Google Prof Cloud Network - pt 8 University Quiz

1.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

Your organization has Compute Engine instances in us-east1, us-west2, and us-central1. Your organization also has an existing Cloud Interconnect physical connection in the East Coast of the United States with a single VLAN attachment and Cloud Router in us-east1. You need to provide a design with high availability and ensure that if a region goes down, you still have access to all your other Virtual Private Cloud (VPC) subnets. You need to accomplish this in the most cost-effective manner possible. What should you do?

1. Configure your VPC routing in regional mode. 2. Add an additional Cloud Interconnect VLAN attachment in the us-east1 region, and configure a Cloud Router in us-east1.

1. Configure your VPC routing in global mode. 2. Add an additional Cloud Interconnect VLAN attachment in the us-east1 region, and configure a Cloud Router in us-east1.

1. Configure your VPC routing in global mode. 2. Add an additional Cloud Interconnect VLAN attachment in the us-west2 region, and configure a Cloud Router in us-west2.

1. Configure your VPC routing in regional mode. 2. Add additional Cloud Interconnect VLAN attachments in the us-west2 and us-central1 regions, and configure Cloud Routers in us-west2 and us-central1.

2.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

You recently configured Google Cloud Armor security policies to manage traffic to your application. You discover that Google Cloud Armor is incorrectly blocking some traffic to your application. You need to identity the web application firewall (WAF) rule that is incorrectly blocking traffic. What should you do?

Enable firewall logs, and view the logs in Firewall Insights.

Enable HTTP(S) Load Balancing logging with sampling rate equal to 1, and view the logs in Cloud Logging.

Enable VPC Flow Logs, and view the logs in Cloud Logging.

Enable Google Cloud Armor audit logs, and view the logs on the Activity page in the Google Cloud Console.

3.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

You are the Organization Admin for your company. One of your engineers is responsible for setting up multiple host projects across multiple folders and sharing subnets with service projects. You need to enable the engineer's Identity and Access Management (IAM) configuration to complete their task in the fewest number of steps. What should you do?

Set up the engineer with Compute Shared VPC Admin IAM role at the folder level.

Set up the engineer with Compute Shared VPC Admin IAM role at the organization level.

Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the folder level.

Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the organization level.

4.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

You recently deployed Compute Engine instances in regions us-west1 and us-east1 in a Virtual Private Cloud (VPC) with default routing configurations. Your company security policy mandates that virtual machines (VMs) must not have public IP addresses attached to them. You need to allow your instances to fetch updates from the internet while preventing external access. What should you do?

Create a Cloud NAT gateway and Cloud Router in both us-west1 and us-east1.

Create a single global Cloud NAT gateway and global Cloud Router in the VPC.

Change the instances’ network interface external IP address from None to Ephemeral.

Create a firewall rule that allows egress to destination 0.0.0.0/0.

5.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

You are designing a new global application using Compute Engine instances that will be exposed by a global HTTP(S) load balancer. You need to secure your application from distributed denial-of-service and application layer (layer 7) attacks. What should you do?

Configure VPC Service Controls and create a secure perimeter. Define fine-grained perimeter controls and enforce that security posture across your Google Cloud services and projects.

Configure a Google Cloud Armor security policy in your project, and attach it to the backend service to secure the application.

Configure VPC firewall rules to protect the Compute Engine instances against distributed denial-of-service attacks.

Configure hierarchical firewall rules for the global HTTP(S) load balancer public IP address at the organization level.

6.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

Your organization's security policy requires that all internet-bound traffic return to your on-premises data center through HA VPN tunnels before egressing to the internet, while allowing virtual machines (VMs) to leverage private Google APIs using private virtual IP addresses 199.36.153.4/30. You need to configure the routes to enable these traffic flows. What should you do?

Configure a custom route 0.0.0.0/0 with a priority of 500 whose next hop is the default internet gateway. Configure another custom route 199.36.153.4/30 with priority of 1000 whose next hop is the VPN tunnel back to the on-premises data center.

Configure a custom route 0.0.0.0/0 with a priority of 1000 whose next hop is the internet gateway. Configure another custom route 199.36.153.4/30 with a priority of 500 whose next hop is the VPN tunnel back to the onpremises data center.

Announce a 0.0.0.0/0 route from your on-premises router with a MED of 1000. Configure a custom route 199.36.153.4/30 with a priority of 1000 whose next hop is the default internet gateway.

Announce a 0.0.0.0/0 route from your on-premises router with a MED of 500. Configure another custom route 199.36.153.4/30 with a priority of 1000 whose next hop is the VPN tunnel back to the on-premises data center.

7.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

Your company has defined a resource hierarchy that includes a parent folder with subfolders for each department. Each department defines their respective project and VPC in the assigned folder and has the appropriate permissions to create Google Cloud firewall rules. The VPCs should not allow traffic to flow between them. You need to block all traffic from any source, including other VPCs, and delegate only the intra-VPC firewall rules to the respective departments. What should you do?

Create a VPC firewall rule in each VPC to block traffic from any source, with priority 0.

Create a VPC firewall rule in each VPC to block traffic from any source, with priority 1000.

Create two hierarchical firewall policies per department's folder with two rules in each: a high-priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to allow, and another lower-priority rule that blocks traffic from any other source.

Create two hierarchical firewall policies per department's folder with two rules in each: a high-priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to goto_next, and another lower-priority rule that blocks traffic from any other source.

8.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

You have two Google Cloud projects in a perimeter to prevent data exfiltration. You need to move a third project inside the perimeter; however, the move could negatively impact the existing environment. You need to validate the impact of the change. What should you do?

Enable Firewall Rules Logging inside the third project.

.Modify the existing VPC Service Controls policy to include the new project in dry run mode.

Monitor the Resource Manager audit logs inside the perimeter.

Enable VPC Flow Logs inside the third project, and monitor the logs for negative impact.

9.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

You are configuring an HA VPN connection between your Virtual Private Cloud (VPC) and on-premises network. The VPN gateway is named VPN_GATEWAY_1. You need to restrict VPN tunnels created in the project to only connect to your on-premises VPN public IP address: 203.0.113.1/32. What should you do?

Configure a firewall rule accepting 203.0.113.1/32, and set a target tag equal to VPN_GATEWAY_1.

Configure the Resource Manager constraint constraints/compute.restrictVpnPeerIPs to use an allowList consisting of only the 203.0.113.1/32 address.

Configure a Google Cloud Armor security policy, and create a policy rule to allow 203.0.113.1/32.

Configure an access control list on the peer VPN gateway to deny all traffic except 203.0.113.1/32, and attach it to the primary external interface.

10.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

What should you do?

1. Create an A record for private.googleapis.com using the 199.36.153.8/30 address range. 2. Create a CNAME record for *.googleapis.com that points to the A record. 3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record. 4. Remove the default internet gateway from the VPC where your Cloud VPN tunnel terminates

Create an A record for restricted.googleapis.com using the 199.36.153.4/30 address range. 2. Create a CNAME record for *.googleapis.com that points to the A record. 3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record. 4. Configure your on-premises firewalls to allow traffic to the restricted.googleapis.com addresses.

1. Create an A record for restricted.googleapis.com using the 199.36.153.4/30 address range. 2. Create a CNAME record for *.googleapis.com that points to the A record. 3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record. 4. Remove the default internet gateway from the VPC where your Cloud VPN tunnel terminates.

1. Create an A record for private.googleapis.com using the 199.36.153.8/30 address range. 2. Create a CNAME record for *.googleapis.com that points to the A record. 3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record. 4. Configure your on-premises firewalls to allow traffic to the private.googleapis.com addresses

Create a free account and access millions of resources

Similar Resources on Quizizz

Popular Resources on Quizizz

Discover more resources for Computers