最新なGoogle Professional-Cloud-Network-Engineer問題集（236題）、真実試験の問題を全部にカバー！

質問 1：
You are configuring your Google Cloud environment to connect to your on-premises network. Your configuration must be able to reach Cloud Storage APIs and your Google Kubernetes Engine nodes across your private Cloud Interconnect network. You have already configured a Cloud Router with your Interconnect VLAN attachments. You now need to set up the appropriate router advertisement configuration on the Cloud Router. What should you do?
A. Configure the route advertisement to the custom setting, and manually add prefix 199.36.153.8/30 to the list of advertisements. Advertise all visible subnets to the Cloud Router.
B. Configure the route advertisement to the default setting.
C. Configure the route advertisement to the custom setting, and manually add prefix 199.36.153.8/30 to the list of advertisements. Leave all other options as their default settings.
D. On the on-premises router, configure a static route for the storage API virtual IP address which points to the Cloud Router's link-local IP address.
正解：C

質問 2：
Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs.
Which two solutions can you implement to achieve the desired results without compromising the security?
(Choose two.)
A. VPC peering
B. Shared VPC
C. Cloud VPN
D. Dedicated Interconnect
E. Cloud NAT
正解：A,C
解説: (Pass4Test メンバーにのみ表示されます)

質問 3：
You deployed a hub-and-spoke architecture in your Google Cloud environment that uses VPC Network Peering to connect the spokes to the hub. For security reasons, you deployed a private Google Kubernetes Engine (GKE) cluster in one of the spoke projects with a private endpoint for the control plane. You configured authorized networks to be the subnet range where the GKE nodes are deployed. When you attempt to reach the GKE control plane from a different spoke project, you cannot access it. You need to allow access to the GKE control plane from the other spoke projects. What should you do?
A. Deploy a proxy in the spoke project where the GKE nodes are deployed and connect to the control plane through the proxy.
B. Enable Private Google Access on the subnet where the GKE nodes are deployed.
C. Configure the authorized networks to be the subnet ranges of the other spoke projects.
D. Add a firewall rule that allows port 443 from the other spoke projects.
正解：C

質問 4：
You are in the early stages of planning a migration to GCP. You want to test the functionality of your hybrid cloud design before you start to implement it in production. The design includes services running on a Compute Engine Virtual Machine instance that need to communicate to on-premises servers using private IP addresses. The on-premises servers have connectivity to the internet, but you have not yet established any Cloud Interconnect connections. You want to choose the lowest cost method of enabling connectivity between your instance and on-premises servers and complete the test in 24 hours.
Which connectivity method should you choose?
A. Dedicated Interconnect with a single VLAN attachment
B. Dedicated Interconnect, but don't provision any VLAN attachments
C. 50-Mbps Partner VLAN attachment
D. Cloud VPN
正解：D

質問 5：
Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with access from on-premises locations using Cloud Interconnect connections. Your company must be able to send traffic to Cloud Storage only through the Interconnect links while accessing other Google APIs and services over the public internet. What should you do?
A. Use Private Google Access, with restricted.googleapis.com virtual IP addresses for Cloud Storage and private.googleapis.com for all other Google APIs and services.
B. Use Private Google Access, with private.googleapis.com virtual IP addresses for Cloud Storage and restricted.googleapis.com virtual IP addresses for all other Google APIs and services.
C. Use Private Service Connect to access Cloud Storage, and use the default public domains for all other Google APIs and services.
D. Use the default public domains for all Google APIs and services.
正解：C

質問 6：
You are creating a new application and require access to Cloud SQL from VPC instances without public IP addresses.
Which two actions should you take? (Choose two.)
A. Activate the Cloud Datastore API in your project.
B. Create a custom static route to allow the traffic to reach the Cloud SQL API.
C. Enable Private Google Access.
D. Create a private connection to a service producer.
E. Activate the Service Networking API in your project.
正解：C,D
解説: (Pass4Test メンバーにのみ表示されます)

質問 7：
Your company's current network architecture has two VPCs that are connected by a dual-NIC instance that acts as a bump-in-the-wire firewall between the two VPCs. Flows between pairs of subnets across the two VPCs are working correctly. Suddenly, you receive an alert that none of the flows between the two VPCs are working anymore. You need to troubleshoot the problem. What should you do? (Choose 2 answers)
A. Verify that the dual-NIC instance has the --can-ip-forward attribute enabled.
B. Verify that a VPC Service Controls perimeter has not been enabled for the project that contains the two VPCs and the dual-NIC instance.
C. Use Cloud Logging to verify that there were no modifications to the VPC firewall rules or policies that were applied to the two network interfaces of the dual-NIC instance.
D. Verify that the dual-NIC instance has not been added to a backend service.
E. Verify that a public IP address has not been assigned to any network interface of the dual-NIC instance.
正解：A,C
解説: (Pass4Test メンバーにのみ表示されます)

質問 8：
Your company is running out of network capacity to run a critical application in the on-premises data center.
You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances.
Which two products should you incorporate into the solution? (Choose two.)
A. Cloud Audit logs
B. Firewall logs
C. Compute Engine instance system logs
D. Stackdriver Trace
E. VPC flow logs
正解：B,E
解説: (Pass4Test メンバーにのみ表示されます)

質問 9：
You are designing an IP address scheme for new private Google Kubernetes Engine (GKE) clusters, Due to IP address exhaustion of the RFC 1918 address space in your enterprise, you plan to use privately used public IP space for the new dusters. You want to follow Google-recommended practices, What should you do after designing your IP scheme?
A. Create the minimum usable RFC 1918 primary and secondary subnet IP ranges for the clusters. Re-use the secondary address range for the pods across multiple private GKE clusters.
B. Create the minimum usable RFC 1918 primary and secondary subnet IP ranges for the clusters Re-use the secondary address range for the services across multiple private GKE clusters.
C. Create privately used public IP primary and secondary subnet ranges for the clusters. Create a private GKE cluster With the following options selected: --enab1e-ip-a1ias and --enable-private-nodes.
D. Create privately used public IP primary and secondary subnet ranges for the clusters. Create a private GKE cluster with the following options selected and - siable-default-snat, --enable-ip-alias, and - enable-private-nodes
正解：D
解説: (Pass4Test メンバーにのみ表示されます)