Free Access Google.Professional-Cloud-Network-Engineer.v2024-10-28.q109 Practice Test (Page 13)

Question 56

You are trying to update firewall rules in a shared VPC for which you have been assigned only Network Admin permissions. You cannot modify the firewall rules. Your organization requires using the least privilege necessary.
Which level of permissions should you request?

A.Security Admin privileges from the Shared VPC Admin.

B.Service Project Admin privileges from the Shared VPC Admin.

C.Shared VPC Admin privileges from the Organization Admin.

D.Organization Admin privileges from the Organization Admin.

Question 57

Your company's Google Cloud-deployed, streaming application supports multiple languages. The application development team has asked you how they should support splitting audio and video traffic to different backend Google Cloud storage buckets. They want to use URL maps and minimize operational overhead. They are currently using the following directory structure:
/fr/video
/en/video
/es/video
/../video
/fr/audio
/en/audio
/es/audio
/../audio
Which solution should you recommend?

A.Rearrange the directory structure, create DNS hostname entries for video and audio and leverage a path rule such as /video/* and /audio/*.

B.Rearrange the directory structure, create a URL map and leverage a path rule such as /video/* and /audio/
*.

C.Leave the directory structure as-is, create a URL map and leverage a path rule such as \/[a-z]{2}\/video and
\/[a-z]{2}\/audio.

D.Leave the directory structure as-is, create a URL map and leverage a path rule such as /*/video and /*/ audio.

Question 58

You have the following private Google Kubernetes Engine (GKE) cluster deployment:

You have a virtual machine (VM) deployed in the same VPC in the subnetwork kubernetes-management with internal IP address 192.168.40 2/24 and no external IP address assigned. You need to communicate with the cluster master using kubectl. What should you do?

A.Add the network 192.168.36.0/24 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2

B.Add the network 192.168.38.0/28 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2

C.Add the network 192.168.40.0/24 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2.

D.Add an external IP address to the VM, and add this IP address in the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 35.224.37.17.

Question 59

You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.
Which two actions should you take? (Choose two.)

A.Turn on Private Google Access at the subnet level.

B.Turn on Private Google Access at the VPC level.

C.Turn on Private Services Access at the VPC level.

D.Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.

E.Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.

Question 60

You are planning to use Terraform to deploy the Google Cloud infrastructure for your company The design must meet the following requirements
* Each Google Cloud project must represent an Internal project that your team Will work on
* After an internal project is finished, the infrastructure must be deleted
* Each Internal project must have Its own Google Cloud project owner to manage the Google Cloud resources-
* You have 10-100 projects deployed at a time,
While you are writing the Terraform code, you need to ensure that the deployment IS Simple, and the code IS reusable With centralized management What should you doo

A.Create a Single pt0Ject and additional VPCs for each Internal project

B.Create a Single Project and Single VPC for each internal project

C.Create a single Shared VPC and attach each Google Cloud project as a service project

D.Create a Shared VPC and service project for each Internal project

Correct Answer: C

The correct answer is C. Create a single Shared VPC and attach each Google Cloud project as a service project.
This answer is based on the following facts:
A Shared VPC allows you to share one or more VPC networks across multiple Google Cloud projects1. This simplifies the deployment and management of the network infrastructure, as you only need to create and maintain one VPC network for all your internal projects.
A Shared VPC consists of a host project that owns the VPC network and one or more service projects that use the VPC network2. You can attach and detach service projects as needed, depending on the lifecycle of your internal projects. You can also delete service projects without affecting the host project or other service projects.
A Shared VPC allows you to delegate administrative roles to different project owners3. You can grant the Shared VPC Admin role to the owner of the host project, who can manage the VPC network and its subnets. You can also grant the Service Project Admin role to the owners of the service projects, who can manage the Google Cloud resources in their own projects.
The other options are not correct because:
Option A is not suitable. Creating a single project and additional VPCs for each internal project will increase the complexity and cost of the network infrastructure. You will need to create and maintain multiple VPC networks, firewall rules, routes, and VPN tunnels. You will also have a limit on the number of VPC networks per project4.
Option B is not feasible. Creating a single project and single VPC for each internal project will not meet the requirement of having separate project owners for each internal project. You will have only one project owner who can manage all the Google Cloud resources in the same project.
Option D is not optimal. Creating a Shared VPC and service project for each internal project will not meet the requirement of having a simple and reusable code with centralized management. You will need to create and maintain multiple Shared VPCs, which will increase the complexity and cost of the network infrastructure. You will also have more Terraform code to write and manage for each Shared VPC.

Other Version: 2019Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 1744Google.Professional-Cloud-Network-Engineer.v2025-05-14.q111; 2797Google.Professional-Cloud-Network-Engineer.v2023-04-24.q111; 1790Google.Professional-Cloud-Network-Engineer.v2023-01-24.q52; 2854Google.Professional-Cloud-Network-Engineer.v2022-03-12.q83; 102Google.Ipassleader.Professional-Cloud-Network-Engineer.v2021-10-07.by.stephanie.79q.pdf

Latest Upload: 240PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 332Nokia.4A0-113.v2026-05-01.q69; 337EC-COUNCIL.312-49v11.v2026-04-30.q214; 270Microsoft.MB-820.v2026-04-30.q101; 235Salesforce.MC-202.v2026-04-30.q57; 249BICSI.INSTC_V8.v2026-04-29.q53; 367NMLS.MLO.v2026-04-28.q82; 267NCARB.Project-Management.v2026-04-28.q27; 484EMC.D-AV-DY-23.v2026-04-27.q184; 1235ServiceNow.CSA.v2026-04-27.q483

Question 56

Question 57

Question 58

Question 59

Question 60

Download PDF File