Professional-Cloud-Network-Engineer Practice Test

You work for a university that is migrating to Google Cloud.
These are the cloud requirements:
On-premises connectivity with 10 Gbps
Lowest latency access to the cloud
Centralized Networking Administration Team
New departments are asking for on-premises connectivity to their projects. You want to
deploy the most cost-efficient interconnect solution for connecting the campus to Google
Cloud.
What should you do?

A.

Use Shared VPC, and deploy the VLAN attachments and Dedicated Interconnect in the
host project.

B.

Use Shared VPC, and deploy the VLAN attachments in the service projects. Connect
the VLAN attachment to the Shared VPC's host project.

C.

Use standalone projects, and deploy the VLAN attachments in the individual projects.
Connect the VLAN attachment to the standalone projects' Dedicated Interconnects.

D.

Use standalone projects and deploy the VLAN attachments and Dedicated
Interconnects in each of the individual projects.

You need to enable Cloud CDN for all the objects inside a storage bucket. You want to
ensure that all the object in the storage bucket can be served by the CDN.
What should you do in the GCP Console?

A.

Create a new cloud storage bucket, and then enable Cloud CDN on it.

B.

Create a new TCP load balancer, select the storage bucket as a backend, and then
enable Cloud CDN on the backend.

C.

Create a new SSL proxy load balancer, select the storage bucket as a backend, and
then enable Cloud CDN on the backend.

D.

Create a new HTTP load balancer, select the storage bucket as a backend, enable
Cloud CDN on the backend, and make sure each object inside the storage bucket is
shared publicly.

You have an application running on Compute Engine that uses BigQuery to generate some
results that are stored in Cloud Storage. You want to ensure that none of the application
instances have external IP addresses.
Which two methods can you use to accomplish this? (Choose two.)

A.

Enable Private Google Access on all the subnets

B.

Enable Private Google Access on the VPC.

C.

Enable Private Services Access on the VPC

D.

Create network peering between your VPC and BigQuery

E.

Create a Cloud NAT, and route the application traffic via NAT gateway

You have the following firewall ruleset applied to all instances in your Virtual Private Cloud
(VPC):

You are using a new user account. You must assign the appropriate identity and Access
Management (IAM) user roles to this new user account before updating the firewall rule.
The new user account must be able to apply the update and view firewall logs. What
should you do?

A.

Assign the compute.securityAdmin and logging.viewer rule to the new user account.
Apply the new firewall rule with a priority of 50.

B.

Assign the compute.securityAdmin and logging.bucketWriter role to the new user
account. Apply the new firewall rule with a priority of 150.

C.

Assign the compute.orgSecurityPolicyAdmin and logging.viewer role to the new user
account. Apply the new firewall rule with a priority of 50.

D.

Assign the compute.orgSecurityPolicyAdmin and logging.bucketWriter role to the new
user account. Apply the new firewall rule with a priority of 150.

You need to establish network connectivity between three Virtual Private Cloud networks,
Sales, Marketing, and Finance, so that users can access resources in all three VPCs. You
configure VPC peering between the Sales VPC and the Finance VPC. You also configure
VPC peering between the Marketing VPC and the Finance VPC. After you complete the
configuration, some users cannot connect to resources in the Sales VPC and the Marketing
VPC. You want to resolve the problem.
What should you do?

A.

Configure VPC peering in a full mesh.

B.

Alter the routing table to resolve the asymmetric route

C.

Create network tags to allow connectivity between all three VPCs.

D.

Delete the legacy network and recreate it to allow transitive peering.