Free Access Google.Professional-Cloud-Network-Engineer.v2023-04-24.q111 Practice Test (Page 22)

Question 101

Your organization uses a hub-and-spoke architecture with critical Compute Engine instances in your Virtual Private Clouds (VPCs). You are responsible for the design of Cloud DNS in Google Cloud. You need to be able to resolve Cloud DNS private zones from your on-premises data center and enable on-premises name resolution from your hub-and-spoke VPC design. What should you do?

A.Configure a private DNS zone in the hub VPC, and configure DNS forwarding to the on-premises server.
Configure DNS peering from the spoke VPCs to the hub VPC.

B.Configure a DNS policy in the spoke VPCs, and configure your on-premises DNS as an alternate DNS server.
Configure the hub VPC with a private zone, and set up DNS peering to each of the spoke VPCs.

C.Configure a DNS policy in the hub VPC to allow inbound query forwarding from the spoke VPCs.
Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.

D.Configure a DNS policy in the hub VPC, and configure the on-premises DNS as an alternate DNS server.
Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.

Question 102

You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed.
What is the most likely cause of the problem?

A.You have not configured compression in Cloud CDN.

B.You have configured the web servers and Cloud CDN with different compression types.

C.The web servers behind the load balancer are configured with different compression types.

D.You have to configure the web servers to compress responses even if the request has a Via header.

Question 103

You are the network administrator responsible for hybrid connectivity at your organization. Your developer team wants to use Cloud SQL in the us-west1 region in your Shared VPC. You configured a Dedicated Interconnect connection and a Cloud Router in us-west1, and the connectivity between your Shared VPC and on-premises data center is working as expected. You just created the private services access connection required for Cloud SQL using the reserved IP address range and default settings. However, your developers cannot access the Cloud SQL instance from on-premises. You want to resolve the issue. What should you do?

A.Change the VPC routing mode to global.
Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes.

B.Create an additional Cloud Router in us-west2.
Create a new Border Gateway Protocol (BGP) peering connection to your on-premises data center.
Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes.

C.Change the VPC routing mode to global.
Create a custom route advertisement in your Cloud Router to advertise the Cloud SQL IP address range.

D.Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes.
Create a custom route advertisement in your Cloud Router to advertise the Cloud SQL IP address range.

Question 104

You need to enable Cloud CDN for all the objects inside a storage bucket. You want to ensure that all the object in the storage bucket can be served by the CDN.
What should you do in the GCP Console?

A.Create a new HTTP load balancer, select the storage bucket as a backend, enable Cloud CDN on the backend, and make sure each object inside the storage bucket is shared publicly.

B.Create a new cloud storage bucket, and then enable Cloud CDN on it.

C.Create a new TCP load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.

D.Create a new SSL proxy load balancer, select the storage bucket as a backend, and then enable Cloud CDN on the backend.

Question 105

You are migrating a three-tier application architecture from on-premises to Google Cloud. As a first step in the migration, you want to create a new Virtual Private Cloud (VPC) with an external HTTP(S) load balancer. This load balancer will forward traffic back to the on-premises compute resources that run the presentation tier. You need to stop malicious traffic from entering your VPC and consuming resources at the edge, so you must configure this policy to filter IP addresses and stop cross-site scripting (XSS) attacks. What should you do?

A.Create a hierarchical firewall ruleset, and apply it to the VPC's parent organization resource node.

B.Create a Google Cloud Armor policy, and apply it to a backend service that uses an internet network endpoint group (NEG) backend.

C.Create a VPC firewall ruleset, and apply it to all instances in unmanaged instance groups.

D.Create a Google Cloud Armor policy, and apply it to a backend service that uses an unmanaged instance group backend.

Other Version: 2073Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 1780Google.Professional-Cloud-Network-Engineer.v2025-05-14.q111; 1916Google.Professional-Cloud-Network-Engineer.v2024-10-28.q109; 1809Google.Professional-Cloud-Network-Engineer.v2023-01-24.q52; 2870Google.Professional-Cloud-Network-Engineer.v2022-03-12.q83; 102Google.Ipassleader.Professional-Cloud-Network-Engineer.v2021-10-07.by.stephanie.79q.pdf

Latest Upload: 281PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 412Nokia.4A0-113.v2026-05-01.q69; 439EC-COUNCIL.312-49v11.v2026-04-30.q214; 396Microsoft.MB-820.v2026-04-30.q101; 273Salesforce.MC-202.v2026-04-30.q57; 322BICSI.INSTC_V8.v2026-04-29.q53; 456NMLS.MLO.v2026-04-28.q82; 299NCARB.Project-Management.v2026-04-28.q27; 543EMC.D-AV-DY-23.v2026-04-27.q184; 1388ServiceNow.CSA.v2026-04-27.q483

Question 101

Question 102

Question 103

Question 104

Question 105

Download PDF File