Professional-Cloud-Network-Engineer試験無料問題集（222題）「Google Cloud Certified

出題：1

Question:
Your multi-region VPC has had a long-standing HA VPN configured in "region 1" connected to your corporate network. You are planning to add two 10 Gbps Dedicated Interconnect connections and VLAN attachments in "region 2" to connect to the same corporate network. You need to plan for connectivity between your VPC and corporate network to ensure that traffic uses the Dedicated Interconnect connections as the primary path and the HA VPN as the secondary path. What should you do?

A. Enable regional dynamic routing mode on the VPC. Configure BGP associated with the HA VPN in
"region 1" to use a base priority value of 100. Configure BGP associated with the VLAN attachments to use a base priority of 20000. Configure your on-premises routers to use similar multi-exit discriminator (MED) values.

B. Enable global dynamic routing mode on the VPC. Configure BGP associated with the HA VPN in
"region 1" to use a base priority value of 20000. Configure BGP associated with the VLAN attachments to use a base priority of 100. Configure your on-premises routers to use similar multi-exit discriminator (MED) values.

C. Enable regional dynamic routing mode on the VPC. Configure BGP associated with the HA VPN in
"region 1" to use a base priority value of 20000. Configure BGP associated with the VLAN attachments to use a base priority of 100. Configure your on-premises routers to use similar multi-exit discriminator (MED) values.

D. Enable global dynamic routing mode on the VPC. Configure BGP associated with the HA VPN in
"region 1" to use a base priority value of 100. Configure BGP associated with the VLAN attachments to use a base priority of 20000. Configure your on-premises routers to use similar multi-exit discriminator (MED) values.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Question:
Recently, your networking team enabled Cloud CDN for one of the external-facing services that is exposed through an external Application Load Balancer. The application team has already defined which content should be cached within the responses. Upon testing the load balancer, you did not observe any change in performance after the Cloud CDN enablement. You need to resolve the issue. What should you do?

A. Configure the USE_ORIGIN_HEADERS caching mode on Cloud CDN to ensure Cloud CDN caches content based on response headers from the backends.

B. Configure the CACHE_ALL_STATIC caching mode on Cloud CDN to ensure Cloud CDN caches all static content as well as content defined by the backends.

C. Configure the CACHE_MAX_STATIC caching mode on Cloud CDN to ensure Cloud CDN caches content depending on responses from the backends.

D. Configure the FORCE_CACHE_ALL caching mode on Cloud CDN to ensure all appropriate content is cached.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

You are designing a new global application using Compute Engine instances that will be exposed by a global HTTP(S) load balancer. You need to secure your application from distributed denial-of-service and application layer (layer 7) attacks. What should you do?

A. Configure a Google Cloud Armor security policy in your project, and attach it to the backend service to secure the application.

B. Configure hierarchical firewall rules for the global HTTP(S) load balancer public IP address at the organization level.

C. Configure VPC Service Controls and create a secure perimeter. Define fine-grained perimeter controls and enforce that security posture across your Google Cloud services and projects.

D. Configure VPC firewall rules to protect the Compute Engine instances against distributed denial-of- service attacks.

正解：D 解答を投票する

出題：4

You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements:
* IP ranges for pods and services must be as small as possible.
* The nodes and the master must not be reachable from the internet.
* You must be able to use kubectl commands from on-premises subnets to manage the cluster.
How should you create the GKE cluster?

A. * Create a VPC-native GKE cluster using GKE-managed IP ranges.
*Set the pod IP range as /21 and service IP range as /24.
*Set up a network proxy to access the master.

B. * Create a private cluster that uses VPC advanced routes.
*Set the pod and service ranges as /24.
*Set up a network proxy to access the master.

C. * Create a VPC-native GKE cluster using user-managed IP ranges.
*Enable privateEndpoint on the cluster master.
*Set the pod and service ranges as /24.
*Set up a network proxy to access the master.
*Enable master authorized networks.

D. * Create a VPC-native GKE cluster using user-managed IP ranges.
*Enable a GKE cluster network policy, set the pod and service ranges as /24.
*Set up a network proxy to access the master.
*Enable master authorized networks.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Your organization has a hub and spoke architecture with VPC Network Peering, and hybrid connectivity is centralized at the hub. The Cloud Router in the hub VPC is advertising subnet routes, but the on-premises router does not appear to be receiving any subnet routes from the VPC spokes. You need to resolve this issue.
What should you do?

A. Create custom routes at the Cloud Router in the spokes to advertise the subnets of the VPC spokes.

B. Create custom routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

C. Create a BGP route policy at the Cloud Router, and ensure the subnets of the VPC spokes are being announced towards the on-premises environment.

D. Create custom learned routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

You recently deployed your application in Google Cloud. You need to verify your Google Cloud network configuration before deploying your on-premises workloads. You want to confirm that your Google Cloud network configuration allows traffic to flow from your cloud resources to your on- premises network. This validation should also analyze and diagnose potential failure points in your Google Cloud network configurations without sending any data plane test traffic. What should you do?

A. Enable Packet Mirroring on your application and send test traffic.

B. Enable VPC Flow Logs and send test traffic.

C. Use Network Intelligence Center's Connectivity Tests.

D. Use Network Intelligence Center's Network Topology visualizations.

正解：D 解答を投票する

出題：7

Your company's security team tends to use managed services when possible. You need to build a dashboard to show the number of deny hits that occur against configured firewall rules without increasing operational overhead. What should you do?

A. Configure Firewall Rules Logging. Use Firewall Insights to display the number of hits.

B. Configure Packet Mirroring on the VPC. Apply a filter with an IP address list of the Denied Firewall rules. Configure an intrusion detection system (IDS) appliance as the receiver to display the number of hits.

C. Configure a firewall appliance from the Google Cloud Marketplace. Route all traffic through this appliance, and apply the firewall rules at this layer. Use the firewall appliance to display the number of hits.

D. Configure Firewall Rules Logging. View the logs in Cloud Logging, and create a custom dashboard in Cloud Monitoring to display the number of hits.

正解：A 解答を投票する

出題：8

You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible, To ease the transition, you decided to use the same architecture as your on-premises network' a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes.
Each spoke does not have connectivity to the other spokes, and all traffic IS sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

A. Connect all the spokes to the hub with VPC Network Peering. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.

B. Connect all the spokes to the hub with VPC Network Peering.

C. Connect all the spokes to the hub with Cloud VPN.

D. Connect all the spokes to the hub With Cloud VPN. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

You have the networking configuration shown. In the diagram Two VLAN attachments associated With two Dedicated Interconnect connections terminate on the same Cloud Router (mycloudrouter). The Interconnect connections terminate on two separate on-premises routers. You advertise the same prefixes from the Border Gateway Protocol (BOP) sessions associated with each Of the VLAN attachments.
You notice an asymmetric traffic flow between the two Interconnect connections. Which of the following actions should you take to troubleshoot the asymmetric traffic flow?

A. From the Cloud CLI, run gcloud compute -protect_ID router get-status mycloudrouter --region REGION and review the results.

B. From the Google Cloud console, navigate to the Hybrid Connectivity select the Cloud Router, and view BGP sessions.

C. From the Cloud CLI. run gcloud compute routers describe mycloudrouter
--region REGION and review the results

D. From the Google Cloud console, navigate to Cloud Logging to view VPC Flow Logs and review the results

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Your company's current network architecture has two VPCs that are connected by a dual-NIC instance that acts as a bump-in-the-wire firewall between the two VPCs. Flows between pairs of subnets across the two VPCs are working correctly. Suddenly, you receive an alert that none of the flows between the two VPCs are working anymore. You need to troubleshoot the problem. What should you do? (Choose 2 answers)

A. Verify that a VPC Service Controls perimeter has not been enabled for the project that contains the two VPCs and the dual-NIC instance.

B. Use Cloud Logging to verify that there were no modifications to the VPC firewall rules or policies that were applied to the two network interfaces of the dual-NIC instance.

C. Verify that a public IP address has not been assigned to any network interface of the dual-NIC instance.

D. Verify that the dual-NIC instance has not been added to a backend service.

E. Verify that the dual-NIC instance has the --can-ip-forward attribute enabled.

正解：B,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

Question:
Your organization has distributed geographic applications with significant data volumes. You need to create a design that exposes the HTTPS workloads globally and keeps traffic costs to a minimum. What should you do?

A. Deploy a regional external Application Load Balancer with Standard Network Service Tier.

B. Deploy a global external Application Load Balancer with Premium Network Service Tier.

C. Deploy a global external proxy Network Load Balancer with Standard Network Service Tier.

D. Deploy a regional external Application Load Balancer with Premium Network Service Tier.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.
What should you do?

A. Create a custom Google Compute Engine image with your public ssh key embedded.

B. Upload your public ssh key to each instance Metadata.

C. Upload your public ssh key to the project Metadata.

D. Use gcloud compute ssh to automatically copy your public ssh key to the instance.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

You are increasing your usage of Cloud VPN between on-premises and GCP, and you want to support more traffic than a single tunnel can handle. You want to increase the available bandwidth using Cloud VPN.
What should you do?

A. Create two VPN tunnels on the same Cloud VPN gateway that point to the same destination VPN gateway IP address.

B. Add a second Cloud VPN gateway in a different region than the existing VPN gateway. Create a new tunnel on the second Cloud VPN gateway that forwards the same IP range, but points to the existing on- premises VPN gateway IP address.

C. Double the MTU on your on-premises VPN gateway from 1460 bytes to 2920 bytes.

D. Add a second on-premises VPN gateway with a different public IP address. Create a second tunnel on the existing Cloud VPN gateway that forwards the same IP range, but points at the new on-premises gateway IP.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

You have a storage bucket that contains the following objects:
- folder-a/image-a-1.jpg
- folder-a/image-a-2.jpg
- folder-b/image-b-1.jpg
- folder-b/image-b-2.jpg
Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands.
What should you do?

A. Issue a cache invalidation command with pattern /folder-a/*.

B. Add an appropriate lifecycle rule on the storage bucket.

C. Make sure that all the objects with prefix folder-a are not shared publicly.

D. Disable Cloud CDN on the storage bucket. Wait 90 seconds. Re-enable Cloud CDN on the storage bucket.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：15

Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend.
You want to use a GCP-native solution when possible.
How should you deploy this service in GCP?

A. Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.

B. Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal- priority static routes to the backend servers.

C. Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.

D. Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.

正解：D 解答を投票する

出題：16

You have two Google Cloud projects in a perimeter to prevent data exfiltration. You need to move a third project inside the perimeter; however, the move could negatively impact the existing environment. You need to validate the impact of the change. What should you do?

A. Monitor the Resource Manager audit logs inside the perimeter.

B. Enable Firewall Rules Logging inside the third project.

C. Modify the existing VPC Service Controls policy to include the new project in dry run mode.

D. Enable VPC Flow Logs inside the third project, and monitor the logs for negative impact.

正解：C 解答を投票する

Professional-Cloud-Network-Engineer試験無料問題集「Google Cloud Certified - Professional Cloud Network Engineer 認定」