Google Prof Cloud Network - pt 10 University Quiz

1.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

You are designing a hub-and-spoke network architecture for your company’s cloud-based environment. You need to make sure that all spokes are peered with the hub. The spokes must use the hub's virtual appliance for internet access. The virtual appliance is configured in high-availability mode with two instances using an internal load balancer with IP address 10.0.0.5. What should you do?

1. Create a default route in the hub VPC that points to IP address 10.0.0.5. 2. Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway. 3. Export the custom routes in the hub. 4. Import the custom routes in the spokes.

1. Create a default route in the hub VPC that points to IP address 10.0.0.5. 2. Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway. 3. Export the custom routes in the hub. Import the custom routes in the spokes. 4. Delete the default internet gateway route of the spokes.

1. Create two default routes in the hub VPC that point to the next hop instances of the virtual appliances. 2. Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway. 3. Export the custom routes in the hub. Import the custom routes in the spokes.

1. Create a default route in the hub VPC that points to IP address 10.0.0.5. 2. Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway. 3. Create a new route in the spoke VPC that points to IP address 10.0.0.5.

2.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

You configured Cloud VPN with dynamic routing via Border Gateway Protocol (BGP). You added a custom route to advertise a network that is reachable over the VPN tunnel. However, the on-premises clients still cannot reach the network over the VPN tunnel. You need to examine the logs in Cloud Logging to confirm that the appropriate routers are being advertised over the VPN tunnel. Which filter should you use in Cloud Logging to examine the logs?

resource.type= “gce_router”

resource.type= “gce_network_region”

resource.type= “vpn_tunnel”

resource.type= “vpn_gateway”

3.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with access from onpremises locations using Cloud Interconnect connections. Your company must be able to send traffic to Cloud Storage only through the Interconnect links while accessing other Google APIs and services over the public internet. What should you do?

Use the default public domains for all Google APIs and services

Use Private Service Connect to access Cloud Storage, and use the default public domains for all other Google APIs and services.

Use Private Google Access, with restricted.googleapis.com virtual IP addresses for Cloud Storage and private.googleapis.com for all other Google APIs and services.

.Use Private Google Access, with private.googleapis.com virtual IP addresses for Cloud Storage and restricted.googleapis.com virtual IP addresses for all other Google APIs and services.

4.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

Your organization has a Google Cloud Virtual Private Cloud (VPC) with subnets in us-east1, us-west4, and europewest4 that use the default VPC configuration. Employees in a branch office in Europe need to access the resources in the VPC using HA VPN. You configured the HA VPN associated with the Google Cloud VPC for your organization with a Cloud Router deployed in europe-west4. You need to ensure that the users in the branch office can quickly and easily access all resources in the VPC. What should you do?

Create custom advertised routes for each subnet.

Configure each subnet’s VPN connections to use Cloud VPN to connect to the branch office.

Configure the VPC dynamic routing mode to Global.

Set the advertised routes to Global for the Cloud Router.

5.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

Your organization uses a Shared VPC architecture with a host project and three service projects. You have Compute Engine instances that reside in the service projects. You have critical workloads in your on-premises data center. You need to ensure that the Google Cloud instances can resolve on-premises hostnames via the Dedicated Interconnect you deployed to establish hybrid connectivity. What should you do?

1. Create a Cloud DNS private forwarding zone in the host project of the Shared VPC that forwards the private zone to the on-premises DNS servers. 2. In your Cloud Router, add a custom route advertisement for the IP 35.199.192.0/19 to the on-premises environment.

1. Create a Cloud DNS private forwarding zone in the host project of the Shared VPC that forwards the Private zone to the on-premises DNS servers. 2. In your Cloud Router, add a custom route advertisement for the IP 169.254 169.254 to the on-premises environment

1. Configure a Cloud DNS private zone in the host project of the Shared VPC. 2. Set up DNS forwarding to your Google Cloud private zone on your on-premises DNS servers to point to the inbound forwarder IP address in your host project 3. In your Cloud Router, add a custom route advertisement for the IP 169.254 169 254 to the on-premises environment.

1.Configure a Cloud DNS private zone in the host project of the Shared VPC. 2. Set up DNS forwarding to your Google Cloud private zone on your on-premises DNS servers to point to the inbound forwarder IP address in your host project. 3. Configure a DNS policy in the Shared VPC to allow inbound query forwarding with your on-premises DNS server as the alternative DNS server.

6.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

Your organization is implementing a new security policy to control how firewall rules are applied to control flows between virtual machines (VMs). Using Google-recommended practices, you need to set up a firewall rule to enforce strict control of traffic between VM A and VM B. You must ensure that communications flow only from VM A to VM B within the VPC, and no other communication paths are allowed. No other firewall rules exist in the VPC. Which firewall rule should you configure to allow only this communication path?

7.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

You have configured a service on Google Cloud that connects to an on-premises service via a Dedicated Interconnect. Users are reporting recent connectivity issues. You need to determine whether the traffic is being dropped because of firewall rules or a routing decision. What should you do?

Use the Network Intelligence Center Connectivity Tests to test the connectivity between the VPC and the onpremises network.

Use Network Intelligence Center Network Topology to check the traffic flow, and replay the traffic from the time period when the connectivity issue occurred.

Configure VPC Flow Logs. Review the logs by filtering on the source and destination.

Configure a Compute Engine instance on the same VPC as the service running on Google Cloud to run a traceroute targeted at the on-premises service.

8.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

You are configuring a new HTTP application that will be exposed externally behind both IPv4 and IPv6 virtual IP addresses, using ports 80, 8080, and 443. You will have backends in two regions: us-west1 and us-east1. You want to serve the content with the lowest-possible latency while ensuring high availability and autoscaling, and create native content-based rules using the HTTP hostname and request path. The IP addresses of the clients that connect to the load balancer need to be visible to the backends. Which configuration should you use?

Use Network Load Balancing

Use TCP Proxy Load Balancing with PROXY protocol enabled

Use External HTTP(S) Load Balancing with URL Maps and custom headers

Use External HTTP(S) Load Balancing with URL Maps and an X-Forwarded-For header

9.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

You need to define an address plan for a future new Google Kubernetes Engine (GKE) cluster in your Virtual Private Cloud (VPC). This will be a VPC-native cluster, and the default Pod IP range allocation will be used. You must pre-provision all the needed VPC subnets and their respective IP address ranges before cluster creation. The cluster will initially have a single node, but it will be scaled to a maximum of three nodes if necessary. You want to allocate the minimum number of Pod IP addresses. Which subnet mask should you use for the Pod IP address range?

/21

/22

/23

/25

10.

MULTIPLE CHOICE QUESTION

5 mins • 1 pt

You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?

Order a Dedicated Interconnect connection in the same metropolitan area. Create a VLAN attachment, a Cloud Router in us-west1, and a Border Gateway Protocol (BGP) session between your Cloud Router and your router.

Order a Direct Peering connection in the same metropolitan area. Configure a Border Gateway Protocol (BGP) session between Google and your router.

Configure HA VPN in us-west1. Configure a Border Gateway Protocol (BGP) session between your Cloud Router and your on-premises data center.

.Order a Carrier Peering connection in the same metropolitan area. Configure a Border Gateway Protocol (BGP) session between Google and your router.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers