698 お客様のコメント
クリック」
質問 1:
You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP- capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.
What should you do?
A. * Create a Cloud VPN instance.* Create a policy-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Configure the appropriate static routes.
B. * Create a Cloud VPN instance.* Create a route-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to 0.0.0.0/0.* Configure the appropriate static routes.
C. * Create a Cloud VPN instance.* Create a policy-based VPN tunnel per subnet.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Create the appropriate static routes.
D. * Create a Cloud VPN instance.* Create a route-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Configure the appropriate static routes.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage. You want to ensure that none of the application instances have external IP addresses.
Which two methods can you use to accomplish this? (Choose two.)
A. Create network peering between your VPC and BigQuery.
B. Enable Private Services Access on the VPC.
C. Create a Cloud NAT, and route the application traffic via NAT gateway.
D. Enable Private Google Access on the VPC.
E. Enable Private Google Access on all the subnets.
正解:C,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Your team deployed two applications in GKE that are exposed through an external Application Load Balancer. When queries are sent to www.mountkirkgames.com/sales and www.mountkirkgames.com/get-an- analysis, the correct pages are displayed. However, you have received complaints that www.mountkirkgames.
com yields a 404 error. You need to resolve this error. What should you do?
A. Review the Service YAML file. Add a new path rule for the * character that directs to the base service.
Reapply the YAML.
B. Review the Service YAML file. Define a default backend. Reapply the YAML.
C. Review the Ingress YAML file. Add a new path rule for the * character that directs to the base service.
Reapply the YAML.
D. Review the Ingress YAML file. Define the default backend. Reapply the YAML.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements:
All access to your on-premises network must go through the network virtual appliances.
Allow on-premises access in the event of a single network virtual appliance failure.
Both network virtual appliances must be used simultaneously.
Which method should you use to accomplish this?
A. Configure two routes for 10.0.0.0/8 with different priorities, each pointing to separate network virtual appliances.
B. Configure an internal TCP/UDP load balancer with the two network virtual appliances as backends.Configure a route for 10.0.0.0/8 with the internal load balancer as the next hop.
C. Configure an internal HTTP(S) load balancer with the two network virtual appliances as backends.
Configure a route for 10.0.0.0/8 with the internal HTTP(S) load balancer as the next hop.
D. Configure a network load balancer for the two network virtual appliances. Configure a route for 10.0.0.0
/8 with the network load balancer as the next hop.
正解:C
質問 5:
You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services.
You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.
How should you design this topology?
A. Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services. Create a VPC- native cluster and specify those ranges. When the services are ready to be deployed, resize the subnets.
B. Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.
C. Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services. Create a VPC- native cluster and specify those ranges.
D. Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
You need to create the network infrastructure to deploy a highly available web application in the us-east1 and us-west1 regions. The application runs on Compute Engine instances, and it does not require the use of a database. You want to follow Google-recommended practices. What should you do?
A. Create one VPC with one subnet in each region.
Create a regional network load balancer in each region with a static IP address.
Enable Cloud CDN on the load balancers.
Create an A record in Cloud DNS with both IP addresses for the load balancers.
B. Create one VPC in each region, and peer both VPCs.
Create a global load balancer.
Enable Cloud CDN on the load balancer.
Create a CNAME for the load balancer in Cloud DNS.
C. Create one VPC with one subnet in each region.
Create an HTTP(S) load balancer with a static IP address.
Choose the standard tier for the network.
Enable Cloud CDN on the load balancer.
Create a CNAME record using the load balancer's IP address in Cloud DNS.
D. Create one VPC with one subnet in each region.
Create a global load balancer with a static IP address.
Enable Cloud CDN and Google Cloud Armor on the load balancer.
Create an A record using the IP address of the load balancer in Cloud DNS.
正解:B
質問 7:
You configured Cloud VPN with dynamic routing via Border Gateway Protocol (BGP). You added a custom route to advertise a network that is reachable over the VPN tunnel. However, the on-premises clients still cannot reach the network over the VPN tunnel. You need to examine the logs in Cloud Logging to confirm that the appropriate routers are being advertised over the VPN tunnel. Which filter should you use in Cloud Logging to examine the logs?
A. resource.type= "gce_network_region"
B. resource.type= "vpn_gateway"
C. resource.type= "vpn_tunnel"
D. resource.type= "gce_router"
正解:C
質問 8:
Your company recently migrated to Google Cloud in a Single region. You configured separate Virtual Private Cloud (VPC) networks for two departments. Department A and Department B. Department A has requested access to resources that are part Of Department Bis VPC. You need to configure the traffic from private IP addresses to flow between the VPCs using multi-NIC virtual machines (VMS) to meet security requirements Your configuration also must
* Support both TCP and UDP protocols
* Provide fully automated failover
* Include health-checks
Require minimal manual Intervention In the client VMS
Which approach should you take?
A. Create the VMS in different zones, and configure static routes with instance names as next hops
B. Create the VMS In the same zone, and configure static routes With IP addresses as next hops.
C. Create an instance template and a managed instance group. Configure two separate internal TCP/IJDP load balancers for each protocol (TCP!UDP), and configure the client VIVIS to use the internal load balancers' virtual IP addresses
D. Create an Instance template and a managed instance group. Configure a Single internal load balancer, and define a custom static route with the Internal TCP/UDP load balancer as the next hop
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
(You are managing an application deployed on Cloud Run. The development team has released a new version of the application. You want to deploy and redirect traffic to this new version of the application. To ensure traffic to the new version of the application is served with no startup time, you want to ensure that there are two idle instances available for incoming traffic before adjusting the traffic flow. You also want to minimize administrative overhead. What should you do?)
A. Configure revision autoscaling for the existing revision and set the minimum number of instances to 2.
B. Ensure the checkbox "Serve this revision immediately" is unchecked when deploying the new revision.
Before changing the traffic rules, use a traffic simulation tool to send load to the new revision.
C. Configure revision autoscaling for the new revision and set the minimum number of instances to 2.
D. Configure service autoscaling and set the minimum number of instances to 2.
正解:A,B,C
解説: (Pass4Test メンバーにのみ表示されます)
You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP- capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.
What should you do?
A. * Create a Cloud VPN instance.* Create a policy-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Configure the appropriate static routes.
B. * Create a Cloud VPN instance.* Create a route-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to 0.0.0.0/0.* Configure the appropriate static routes.
C. * Create a Cloud VPN instance.* Create a policy-based VPN tunnel per subnet.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Create the appropriate static routes.
D. * Create a Cloud VPN instance.* Create a route-based VPN tunnel.* Configure the appropriate local and remote traffic selectors to match your local and remote networks.* Configure the appropriate static routes.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage. You want to ensure that none of the application instances have external IP addresses.
Which two methods can you use to accomplish this? (Choose two.)
A. Create network peering between your VPC and BigQuery.
B. Enable Private Services Access on the VPC.
C. Create a Cloud NAT, and route the application traffic via NAT gateway.
D. Enable Private Google Access on the VPC.
E. Enable Private Google Access on all the subnets.
正解:C,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Your team deployed two applications in GKE that are exposed through an external Application Load Balancer. When queries are sent to www.mountkirkgames.com/sales and www.mountkirkgames.com/get-an- analysis, the correct pages are displayed. However, you have received complaints that www.mountkirkgames.
com yields a 404 error. You need to resolve this error. What should you do?
A. Review the Service YAML file. Add a new path rule for the * character that directs to the base service.
Reapply the YAML.
B. Review the Service YAML file. Define a default backend. Reapply the YAML.
C. Review the Ingress YAML file. Add a new path rule for the * character that directs to the base service.
Reapply the YAML.
D. Review the Ingress YAML file. Define the default backend. Reapply the YAML.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements:
All access to your on-premises network must go through the network virtual appliances.
Allow on-premises access in the event of a single network virtual appliance failure.
Both network virtual appliances must be used simultaneously.
Which method should you use to accomplish this?
A. Configure two routes for 10.0.0.0/8 with different priorities, each pointing to separate network virtual appliances.
B. Configure an internal TCP/UDP load balancer with the two network virtual appliances as backends.Configure a route for 10.0.0.0/8 with the internal load balancer as the next hop.
C. Configure an internal HTTP(S) load balancer with the two network virtual appliances as backends.
Configure a route for 10.0.0.0/8 with the internal HTTP(S) load balancer as the next hop.
D. Configure a network load balancer for the two network virtual appliances. Configure a route for 10.0.0.0
/8 with the network load balancer as the next hop.
正解:C
質問 5:
You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services.
You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.
How should you design this topology?
A. Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services. Create a VPC- native cluster and specify those ranges. When the services are ready to be deployed, resize the subnets.
B. Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.
C. Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services. Create a VPC- native cluster and specify those ranges.
D. Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
You need to create the network infrastructure to deploy a highly available web application in the us-east1 and us-west1 regions. The application runs on Compute Engine instances, and it does not require the use of a database. You want to follow Google-recommended practices. What should you do?
A. Create one VPC with one subnet in each region.
Create a regional network load balancer in each region with a static IP address.
Enable Cloud CDN on the load balancers.
Create an A record in Cloud DNS with both IP addresses for the load balancers.
B. Create one VPC in each region, and peer both VPCs.
Create a global load balancer.
Enable Cloud CDN on the load balancer.
Create a CNAME for the load balancer in Cloud DNS.
C. Create one VPC with one subnet in each region.
Create an HTTP(S) load balancer with a static IP address.
Choose the standard tier for the network.
Enable Cloud CDN on the load balancer.
Create a CNAME record using the load balancer's IP address in Cloud DNS.
D. Create one VPC with one subnet in each region.
Create a global load balancer with a static IP address.
Enable Cloud CDN and Google Cloud Armor on the load balancer.
Create an A record using the IP address of the load balancer in Cloud DNS.
正解:B
質問 7:
You configured Cloud VPN with dynamic routing via Border Gateway Protocol (BGP). You added a custom route to advertise a network that is reachable over the VPN tunnel. However, the on-premises clients still cannot reach the network over the VPN tunnel. You need to examine the logs in Cloud Logging to confirm that the appropriate routers are being advertised over the VPN tunnel. Which filter should you use in Cloud Logging to examine the logs?
A. resource.type= "gce_network_region"
B. resource.type= "vpn_gateway"
C. resource.type= "vpn_tunnel"
D. resource.type= "gce_router"
正解:C
質問 8:
Your company recently migrated to Google Cloud in a Single region. You configured separate Virtual Private Cloud (VPC) networks for two departments. Department A and Department B. Department A has requested access to resources that are part Of Department Bis VPC. You need to configure the traffic from private IP addresses to flow between the VPCs using multi-NIC virtual machines (VMS) to meet security requirements Your configuration also must
* Support both TCP and UDP protocols
* Provide fully automated failover
* Include health-checks
Require minimal manual Intervention In the client VMS
Which approach should you take?
A. Create the VMS in different zones, and configure static routes with instance names as next hops
B. Create the VMS In the same zone, and configure static routes With IP addresses as next hops.
C. Create an instance template and a managed instance group. Configure two separate internal TCP/IJDP load balancers for each protocol (TCP!UDP), and configure the client VIVIS to use the internal load balancers' virtual IP addresses
D. Create an Instance template and a managed instance group. Configure a Single internal load balancer, and define a custom static route with the Internal TCP/UDP load balancer as the next hop
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
(You are managing an application deployed on Cloud Run. The development team has released a new version of the application. You want to deploy and redirect traffic to this new version of the application. To ensure traffic to the new version of the application is served with no startup time, you want to ensure that there are two idle instances available for incoming traffic before adjusting the traffic flow. You also want to minimize administrative overhead. What should you do?)
A. Configure revision autoscaling for the existing revision and set the minimum number of instances to 2.
B. Ensure the checkbox "Serve this revision immediately" is unchecked when deploying the new revision.
Before changing the traffic rules, use a traffic simulation tool to send load to the new revision.
C. Configure revision autoscaling for the new revision and set the minimum number of instances to 2.
D. Configure service autoscaling and set the minimum number of instances to 2.
正解:A,B,C
解説: (Pass4Test メンバーにのみ表示されます)
筱原** -
Pass4Testの問題集はProfessional-Cloud-Network-Engineer問題集は学ぶ内容はしっかりしたもので、仕事でもプライベートでも役立ちます。