Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Google Professional Cloud Network Engineer Exam

Certification Provider: Google
Exam Name: Professional Cloud Network Engineer
Number of questions in our database: 170
Exam Version: Feb. 20, 2024
Exam Official Topics:
  • Topic 1: Managing and monitoring network operations/ Designing a container IP addressing plan for Google Kubernetes Engine
  • Topic 2: Optimizing network resources/ Load balancer and CDN location/ Designing a hybrid network. Considerations Using interconnect, Failover and disaster recovery strategy
  • Topic 3: Designing the overall network architecture. Considerations Hybrid connectivity, Container networking, Options for high availability
  • Topic 4: Implementing a GCP Virtual Private Cloud (VPC)/ Creating a shared VPC and explaining how to share subnets with other projects
  • Topic 5: Differences between Google Cloud Networking and other cloud platforms/ Designing, planning, and prototyping a GCP network
  • Topic 6: Configuring and maintaining Google Kubernetes Engine clusters/ Configuring and maintaining Google Kubernetes Engine clusters
  • Topic 7: Configuring GCP VPC resources/ Failover and disaster recovery strategy/ Target network tags and service accounts
  • Topic 8: Shared vs. standalone VPC interconnect access/ Choosing the appropriate load balancing options
  • Topic 9: Microsegmentation for security purposes/ Designing a Virtual Private Cloud (VPC)/ VPC-native clusters using alias IPs

Free Google Professional Cloud Network Engineer Exam Actual Questions

The questions for Professional Cloud Network Engineer were last updated On Feb. 20, 2024

Question #1

You suspect that one of the virtual machines (VMs) in your default Virtual Private Cloud (VPC) is under a denial-of-service attack. You need to analyze the incoming traffic for the VM to understand where the traffic is coming from. What should you do?

Reveal Solution Hide Solution
Correct Answer: B

Question #2

Your company is planning a migration to Google Kubernetes Engine. Your application team informed you that they require a minimum of 60 Pods per node and a maximum of 100 Pods per node Which Pod per node CIDR range should you use?

Reveal Solution Hide Solution
Correct Answer: B

To determine the Pod per node CIDR range, you need to calculate how many IP addresses are required for each node, and then choose the smallest CIDR range that can accommodate that number. A CIDR range of /n means that there are 2^(32-n) IP addresses available in that range. For example, a /24 range has 2^(32-24) = 256 IP addresses.

According to the question, the application team requires a minimum of 60 Pods per node and a maximum of 100 Pods per node. Therefore, you need to choose a CIDR range that can provide at least 100 IP addresses per node, but not more than necessary. A /25 range has 2^(32-25) = 128 IP addresses, which is enough for 100 Pods per node. A /26 range has 2^(32-26) = 64 IP addresses, which is not enough for 60 Pods per node. A /24 range has 256 IP addresses, which is more than needed and wastes IP address space. A /28 range has 2^(32-28) = 16 IP addresses, which is far too small for any node.

Therefore, the best option is B. /25.This is also consistent with the Google Kubernetes Engine documentation, which states that each node is allocated a /24 range of IP addresses for Pods by default, but the maximum number of Pods per node is 1101. This means that there are approximately twice as many available IP addresses as possible Pods, which is similar to the ratio of 128 to 100 in the /25 range.

1:Configure maximum Pods per node | Google Kubernetes Engine (GKE) | Google Cloud


Question #3

Your company is planning a migration to Google Kubernetes Engine. Your application team informed you that they require a minimum of 60 Pods per node and a maximum of 100 Pods per node Which Pod per node CIDR range should you use?

Reveal Solution Hide Solution
Correct Answer: B

The correct answer is B. /25.

This answer is based on the following facts:

The Pod per node CIDR range determines the size of the IP address range that is assigned to each node for Pods1. The Pods that run on a node are allocated IP addresses from the node's assigned CIDR range1.

The size of the CIDR range corresponds to the maximum number of Pods per node. For example, a /24 CIDR range allows up to 256 IP addresses, but the default maximum number of Pods per node for Standard clusters is 1102. A /25 CIDR range allows up to 128 IP addresses, which is enough for 100 Pods per node.

The other options are not correct because:

Option A is too large. A /24 CIDR range allows more IP addresses than needed for 100 Pods per node. This could result in inefficient use of the IP address space and limit the number of nodes that can be created in the cluster.

Option C is too small. A /26 CIDR range allows only 64 IP addresses, which is not enough for 60 Pods per node. This could result in insufficient capacity to schedule Pods on the nodes.

Option D is also too small. A /28 CIDR range allows only 16 IP addresses, which is far below the minimum requirement of 60 Pods per node. This could result in Pod scheduling failures and poor performance.


Question #4

You are designing an IP address scheme for new private Google Kubernetes Engine (GKE) clusters. Due to IP address exhaustion of the RFC 1918 address space In your enterprise, you plan to use privately used public IP space for the new clusters. You want to follow Google-recommended practices. What should you do after designing your IP scheme?

Reveal Solution Hide Solution
Correct Answer: D

This answer follows the Google-recommended practices for using privately used public IP (PUPI) addresses for GKE Pod address blocks1. The benefits of this approach are:

It allows you to use any public IP addresses that are not owned by Google or your organization for your Pods, which can help mitigate address exhaustion in your enterprise.

It prevents any external traffic from reaching your Pods, as Google Cloud does not route PUPI addresses to the internet or to other VPC networks by default.

It enables you to use VPC Network Peering to connect your GKE cluster to other VPC networks that use different PUPI addresses, as long as you enable the export and import of custom routes for the peering connection.

It preserves the fully integrated network model of GKE, where Pods can communicate with nodes and other resources in the same VPC network without NAT.

The options that you need to select when creating a private GKE cluster with PUPI addresses are:

--disable-default-snat: This option disables source NAT for outbound traffic from Pods to destinations outside the cluster's VPC network.This is necessary to prevent Pods from using RFC 1918 addresses as their source IP addresses, which could cause conflicts with other networks that use the same address space2.

--enable-ip-alias: This option enables alias IP ranges for Pods and Services, which allows you to use separate subnet ranges for them.This is required to use PUPI addresses for Pods1.

--enable-private-nodes: This option creates a private cluster, where nodes do not have external IP addresses and can only communicate with the control plane through a private endpoint.This enhances the security and privacy of your cluster3.

Option A is incorrect because it does not use PUPI addresses for Pods, but rather RFC 1918 addresses. This does not solve the problem of address exhaustion in your enterprise. Option B is incorrect because it reuses the secondary address range for Services across multiple private GKE clusters, which could cause IP conflicts and routing issues. Option C is incorrect because it does not specify the options that are needed to create a private GKE cluster with PUPI addresses.

1:Configuring privately used public IPs for GKE | Kubernetes Engine | Google Cloud2:Using Cloud NAT with GKE | Kubernetes Engine | Google Cloud3:Private clusters | Kubernetes Engine | Google Cloud


Question #5

You are deploying an application that runs on Compute Engine instances. You need to determine how to expose your application to a new customer You must ensure that your application meets the following requirements

* Maps multiple existing reserved external IP addresses to the Instance

* Processes IP Encapsulating Security Payload (ESP) traffic

What should you do?

Reveal Solution Hide Solution
Correct Answer: C

The correct answer is C. Configure a target instance, and create a protocol forwarding rule for each external IP address to be mapped to the instance.

This answer is based on the following facts:

A target instance is a Compute Engine instance that handles traffic from one or more forwarding rules1. You can use target instances to forward traffic to a single VM instance from one or more external IP addresses2.

A protocol forwarding rule specifies the IP protocol and port range for the traffic that you want to forward3. You can use protocol forwarding rules to forward traffic of any IP protocol, including ESP4.

The other options are not correct because:

Option A is not possible. You cannot create protocol forwarding rules for a target pool. A target pool is a group of instances that receives traffic from a network load balancer5.

Option B is not suitable. You do not need to create an external network load balancer for each external IP address. An external network load balancer distributes traffic among multiple backend instances based on the destination IP address and port. You can use a single load balancer with multiple forwarding rules to map multiple external IP addresses to the same backend service.

Option D is not feasible. You cannot add multiple external IP addresses to a single network interface of a Compute Engine instance. Each network interface can have only one external IP address that is either ephemeral or static. You can use alias IP ranges to assign multiple internal IP addresses to a single network interface, but not external IP addresses.



Unlock all Professional Cloud Network Engineer Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now
Disscuss Google Professional Cloud Network Engineer Topics, Questions or Ask Anything Related

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77