Name: Professional Cloud Network Engineer
Brand: ValidExamDumps
SKU: Professional-Cloud-Network-Engineer
Price: 20 USD
Availability: InStock
Rating: 4.9 (400 reviews)

Free Google Professional-Cloud-Network-Engineer Exam Actual Questions

The questions for Professional-Cloud-Network-Engineer were last updated On Mar 31, 2025

At ValidExamDumps, we consistently monitor updates to the Google Professional-Cloud-Network-Engineer exam questions by Google. Whenever our team identifies changes in the exam questions,exam objectives, exam focus areas or in exam requirements, We immediately update our exam questions for both PDF and online practice exams. This commitment ensures our customers always have access to the most current and accurate questions. By preparing with these actual questions, our customers can successfully pass the Google Professional Cloud Network Engineer exam on their first attempt without needing additional materials or study guides.

Other certification materials providers often include outdated or removed questions by Google in their Google Professional-Cloud-Network-Engineer exam. These outdated questions lead to customers failing their Google Professional Cloud Network Engineer exam. In contrast, we ensure our questions bank includes only precise and up-to-date questions, guaranteeing their presence in your actual exam. Our main priority is your success in the Google Professional-Cloud-Network-Engineer exam, not profiting from selling obsolete exam questions in PDF or Online Practice Test.

Question No. 1

You are designing a new global application using Compute Engine instances that will be exposed by a global HTTP(S) load balancer. You need to secure your application from distributed denial-of-service and application layer (layer 7) attacks. What should you do?

AConfigure VPC Service Controls and create a secure perimeter. Define fine-grained perimeter controls and enforce that security posture across your Google Cloud services and projects.

BConfigure a Google Cloud Armor security policy in your project, and attach it to the backend service to secure the application.

CConfigure VPC firewall rules to protect the Compute Engine instances against distributed denial-of-service attacks.

DConfigure hierarchical firewall rules for the global HTTP(S) load balancer public IP address at the organization level.

Show Answer

Correct Answer: C

Question No. 2

Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.

During troubleshooting you find:

* Each on-premises router is configured with a unique ASN.

* Each on-premises router is configured with the same routes and priorities.

* Both on-premises routers are configured with a VPN connected to a single Cloud Router.

* BGP sessions are established between both on-premises routers and the Cloud Router.

* Only 1 of the on-premises router's routes are being added to the routing table.

What is the most likely cause of this problem?

AThe on-premises routers are configured with the same routes.

BA firewall is blocking the traffic across the second VPN connection.

CYou do not have a load balancer to load-balance the network traffic.

DThe ASNs being used on the on-premises routers are different.

Show Answer

Correct Answer: D

https://cloud.google.com/network-connectivity/docs/router/support/troubleshooting#ecmp

Question No. 3

You are deploying an application that runs on Compute Engine instances. You need to determine how to expose your application to a new customer You must ensure that your application meets the following requirements

* Maps multiple existing reserved external IP addresses to the Instance

* Processes IP Encapsulating Security Payload (ESP) traffic

What should you do?

AConfigure a target pool, and create protocol forwarding rules for each external IP address.

BConfigure a backend service, and create an external network load balancer for each external IP address

CConfigure a target instance, and create a protocol forwarding rule for each external IP address to be mapped to the instance.

DConfigure the Compute Engine Instances' network Interface external IP address from None to Ephemeral Add as many external IP addresses as required

Show Answer

Correct Answer: C

The correct answer is C. Configure a target instance, and create a protocol forwarding rule for each external IP address to be mapped to the instance.

This answer is based on the following facts:

A target instance is a Compute Engine instance that handles traffic from one or more forwarding rules1. You can use target instances to forward traffic to a single VM instance from one or more external IP addresses2.

A protocol forwarding rule specifies the IP protocol and port range for the traffic that you want to forward3. You can use protocol forwarding rules to forward traffic of any IP protocol, including ESP4.

The other options are not correct because:

Option A is not possible. You cannot create protocol forwarding rules for a target pool. A target pool is a group of instances that receives traffic from a network load balancer5.

Option B is not suitable. You do not need to create an external network load balancer for each external IP address. An external network load balancer distributes traffic among multiple backend instances based on the destination IP address and port. You can use a single load balancer with multiple forwarding rules to map multiple external IP addresses to the same backend service.

Option D is not feasible. You cannot add multiple external IP addresses to a single network interface of a Compute Engine instance. Each network interface can have only one external IP address that is either ephemeral or static. You can use alias IP ranges to assign multiple internal IP addresses to a single network interface, but not external IP addresses.

Question No. 4

You converted an auto mode VPC network to custom mode. Since the conversion, some of your Cloud Deployment Manager templates are no longer working. You want to resolve the problem.

What should you do?

AApply an additional IAM role to the Google API's service account to allow custom mode networks.

BUpdate the VPC firewall to allow the Cloud Deployment Manager to access the custom mode networks.

CExplicitly reference the custom mode networks in the Cloud Armor whitelist.

DExplicitly reference the custom mode networks in the Deployment Manager templates.

Show Answer

Correct Answer: D

Question No. 5

You have just deployed your infrastructure on Google Cloud. You now need to configure the DNS to meet the following requirements:

Your on-premises resources should resolve your Google Cloud zones.

Your Google Cloud resources should resolve your on-premises zones.

You need the ability to resolve ''. internal'' zones provisioned by Google Cloud.

What should you do?

AConfigure an outbound server policy, and set your alternative name server to be your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.

BConfigure both an inbound server policy and outbound DNS forwarding zones with the target as the on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.

CConfigure an outbound DNS server policy, and set your alternative name server to be your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.

DConfigure Cloud DNS to DNS peer with your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.

Show Answer

Correct Answer: A