Free Access Google.Professional-Cloud-Network-Engineer.v2023-04-24.q111 Practice Test (Page 17)

Question 76

You need to configure a Google Kubernetes Engine (GKE) cluster. The initial deployment should have 5 nodes with the potential to scale to 10 nodes. The maximum number of Pods per node is 8. The number of services could grow from 100 to up to 1024. How should you design the IP schema to optimally meet this requirement?

A.Configure a /28 primary IP address range for the node IP addresses. Configure a /24 secondary IP range for the Pads. Configure a /22 secondary IP range for the Services.

B.Configure a /28 primary IP address range for the node IP addresses. Configure a (25 secondary IP range for the Pods. Configure a /22 secondary IP range for the Services.

C.Configure a /28 primary IP address range for the node IP addresses. Configure a /28 secondary IP range for the Pods. Configure a /21 secondary IP range for the Services.

D.Configure a /28 primary IP address range for the node IP addresses. Configure a /25 secondary IP range for the Pods. Configure a /21 secondary IP range for the Services.

Question 77

You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements:
IP ranges for pods and services must be as small as possible.
The nodes and the master must not be reachable from the internet.
You must be able to use kubectl commands from on-premises subnets to manage the cluster.
How should you create the GKE cluster?

A.* Create a private cluster that uses VPC advanced routes.
* Set the pod and service ranges as /24.
* Set up a network proxy to access the master.

B.* Create a VPC-native GKE cluster using GKE-managed IP ranges.
* Set the pod IP range as /21 and service IP range as /24.
* Set up a network proxy to access the master.

C.* Create a VPC-native GKE cluster using user-managed IP ranges.
* Enable a GKE cluster network policy, set the pod and service ranges as /24.
* Set up a network proxy to access the master.
* Enable master authorized networks.

D.* Create a VPC-native GKE cluster using user-managed IP ranges.
* Enable privateEndpoint on the cluster master.
* Set the pod and service ranges as /24.
* Set up a network proxy to access the master.

Question 78

You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.
What should you do?

A.Upload your public ssh key to the project Metadata.

B.Upload your public ssh key to each instance Metadata.

C.Create a custom Google Compute Engine image with your public ssh key embedded.

D.Use gcloud compute sshto automatically copy your public ssh key to the instance.

Question 79

You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic listed.
During troubleshooting you find:
* Flow logs are enabled for the VPC subnet, and all firewall rules are set to log.
* The subnetwork logs are not excluded from Stackdriver.
* The instance that is hosting the application can communicate outside the subnet.
* Other instances within the subnet can communicate outside the subnet.
* The external resource initiates communication.
What is the most likely cause of the missing log lines?

A.The traffic is matching the expected ingress rule.

B.The traffic is matching the expected egress rule.

C.The traffic is not matching the expected ingress rule.

D.The traffic is not matching the expected egress rule.

Question 80

You are configuring a new HTTP application that will be exposed externally behind both IPv4 and IPv6 virtual IP addresses, using ports 80, 8080, and 443. You will have backends in two regions: us-west1 and us-east1. You want to serve the content with the lowest-possible latency while ensuring high availability and autoscaling, and create native content-based rules using the HTTP hostname and request path. The IP addresses of the clients that connect to the load balancer need to be visible to the backends. Which configuration should you use?

A.Use External HTTP(S) Load Balancing with URL Maps and custom headers

B.Use TCP Proxy Load Balancing with PROXY protocol enabled

C.Use Network Load Balancing

D.Use External HTTP(S) Load Balancing with URL Maps and an X-Forwarded-For header

Other Version: 2058Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 1766Google.Professional-Cloud-Network-Engineer.v2025-05-14.q111; 1908Google.Professional-Cloud-Network-Engineer.v2024-10-28.q109; 1805Google.Professional-Cloud-Network-Engineer.v2023-01-24.q52; 2868Google.Professional-Cloud-Network-Engineer.v2022-03-12.q83; 102Google.Ipassleader.Professional-Cloud-Network-Engineer.v2021-10-07.by.stephanie.79q.pdf

Latest Upload: 277PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 389Nokia.4A0-113.v2026-05-01.q69; 423EC-COUNCIL.312-49v11.v2026-04-30.q214; 346Microsoft.MB-820.v2026-04-30.q101; 262Salesforce.MC-202.v2026-04-30.q57; 306BICSI.INSTC_V8.v2026-04-29.q53; 435NMLS.MLO.v2026-04-28.q82; 292NCARB.Project-Management.v2026-04-28.q27; 525EMC.D-AV-DY-23.v2026-04-27.q184; 1361ServiceNow.CSA.v2026-04-27.q483

Question 76

Question 77

Question 78

Question 79

Question 80

Download PDF File