Free Access Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179 Practice Test (Page 4)

Question 11

Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs.
Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)

A.VPC peering

B.Shared VPC

C.Cloud VPN

D.Dedicated Interconnect

E.Cloud NAT

Question 12

You are creating a new application and require access to Cloud SQL from VPC instances without public IP addresses.
Which two actions should you take? (Choose two.)

A.Activate the Service Networking API in your project.

B.Activate the Cloud Datastore API in your project.

C.Create a private connection to a service producer.

D.Create a custom static route to allow the traffic to reach the Cloud SQL API.

E.Enable Private Google Access.

Question 13

Question:
Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?

A.Enable Cloud Armor TLS inspection policy, and associate the policy with the backend VMs.

B.Use Cloud NGFW Enterprise. Create a firewall rule for egress traffic with the tls-inspect flag and associate the firewall rules with the VMs.

C.Configure a TLS agent on every VM to intercept TLS traffic before it reaches the internet. Configure Sensitive Data Protection to analyze and allow/deny the content.

D.Use Cloud NGFW Essentials. Create a firewall rule for egress traffic and enable VPC Flow Logs with the TLS inspect option. Analyze the output logs content and block the outputs that have malicious activities.

Question 14

In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.
What should you do?

A.Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.

B.Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.

C.Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.

D.Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.

Question 15

There are two established Partner Interconnect connections between your on-premises network and Google Cloud. The VPC that hosts the Partner Interconnect connections is named "vpc-a" and contains three VPC subnets across three regions, Compute Engine instances, and a GKE cluster. Your on-premises users would like to resolve records hosted in a Cloud DNS private zone following Google-recommended practices. You need to implement a solution that allows your on-premises users to resolve records that are hosted in Google Cloud. What should you do?

A.Associate the private zone to "vpc-a." Create an outbound forwarding policy and associate the policy to
"vpc-a." Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to "vpc-a."

B.Configure a DNS proxy service inside one of the GKE clusters. Expose the DNS proxy service in GKE as an internal load balancer. Configure the on-premises DNS servers to forward queries for the private zone to the IP address of the internal load balancer.

C.Use custom route advertisements to announce 169.254.169.254 via BGP to the on-premises environment. Configure the on-premises DNS servers to forward DNS requests to 169.254.169.254.

D.Associate the private zone to "vpc-a." Create an inbound forwarding policy and associate the policy to
"vpc-a." Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to "vpc-a."

Other Version: 495Google.Professional-Cloud-Network-Engineer.v2025-05-14.q111; 586Google.Professional-Cloud-Network-Engineer.v2024-10-28.q109; 1794Google.Professional-Cloud-Network-Engineer.v2023-04-24.q111; 1372Google.Professional-Cloud-Network-Engineer.v2023-01-24.q52; 2289Google.Professional-Cloud-Network-Engineer.v2022-03-12.q83; 102Google.Ipassleader.Professional-Cloud-Network-Engineer.v2021-10-07.by.stephanie.79q.pdf

Latest Upload: 103Oracle.1Z0-1057-23.v2025-09-10.q47; 118Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 123SAP.C-S4EWM-2023.v2025-09-08.q83; 147TheSecOpsGroup.CNSP.v2025-09-08.q20; 175CFAInstitute.ESG-Investing.v2025-09-08.q173; 128PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 132Salesforce.Data-Architect.v2025-09-05.q216; 128Adobe.AD0-E605.v2025-09-05.q50; 164Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 113Oracle.1z0-591.v2025-09-05.q104

Question 11

Question 12

Question 13

Question 14

Question 15

Download PDF File