Free Professional-Cloud-Network-Engineer Exam Braindumps

You are the Organization Admin for your company. One of your engineers is responsible for setting up multiple host projects across multiple folders and sharing subnets with service projects. You need to enable the engineer's Identity and Access Management (IAM) configuration to complete their task in the fewest number of steps. What should you do?

1. A. Set up the engineer with Compute Shared VPC Admin IAM role at the folder level.
2. B. Set up the engineer with Compute Shared VPC Admin IAM role at the organization level.
3. C. Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the folder level.
4. D. Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the organization level.

Correct Answer: B

You successfully provisioned a single Dedicated Interconnect. The physical connection is at a colocation facility closest to us-west2. Seventy-five percent of your workloads are in us-east4, and the remaining twenty-five percent of your workloads are in us-central1. All workloads have the same network traffic profile. You need to minimize data transfer costs when deploying VLAN attachments. What should you do?

1. A. Keep the existing Dedicated interconnec
2. B. Deploy a VLAN attachment to a Cloud Router in us-west2, and use VPC global routing to access workloads in us-east4 and us-central1.
3. C. Keep the existing Dedicated Interconnec
4. D. Deploy a VLAN attachment to a Cloud Router in us-east4, and deploy another VLAN attachment to a Cloud Router in us-central1.
5. E. Order a new Dedicated Interconnect for a colocation facility closest to us-east4, and use VPC globalrouting to access workloads in us-central1.
6. F. Order a new Dedicated Interconnect for a colocation facility closest to us-central1, and use VPC global routing to access workloads in us-east4.

Correct Answer: C

You configured Cloud VPN with dynamic routing via Border Gateway Protocol (BGP). You added a custom route to advertise a network that is reachable over the VPN tunnel. However, the on-premises clients still cannot reach the network over the VPN tunnel. You need to examine the logs in Cloud Logging to confirm that the appropriate routers are being advertised over the VPN tunnel. Which filter should you use in Cloud Logging to examine the logs?

1. A. resource.type= “gce_router”
2. B. resource.type= “gce_network_region”
3. C. resource.type= “vpn_tunnel”
4. D. resource.type= “vpn_gateway”

Correct Answer: C

You have an application that is running in a managed instance group. Your development team has released an updated instance template which contains a new feature which was not heavily tested. You want to minimize impact to users if there is a bug in the new template.
How should you update your instances?

1. A. Manually patch some of the instances, and then perform a rolling restart on the instance group.
2. B. Using the new instance template, perform a rolling update across all instances in the instance group.Verify the new feature once the rollout completes.
3. C. Deploy a new instance group and canary the updated template in that grou
4. D. Verify the new feature in the new canary instance group, and then update the original instance group.
5. E. Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new templat
6. F. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.

Correct Answer: D
https://cloud.google.com/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#startin https://cloud.google.com/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups

You have the following private Google Kubernetes Engine (GKE) cluster deployment:

You have a virtual machine (VM) deployed in the same VPC in the subnetwork kubernetes-management with internal IP address 192.168.40 2/24 and no external IP address assigned. You need to communicate with the cluster master using kubectl. What should you do?

1. A. Add the network 192.168.40.0/24 to the masterAuthorizedNetworksConfi
2. B. Configure kubectl tocommunicate with the endpoint 192.168.38.2.
3. C. Add the network 192.168.38.0/28 to the masterAuthorizedNetworksConfi
4. D. Configure kubectl to communicate with the endpoint 192.168.38.2
5. E. Add the network 192.168.36.0/24 to the masterAuthorizedNetworksConfi
6. F. Configure kubectl to communicate with the endpoint 192.168.38.2
7. G. Add an external IP address to the VM, and add this IP address in the masterAuthorizedNetworksConfig.Configure kubectl to communicate with the endpoint 35.224.37.17.

Correct Answer: A