Free Access Google.Professional-Cloud-Network-Engineer.v2022-03-12.q83 Practice Test (Page 5)

Question 16

You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services. You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.
How should you design this topology?

A.Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services.
Create a VPC-native cluster and specify those ranges.

B.Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services.
Create a VPC-native cluster and specify those ranges. When the services are ready to be deployed, resize the subnets.

C.Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.

D.Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.

Question 17

You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP- capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.
What should you do?

A.* Create a Cloud VPN instance.
* Create a policy-based VPN tunnel per subnet.
* Configure the appropriate local and remote traffic selectors to match your local and remote networks.
* Create the appropriate static routes.

B.* Create a Cloud VPN instance.
* Create a policy-based VPN tunnel.
* Configure the appropriate local and remote traffic selectors to match your local and remote networks.
* Configure the appropriate static routes.

C.* Create a Cloud VPN instance.
* Create a route-based VPN tunnel.
* Configure the appropriate local and remote traffic selectors to match your local and remote networks.
* Configure the appropriate static routes.

D.* Create a Cloud VPN instance.
* Create a route-based VPN tunnel.
* Configure the appropriate local and remote traffic selectors to 0.0.0.0/0.
* Configure the appropriate static routes.

Question 18

In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.
What should you do?

A.Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.

B.Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.

C.Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.

D.Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.

Question 19

You decide to set up Cloud NAT. After completing the configuration, you find that one of your instances is not using the Cloud NAT for outbound NAT.
What is the most likely cause of this problem?

A.You have created static routes that use RFC1918 ranges.

B.The instance has been configured with multiple interfaces.

C.An external IP address has been configured on the instance.

D.The instance is accessible by a load balancer external IP address.

Question 20

All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys. None of the instances are set with any SSH key, and no project-wide SSH keys have been configured. Firewall rules are set up to allow SSH sessions from any IP address range. You want to SSH into one instance.
What should you do?

A.Open the Cloud Shell SSH into the instance using gcloud compute ssh.

B.Generate a new SSH key pair. Verify the format of the private key and add it to the instance. SSH into the instance using a third-party tool like putty or ssh.

C.Generate a new SSH key pair. Verify the format of the public key and add it to the project. SSH into the instance using a third-party tool like putty or ssh.

D.Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh.

Other Version: 134Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 496Google.Professional-Cloud-Network-Engineer.v2025-05-14.q111; 587Google.Professional-Cloud-Network-Engineer.v2024-10-28.q109; 1794Google.Professional-Cloud-Network-Engineer.v2023-04-24.q111; 1382Google.Professional-Cloud-Network-Engineer.v2023-01-24.q52; 102Google.Ipassleader.Professional-Cloud-Network-Engineer.v2021-10-07.by.stephanie.79q.pdf

Latest Upload: 104Oracle.1Z0-1057-23.v2025-09-10.q47; 134Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 130SAP.C-S4EWM-2023.v2025-09-08.q83; 147TheSecOpsGroup.CNSP.v2025-09-08.q20; 188CFAInstitute.ESG-Investing.v2025-09-08.q173; 135PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 136Salesforce.Data-Architect.v2025-09-05.q216; 130Adobe.AD0-E605.v2025-09-05.q50; 169Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 113Oracle.1z0-591.v2025-09-05.q104

Question 16

Question 17

Question 18

Question 19

Question 20

Download PDF File