Free Professional-Cloud-Network-Engineer Exam Braindumps

You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly.
How should you configure the health check?

1. A. Set request-path to a specific URL used for health checking, and set proxy-header to PROXY_V1.
2. B. Set request-path to a specific URL used for health checking, and set host to include a custom host header that identifies the health check.
3. C. Set request-path to a specific URL used for health checking, and set response to a string that the backend service will always return in the response body.
4. D. Set proxy-header to the default value, and set host to include a custom host header that identifies the health check.

Correct Answer: C
https://cloud.google.com/load-balancing/docs/health-check-concepts#content-based_health_checks

Your company's security team wants to limit the type of inbound traffic that can reach your web servers to protect against security threats. You need to configure the firewall rules on the web servers within your Virtual Private Cloud (VPC) to handle HTTP and HTTPS web traffic for TCP only. What should you do?

1. A. Create an allow on match ingress firewall rule with the target tag “web-server” to allow all IP addresses for TCP port 80.
2. B. Create an allow on match egress firewall rule with the target tag “web-server” to allow all IP addresses for TCP port 80.
3. C. Create an allow on match ingress firewall rule with the target tag “web-server” to allow all IP addresses for TCP ports 80 and 443.
4. D. Create an allow on match egress firewall rule with the target tag “web-server" to allow web server IP addresses for TCP ports 60 and 443.

Correct Answer: C

All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys. None of the instances are set with any SSH key, and no project-wide SSH keys have been configured. Firewall rules are set up to allow SSH sessions from any IP address range. You want to SSH into one instance.
What should you do?

1. A. Open the Cloud Shell SSH into the instance using gcloud compute ssh.
2. B. Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh.
3. C. Generate a new SSH key pai
4. D. Verify the format of the private key and add it to the instanc
5. E. SSH into the instance using a third-party tool like putty or ssh.
6. F. Generate a new SSH key pai
7. G. Verify the format of the public key and add it to the projec
8. H. SSH into the instance using a third-party tool like putty or ssh.

Correct Answer: A

You are designing a Partner Interconnect hybrid cloud connectivity solution with geo-redundancy across two metropolitan areas. You want to follow Google-recommended practices to set up the following region/metro pairs:
(region 1/metro 1)
(region 2/metro 2) What should you do?

1. A. Create a Cloud Router in region 1 with two VLAN attachments connected to metro1-zone1-x.Create a Cloud Router in region 2 with two VLAN attachments connected to metro1-zone2-x.
2. B. Create a Cloud Router in region 1 with one VLAN attachment connected to metro1-zone1-x.Create a Cloud Router in region 2 with two VLAN attachments connected to metro2-zone2-x.
3. C. Create a Cloud Router in region 1 with one VLAN attachment connected to metro1-zone2-x.Create a Cloud Router in region 2 with one VLAN attachment connected to metro2-zone2-x.
4. D. Create a Cloud Router in region 1 with one VLAN attachment connected to metro1-zone1-x and one VLAN attachment connected to metro1-zone2-x.Create a Cloud Router in region 2 with one VLAN attachment connected to metro2-zone1-x and one VLAN attachment to metro2-zone2-x.

Correct Answer: B

You have just deployed your infrastructure on Google Cloud. You now need to configure the DNS to meet the following requirements:
Your on-premises resources should resolve your Google Cloud zones. Your Google Cloud resources should resolve your on-premises zones.
You need the ability to resolve “.internal” zones provisioned by Google Cloud. What should you do?

1. A. Configure an outbound server policy, and set your alternative name server to be your on-premises DNS resolve
2. B. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.
3. C. Configure both an inbound server policy and outbound DNS forwarding zones with the target as the on-premises DNS resolve
4. D. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.
5. E. Configure an outbound DNS server policy, and set your alternative name server to be your on-premises DNS resolve
6. F. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.
7. G. Configure Cloud DNS to DNS peer with your on-premises DNS resolve
8. H. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.

Correct Answer: A