Free Access Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179 Practice Test (Page 16)

Question 71

You are configuring the final elements of a migration effort where resources have been moved from on-premises to Google Cloud. While reviewing the deployed architecture, you noticed that DNS resolution is failing when queries are being sent to the on-premises environment. You log in to a Compute Engine instance, try to resolve an on-premises hostname, and the query fails. DNS queries are not arriving at the on-premises DNS server. You need to use managed services to reconfigure Cloud DNS to resolve the DNS error. What should you do?

A.Validate that the Compute Engine instances are using the Metadata Service IP address as their resolver. Configure an outbound forwarding zone for the on-premises domain pointing to the on-premises DNS server. Configure Cloud Router to advertise the Cloud DNS proxy range to the on-premises network.

B.Validate that there is network connectivity to the on-premises environment and that the Compute Engine instances can reach other on-premises resources. If errors persist, remove the VPC Network Peerings and recreate the peerings after validating the routes.

C.Review the existing Cloud DNS zones, and validate that there is a route in the VPC directing traffic destined to the IP address of the DNS servers. Recreate the existing DNS forwarding zones to forward all queries to the on-premises DNS servers.

D.Ensure that the operating systems of the Compute Engine instances are configured to send DNS queries to the on-premises DNS servers directly.

Question 72

You suspect that one of the virtual machines (VMs) in your default Virtual Private Cloud (VPC) is under a denial-of-service attack. You need to analyze the incoming traffic for the VM to understand where the traffic is coming from. What should you do?

A.Enable VPC Flow Logs for the subnet. Analyze the logs and get the source IP addresses from the connection field.

B.Enable Data Access audit logs of the VPC. Analyze the logs and get the source IP addresses from the subnetworks.get field.

C.Enable VPC Flow Logs for the VPC. Analyze the logs and get the source IP addresses from the src_location field.

D.Enable Data Access audit logs of the subnet. Analyze the logs and get the source IP addresses from the networks.get field.

Question 73

You have configured a Compute Engine virtual machine instance as a NAT gateway. You execute the following command:
gcloud compute routes create no-ip-internet-route \
--network custom-network1 \
--destination-range 0.0.0.0/0 \
--next-hop instance nat-gateway \
--next-hop instance-zone us-central1-a \
--tags no-ip --priority 800
You want existing instances to use the new NAT gateway. Which command should you execute?

A.sudo sysctl -w net.ipv4.ip_forward=1

B.gcloud compute instances add-tags [existing-instance] --tags no-ip

C.gcloud builds submit --config=cloudbuild.waml --substitutions=TAG_NAME=no-ip

D.gcloud compute instances create example-instance --network custom-network1 \

Question 74

You have an application that is running in a managed instance group. Your development team has released an updated instance template which contains a new feature which was not heavily tested. You want to minimize impact to users if there is a bug in the new template.
How should you update your instances?

A.Manually patch some of the instances, and then perform a rolling restart on the instance group.

B.Using the new instance template, perform a rolling update across all instances in the instance group.
Verify the new feature once the rollout completes.

C.Deploy a new instance group and canary the updated template in that group. Verify the new feature in the new canary instance group, and then update the original instance group.

D.Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new template. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.

Question 75

Your company is planning a migration to Google Kubernetes Engine. Your application team informed you that they require a minimum of 60 Pods per node and a maximum of 100 Pods per node Which Pod per node CIDR range should you use?

A./24

B./25

C./26

D./28

Other Version: 496Google.Professional-Cloud-Network-Engineer.v2025-05-14.q111; 587Google.Professional-Cloud-Network-Engineer.v2024-10-28.q109; 1794Google.Professional-Cloud-Network-Engineer.v2023-04-24.q111; 1383Google.Professional-Cloud-Network-Engineer.v2023-01-24.q52; 2295Google.Professional-Cloud-Network-Engineer.v2022-03-12.q83; 102Google.Ipassleader.Professional-Cloud-Network-Engineer.v2021-10-07.by.stephanie.79q.pdf

Latest Upload: 105Oracle.1Z0-1057-23.v2025-09-10.q47; 144Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 130SAP.C-S4EWM-2023.v2025-09-08.q83; 148TheSecOpsGroup.CNSP.v2025-09-08.q20; 190CFAInstitute.ESG-Investing.v2025-09-08.q173; 145PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 138Salesforce.Data-Architect.v2025-09-05.q216; 133Adobe.AD0-E605.v2025-09-05.q50; 172Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 113Oracle.1z0-591.v2025-09-05.q104

Question 71

Question 72

Question 73

Question 74

Question 75

Download PDF File