Free Access Google.Professional-Cloud-Network-Engineer.v2023-04-24.q111 Practice Test (Page 10)

Question 41

Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.
How should you deploy this service in GCP?

A.Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.

B.Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal-priority static routes to the backend servers.

C.Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.

D.Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.

Question 42

Your company has provisioned 2000 virtual machines (VMs) in the private subnet of your Virtual Private Cloud (VPC) in the us-east1 region. You need to configure each VM to have a minimum of 128 TCP connections to a public repository so that users can download software updates and packages over the internet. You need to implement a Cloud NAT gateway so that the VMs are able to perform outbound NAT to the internet. You must ensure that all VMs can simultaneously connect to the public repository and download software updates and packages. Which two methods can you use to accomplish this? (Choose two.)

A.Configure the NAT gateway in manual allocation mode, allocate 4 NAT IP addresses, and update the minimum number of ports per VM to 128.

B.Create a second Cloud NAT gateway with the default minimum number of ports configured per VM to 64.

C.Use the default Cloud NAT gateway's NAT proxy to dynamically scale using a single NAT IP address.

D.Configure the NAT gateway in manual allocation mode, allocate 2 NAT IP addresses, and update the minimum number of ports per VM to 256.

E.Use the default Cloud NAT gateway to automatically scale to the required number of NAT IP addresses, and update the minimum number of ports per VM to 128.

Question 43

Your company's security team wants to limit the type of inbound traffic that can reach your web servers to protect against security threats. You need to configure the firewall rules on the web servers within your Virtual Private Cloud (VPC) to handle HTTP and HTTPS web traffic for TCP only. What should you do?

A.Create an allow on match egress firewall rule with the target tag "web-server" to allow all IP addresses for TCP port 80.

B.Create an allow on match ingress firewall rule with the target tag "web-server" to allow all IP addresses for TCP ports 80 and 443.

C.Create an allow on match ingress firewall rule with the target tag "web-server" to allow all IP addresses for TCP port 80.

D.Create an allow on match egress firewall rule with the target tag "web-server" to allow web server IP addresses for TCP ports 60 and 443.

Question 44

You have created a firewall with rules that only allow traffic over HTTP, HTTPS, and SSH ports. While testing, you specifically try to reach the server over multiple ports and protocols; however, you do not see any denied connections in the firewall logs. You want to resolve the issue.
What should you do?

A.Create a logging sink forwarding all firewall logs with no filters.

B.Create an explicit Deny Any rule and enable logging on the new rule.

C.Enable logging on the default Deny Any Firewall Rule.

D.Enable logging on the VM Instances that receive traffic.

Question 45

You work for a multinational enterprise that is moving to GCP.
These are the cloud requirements:
* An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us-west1 (primary HQ) and us-east4 (backup)
* Multiple regional offices in Europe and APAC
* Regional data processing is required in europe-west1 and australia-southeast1
* Centralized Network Administration Team
Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering. You want to deploy the appliance in us-west1.
What should you do?

A.* Create 2 VPCs in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Host Project.* Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.* Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.

B.* Create 2 VPCs in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Service Project.* Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.* Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.

C.* Create 1 VPC in a Shared VPC Host Project.* Configure a 2-NIC instance in zone us-west1-a in the Host Project.* Attach NIC0 in us-west1 subnet of the Host Project.* Attach NIC1 in us-west1 subnet of the Host Project* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.

D.* Create 1 VPC in a Shared VPC Service Project.* Configure a 2-NIC instance in zone us-west1-a in the Service Project.* Attach NIC0 in us-west1 subnet of the Service Project.* Attach NIC1 in us-west1 subnet of the Service Project* Deploy the instance.* Configure the necessary routes and firewall rules to pass traffic through the instance.

Other Version: 2036Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 1755Google.Professional-Cloud-Network-Engineer.v2025-05-14.q111; 1898Google.Professional-Cloud-Network-Engineer.v2024-10-28.q109; 1799Google.Professional-Cloud-Network-Engineer.v2023-01-24.q52; 2860Google.Professional-Cloud-Network-Engineer.v2022-03-12.q83; 102Google.Ipassleader.Professional-Cloud-Network-Engineer.v2021-10-07.by.stephanie.79q.pdf

Latest Upload: 252PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 362Nokia.4A0-113.v2026-05-01.q69; 397EC-COUNCIL.312-49v11.v2026-04-30.q214; 307Microsoft.MB-820.v2026-04-30.q101; 248Salesforce.MC-202.v2026-04-30.q57; 275BICSI.INSTC_V8.v2026-04-29.q53; 411NMLS.MLO.v2026-04-28.q82; 275NCARB.Project-Management.v2026-04-28.q27; 494EMC.D-AV-DY-23.v2026-04-27.q184; 1303ServiceNow.CSA.v2026-04-27.q483

Question 41

Question 42

Question 43

Question 44

Question 45

Download PDF File