze the logs and get the source IP addresses from the connection field.
• D. Enable Data Access audit logs of the VPC. Analyze the logs and get the source IP addresses from the subnetworks.get field.

Answer: C

NEW QUESTION 28
The security team has disabled external SSH access into production virtual machines in GCP.
The operations team needs to remotely manage the VMs and other resources. What can they do?

• A. Configure a VPN connection to GCP to allow SSH access to the cloud VMs.
• B. Develop a new access request process that grants temporary SSH access to cloud VMs when an operations engineer needs to perform a task.
• C. Have the development team build an API service that allows the operations team to execute specific remote procedure calls to accomplish their tasks.
• D. Grant the operations team access to use Google Cloud Shell.

Answer: D

Explanation:
Grant the operations team access to use Google Cloud Shell.
B (Correct Answer) - Grant the operations engineers access to use Google Cloud Shell.
All the engineer asked is remote access the VMs just like using SSH, so if the machines still have an external IP address, the engineers can access them via SSH using Google Cloud Shell.
This is easies effective way to meet the requirements. All other answers are possible options that might require more setup than worthwhile for your needs.

NEW QUESTION 29
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements:
* IP ranges for pods and services must be as small as possible.
* The nodes and the master must not be reachable from the internet.
* You must be able to use kubectl commands from on-premises subnets to manage the cluster.
How should you create the GKE cluster?

• A. * Create a VPC-native GKE cluster using GKE-managed IP ranges.
  * Set the pod IP range as /21 and service IP range as /24.
  * Set up a network proxy to access the master.
• B. * Create a VPC-native GKE cluster using user-managed IP ranges.
  * Enable a GKE cluster network policy, set the pod and service ranges as /24.
  * Set up a network proxy to access the master.
  * Enable master authorized networks.
• C. * Create a VPC-native GKE cluster using user-managed IP ranges.
  * Enable privateEndpoint on the cluster master.
  * Set the pod and service ranges as /24.
  * Set up a network proxy to access the master.
  * Enable master authorized networks.
• D. * Create a private cluster that uses VPC advanced routes.
  * Set the pod and service ranges as /24.
  * Set up a network proxy to access the master.

Answer: B

Explanation:
Explanation/Reference: https://cloud.google.com/kubernetes-engine/docs/how-to/alias-ips

NEW QUESTION 30
You have a web application that is currently hosted in the us-central1 region. Users experience high latency when traveling in Asia. You've configured a network load balancer, but users have not experienced a performance improvement. You want to decrease the latency.
What should you do?

• A. Configure an HTTP load balancer, and direct the traffic to it.
• B. Configure the TTL for the DNS zone to decrease the time between updates.
• C. Configure a policy-based route rule to prioritize the traffic.
• D. Configure Dynamic Routing for the subnet hosting the application.

Answer: A

Explanation:
https://cloud.google.com/load-balancing/docs/tutorials/optimize-app-latency

NEW QUESTION 31
You have configured a Compute Engine virtual machine instance as a NAT gateway. You execute the following command:
gcloud compute routes create no-ip-internet-route \
--network custom-network1 \
--destination-range 0.0.0.0/0 \
--next-hop instance nat-gateway \
--next-hop instance-zone us-central1-a \
--tags no-ip --priority 800
You want existing instances to use the new NAT gateway. Which command should you execute?

• A. gcloud compute instances add-tags [existing-instance] --tags no-ip
• B. gcloud compute instances create example-instance --network custom-network1 \
• C. sudo sysctl -w net.ipv4.ip_forward=1
• D. gcloud builds submit --config=cloudbuild.waml --substitutions=TAG_NAME=no-ip

Answer: A

Explanation:
--subnet subnet-us-central \
--no-address \
--zone us-central1-a \
--image-family debian-9 \
--image-project debian-cloud \
--tags no-ip
Explanation:
https://cloud.google.com/sdk/gcloud/reference/compute/routes/create
In order to apply a route to an existing instance we should use a tag to bind the route to it.

NEW QUESTION 32
You are increasing your usage of Cloud VPN between on-premises and GCP, and you want to support more traffic than a single tunnel can handle. You want to increase the available bandwidth using Cloud VPN.
What should you do?

• A. Create two VPN tunnels on the same Cloud VPN gateway that point to the same destination VPN gateway IP address.
• B. Double the MTU on your on-premises VPN gateway from 1460 bytes to 2920 bytes.
• C. Add a second on-premises VPN gateway with a different public IP address. Create a second tunnel on the existing Cloud VPN gateway that forwards the same IP range, but points at the new on-premises gateway IP.
• D. Add a second Cloud VPN gateway in a different region than the existing VPN gateway. Create a new tunnel on the second Cloud VPN gateway that forwards the same IP range, but points to the existing on-premises VPN gateway IP address.

Answer: A

NEW QUESTION 33
You want to establish a dedicated connection to Google that can access Cloud SQL via a public IP address and that does not require a third-party service provider.
Which connection type should you choose?

• A. Direct Peering
• B. Dedicated Interconnect
• C. Carrier Peering
• D. Partner Interconnect

Answer: A

Explanation:
When established, Direct Peering provides a direct path from your on-premises network to Google services, including Google Cloud products that can be exposed through one or more public IP addresses. Traffic from Google's network to your on-premises network also takes that direct path, including traffic from VPC networks in your projects. Google Cloud customers must request that direct egress pricing be enabled for each of their projects after they have established Direct Peering with Google. For more information, see Pricing.

NEW QUESTION 34
You have ordered Dedicated Interconnect in the GCP Console and need to give the Letter of Authorization/Connecting Facility Assignment (LOA-CFA) to your cross-connect provider to complete the physical connection.
Which two actions can accomplish this? (Choose two.)

• A. Open a Cloud Support ticket under the Cloud Interconnect category.
• B. Download the LOA-CFA from the Hybrid Connectivity section of the GCP Console.
• C. Run gcloud compute interconnects describe <interconnect>.
• D. Contact your cross-connect provider and inform them that Google automatically sent the LOA/CFA to them via email, and to complete the connection.
• E. Check the email for the account of the NOC contact that you specified during the ordering process.

Answer: B,E

NEW QUESTION 35
......

Implement Hybrid Interconnectivity

• Configure Interconnect: This part measures one’s understanding of partner (that is layer 2 versus layer 3 connectivity), bulk storage uploads, and virtualizing with the use of VLAN attachments;
• Configure Cloud Router for Dependability: You will also be expected to demonstrate competence in this domain as well as in the configuration of site-to-site IPsec VPN.

Professional-Cloud-Network-Engineer Exam Dumps, Professional-Cloud-Network-Engineer Practice Test Questions: https://testking.vcetorrent.com/Professional-Cloud-Network-Engineer-valid-vce-torrent.html