- Email support@dumps4free.com
You are creating an instance group and need to create a new health check for HTTP(s)
load balancing.
Which two methods can you use to accomplish this? (Choose two.)
A.
Create a new health check using the gcloud command line tool.
B.
Create a new health check using the VPC Network section in the GCP Console.
C.
Create a new health check, or select an existing one, when you complete the load
balancer’s backend configuration in the GCP Console.
D.
Create a new legacy health check using the gcloud command line tool.
E.
Create a new legacy health check using the Health checks section in the GCP Console.
Create a new health check using the gcloud command line tool.
Create a new health check, or select an existing one, when you complete the load
balancer’s backend configuration in the GCP Console.
Your company has recently expanded their EMEA-based operations into APAC. Globally
distributed users report that their SMTP and IMAP services are slow. Your company
requires end-to-end encryption, but you do not have access to the SSL certificates.
Which Google Cloud load balancer should you use?
A.
SSL proxy load balancer
B.
Network load balancer
C.
HTTPS load balancer
D.
TCP proxy load balancer
TCP proxy load balancer
https://cloud.google.com/security/encryption-in-transit/ Automatic encryption between GFEs
and backends For the following load balancer types, Google automatically encrypts traffic
between Google Front Ends (GFEs) and your backends that reside within Google Cloud
VPC networks: HTTP(S) Load Balancing TCP Proxy Load Balancing SSL Proxy Load
Balancing
You create a Google Kubernetes Engine private cluster and want to use kubectl to get the
status of the pods. In one of your instances you notice the master is not responding, even
though the cluster is up and running.
What should you do to solve the problem?
A.
Assign a public IP address to the instance.
B.
Create a route to reach the Master, pointing to the default internet gateway.
C.
Create the appropriate firewall policy in the VPC to allow traffic from Master node IP
address to the instance.
D.
Create the appropriate master authorized network entries to allow the instance to
communicate to the master.
Create the appropriate master authorized network entries to allow the instance to
communicate to the master.
https://cloud.google.com/kubernetes-engine/docs/how-to/privateclusters#
cant_reach_cluster
https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks
Your company has separate Virtual Private Cloud (VPC) networks in a single region for two
departments: Sales and Finance. The Sales department's VPC network already has
connectivity to on-premises locations using HA VPN, and you have confirmed that the
subnet ranges do not overlap. You plan to peer both VPC networks to use the same HA
tunnels for on-premises connectivity, while providing internet connectivity for the Google
Cloud workloads through Cloud NAT. Internet access from the on-premises locations
should not flow through Google Cloud. You need to propagate all routes between the
Finance department and on-premises locations. What should you do?
A.
Peer the two VPCs, and use the default configuration for the Cloud Routers.
B.
Peer the two VPCs, and use Cloud Router’s custom route advertisements to announce
the peered VPC network ranges to the on-premises locations.
C.
Peer the two VPCs. Configure VPC Network Peering to export custom routes from Sales
and import custom routes on Finance's VPC network. Use Cloud Router’s custom route
advertisements to announce a default route to the on-premises locations.
D.
Peer the two VPCs. Configure VPC Network Peering to export custom routes from Sales
and import custom routes on Finance's VPC network. Use Cloud Router’s custom route
advertisements to announce the peered VPC network ranges to the on-premises locations.
Peer the two VPCs, and use the default configuration for the Cloud Routers.
Your company’s on-premises network is connected to a VPC using a Cloud VPN tunnel.
You have a static route of 0.0.0.0/0 with the VPN tunnel as its next hop defined in the VPC.
All internet bound traffic currently passes through the on-premises network. You configured
Cloud NAT to translate the primary IP addresses of Compute Engine instances in one
region. Traffic from those instances will now reach the internet directly from their VPC and
not from the on-premises network. Traffic from the virtual machines (VMs) is not translating
addresses as expected. What should you do?
A.
Lower the TCP Established Connection Idle Timeout for the NAT gateway.
B.
Add firewall rules that allow ingress and egress of the external NAT IP address, have a
target tag that is on the Compute Engine instances, and have a priority value higher than
the priority value of the default route to the VPN gateway.
C.
Add a default static route to the VPC with the default internet gateway as the next hop,
the network tag associated with the Compute Engine instances, and a higher priority than
the priority of the default route to the VPN tunnel.
D.
Increase the default min-ports-per-vm setting for the Cloud NAT gateway.
Lower the TCP Established Connection Idle Timeout for the NAT gateway.
| Page 2 out of 31 Pages |
| Previous |