CertsTopics Logo

Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free Professional-Cloud-Network-Engineer Google Updates

Page: 5 / 17
Total 233 questions
Get Professional-Cloud-Network-Engineer Full Access Download Professional-Cloud-Network-Engineer PDF

Google Cloud Certified - Professional Cloud Network Engineer Questions and Answers

Question 17

You are using the gcloud command line tool to create a new custom role in a project by coping a predefined role. You receive this error message:

INVALID_ARGUMENT: Permission resourcemanager.projects.list is not valid

What should you do?

Options:

A.

Add the resourcemanager.projects.get permission, and try again.

B.

Try again with a different role with a new name but the same permissions.

C.

Remove the resourcemanager.projects.list permission, and try again.

D.

Add the resourcemanager.projects.setIamPolicy permission, and try again.

Question 18

You have a Cloud Storage bucket in Google Cloud project XYZ. The bucket contains sensitive data. You need to design a solution to ensure that only instances belonging to VPCs under project XYZ can access the data stored in this Cloud Storage bucket. What should you do?

Options:

A.

Configure Private Google Access to privately access the Cloud Storage service using private IP addresses.

B.

Configure a VPC Service Controls perimeter around project XYZ, and include storage.googleapis.com as a restricted service in the service perimeter.

C.

Configure Cloud Storage with projectPrivate Access Control List (ACL) that gives permission to the project team based on their roles.

D.

Configure Private Service Connect to privately access Cloud Storage from all VPCs under project XYZ.

Question 19

All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys. None of the instances are set with any SSH key, and no project-wide SSH keys have been configured. Firewall rules are set up to allow SSH sessions from any IP address range. You want to SSH into one instance.

What should you do?

Options:

A.

Open the Cloud Shell SSH into the instance using gcloud compute ssh.

B.

Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh.

C.

Generate a new SSH key pair. Verify the format of the private key and add it to the instance. SSH into the instance using a third-party tool like putty or ssh.

D.

Generate a new SSH key pair. Verify the format of the public key and add it to the project. SSH into the instance using a third-party tool like putty or ssh.

Question 20

You need to configure a Google Kubernetes Engine (GKE) cluster. The initial deployment should have 5 nodes with the potential to scale to 10 nodes. The maximum number of Pods per node is 8. The number of services could grow from 100 to up to 1024. How should you design the IP schema to optimally meet this requirement?

Options:

A.

Configure a /28 primary IP address range for the node IP addresses. Configure a (25 secondary IP range for the Pods. Configure a /22 secondary IP range for the Services.

B.

Configure a /28 primary IP address range for the node IP addresses. Configure a /25 secondary IP range for the Pods. Configure a /21 secondary IP range for the Services.

C.

Configure a /28 primary IP address range for the node IP addresses. Configure a /28 secondary IP range for the Pods. Configure a /21 secondary IP range for the Services.

D.

Configure a /28 primary IP address range for the node IP addresses. Configure a /24 secondary IP range for the Pads. Configure a /22 secondary IP range for the Services.

Page: 5 / 17
Total 233 questions
Get Professional-Cloud-Network-Engineer Full Access Download Professional-Cloud-Network-Engineer PDF