Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors

Google Professional Cloud Network Engineer PROFESSIONAL CLOUD NETWORK ENGINEER Dumps in PDF

Free Google PROFESSIONAL CLOUD NETWORK ENGINEER Real Questions (page: 3)

PROFESSIONAL CLOUD NETWORK ENGINEER PDF — 307 Questions

Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren't certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users.

What should you do?

  1. Create a Cloud Armor Policy rule that denies traffic and review necessary logs.
  2. Create a Cloud Armor Policy rule that denies traffic, enable preview mode, and review necessary logs.
  3. Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to disabled, and review necessary logs.
  4. Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to enabled, and review necessary logs.

Answer(s): B



Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift- and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.

How should you deploy this service in GCP?

  1. Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.
  2. Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.
  3. Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.
  4. Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal- priority static routes to the backend servers.

Answer(s): B


Reference:

https://cloud.google.com/compute/docs/instance-groups/adding-an-instance-group-to-a-load- balancer



You decide to set up Cloud NAT. After completing the configuration, you find that one of your instances is not using the Cloud NAT for outbound NAT.

What is the most likely cause of this problem?

  1. The instance has been configured with multiple interfaces.
  2. An external IP address has been configured on the instance.
  3. You have created static routes that use RFC1918 ranges.
  4. The instance is accessible by a load balancer external IP address.

Answer(s): B


Reference:

https://www.sovereignsolutionscorp.com/google-cloud-nat/



You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BGP) session, and the other one acts as a standby.

Which BGP attribute should you use on your on-premises router?

  1. AS-Path
  2. Community
  3. Local Preference
  4. Multi-exit Discriminator

Answer(s): D


Reference:

https://cloud.google.com/router/docs/concepts/overview



You are increasing your usage of Cloud VPN between on-premises and GCP, and you want to support more traffic than a single tunnel can handle. You want to increase the available bandwidth using Cloud VPN.

What should you do?

  1. Double the MTU on your on-premises VPN gateway from 1460 bytes to 2920 bytes.
  2. Create two VPN tunnels on the same Cloud VPN gateway that point to the same destination VPN gateway IP address.
  3. Add a second on-premises VPN gateway with a different public IP address. Create a second tunnel on the existing Cloud VPN gateway that forwards the same IP range, but points at the new on-premises gateway IP.
  4. Add a second Cloud VPN gateway in a different region than the existing VPN gateway. Create a new tunnel on the second Cloud VPN gateway that forwards the same IP range, but points to the existing on-premises VPN gateway IP address.

Answer(s): C



You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in your zone.

What should you do?

  1. Update the TTL for the zone.
  2. Set the zone to the TRANSFER state.
  3. Disable DNSSEC at your domain registrar.
  4. Transfer ownership of the domain to a new registrar.

Answer(s): C

Explanation:

Before disabling DNSSEC for a managed zone you want to use, you must deactivate DNSSEC at your domain registrar to ensure that DNSSEC-validating resolvers can still resolve names in the zone.


Reference:

https://cloud.google.com/dns/docs/dnssec-config



You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet.
When you review the flow and firewall logs, you do not see any denied traffic listed.

During troubleshooting you find:

· Flow logs are enabled for the VPC subnet, and all firewall rules are set to log.
· The subnetwork logs are not excluded from Stackdriver.
· The instance that is hosting the application can communicate outside the subnet. · Other instances within the subnet can communicate outside the subnet.
· The external resource initiates communication.

What is the most likely cause of the missing log lines?

  1. The traffic is matching the expected ingress rule.
  2. The traffic is matching the expected egress rule.
  3. The traffic is not matching the expected ingress rule.
  4. The traffic is not matching the expected egress rule.

Answer(s): C



You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed.

What is the most likely cause of the problem?

  1. You have not configured compression in Cloud CDN.
  2. You have configured the web servers and Cloud CDN with different compression types.
  3. The web servers behind the load balancer are configured with different compression types.
  4. You have to configure the web servers to compress responses even if the request has a Via header.

Answer(s): D

Explanation:

If responses served by Cloud CDN are not compressed but should be, check that the web server software running on your instances is configured to compress responses. By default, some web server software will automatically disable compression for requests that include a Via header. The presence of a Via header indicates the request was forwarded by a proxy. HTTP proxies such as HTTP(S) load balancing add a Via header to each request as required by the HTTP specification. To enable compression, you may have to override your web server's default configuration to tell it to compress responses even if the request had a Via header.


Reference:

https://cloud.google.com/cdn/docs/troubleshooting-steps



PDF
Viewing page 3 of 32

Share your comments for Google PROFESSIONAL CLOUD NETWORK ENGINEER exam with other users:

Ž
Žarko
9/5/2023 3:35:00 AM

@t it seems like azure service bus message quesues could be the best solution

UNITED KINGDOM
S
Shiji
10/15/2023 1:08:00 PM

helpful to check your understanding.

INDIA
D
Da Costa
8/27/2023 11:43:00 AM

question 128 the answer should be static not auto

Anonymous
B
bot
7/26/2023 6:45:00 PM

more comments here

UNITED STATES
K
Kaleemullah
12/31/2023 1:35:00 AM

great support to appear for exams

Anonymous
B
Bsmaind
8/20/2023 9:26:00 AM

useful dumps

Anonymous
B
Blessious Phiri
8/13/2023 8:37:00 AM

making progress

Anonymous
N
Nabla
9/17/2023 10:20:00 AM

q31 answer should be d i think

FRANCE
V
vladputin
7/20/2023 5:00:00 AM

is this real?

UNITED STATES
N
Nick W
9/29/2023 7:32:00 AM

q10: c and f are also true. q11: this is outdated. you no longer need ownership on a pipe to operate it

Anonymous
N
Naveed
8/28/2023 2:48:00 AM

good questions with simple explanation

UNITED STATES
C
cert
9/24/2023 4:53:00 PM

admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s

Anonymous
Y
Yves
8/29/2023 8:46:00 PM

very inciting

Anonymous
M
Miguel
10/16/2023 11:18:00 AM

question 5, it seems a instead of d, because: - care plan = case - patient = person account - product = product2;

SPAIN
B
Byset
9/25/2023 12:49:00 AM

it look like real one

Anonymous
D
Debabrata Das
8/28/2023 8:42:00 AM

i am taking oracle fcc certification test next two days, pls share question dumps

Anonymous
N
nITA KALE
8/22/2023 1:57:00 AM

i need dumps

Anonymous
C
CV
9/9/2023 1:54:00 PM

its time to comptia sec+

GREECE
S
SkepticReader
8/1/2023 8:51:00 AM

question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).

UNITED STATES
N
Nabin
10/16/2023 4:58:00 AM

helpful content

MALAYSIA
B
Blessious Phiri
8/15/2023 3:19:00 PM

oracle 19c is complex db

Anonymous
S
Sreenivas
10/24/2023 12:59:00 AM

helpful for practice

Anonymous
L
Liz
9/11/2022 11:27:00 PM

support team is fast and deeply knowledgeable. i appreciate that a lot.

UNITED STATES
N
Namrata
7/15/2023 2:22:00 AM

helpful questions

Anonymous
L
lipsa
11/8/2023 12:54:00 PM

thanks for question

Anonymous
E
Eli
6/18/2023 11:27:00 PM

the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.

EUROPEAN UNION
O
open2exam
10/29/2023 1:14:00 PM

i need exam questions nca 6.5 any help please ?

Anonymous
G
Gerald
9/11/2023 12:22:00 PM

just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam

UNITED STATES
R
ryo
9/10/2023 2:27:00 PM

very helpful

MEXICO
J
Jamshed
6/20/2023 4:32:00 AM

i need this exam

PAKISTAN
R
Roberto Capra
6/14/2023 12:04:00 PM

nice questions... are these questions the same of the exam?

Anonymous
S
Synt
5/23/2023 9:33:00 PM

need to view

UNITED STATES
V
Vey
5/27/2023 12:06:00 AM

highly appreciate for your sharing.

CAMBODIA
T
Tshepang
8/18/2023 4:41:00 AM

kindly share this dump. thank you

Anonymous
AI Tutor 👋 I’m here to help!