GOOGLE-PROFESSIONAL-CLOUD-NETWORK-ENGINEER

Your company has a single on-premises data center that needs to be connected to a VPC in Google Cloud. The total bandwidth requirement is 10Gbps. The connection must be redundant and have a minimum SLA of 99.9%. Due to the sensitive nature of the workloads, you need to implement the solution with the lowest latency. What should you do?

Your company deployed a hub and spoke architecture in Google Cloud to host their workloads. They use VPC network peerings to connect the hub and the spokes. You need to replicate the design and use Network Connectivity Center. What should you do?

Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible. How should you deploy this service in GCP?

You are deploying HA VPN within Google Cloud. You need to exchange routes dynamically between your on-premises gateway and Google Cloud. You have already created a HA VPN gateway and a peer VPN gateway resource. What should you do?

You are implementing a VPC architecture for your organization by using a Network Connectivity Center hub and spoke topology: • There is one Network Connectivity Center hybrid spoke to receive on-premises routes. • There is one VPC spoke that needs to be added as a Network Connectivity Center spoke. Your organization has limited routable IP space for their cloud environment (192.168.0.0/20). The Network Connectivity Center spoke VPC is connected to on-premises with a Cloud Interconnect connection in the us-east4 region. The on-premises IP range is 172.16.0.0/16. You need to reach on-premises resources from multiple Google Cloud regions (us-west1,europe-central1, and asia-southeast1) and minimize the IP addresses being used. What should you do?

Your organization has over 250 autonomous business units that currently operate in a decentralized manner. Due to the organization's maturity, there is limited routable private IP address space, which is insufficient to accommodate all of the necessary workloads. You need to create a cloud-first network design that uses the same IP address space across business unit workloads where possible. These business units require communication between units, and access to their on-premises data center. What should you do?

You are configuring an Application Load Balancer. The backend resides in your on-premises data center and is connected by Dedicated Interconnect. You need to ensure the load balancer can reference these on-premises resources. You do not want the traffic to traverse the internet at all. What should you do?

You are troubleshooting connectivity issues between Google Cloud and a public SaaS provider. Connectivity between the two environments is through the public internet. Your users are reporting intermittent connection errors when using TCP to connect; however, ICMP tests show no failures. According to users, errors occur around the same time every day. You want to troubleshoot and gather information by using Google Cloud tools that are most likely to provide insights to what is occurring within Google Cloud. What should you do?

You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic listed. During troubleshooting you find: "¢ Flow logs are enabled for the VPC subnet, and all firewall rules are set to log. "¢ The subnetwork logs are not excluded from Stackdriver. "¢ The instance that is hosting the application can communicate outside the subnet. "¢ Other instances within the subnet can communicate outside the subnet. "¢ The external resource initiates communication. What is the most likely cause of the missing log lines?

You configured a single IPSec Cloud VPN tunnel for your organization to a third-party customer. You confirmed that the VPN tunnel is established. However, the BGP session status states that the BGP is not configured. The customer has provided you with their BGP settings: • Local BGP address: 169.254.11.1/30 • Local ASN: 64515 • Peer BGP address: 169.254.11.2 • Peer ASN: 64517 • Base MED: 1000 • MD5 Authentication: Disabled You need to configure the local BGP session for this tunnel based on the settings provided by the customer. You already associated the Cloud Router with the Cloud VPN Tunnel. What settings should you use for the BGP session?

You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed. What is the most likely cause of the problem?

You have a web application that is currently hosted in the us-central1 region. Users experience high latency when traveling in Asia. You've configured a network load balancer, but users have not experienced a performance improvement. You want to decrease the latency. What should you do?

You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage. You want to ensure that none of the application instances have external IP addresses. Which two methods can you use to accomplish this? (Choose two.)

You are designing a shared VPC architecture. Your network and security team has strict controls over which routes are exposed between departments. Your Production and Staging departments can communicate with each other, but only via specific networks. You want to follow Google-recommended practices. How should you design this topology?

You are adding steps to a working automation that uses a service account to authenticate. You need to drive the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible. What should you do?

Your company recently migrated to Google Cloud. You configured separate Virtual Private Cloud (VPC) networks for Department A and Department B. You need to configure both VPC networks to have access to the same on-premises location through separate links with full isolation between the VPC networks. Your design must also query on-premises DNS servers from workloads in Google Cloud using conditional forwarding. You want to minimize operational overhead. What should you do?

You are planning to use Terraform to deploy the Google Cloud infrastructure for your company. The design must meet the following requirements: • Each Google Cloud project must represent an internal project that your team will work on. • After an internal project is finished, the infrastructure must be deleted. • Each internal project must have its own Google Cloud project owner to manage the Google Cloud resources. • You have 10-100 projects deployed at a time. While you are writing the Terraform code, you need to ensure that the deployment is simple and the code is reusable with centralized management. What should you do?

You have the following Shared VPC design. VPC Flow Logs is configured for Subnet-1 in the host VPC. You also want to monitor flow logs for Subnet-2. What should you do?

Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren't certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users. What should you do?

You are configuring your organization's Google Cloud environment to connect to your on-premises network, which does not support Border Gateway Protocol (BGP). Your on-premises network has 30 CIDR ranges that must be reachable from Google Cloud. Your VPN gateway creates a unique child security association (SA) per CIDR. You must ensure that the 30 CIDR ranges in your on-premises network are reachable from Google Cloud. Following Google-recommended practices, which two methods can you use to accomplish this? (Choose two.)

You have two VPCs: VPC A in Project A and VPC B in Project B. The VPCs are peered, and each VPC has VM instances in four zones. You are using the Network Intelligence Center Performance Dashboard to investigate the packet loss for traffic flows that start in VPC A and terminate in VPC B. You need the reported packet loss metric to have at least a 90% confidence level. What should you do?

You are designing a new network infrastructure for your customer in Google Cloud. Your customer requires a connection between two Google Cloud VPCs that must include a VPN tunnel. You want to follow Google-recommended practices while ensuring maximum availability of the connection. Which VPN configuration should you choose?

Your company is moving to a hybrid cloud environment and needs to connect two on-premises data centers to Google Cloud. Your company has opted for no service level agreement (SLA) on the Dedicated Interconnect ports. You set up a single Dedicated Interconnect to connect each on-premises data center to Google Cloud: one Dedicated Interconnect in us-east1 and another Dedicated Interconnect in us-west1. You also configured a Cloud Router for each Dedicated Interconnect in each respective region. You now need to configure the Interconnect attachments to provide as much high availability diversity as possible based on this design. What should you do?

You are deploying your infrastructure in the us-central1 region. Your on-premises data center is located in New York City, and the Google Cloud region closest to New York City is us-east4. Your Cloud Interconnect is located in Ashburn, Virginia (VA), United States. You need to use Cloud Interconnect to connect your application infrastructure with backend systems in your data center location. You do not expect the application bandwidth to exceed 500 Mbps. You want to minimize latency and cost. What should you do?

You have provisioned a Cloud Interconnect connection with a VLAN attachment. You configured Border Gateway Protocol (BGP) between your on-premises router and your Cloud Router. After deploying and testing the connection, you discover that the BGP session is not established between your on-premises router and the Cloud Router. Which two actions should you take to resolve this issue? (Choose two.)