Question 1

You suspect that one of the virtual machines (VMs) in your default Virtual Private Cloud (VPC) is under a denial-of-service attack. You need to analyze the incoming traffic for the VM to understand where the traffic is coming from. What should you do?

Options :

A : Enable Data Access audit logs of the VPC. Analyze the logs and get the source IP addresses from the subnetworks.get field.

B : Enable VPC Flow Logs for the subnet. Analyze the logs and get the source IP addresses from the connection field.

C : Enable VPC Flow Logs for the VPC. Analyze the logs and get the source IP addresses from the src_location field.

D : Enable Data Access audit logs of the subnet. Analyze the logs and get the source IP addresses from the networks.get field

Answer: B

Question 2

You are configuring a new HTTP application that will be exposed externally behind both IPv4 and IPv6 virtual IP addresses, using ports 80, 8080, and 443. You will have backends in two regions: us-west1 and us-east1. You want to serve the content with the lowest-possible latency while ensuring high availability and autoscaling, and create native content-based rules using the HTTP hostname and request path. The IP addresses of the clients that connect to the load balancer need to be visible to the backends. Which configuration should you use?

Options :

A : Use Network Load Balancing

B : Use TCP Proxy Load Balancing with PROXY protocol enabled

C : Use External HTTP(S) Load Balancing with URL Maps and custom headers

D : Use External HTTP(S) Load Balancing with URL Maps and an X-Forwarded-For header

Answer: D

Question 3

Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with access from your on-premises network using Cloud Interconnect. You must configure access only to Google APIs and services that are supported by VPC Service Controls through hybrid connectivity with a service level agreement (SLA) in place. What should you do?

Options :

A : Configure the existing Cloud Routers to advertise the Google API-s public virtual IP addresses.

B : Use Private Google Access for on-premises hosts with restricted.googleapis.com virtual IP addresses.

C : Configure the existing Cloud Routers to advertise a default route, and use Cloud NAT to translate traffic from your on-premises network.

D : Add Direct Peering links and use them for connectivity to Google APIs that use public virtual IP addresses

Answer: B

Question 4

You want to use Cloud Interconnect to connect your on-premises network to a GCP VPC. You cannot meet

Google at one of its point-of-presence (POP) locations, and your on-premises router cannot run a Border

Gateway Protocol (BGP) configuration.

Which connectivity model should you use?

Options :

A : Direct Peering

B : Dedicated Interconnect

C : Partner Interconnect with a layer 2 partner

D : Partner Interconnect with a layer 3 partner

Answer: D

Question 5

You recently noticed a recurring daily spike in network usage in your Google Cloud project. You need to identify the virtual machine NM) instances and type of traffic causing the spike in traffic utilization while minimizing the cost and management overhead required. What should you do?

Options :

A : Enable VPC Flow Logs and send the output to BigQuery for analysis

B : Enable Firewall Rules Logging for all allowed traffic and send the output to BigQuery for analysis

C : Configure Packet Mirroring to send all traffic to a VM. Use Wireshark on the VM to identity traffic utilization for each VM in the VPC.

D : Deploy a third-party network appliance and configure it as the default gateway. Use the third-party network appliance to identify users with high network traffic.

Answer: C