Professional-Cloud-Network-Engineer Practice Test

Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud
with access from your on-premises network using Cloud Interconnect. You must configure
access only to Google APIs and services that are supported by VPC Service Controls
through hybrid connectivity with a service level agreement (SLA) in place. What should you
do?

A.

Configure the existing Cloud Routers to advertise the Google API's public virtual IP
addresses.

B.

Use Private Google Access for on-premises hosts with restricted.googleapis.com virtual
IP addresses.

C.

Configure the existing Cloud Routers to advertise a default route, and use Cloud NAT to
translate traffic from your on-premises network.

D.

Add Direct Peering links, and use them for connectivity to Google APIs that use public
virtual IP addresses.

You want to configure a NAT to perform address translation between your on-premises
network blocks and GCP.
Which NAT solution should you use?

A.

Cloud NAT

B.

An instance with IP forwarding enabled

C.

An instance configured with iptables DNAT rules

D.

An instance configured with iptables SNAT rules

You are responsible for enabling Private Google Access for the virtual machine (VM)
instances in your Virtual Private Cloud (VPC) to access Google APIs. All VM instances
have only a private IP address and need to access Cloud Storage. You need to ensure that
all VM traffic is routed back to your on-premises data center for traffic scrubbing via your
existing Cloud Interconnect connection. However, VM traffic to Google APIs should remain
in the VPC. What should you do?

A.

Delete the default route in your VPC.
Create a private Cloud DNS zone for googleapis.com, create a CNAME for
*.googleapis.com to restricted googleapis.com, and create an A record for restricted
googleapis com that resolves to the addresses in 199.36.153.4/30.
Create a static route in your VPC for the range 199.36.153.4/30 with the default internet
gateway as the next hop.

B.

Delete the default route in your VPC and configure your on-premises router to advertise
0.0.0.0/0 via Border Gateway Protocol (BGP).
Create a public Cloud DNS zone with a CNAME for *.google.com to private googleapis
com, create a CNAME for * googleapis.com to private googleapis com, and create an A
record for Private googleapis.com that resolves to the addresses in 199.36.153 8/30.
Create a static route in your VPC for the range 199 .36.153.8/30 with the default internet
gateway as the next hop.

C.

Configure your on-premises router to advertise 0.0.0.0/0 via Border Gateway Protocol
(BGP) with a lower priority (MED) than the default VPC route.
Create a private Cloud DNS zone for googleapis.com, create a CNAME for *
googieapis.com to private googleapis com, and create an A record for
private.googleapis.com that resolves to the addresses in 199 .36.153.8/30.
Create a static route in your VPC for the range 199.36. 153.8/30 with the default internet
gateway as the next hop.

D.

Delete the default route in your VPC and configure your on-premises router to advertise
0.0.0.0/0 via Border Gateway Protocol (BGP).
Create a private Cloud DNS zone for googleapis.com, create a CNAME for *
googieapis.com to Private googleapis.com, and create an A record for
private.googleapis.com that resolves to the addresses in 199.36.153.8/30.
Create a static route in your VPC for the range 199.36.153.8/30 with the default internet
gateway as the next hop.

You have just deployed your infrastructure on Google Cloud. You now need to configure
the DNS to meet the following requirements:
Your on-premises resources should resolve your Google Cloud zones.
Your Google Cloud resources should resolve your on-premises zones.
You need the ability to resolve “.internal” zones provisioned by Google Cloud.
What should you do?

A.

Configure an outbound server policy, and set your alternative name server to be your
on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google
Cloud zone queries to Google's public DNS 8.8.8.8.

B.

Configure both an inbound server policy and outbound DNS forwarding zones with the
target as the on-premises DNS resolver. Configure your on-premises DNS resolver to
forward Google Cloud zone queries to Google Cloud's DNS resolver.

C.

Configure an outbound DNS server policy, and set your alternative name server to be
your on-premises DNS resolver. Configure your on-premises DNS resolver to forward
Google Cloud zone queries to Google Cloud's DNS resolver.

D.

Configure Cloud DNS to DNS peer with your on-premises DNS resolver. Configure your
on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS
8.8.8.8.

You need to create a new VPC network that allows instances to have IP addresses in both
the 10.1.1.0/24 network and the 172.16.45.0/24 network.
What should you do?

A.

Configure global load balancing to point 172.16.45.0/24 to the correct instance.

B.

Create unique DNS records for each service that sends traffic to the desired IP address.

C.

Configure an alias-IP range of 172.16.45.0/24 on the virtual instances within the VPC subnet of 10.1.1.0/24.

D.

Use VPC peering to allow traffic to route between the 10.1.0.0/24 network and the
172.16.45.0/24 network.