Cloud Smog
  • ホーム
  • 模擬問題集
    • Amazon Web Services
    • Google Cloud Platform
    • Google for Education
  • トライヤル試験
  • プライバシーポリシー
  • はじめに
GCP 問題集 購入手続き
2020年11月1日 投稿者: Doku Gas

Professional Cloud Network Engineer Practice Exam (v20200227)

Professional Cloud Network Engineer Practice Exam (v20200227)
2020年11月1日 投稿者: Doku Gas

There is also “Professional Cloud Network Engineer 模擬問題集(v20200227)” of Japanese translation.


Google Cloud Certified – Professional Cloud Network Engineer Practice Exam (25 Q)

(v2020-02-27)


QUESTION 1

Your organization is deploying a single project for 3 separate departments.
Two of these departments require network connectivity between each other, but the third department should remain in isolation.
Your design should create separate network administrative domains between these departments.
You want to minimize operational overhead.
How should you design the topology ?

  • A. Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.
  • B. Create 3 separate VPCs, and use Google Cloud VPN to establish connectivity between the two appropriate VPCs.
  • C. Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.
  • D. Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.

Correct Answer: A

Explanation:
Use Shared VPC to connect to a common VPC network. Resources in those projects can communicate with each other securely and efficiently across project boundaries using internal IPs. You can manage shared network resources, such as subnets, routes, and firewalls, from a central host project, enabling you to apply and enforce consistent network policies across the projects.
With Shared VPC and IAM controls, you can separate network administration from project administration. This separation helps you implement the principle of least privilege. For example, a centralized network team can administer the network without having any permissions into the participating projects. Similarly, the project admins can manage their project resources without any permissions to manipulate the shared network.

Reference:
– Best practices for enterprise organizations


QUESTION 2

You are using a third-party next-generation firewall to inspect traffic.
You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the Google BigQuery and Google Cloud Pub/Sub APIs, without sending the traffic through the firewall.
Which two actions should you take? (Choose two.)

  • A. Turn on Private Google Access at the subnet level.
  • B. Turn on Private Google Access at the VPC level.
  • C. Turn on Private Services Access at the VPC level.
  • D. Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.
  • E. Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.

Correct Answer: C, E

Reference:
– Private access options for services


QUESTION 3

All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys.
None of the instances are set with any SSH key, and no project-wide SSH keys have been configured.
Firewall rules are set up to allow SSH sessions from any IP address range. You want to SSH into one instance.
What should you do ?

  • A. Open the Google Cloud Shell SSH into the instance using gcloud compute ssh.
  • B. Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh.
  • C. Generate a new SSH key pair. Verify the format of the private key and add it to the instance. SSH into the instance using a third-party tool like putty or ssh.
  • D. Generate a new SSH key pair. Verify the format of the public key and add it to the project. SSH into the instance using a third-party tool like putty or ssh.
To see the rest of this …
前の記事Google Certified Educator Level 2 Exam Answers (20201022)Google for Education - Google Certified Educator Level 2次の記事 Professional Cloud Developer 模擬試験(2020.05.05)[GCP] Google Cloud Certified - Professional Cloud Developer

Google Cloud 模擬問題集

AWS 模擬問題集

Google for Education 模擬問題集




Tags

Associate Cloud Engineer (17) DevOps Engineer - Professional (2) Google Cloud Digital Leader (10) Google 認定教育者 (10) Professional Cloud Architect (18) Professional Cloud Database Engineer (2) Professional Cloud Developer (10) Professional Cloud DevOps Engineer (6) Professional Cloud Network Engineer (7) Professional Cloud Security Engineer (8) Professional Data Engineer (19) Professional Google Workspace Administrator (8) Professional Machine Learning Engineer (2) Solutions Architect Associate (2) Trainer Skills Assessment (4)
© 2020 CloudSmog .