Question 1

You have applications running in the us-west1 and us-east1 regions. You want to build a highly available VPN that provides 99.99% availability to connect your applications from your project to the cloud services provided by your partners project while minimizing the amount of infrastructure required Your partners services are also in the us-west1 and us-east1 regions. You want to implement the simplest solution. What should you do?

Options :

A : Create one Cloud Router and one HA VPN gateway in each region of your VPC and your partners VPC. Connect your VPN gateways to the partners gateways. Enable global dynamic routing in each VPC.

B : Create one Cloud Router and one HA VPN gateway in the us-west1 region of your VPC. Create one OpenVPN Access Server in each region of your partner-s VPC. Conned your VPN gateway to your partner-s servers.

C : Create one OpenVPN Access Server in each region of your VPC and your partners VPC. Connect your servers to the partner-s servers.

D : Create one Cloud Router and one HA VPN gateway in the us-west1 region of your VPC and your partners VPC. Connect your VPN gateways to the partners gateways with a pair of tunnels Enable global dynamic routing in each VPC

Answer: A

Question 2

Your company recently migrated to Google Cloud in a Single region. You configured separate Virtual Private

Cloud (VPC) networks for two departments. Department A and Department B. Department A has requested

access to resources that are part Of Department Bis VPC. You need to configure the traffic from private IP

addresses to flow between the VPCs using multi-NIC virtual machines (VMS) to meet security requirements

Your configuration also must

• Support both TCP and UDP protocols

• Provide fully automated failover

• Include health-checks

Require minimal manual Intervention In the client VMS

Which approach should you take?

Options :

A : Create the VMS In the same zone, and configure static routes With IP addresses as next hops.

B : Create the VMS in different zones, and configure static routes with instance names as next hops

C :

Create an Instance template and a managed instance group. Configure a Single internal load balancer, and define a custom static route with the Internal TCP/UDP load balancer as the next hop

D :

Create an instance template and a managed instance group. Configure two separate internal TCP/IJDP load balancers for each protocol (TCP!UDP), and configure the client VIVIS to use the internal load balancers' virtual IP addresses

Answer: D

Question 3

You are adding steps to a working automation that uses a service account to authenticate. You need to drive

the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the

least privilege possible.

What should you do?

Options :

A : Grant the compute.instanceAdmin to your user account.

B : Grant the iam.serviceAccountUser to your user account.

C : Grant the read-only privilege to the service account for the Cloud Storage bucket.

D : Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.

Answer: C

Question 4

After a network change window one of your company’s applications stops working. The application uses an on-premises database server that no longer receives any traffic from the application. The database server IP address is 10.2.1.25. You examine the change request, and the only change is that 3 additional VPC subnets were created. The new VPC subnets created are 10.1.0.0/16, 10.2.0.0/16, and 10.3.1.0/24/ The on-premises router is advertising 10.0.0.0/8.

What is the most likely cause of this problem?

Options :

A : The less specific VPC subnet route is taking priority.

B : The more specific VPC subnet route is taking priority.

C : The on-premises router is not advertising a route for the database server.

D : A cloud firewall rule that blocks traffic to the on-premises database server was created during the change

Answer: B

Question 5

You have a storage bucket that contains the following objects:

- folder-a/image-a-1.jpg

- folder-a/image-a-2.jpg

- folder-b/image-b-1.jpg

- folder-b/image-b-2.jpg

Cloud CDN is enabled on the storage bucket, and all four objects have been successfully cached. You want to

remove the cached copies of all the objects with the prefix folder-a, using the minimum number of commands.

What should you do?

Options :

A : Add an appropriate lifecycle rule on the storage bucket.

B : Issue a cache invalidation command with pattern /folder-a/*.

C : Make sure that all the objects with prefix folder-a are not shared publicly.

D :

Disable Cloud CDN on the storage bucket. Wait 90 seconds. Re-enable Cloud CDN on the storage bucket.

Answer: B