Question 1

You want to create a service in GCP using IPv6.

What should you do?

Options :

A : Create the instance with the designated IPv6 address.

B : Configure a TCP Proxy with the designated IPv6 address.

C : Configure a global load balancer with the designated IPv6 address.

D : Configure an internal load balancer with the designated IPv6 address.

Answer: C

Question 2

You have deployed a new internal application that provides HTTP and TFTP services to on-premises hosts.

You want to be able to distribute traffic across multiple Compute Engine instances, but need to ensure that

clients are sticky to a particular instance across both services.

Which session affinity should you choose?

Options :

A : None

B : Client IP

C : Client IP and protocol

D : Client IP, port and protocol

Answer: B

Question 3

You are designing a packet mirroring policy as pan of your network security architecture for your gaming workload. Your Infrastructure is located in the us-west2 region and deployed across several zones: us-west2- a. us-west2-b. and us-west2-c The Infrastructure Is running a web-based application on TCP ports 80 and 443 with other game servers that utilize the UDP protocol. You need to deploy packet mirroring policies and collector instances to monitor web application traffic while minimizing inter-zonal network egress costs. Following Google-recommended practices, how should you deploy the packet mirroring policies and collector instances?

Options :

A :

Create three packet mirroring policies: one for each zone. Create three groups of collector instances: one group for each zone. Configure each policy to match traffic for Its zone based on instance-tags, and create a filter for TCP traffic.

B :

Create three packet mirroring policies: one for each zone. Create three groups of collector instances: one group for each zone. Configure each policy to match traffic for its zone based on subnets, and create a filter for TCP traffic

C :

Create one packet mirroring policy for the us-west2 region. Create one group of collector instances for the us-west2 region Configure the packet mirroring policy to match traffic for web server instances based on instance-tags, and create a filter for TCP traffic.

D :

Create three packet mirroring policies: one for each zone. Create one group of collector instances for the us-west2 region. Configure each packet mirroring policy to match traffic for its zone based on instance-tags, and create a filter for TCP traffic

Answer: D

Question 4

You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non

BGP-capable on-premises VPN device. You want to minimize downtime and operational overhead when your

network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.

What should you do?

Options :

A :

Create a Cloud VPN instance.• Create a policy-based VPN tunnel per subnet.• Configure the appropriate local and remote traffic selectors to match your local and remote networks.• Create the appropriate static routes.

B :

Create a Cloud VPN instance.• Create a policy-based VPN tunnel.• Configure the appropriate local and remote traffic selectors to match your local and remote networks.• Configure the appropriate static routes

C :

Create a Cloud VPN instance.• Create a route-based VPN tunnel.• Configure the appropriate local and remote traffic selectors to match your local and remote networks.• Configure the appropriate static routes.

D :

Create a Cloud VPN instance.• Create a route-based VPN tunnel.• Configure the appropriate local and remote traffic selectors to 0.0.0.0/0.• Configure the appropriate static routes.

Answer: B

Question 5

You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with

a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic

listed.

During troubleshooting you find:

• Flow logs are enabled for the VPC subnet, and all firewall rules are set to log.

• The subnetwork logs are not excluded from Stackdriver.

• The instance that is hosting the application can communicate outside the subnet.

• Other instances within the subnet can communicate outside the subnet.

• The external resource initiates communication.

What is the most likely cause of the missing log lines?

Options :

A : The traffic is matching the expected ingress rule.

B : The traffic is matching the expected egress rule.

C : The traffic is not matching the expected ingress rule.

D : The traffic is not matching the expected egress rule.

Answer: C