Google (PCNE) Exam Questions And Answers page 1
After a network change window, one of your company s applications stops working. The application uses an on-premises database server that no longer receives any traffic from the application. The database server IP address is 10.2.1.25. You examine the change request, and the only change is that 3 additional VPC subnets were created. The new VPC subnets created are 10.1.0.0/16, 10.2.0.0/16, and 10.3.1.0/24. The on-premises router is advertising 10.0.0.0/8.
What is the most likely cause of this problem?
What is the most likely cause of this problem?
The more specific VPC subnet route is taking priority.
The on-premises router is not advertising a route for the database server.
A cloud firewall rule that blocks traffic to the on-premises database server was created during the change.
Networking Fundamentals
Virtual Private Cloud (VPC)
All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys. None of the instances are set with any SSH key, and no project-wide SSH keys have been configured. Firewall rules are set up to allow SSH sessions from any IP address range. You want to SSH into one instance.
What should you do?
What should you do?
Open the Cloud Shell SSH into the instance using gcloud compute ssh.
Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh.
Generate a new SSH key pair. Verify the format of the private key and add it to the instance. SSH into the instance using a third-party tool like putty or ssh.
Generate a new SSH key pair. Verify the format of the public key and add it to the project. SSH into the instance using a third-party tool like putty or ssh.
Google Cloud Networking
Network Security
In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.
What should you do?
What should you do?
Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.
Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
Network Design and Implementation
Network Security
In your company, two departments with separate GCP projects (code-dev and data-dev) in the same organization need to allow full cross-communication between all of their virtual machines in GCP. Each department has one VPC in its project and wants full control over their network. Neither department intends to recreate its existing computing resources. You want to implement a solution that minimizes cost.
Which two steps should you take? (Choose two.)
Which two steps should you take? (Choose two.)
Connect both projects using Cloud VPN.
Connect the VPCs in project code-dev and data-dev using VPC Network Peering.
Enable Shared VPC in one project (e. g., code-dev), and make the second project (e. g., data-dev) a service project.
Enable firewall rules to allow all ingress traffic from all subnets of project code-dev to all instances in project data-dev, and vice versa.
Create a route in the code-dev project to the destination prefixes in project data-dev and use nexthop as the default gateway, and vice versa.
Google Cloud Networking
Network Security
One instance in your VPC is configured to run with a private IP address only. You want to ensure that even if this instance is deleted, its current private IP address will not be automatically assigned to a different instance.
In the GCP Console, what should you do?
In the GCP Console, what should you do?
Assign a public IP address to the instance.
Assign a new reserved internal IP address to the instance.
Change the instance s current internal IP address to static.
Add custom metadata to the instance with key internal-address and value reserved.
Google Cloud Networking
Network Security
You are adding steps to a working automation that uses a service account to authenticate. You need to give the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible.
What should you do?
What should you do?
Grant the compute.instanceAdmin to your user account.
Grant the iam.serviceAccountUser to your user account.
Grant the read-only privilege to the service account for the Cloud Storage bucket.
Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.
Google Cloud Networking
Network Security
You are configuring a new instance of Cloud Router in your Organization s Google Cloud environment to allow connection across a new Dedicated Interconnect to your data center. Sales, Marketing, and IT each have a service project attached to the Organization s host project.
Where should you create the Cloud Router instance?
Where should you create the Cloud Router instance?
VPC network in all projects
VPC network in the IT Project
VPC network in the Host Project
VPC network in the Sales, Marketing, and IT Projects
Google Cloud Networking
Network Security
You are creating a new application and require access to Cloud SQL from VPC instances without public IP addresses.
Which two actions should you take? (Choose two.)
Which two actions should you take? (Choose two.)
Activate the Service Networking API in your project.
Activate the Cloud Datastore API in your project.
Create a private connection to a service producer.
Create a custom static route to allow the traffic to reach the Cloud SQL API.
Enable Private Google Access.
Google Cloud Networking
Network Security
You are creating an instance group and need to create a new health check for HTTP(s) load balancing.
Which two methods can you use to accomplish this? (Choose two.)
Which two methods can you use to accomplish this? (Choose two.)
Create a new health check using the gcloud command line tool.
Create a new health check using the VPC Network section in the GCP Console.
Create a new health check, or select an existing one, when you complete the load balancer s backend configuration in the GCP Console.
Create a new legacy health check using the gcloud command line tool.
Create a new legacy health check using the Health checks section in the GCP Console.
Google Cloud Networking
Network Security
You are deploying a global external TCP load balancing solution and want to preserve the source IP address of the original layer 3 payload.
Which type of load balancer should you use?
Which type of load balancer should you use?
HTTP(S) load balancer
Network load balancer
Internal load balancer
TCP/SSL proxy load balancer
Google Cloud Networking
Network Security
Comments