Google Professional-Cloud-Network-Engineer Practice Test : Free Online Preparation

Question 1
- Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with access from your on-premises network using Cloud Interconnect. You must configure access only to Google APIs and services that are supported by VPC Service Controls through hybrid connectivity with a service level agreement (SLA) in place. What should you do?
  A : Configure the existing Cloud Routers to advertise the Google API's public virtual IP addresses.
  
  B : Use Private Google Access for on-premises hosts with restricted.googleapis.com virtual IP addresses.
  
  C : Configure the existing Cloud Routers to advertise a default route, and use Cloud NAT to translate traffic from your on-premises network.
  
  D : Add Direct Peering links and use them for connectivity to Google APIs that use public virtual IP addresses
  
  Answer: B
Question 2
- You created a new VPC network named Dev with a single subnet. You added a firewall rule for the network Dev to allow HTTP traffic only and enabled logging. When you try to log in to an instance in the subnet via Remote Desktop Protocol, the login fails. You look for the Firewall rules logs in Stackdriver Logging, but you do not see any entries for blocked traffic. You want to see the logs for blocked traffic.
  What should you do?
  
  A : Check the VPC flow logs for the instance.
  
  B : Try connecting to the instance via SSH, and check the logs.
  
  C : Create a new firewall rule to allow traffic from port 22, and enable logs.
  
  D : Create a new firewall rule with priority 65500 to deny all traffic, and enable logs.
  
  Answer: D
Question 3
- Your company's security team wants to limit the type of inbound traffic that can reach your web servers to protect against security threats. You need to configure the firewall rules on the web servers within your Virtual Private Cloud (VPC) to handle HTTP and HTTPS web traffic for TCP only What should you do?
  A : Create an allow on match ingress firewall rule with the target tag 'web-sewer to allow all IP addresses for TCP port 80.
  
  B : Create an allow on match egress firewall rule with the target tag 'web-sewer to allow all IP addresses for TCP port 80.
  
  C : Create an allow on match ingress firewall rule with the target tag `web-server° to allow all IP addresses for TCP ports 80 and 443.
  
  D : Create an allow on match egress firewall rule with the target tag 'web-sewer" to allow web server IP addresses for TCP ports 60 and 443.
  
  Answer: C
Question 4
- You are configuring the firewall endpoints as part of the Cloud Next Generation Firewall (Cloud NGFW) intrusion prevention service in Google Cloud. You have configured a threat prevention security profile, and you now need to create an endpoint for traffic inspection. What should you do?
  A : Attach the profile to the VPC network, create a firewall endpoint within the zone, and use a firewall policy rule to apply the L7 inspection.
  
  B : Create a firewall endpoint within the zone, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.
  
  C : Create a firewall endpoint within the region, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.
  
  D : Create a Private Service Connect endpoint within the zone, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.
  
  Answer: C
Question 5
- You have several VMs across multiple VPCs in your cloud environment that require access to internetendpoints. These VMs cannot have public IP addresses due to security policies, so you plan to use CloudNAT to provide outbound internet access. Within your VPCs, you have several subnets in each region. Youwant to ensure that only specific subnets have access to the internet through Cloud NAT. You want to avoidany unintentional configuration issues caused by other administrators and align to Google-recommendedpractices. What should you do?
  A : Deploy Cloud NAT in each VPC and configure a custom source range that includes the allowed subnets. Configure Cloud NAT rules to only permit the allowed subnets to egress through Cloud NAT.
  
  B : Create a firewall rule in each VPC at priority 500 that targets all instances in the network and denies egress to the internet (0.0.0.0/0). Create a firewall rule at priority 300 that targets all instances in the network, has a source filter that maps to the allowed subnets, and allows egress to the internet (0.0.0.0 /0). Deploy Cloud NAT and configure all primary and secondary subnet source ranges.
  
  C : Create a firewall rule in each VPC at priority 500 that targets all instances in the network and denies egress to the internet (0.0.0.0/0). Create a firewall rule at priority 300 that targets all instances in the network, has a source filter that maps to the allowed subnets, and allows egress to the internet (0.0.0.0 /0). Deploy Cloud NAT and configure a custom source range that includes the allowed subnets.
  
  D : Create a constraints/compute.restrictCloudNATUsage organizational policy constraint. Attach the constraint to a folder that contains the associated projects. Configure the allowedValues to only contain the subnets that should have internet access. Deploy Cloud NAT and select only the allowed subnets.
  
  Answer: D

Free Google Professional-Cloud-Network-Engineer Exam Questions

Try our Free Demo Practice Tests for Comprehensive Professional-Cloud-Network-Engineer Exam Preparation