Login / Register   My Cart (0)

Pay attention to our Valid and Useful Exam Reviews and take our Exam Torrent as your Study Material. With little time and energy investment, you have a High Efficiency Study experience. Pass your Actual Test with the help of our Actual Reviews.

All Products Contact now
  • Home
  • Articles
  • New 2023 Guaranteed Success with ExamsReviews Professional-Cloud-Network-Engineer Dumps Google PDF Questions [Q30-Q48]

New 2023 Guaranteed Success with ExamsReviews Professional-Cloud-Network-Engineer Dumps Google PDF Questions [Q30-Q48]

Share

New 2023 Guaranteed Success with ExamsReviews Professional-Cloud-Network-Engineer Dumps Google PDF Questions

Exceptional Practice To Google Cloud Certified - Professional Cloud Network Engineer Pass the First Time

NEW QUESTION 30
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances.
Which two products should you incorporate into the solution? (Choose two.)

  • A. Stackdriver Trace
  • B. Firewall logs
  • C. VPC flow logs
  • D. Cloud Audit logs
  • E. Compute Engine instance system logs

Answer: A,D

Explanation:
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations

 

NEW QUESTION 31
A database virtual machine on Google Compute Engine has an ext4-formatted persistent disk for data files. The database is about to run out of storage space How can you remediate the problem with the least amount of downtime?

  • A. In the Cloud Platform Console, increase the size of the persistent disk and use the resize2fs command in Linux.
  • B. In the Cloud Platform Console, create a snapshot of the persistent disk, restore the snapshot to a new larger disk, unmount the old disk, mount the new disk, and restart the database service.
  • C. In the Cloud Platform Console, create a new persistent disk attached to the virtual machine, format and mount it, and configure the database service to move the files to the new disk.
  • D. In the Cloud Platform Console, increase the size of the persistent disk and verify the new space is ready to use with the fdisk command in Linux.
  • E. Shut down the virtual machine, use the Cloud Platform Console to increase the persistent disk size, then restart the virtual machine.

Answer: A

Explanation:
A (Correct answer) - In the Cloud Platform Console, increase the size of the persistent disk and use the resize2fs command in Linux.
Here are the steps: In the Cloud Platform Console, increase the size of the persistent disk; after indicating size increase in console, to make the new size effective, you have two options: restart the VM or configure in the VM's operating systems, Windows or Linux.

 

NEW QUESTION 32
You are migrating a three-tier application architecture from on-premises to Google Cloud. As a first step in the migration, you want to create a new Virtual Private Cloud (VPC) with an external HTTP(S) load balancer. This load balancer will forward traffic back to the on-premises compute resources that run the presentation tier. You need to stop malicious traffic from entering your VPC and consuming resources at the edge, so you must configure this policy to filter IP addresses and stop cross-site scripting (XSS) attacks. What should you do?

  • A. Create a Google Cloud Armor policy, and apply it to a backend service that uses an unmanaged instance group backend.
  • B. Create a Google Cloud Armor policy, and apply it to a backend service that uses an internet network endpoint group (NEG) backend.
  • C. Create a VPC firewall ruleset, and apply it to all instances in unmanaged instance groups.
  • D. Create a hierarchical firewall ruleset, and apply it to the VPC's parent organization resource node.

Answer: B

 

NEW QUESTION 33
You have created several preemptible Linux virtual machine instances using Google Compute Engine. You want to properly shut down your application before the virtual machines are preempted. What should you do?

  • A. Create a shutdown script, registered as a xinetd service in Linux, and use the gcloud compute instances add-metadata command to specify the service URL as the value for a new metadata entry with the key shutdown-script-url
  • B. Create a shutdown script named shutdown in the /etc/ directory.
  • C. Create a shutdown script registered as a xinetd service in Linux and configure a StackDriver endpoint check to call the service.
  • D. Create a shutdown script and use it as the value for a new metadata entry with the key shutdown- script in the Cloud Platform Console when you create the new virtual machine instance.

Answer: D

Explanation:
Running Shutdown Scripts "Create and run shutdown scripts that execute commands right before an instance is terminated or restarted, on a best-effort basis. This is useful if you rely on automated scripts to start up and shut down instances, allowing instances time to clean up or perform tasks, such as exporting logs, or syncing with other systems."
https://cloud.google.com/compute/docs/shutdownscript
To setup Shutdown Scripts, go to GCP console and follow the steps:
Compute Engine -> VM instance -> Create Instance -> (Expand) Management, disks, networking, SSH keys Enter the key "shutdown-script" and proper value

 

NEW QUESTION 34
You work for a multinational enterprise that is moving to GCP.
These are the cloud requirements:
* An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us-west1 (primary HQ) and us-east4 (backup)
* Multiple regional offices in Europe and APAC
* Regional data processing is required in europe-west1 and australia-southeast1
* Centralized Network Administration Team
Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering. You want to deploy the appliance in us-west1.
What should you do?

  • A. * Create 2 VPCs in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Host Project.* Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.* Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.
  • B. * Create 1 VPC in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Host Project.* Attach NIC0 in us-west1 subnet of the Host Project.* Attach NIC1 in us-west1 subnet of the Host Project* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.
  • C. * Create 1 VPC in a Shared VPC Service Project.* Configure a 2-NIC instance in zone us-west1-a in the Service Project.* Attach NIC0 in us-west1 subnet of the Service Project.* Attach NIC1 in us-west1 subnet of the Service Project* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.
  • D. * Create 2 VPCs in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Service Project.* Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.* Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.

Answer: D

Explanation:
https://cloud.google.com/vpc/docs/shared-vpc

 

NEW QUESTION 35
You have deployed an HTTP(s) load balancer, but health checks to port 80 on the Compute Engine virtual machine instance are failing, and no traffic is sent to your instances. You want to resolve the problem. Which commands should you run?

  • A. gcloud compute firewall-rules create allow-lb --network load-balancer --allow tcp --source-ranges 130.211.0.0/22,35.191.0.0/16 --direction INGRESS
  • B. gcloud compute instances add-access-config instance-1
  • C. gcloud compute firewall-rules create allow-lb --network load-balancer --allow tcp --destination-ranges 130.211.0.0/22,35.191.0.0/16 --direction EGRESS
  • D. gcloud compute health-checks update http health-check --unhealthy-threshold 10

Answer: B

 

NEW QUESTION 36
You have provisioned a Dedicated Interconnect connection of 20 Gbps with a VLAN attachment of 10 Gbps. You recently noticed a steady increase in ingress traffic on the Interconnect connection from the on-premises data center. You need to ensure that your end users can achieve the full 20 Gbps throughput as quickly as possible. Which two methods can you use to accomplish this? (Choose two.)

  • A. From the Google Cloud Console, request a new Dedicated Interconnect connection of 20 Gbps, and configure a VLAN attachment of 10 Gbps.
  • B. Configure Link Aggregation Control Protocol (LACP) on the on-premises router to use the 20-Gbps Dedicated Interconnect connection.
  • C. Configure an additional VLAN attachment of 10 Gbps in another region. Configure the on-premises router to advertise routes with the same multi-exit discriminator (MED).
  • D. Configure an additional VLAN attachment of 10 Gbps in the same region. Configure the on-premises router to advertise routes with the same multi-exit discriminator (MED).
  • E. From the Google Cloud Console, modify the bandwidth of the VLAN attachment to 20 Gbps.

Answer: B,E

 

NEW QUESTION 37
You have a web application that is currently hosted in the us-central1 region. Users experience high latency when traveling in Asia. You've configured a network load balancer, but users have not experienced a performance improvement. You want to decrease the latency.
What should you do?

  • A. Configure an HTTP load balancer, and direct the traffic to it.
  • B. Configure the TTL for the DNS zone to decrease the time between updates.
  • C. Configure a policy-based route rule to prioritize the traffic.
  • D. Configure Dynamic Routing for the subnet hosting the application.

Answer: A

Explanation:
Explanation/Reference: https://cloud.google.com/load-balancing/docs/tutorials/optimize-app-latency

 

NEW QUESTION 38
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements:
All access to your on-premises network must go through the network virtual appliances.
Allow on-premises access in the event of a single network virtual appliance failure.
Both network virtual appliances must be used simultaneously.
Which method should you use to accomplish this?

  • A. Configure two routes for 10.0.0.0/8 with different priorities, each pointing to separate network virtual appliances.
  • B. Configure an internal TCP/UDP load balancer with the two network virtual appliances as backends. Configure a route for 10.0.0.0/8 with the internal load balancer as the next hop.
  • C. Configure a network load balancer for the two network virtual appliances. Configure a route for 10.0.0.0/8 with the network load balancer as the next hop.
  • D. Configure an internal HTTP(S) load balancer with the two network virtual appliances as backends. Configure a route for 10.0.0.0/8 with the internal HTTP(S) load balancer as the next hop.

Answer: D

 

NEW QUESTION 39
You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.
What should you do?

  • A. Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.
  • B. Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.
  • C. Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.
  • D. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.

Answer: A

Explanation:
Explanation/Reference: https://link.springer.com/chapter/10.1007/978-1-4842-1004-8_4

 

NEW QUESTION 40
Your company has just launched a new critical revenue-generating web application. You deployed the application for scalability using managed instance groups, autoscaling, and a network load balancer as frontend. One day, you notice severe bursty traffic that caused autoscaling to reach the maximum number of instances, and users of your application cannot complete transactions. After an investigation, you think it is a DDOS attack. You want to quickly restore user access to your application and allow successful transactions while minimizing cost.
Which two steps should you take? (Choose two.)

  • A. Create a global HTTP(s) load balancer and move your application backend to this load balancer.
  • B. Increase the maximum autoscaling backend to accommodate the severe bursty traffic.
  • C. Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline.
  • D. SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.
  • E. Use Cloud Armor to blacklist the attacker's IP addresses.

Answer: B,D

 

NEW QUESTION 41
You create a Google Kubernetes Engine private cluster and want to use kubectl to get the status of the pods. In one of your instances you notice the master is not responding, even though the cluster is up and running.
What should you do to solve the problem?

  • A. Create the appropriate master authorized network entries to allow the instance to communicate to the master.
  • B. Assign a public IP address to the instance.
  • C. Create the appropriate firewall policy in the VPC to allow traffic from Master node IP address to the instance.
  • D. Create a route to reach the Master, pointing to the default internet gateway.

Answer: C

 

NEW QUESTION 42
You want to create a service in GCP using IPv6.
What should you do?

  • A. Configure an internal load balancer with the designated IPv6 address.
  • B. Create the instance with the designated IPv6 address.
  • C. Configure a TCP Proxy with the designated IPv6 address.
  • D. Configure a global load balancer with the designated IPv6 address.

Answer: D

Explanation:
https://cloud.google.com/load-balancing/docs/load-balancing-overview mentions to use global load balancer for IPv6 termination.

 

NEW QUESTION 43
You have provisioned a Partner Interconnect connection to extend connectivity from your on-premises data center to Google Cloud. You need to configure a Cloud Router and create a VLAN attachment to connect to resources inside your VPC. You need to configure an Autonomous System number (ASN) to use with the associated Cloud Router and create the VLAN attachment.
What should you do?

  • A. Use a 2-byte private ASN 64512-65535.
  • B. Use a public Google ASN 16550.
  • C. Use a public Google ASN 15169.
  • D. Use a 4-byte private ASN 4200000000-4294967294.

Answer: A

 

NEW QUESTION 44
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You have recently engaged a traffic-scrubbing service and want to restrict your origin to allow connections only from the traffic-scrubbing service.
What should you do?

  • A. Create IPTables firewall rules that block all traffic except for the traffic-scrubbing service.
  • B. Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.
  • C. Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
  • D. Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.

Answer: C

 

NEW QUESTION 45
You work for a university that is migrating to GCP.
These are the cloud requirements:
- On-premises connectivity with 10 Gbps
- Lowest latency access to the cloud
- Centralized Networking Administration Team
New departments are asking for on-premises connectivity to their projects.
You want to deploy the most cost-efficient interconnect solution for connecting the campus to Google Cloud.
What should you do?

  • A. Use Shared VPC, and deploy the VLAN attachments and Interconnect in the host project.
  • B. Use Shared VPC, and deploy the VLAN attachments in the service projects.
    Connect the VLAN attachment to the Shared VPC's host project.
  • C. Use standalone projects and deploy the VLAN attachments and Interconnects in each of the individual projects.
  • D. Use standalone projects, and deploy the VLAN attachments in the individual projects.
    Connect the VLAN attachment to the standalone projects' Interconnects.

Answer: B

 

NEW QUESTION 46
You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.
Which two actions should you take? (Choose two.)

  • A. Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.
  • B. Turn on Private Google Access at the subnet level.
  • C. Turn on Private Services Access at the VPC level.
  • D. Turn on Private Google Access at the VPC level.
  • E. Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.

Answer: A,C

Explanation:
Explanation/Reference: https://cloud.google.com/vpc/docs/private-access-options

 

NEW QUESTION 47
You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible.
What should you do?

  • A. Grant the read-only privilege to the service account for the Cloud Storage bucket.
  • B. Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.
  • C. Grant the compute.instanceAdmin to your user account.
  • D. Grant the iam.serviceAccountUser to your user account.

Answer: D

Explanation:
https://cloud.google.com/compute/docs/access/iam

 

NEW QUESTION 48
......

Professional-Cloud-Network-Engineer EXAM DUMPS WITH GUARANTEED SUCCESS: https://www.examsreviews.com/Professional-Cloud-Network-Engineer-pass4sure-exam-review.html

Best Quality Google Professional-Cloud-Network-Engineer Exam Questions: https://drive.google.com/open?id=1BT-GLPvpbKfP9HyFvrmguHn4eocZH9DE

Related Articles

more
Google Professional-Cloud-Network-Engineer Certification Practice Exam

Pay attention to our Valid and Useful Exam Reviews and take our Exam Torrent as your Study Material. With little time and energy investment, you have a High Efficiency Study experience. Pass your Actual Test with the help of our Actual Reviews.

Latest Exam

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ExamsReviews NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy