CertsTopics Logo

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Pearson Professional-Cloud-Network-Engineer New Attempt

Page: 8 / 13
Total 170 questions
Get Professional-Cloud-Network-Engineer Full Access Download Professional-Cloud-Network-Engineer PDF

Google Cloud Certified - Professional Cloud Network Engineer Questions and Answers

Question 29

You have two Google Cloud projects in a perimeter to prevent data exfiltration. You need to move a third project inside the perimeter; however, the move could negatively impact the existing environment. You need to validate the impact of the change. What should you do?

Options:

A.

Enable Firewall Rules Logging inside the third project.

B.

Modify the existing VPC Service Controls policy to include the new project in dry run mode.

C.

Monitor the Resource Manager audit logs inside the perimeter.

D.

Enable VPC Flow Logs inside the third project, and monitor the logs for negative impact.

Question 30

You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.

Which two actions should you take? (Choose two.)

Options:

A.

Turn on Private Google Access at the subnet level.

B.

Turn on Private Google Access at the VPC level.

C.

Turn on Private Services Access at the VPC level.

D.

Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.

E.

Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.

Question 31

You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.

What should you do?

Options:

A.

Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.

B.

Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.

C.

Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.

D.

Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.

Question 32

Your organization's security policy requires that all internet-bound traffic return to your on-premises data center through HA VPN tunnels before egressing to the internet, while allowing virtual machines (VMs) to leverage private Google APIs using private virtual IP addresses 199.36.153.4/30. You need to configure the routes to enable these traffic flows. What should you do?

Options:

A.

Configure a custom route 0.0.0.0/0 with a priority of 500 whose next hop is the default internet gateway. Configure another custom route 199.36.153.4/30 with priority of 1000 whose next hop is the VPN tunnel back to the on-premises data center.

B.

Configure a custom route 0.0.0.0/0 with a priority of 1000 whose next hop is the internet gateway. Configure another custom route 199.36.153.4/30 with a priority of 500 whose next hop is the VPN tunnel back to the on-premises data center.

C.

Announce a 0.0.0.0/0 route from your on-premises router with a MED of 1000. Configure a custom route 199.36.153.4/30 with a priority of 1000 whose next hop is the default internet gateway.

D.

Announce a 0.0.0.0/0 route from your on-premises router with a MED of 500. Configure another custom route 199.36.153.4/30 with a priority of 1000 whose next hop is the VPN tunnel back to the on-

premises data center.

Page: 8 / 13
Total 170 questions
Get Professional-Cloud-Network-Engineer Full Access Download Professional-Cloud-Network-Engineer PDF