Join the discussion
Question 1/115
Your company recently migrated to Google Cloud in a Single region. You configured separate Virtual Private Cloud (VPC) networks for two departments. Department A and Department B. Department A has requested access to resources that are part Of Department Bis VPC. You need to configure the traffic from private IP addresses to flow between the VPCs using multi-NIC virtual machines (VMS) to meet security requirements Your configuration also must
* Support both TCP and UDP protocols
* Provide fully automated failover
* Include health-checks
Require minimal manual Intervention In the client VMS
Which approach should you take?
* Support both TCP and UDP protocols
* Provide fully automated failover
* Include health-checks
Require minimal manual Intervention In the client VMS
Which approach should you take?
Correct Answer: D
The correct answer is D. Create an instance template and a managed instance group. Configure two separate internal TCP/UDP load balancers for each protocol (TCP/UDP), and configure the client VMs to use the internal load balancers' virtual IP addresses.
This answer is based on the following facts:
Using multi-NIC VMs as network virtual appliances (NVAs) allows you to route traffic between different VPC networks1. You can use NVAs to implement custom network policies and security requirements.
Using an instance template and a managed instance group allows you to create and manage multiple identical NVAs2. You can also use health checks and autoscaling policies to ensure high availability and reliability of your NVAs.
Using internal TCP/UDP load balancers allows you to distribute traffic from client VMs to NVAs based on the protocol and port3. You can also use health checks and failover policies to ensure that only healthy NVAs receive traffic.
Configuring the client VMs to use the internal load balancers' virtual IP addresses allows you to simplify the routing configuration and avoid manual intervention4. You do not need to create static routes or update them when NVAs are added or removed.
The other options are not correct because:
Option A is not suitable. Creating the VMs in the same zone does not provide high availability or failover. Using static routes with IP addresses as next hops requires manual intervention when NVAs are added or removed.
Option B is not optimal. Creating the VMs in different zones provides high availability, but not failover. Using static routes with instance names as next hops requires manual intervention when NVAs are added or removed.
Option C is not feasible. Creating an instance template and a managed instance group provides high availability and reliability, but using a single internal load balancer does not support both TCP and UDP protocols. You cannot define a custom static route with an internal load balancer as the next hop.
This answer is based on the following facts:
Using multi-NIC VMs as network virtual appliances (NVAs) allows you to route traffic between different VPC networks1. You can use NVAs to implement custom network policies and security requirements.
Using an instance template and a managed instance group allows you to create and manage multiple identical NVAs2. You can also use health checks and autoscaling policies to ensure high availability and reliability of your NVAs.
Using internal TCP/UDP load balancers allows you to distribute traffic from client VMs to NVAs based on the protocol and port3. You can also use health checks and failover policies to ensure that only healthy NVAs receive traffic.
Configuring the client VMs to use the internal load balancers' virtual IP addresses allows you to simplify the routing configuration and avoid manual intervention4. You do not need to create static routes or update them when NVAs are added or removed.
The other options are not correct because:
Option A is not suitable. Creating the VMs in the same zone does not provide high availability or failover. Using static routes with IP addresses as next hops requires manual intervention when NVAs are added or removed.
Option B is not optimal. Creating the VMs in different zones provides high availability, but not failover. Using static routes with instance names as next hops requires manual intervention when NVAs are added or removed.
Option C is not feasible. Creating an instance template and a managed instance group provides high availability and reliability, but using a single internal load balancer does not support both TCP and UDP protocols. You cannot define a custom static route with an internal load balancer as the next hop.
Add Comments
- Other Question (115q)
- Q1. Your company recently migrated to Google Cloud in a Single region. You configured separate...
- Q2. You are adding steps to a working automation that uses a service account to authenticate. ...
- Q3. You work for a multinational enterprise that is moving to GCP. These are the cloud require...
- Q4. You work for a university that is migrating to GCP. These are the cloud requirements: * On...
- Q5. You work for a university that is migrating to GCP. These are the cloud requirements: - On...
- Q6. You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using...
- Q7. You are using a 10-Gbps direct peering connection to Google together with the gsutil tool ...
- Q8. You have an application that is running in a managed instance group. Your development team...
- Q9. You are in the process of deploying an internal HTTP(S) load balancer for your web server ...
- Q10. You are using a 10-Gbps direct peering connection to Google together with the gsutil tool ...
- Q11. You create a Google Kubernetes Engine private cluster and want to use kubectl to get the s...
- Q12. Your company's security team wants to limit the type of inbound traffic that can reach you...
- Q13. Your on-premises data center has 2 routers connected to your Google Cloud environment thro...
- Q14. You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BG...
- Q15. You are deploying an application that runs on Compute Engine instances. You need to determ...
- Q16. You are trying to update firewall rules in a shared VPC for which you have been assigned o...
- Q17. Your company has a security team that manages firewalls and SSL certificates. It also has ...
- Q18. Your company has a security team that manages firewalls and SSL certificates. It also has ...
- Q19. Your company has recently expanded their EMEA-based operations into APAC. Globally distrib...
- Q20. You deployed a hub-and-spoke architecture in your Google Cloud environment that uses VPC N...
- Q21. You are designing a Partner Interconnect hybrid cloud connectivity solution with geo-redun...
- Q22. You are migrating a three-tier application architecture from on-premises to Google Cloud. ...
- Q23. You need to establish network connectivity between three Virtual Private Cloud networks, S...
- Q24. Your company's web server administrator is migrating on-premises backend servers for an ap...
- Q25. You are configuring a new HTTP application that will be exposed externally behind both IPv...
- Q26. You are developing an HTTP API hosted on a Compute Engine virtual machine instance that mu...
- Q27. Your end users are located in close proximity to us-east1 and europe-west1. Their workload...
- Q28. You need to configure the Border Gateway Protocol (BGP) session for a VPN tunnel you just ...
- Q29. Your developer group works on a set of VM's frequently throughout the day. To save costs, ...
- Q30. You are designing the network architecture for your organization. Your organization has th...
- Q31. You need to define an address plan for a future new GKE cluster in your VPC. This will be ...
- Q32. Your company offers a popular gaming service. Your instances are deployed with private IP ...
- Q33. You have ordered Dedicated Interconnect in the GCP Console and need to give the Letter of ...
- Q34. Your company offers a popular gaming service. Your instances are deployed with private IP ...
- Q35. Your software team is developing an on-premises web application that requires direct conne...
- Q36. Your company is running out of network capacity to run a critical application in the on-pr...
- Q37. You need to create a GKE cluster in an existing VPC that is accessible from on-premises. Y...
- Q38. You have an application running on Compute Engine that uses BigQuery to generate some resu...
- Q39. Your company is working with a partner to provide a solution for a customer. Both your com...
- Q40. You are using a third-party next-generation firewall to inspect traffic. You created a cus...
- Q41. You have created a firewall with rules that only allow traffic over HTTP, HTTPS, and SSH p...
- Q42. In your company, two departments with separate GCP projects (code-dev and data-dev) in the...
- Q43. You work for a organization called cloudtech5 . Your organization has decided to implement...
- Q44. Your company's web server administrator is migrating on-premises backend servers for an ap...
- Q45. You have an application that is running in a managed instance group. Your development team...
- Q46. You created a VPC network named Retail in auto mode. You want to create a VPC network name...
- Q47. You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using...
- Q48. Your company has 10 separate Virtual Private Cloud (VPC) networks, with one VPC per projec...
- Q49. You have a storage bucket that contains two objects. Cloud CDN is enabled on the bucket, a...
- Q50. You have enabled HTTP(S) load balancing for your application, and your application develop...
- Q51. You work for a university that is migrating to GCP. These are the cloud requirements: * On...
- Q52. You are migrating to Cloud DNS and want to import your BIND zone file. Which command shoul...
- Q53. You want to configure a NAT to perform address translation between your on-premises networ...
- Q54. Your company is working with a partner to provide a solution for a customer. Both your com...
- Q55. You have ordered Dedicated Interconnect in the GCP Console and need to give the Letter of ...
- Q56. You need to give each member of your network operations team least-privilege access to cre...
- Q57. You have a storage bucket that contains the following objects: - folder-a/image-a-1.jpg - ...
- Q58. You are configuring a new instance of Cloud Router in your Organization's Google Cloud env...
- Q59. Your organization is deploying a single project for 3 separate departments. Two of these d...
- Q60. You have created an HTTP(S) load balanced service. You need to verify that your backend in...
- Q61. Your organization uses a hub-and-spoke architecture with critical Compute Engine instances...
- Q62. You have installed Apache Tomcat 8.X on a compute engine in google cloud on port 8085 and ...
- Q63. After a network change window one of your company's applications stops working. The applic...
- Q64. You are using a third-party next-generation firewall to inspect traffic. You created a cus...
- Q65. You have an application hosted on a Compute Engine virtual machine instance that cannot co...
- Q66. You want to configure load balancing for an internet-facing, standard voice-over-IP (VOIP)...
- Q67. You are designing a shared VPC architecture. Your network and security team has strict con...
- Q68. Your company has provisioned 2000 virtual machines (VMs) in the private subnet of your Vir...
- Q69. You have just deployed your infrastructure on Google Cloud. You now need to configure the ...
- Q70. You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable con...
- Q71. You have an application running on Compute Engine that uses BigQuery to generate some resu...
- Q72. You want to create a service in GCP using IPv6. What should you do?...
- Q73. You are configuring an HA VPN connection between your Virtual Private Cloud (VPC) and on-p...
- Q74. You configured Cloud VPN with dynamic routing via Border Gateway Protocol (BGP). You added...
- Q75. Your company just completed the acquisition of Altostrat (a current GCP customer). Each co...
- Q76. You need to restrict access to your Google Cloud load-balanced application so that only sp...
- Q77. You create a Google Kubernetes Engine private cluster and want to use kubectl to get the s...
- Q78. Your organization is deploying a single project for 3 separate departments. Two of these d...
- Q79. You are using the gcloud command line tool to create a new custom role in a project by cop...
- Q80. You want to use Cloud Interconnect to connect your on-premises network to a GCP VPC. You c...
- Q81. Your company has launched a mobile application that uploads pictures to google cloud stora...
- Q82. You have the following private Google Kubernetes Engine (GKE) cluster deployment: (Exhibit...
- Q83. You need to create a new VPC network that allows instances to have IP addresses in both th...
- Q84. You decide to set up Cloud NAT. After completing the configuration, you find that one of y...
- Q85. You created a new VPC network named Dev with a single subnet. You added a firewall rule fo...
- Q86. You are creating a new application and require access to Cloud SQL from VPC instances with...
- Q87. You have configured a Compute Engine virtual machine instance as a NAT gateway. You execut...
- Q88. You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS recor...
- Q89. You have several microservices running in a private subnet in an existing Virtual Private ...
- Q90. You are designing a new application that has backends internally exposed on port 800. The ...
- Q91. You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using...
- Q92. You have a Cloud Storage bucket in Google Cloud project XYZ. The bucket contains sensitive...
- Q93. You want to apply a new Cloud Armor policy to an application that is deployed in Google Ku...
- Q94. You want to configure a NAT to perform address translation between your on-premises networ...
- Q95. You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The curr...
- Q96. Your organization is implementing a new security policy to control how firewall rules are ...
- Q97. You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS recor...
- Q98. Your organization is deploying a single project for 3 separate departments. Two of these d...
- Q99. You successfully provisioned a single Dedicated Interconnect. The physical connection is a...
- Q100. You are using the gcloud command line tool to create a new custom role in a project by cop...
- Q101. You have configured a Compute Engine virtual machine instance as a NAT gateway. You execut...
- Q102. In order to provide subnet level isolation, you want to force instance-A in one subnet to ...
- Q103. You have a web application that is currently hosted in the us-central1 region. Users exper...
- Q104. In your project my-project, you have two subnets in a Virtual Private Cloud (VPC): subnet-...
- Q105. Refer to the exhibit. You have the following firewall ruleset applied to all instances in ...
- Q106. Your company is running out of network capacity to run a critical application in the on-pr...
- Q107. You need to create the network infrastructure to deploy a highly available web application...
- Q108. You have created an HTTP(S) load balanced service. You need to verify that your backend in...
- Q109. Your company has a Virtual Private Cloud (VPC) with two Dedicated Interconnect connections...
- Q110. You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BG...
- Q111. Your software team is developing an on-premises web application that requires direct conne...
- Q112. Your organization has a Google Cloud Virtual Private Cloud (VPC) with subnets in us-east1,...
- Q113. You have a web application that is currently hosted in the us-central1 region. Users exper...
- Q114. You created a VPC network named Retail in auto mode. You want to create a VPC network name...
- Q115. You converted an auto mode VPC network to custom mode. Since the conversion, some of your ...
[×]
Download PDF File
Enter your email address to download Google.Professional-Cloud-Network-Engineer.v2023-12-08.q115.pdf