Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren't certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users.What should you do?
Answer(s): B
Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift- and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.How should you deploy this service in GCP?
https://cloud.google.com/compute/docs/instance-groups/adding-an-instance-group-to-a-load- balancer
You decide to set up Cloud NAT. After completing the configuration, you find that one of your instances is not using the Cloud NAT for outbound NAT.What is the most likely cause of this problem?
https://www.sovereignsolutionscorp.com/google-cloud-nat/
You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BGP) session, and the other one acts as a standby.Which BGP attribute should you use on your on-premises router?
Answer(s): D
https://cloud.google.com/router/docs/concepts/overview
You are increasing your usage of Cloud VPN between on-premises and GCP, and you want to support more traffic than a single tunnel can handle. You want to increase the available bandwidth using Cloud VPN.What should you do?
Answer(s): C
You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in your zone.What should you do?
Before disabling DNSSEC for a managed zone you want to use, you must deactivate DNSSEC at your domain registrar to ensure that DNSSEC-validating resolvers can still resolve names in the zone.
https://cloud.google.com/dns/docs/dnssec-config
You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic listed.During troubleshooting you find:· Flow logs are enabled for the VPC subnet, and all firewall rules are set to log.· The subnetwork logs are not excluded from Stackdriver.· The instance that is hosting the application can communicate outside the subnet. · Other instances within the subnet can communicate outside the subnet.· The external resource initiates communication.What is the most likely cause of the missing log lines?
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed.What is the most likely cause of the problem?
If responses served by Cloud CDN are not compressed but should be, check that the web server software running on your instances is configured to compress responses. By default, some web server software will automatically disable compression for requests that include a Via header. The presence of a Via header indicates the request was forwarded by a proxy. HTTP proxies such as HTTP(S) load balancing add a Via header to each request as required by the HTTP specification. To enable compression, you may have to override your web server's default configuration to tell it to compress responses even if the request had a Via header.
https://cloud.google.com/cdn/docs/troubleshooting-steps
Share your comments for Google PROFESSIONAL CLOUD NETWORK ENGINEER exam with other users:
my experience was great with this site as i studied for the ms-900 from here and got 900/1000 on the test. my main focus was on the tutorials which were provided and practice questions. thanks!
great course
very good question
question: 93 which statement is true regarding the result? sales contain 6 columns and values contain 7 columns so c is not right answer.
highly recommend just passed my exam.
great practice! thanks
anyone who wrote this exam recently?
kindly share the dump
could you please upload cfe fraud prevention and deterrence questions? it will be very much helpful.
this is really very very helpful for mcd level 1
very helpful!
question #18s answer should be a, not d. this should be corrected. it should be minvalidityperiod
thanks for the exact solution
need to refer the questions and have to give the exam
i need it right now if it was possible please
i need it very much please share it in the fastest time.
correct answer is d for student.java program
q:37 c is correct
q6 exam topic: terramearth, c: correct answer: copy 1petabyte to encrypted usb device ???
explained answers
plan to take theaws certified developer - associate dva-c02 in the next few weeks
very helpfull
good questions
help to practice csa exam
nice tip and well documented
i need the exam
please upload
prepping for fsc exam
pd1 with great experience
@t it seems like azure service bus message quesues could be the best solution
helpful to check your understanding.
question 128 the answer should be static not auto
more comments here
great support to appear for exams