Here you have the best Google Professional Cloud Network Engineer practice exam questions
You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.
What should you do?
To restrict access to a Google Cloud load-balanced application so that only specific IP addresses can connect, you should utilize firewall rules to control access. This involves tagging the backend instances with a specific tag like 'application' and then creating a firewall rule that targets instances with that tag. The firewall rule would specify the source IP range of the allowed clients and include Google health check IP ranges. This method effectively controls access at the network level and ensures that only the specified IP addresses can connect to the backend instances.
Your end users are located in close proximity to us-east1 and europe-west1. Their workloads need to communicate with each other. You want to minimize cost and increase network efficiency.
How should you design this topology?
Creating one VPC with two regional subnets is the best approach for minimizing cost and increasing network efficiency. This setup allows workloads in different regions to communicate using private RFC1918 IP addresses within the same VPC. This method leverages Google's internal network infrastructure, ensuring that the traffic remains within Google's network without incurring additional costs associated with external IPs or VPN gateways. This approach takes full advantage of Google's global backbone network, providing efficient and low-latency communication between the regions.
Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead.
How should you design the topology?
To meet the requirements of having network connectivity between two departments and keeping the third department isolated, creating 3 separate VPCs and using VPC peering between the two VPCs that need to communicate is the optimal solution. This approach ensures that each department remains in its own administrative domain, thus maintaining isolation for the third department. VPC peering allows efficient and secure communication between the two departments that need connectivity while minimizing operational overhead.
You are migrating to Cloud DNS and want to import your BIND zone file.
Which command should you use?
To import a BIND zone file into Cloud DNS, you need to use the gcloud dns record-sets import command. The --zone-file-format flag indicates that the input records file is in BIND zone format. If this flag is omitted, the system expects the records file to be in YAML format. Therefore, to correctly import a BIND zone file, the proper command is gcloud dns record-sets import ZONE_FILE --zone-file-format --zone MANAGED_ZONE.
You created a VPC network named Retail in auto mode. You want to create a VPC network named Distribution and peer it with the Retail VPC.
How should you configure the Distribution VPC?
To peer a new VPC with an existing one in auto mode without causing IP address conflicts, the new VPC should be created in custom mode to allow for specific IP address management. Using the CIDR range 10.0.0.0/9 ensures there is no overlap with the automatically created subnets in the Retail VPC, which typically uses the 10.128.0.0/9 range. Therefore, creating the Distribution VPC in custom mode with the 10.0.0.0/9 CIDR range and then peering both VPCs via network peering is the correct approach.