Question 1

You need to ensure your personal SSH key works on every instance in your project. You want to accomplish

this as efficiently as possible.

What should you do?

Options :

A : Upload your public ssh key to the project Metadata.

B : Upload your public ssh key to each instance Metadata.

C : Create a custom Google Compute Engine image with your public ssh key embedded.

D : Use gcloud compute ssh to automatically copy your public ssh key to the instance.

Answer: A

Question 2

Your organization recently re-architected your cloud environment to use Network Connectivity Center. However, an error occurred when you tried to add a new VPC named vpc-dev as a spoke. The error indicated that there was an issue with an existing spoke and the IP space of a VPC named vpc-pre-prod. You must complete the migration quickly and efficiently. What should you do?

Options :

A :

Remove the conflicting VPC spoke for vpc-pre-prod from the set of VPC spokes in Network Connectivity Center. Add the VPC spoke for vpc-dev. Add the previously removed vpc-pre-prod as a VPC spoke

B :

Delete the VMs associated with the conflicting subnets, then delete the conflicting subnets in vpc-dev. Recreate the subnets with a new IP range and redeploy the previously deleted VMs in the new subnets. Add the VPC spoke for vpc-dev.

C :

Exclude the conflicting IP range by using the --exclude-export-ranges flag when creating the VPC spoke for vpc-dev.

D :

Exclude the conflicting IP range by using the --exclude-export-ranges flag in the hub when attaching the VPC spoke for vpc-dev.

Answer: A

Question 3

You want to use Cloud Interconnect to connect your on-premises network to a GCP VPC. You cannot meet

Google at one of its point-of-presence (POP) locations, and your on-premises router cannot run a Border

Gateway Protocol (BGP) configuration.

Which connectivity model should you use?

Options :

A : Direct Peering

B : Dedicated Interconnect

C : Partner Interconnect with a layer 2 partner

D : Partner Interconnect with a layer 3 partner

Answer: D

Question 4

You created two subnets named Test and Web in the same VPC network. You enabled VPC Flow Logs for the Web subnet. You are trying to connect instances in the Test subnet to the web servers running in the Web subnet, but all of the connections are failing. You do not see any entries in the Stackdriver logs. What should you do?

Options :

A : Add a firewall rule to allow traffic from the Test subnet to the Web subnet.

B : Enable VPC Flow Logs for the Test subnet also.

C : Create a subnet in another VPC, and move the web servers in the new subnet.

D : Make sure that there is a valid entry in the route table.

Answer: A

Question 5

You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size

is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new

services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services.

You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.

How should you design this topology?

Options :

A : Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services. Create a VPC-native cluster and specify those ranges.

B : Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services. Create a VPC-native cluster and specify those ranges. When the services are ready to be deployed, resize the subnets.

C : Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.

D : Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.

Answer: A

Smartly Prepare Exam with Free Online Professional-Cloud-Network-Engineer Practice Test

Buying Options: