Free Access Google.Professional-Cloud-Network-Engineer.v2024-10-28.q109 Practice Test (Page 14)

Question 61

You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services. You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.
How should you design this topology?

A.Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services.
Create a VPC-native cluster and specify those ranges.

B.Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services.
Create a VPC-native cluster and specify those ranges. When the services are ready to be deployed, resize the subnets.

C.Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.

D.Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.

Question 62

You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.
What should you do?

A.Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.

B.Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.

C.Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.

D.Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.

Question 63

Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.
During troubleshooting you find:
- Each on-premises router is configured with a unique ASN. ?Each on-
premises router is configured with the same routes and priorities.
- Both on-premises routers are configured with a VPN connected to a
single Cloud Router.
- BGP sessions are established between both on-premises routers and the Cloud Router.
- Only 1 of the on-premises router's routes are being added to the
routing table.
What is the most likely cause of this problem?

A.You do not have a load balancer to load-balance the network traffic.

B.A firewall is blocking the traffic across the second VPN connection.

C.The ASNs being used on the on-premises routers are different.

D.The on-premises routers are configured with the same routes.

Question 64

You created a new VPC for your development team. You want to allow access to the resources in this VPC via SSH only.
How should you configure your firewall rules?

A.Create a single firewall rule to allow port 22 with priority 1000.

B.Create two firewall rules: one to block all traffic with priority 65536, and another to allow port 3389 with priority 1000.

C.Create a single firewall rule to allow port 3389 with priority 1000.

D.Create two firewall rules: one to block all traffic with priority 0, and another to allow port 22 with priority 1000.

Question 65

Your team is developing an application that will be used by consumers all over the world. Currently, the application sits behind a global external application load balancer You need to protect the application from potential application-level attacks. What should you do?

A.Enable Cloud CDN on the backend service.

B.Create multiple firewall deny rules to block malicious users, and apply them to the global external application load balancer

C.Create a Google Cloud Armor security policy With web application firewall rules, and apply the security policy to the backend service.

D.Create a VPC Service Controls perimeter with the global external application load balancer as the protected service, and apply it to the backend service

Other Version: 2036Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 1755Google.Professional-Cloud-Network-Engineer.v2025-05-14.q111; 2809Google.Professional-Cloud-Network-Engineer.v2023-04-24.q111; 1799Google.Professional-Cloud-Network-Engineer.v2023-01-24.q52; 2860Google.Professional-Cloud-Network-Engineer.v2022-03-12.q83; 102Google.Ipassleader.Professional-Cloud-Network-Engineer.v2021-10-07.by.stephanie.79q.pdf

Latest Upload: 252PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 362Nokia.4A0-113.v2026-05-01.q69; 397EC-COUNCIL.312-49v11.v2026-04-30.q214; 307Microsoft.MB-820.v2026-04-30.q101; 248Salesforce.MC-202.v2026-04-30.q57; 275BICSI.INSTC_V8.v2026-04-29.q53; 411NMLS.MLO.v2026-04-28.q82; 275NCARB.Project-Management.v2026-04-28.q27; 494EMC.D-AV-DY-23.v2026-04-27.q184; 1303ServiceNow.CSA.v2026-04-27.q483

Question 61

Question 62

Question 63

Question 64

Question 65

Download PDF File