Professional-Cloud-Network-Engineer Practice Test

You have a storage bucket that contains two objects. Cloud CDN is enabled on the bucket,
and both objects have been successfully cached. Now you want to make sure that one of
the two objects will not be cached anymore, and will always be served to the internet
directly from the origin.
What should you do?

A.

Ensure that the object you don’t want to be cached anymore is not shared publicly.

B.

Create a new storage bucket, and move the object you don’t want to be checked
anymore inside it. Then edit the bucket setting and enable the private attribute.

C.

Add an appropriate lifecycle rule on the storage bucket containing the two objects.

D.

Add a Cache-Control entry with value private to the metadata of the object you don’t
want to be cached anymore. Invalidate all the previously cached copies.

Your company offers a popular gaming service. Your instances are deployed with private
IP addresses, and external access is granted through a global load balancer. You believe
you have identified a potential malicious actor, but aren't certain you have the correct client
IP address. You want to identify this actor while minimizing disruption to your legitimate
users.
What should you do?

A.

Create a Cloud Armor Policy rule that denies traffic and review necessary logs.

B.

Create a Cloud Armor Policy rule that denies traffic, enable preview mode, and review
necessary logs.

C.

Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to
disabled, and review necessary logs.

D.

Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to
enabled, and review necessary logs.

You need to define an address plan for a future new Google Kubernetes Engine (GKE)
cluster in your Virtual Private Cloud (VPC). This will be a VPC-native cluster, and the
default Pod IP range allocation will be used. You must pre-provision all the needed VPC
subnets and their respective IP address ranges before cluster creation. The cluster will
initially have a single node, but it will be scaled to a maximum of three nodes if necessary.
You want to allocate the minimum number of Pod IP addresses. Which subnet mask
should you use for the Pod IP address range?

A.

/21

B.

/22

C.

/23

D.

/25

You have an HA VPN connection with two tunnels running in active/passive mode between
your Virtual Private Cloud (VPC) and on-premises network. Traffic over the connection has
recently increased from 1 gigabit per second (Gbps) to 4 Gbps, and you notice that packets
are being dropped. You need to configure your VPN connection to Google Cloud to support
4 Gbps. What should you do?

A.

Configure the remote autonomous system number (ASN) to 4096.

B.

Configure a second Cloud Router to scale bandwidth in and out of the VPC.

C.

Configure the maximum transmission unit (MTU) to its highest supported value.

D.

Configure a second set of active/passive VPN tunnels.

You are designing the network architecture for your organization. Your organization has
three developer teams: Web, App, and Database. All of the developer teams require
access to Compute Engine instances to perform their critical tasks. You are part of a small
network and security team that needs to provide network access to the developers. You
need to maintain centralized control over network resources, including subnets, routes, and
firewalls. You want to minimize operational overhead. How should you design this
topology?

A.

Configure a host project with a Shared VPC. Create service projects for Web, App, and
Database.

B.

Configure one VPC for Web, one VPC for App, and one VPC for Database. Configure
HA VPN between each VPC.

C.

Configure three Shared VPC host projects, each with a service project: one for Web,
one for App, and one for Database.

D.

Configure one VPC for Web, one VPC for App, and one VPC for Database. Use VPC
Network Peering to connect all VPCs in a full mesh.