لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.Which two actions should you take? (Choose two.)
A. Open the Cloud Shell SSH into the instance using gcloud compute ssh
B. Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh
C. Generate a new SSH key pair
D. Generate a new SSH key pair
عرض الإجابة
اجابة صحيحة: CE
السؤال #2
Your end users are located in close proximity to us-east1 and europe-west1. Their workloads need to communicate with each other. You want to minimize cost and increase network efficiency.How should you design this topology?
A. reate 2 VPCs, each with their own regions and individual subnets
B. reate 2 VPCs, each with their own region and individual subnets
C. reate 1 VPC with 2 regional subnets
D. reate 1 VPC with 2 regional subnets
عرض الإجابة
اجابة صحيحة: D
السؤال #3
You are migrating to Cloud DNS and want to import your BIND zone file.Which command should you use?
A. cloud dns record-sets import ZONE_FILE --zone MANAGED_ZONE
B. cloud dns record-sets import ZONE_FILE --replace-origin-ns --zone MANAGED_ZONE
C. cloud dns record-sets import ZONE_FILE --zone-file-format --zone MANAGED_ZONE
D. cloud dns record-sets import ZONE_FILE --delete-all-existing --zone MANAGED ZONE
عرض الإجابة
اجابة صحيحة: C
السؤال #4
You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services. You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.How should you design this topology?
A. Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services
B. Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services
C. Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster
D. Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster
عرض الإجابة
اجابة صحيحة: B
السؤال #5
You want to apply a new Cloud Armor policy to an application that is deployed in Google Kubernetes Engine (GKE). You want to find out which target to use for your Cloud Armor policy.Which GKE resource should you use?
A. Configure VPC peering in a full mesh
B. Alter the routing table to resolve the asymmetric route
C. Create network tags to allow connectivity between all three VPCs
D. Delete the legacy network and recreate it to allow transitive peering
عرض الإجابة
اجابة صحيحة: B
السؤال #6
In your company, two departments with separate GCP projects (code-dev and data-dev) in the same organization need to allow full cross-communication between all of their virtual machines in GCP. Each department has one VPC in its project and wants full control over their network. Neither department intends to recreate its existing computing resources. You want to implement a solution that minimizes cost.Which two steps should you take? (Choose two.)
A. Connect both projects using Cloud VPN
B. Connect the VPCs in project code-dev and data-dev using VPC Network Peering
C. Enable Shared VPC in one project (e
D. Enable firewall rules to allow all ingress traffic from all subnets of project code-dev to all instances in project data-dev, and vice versa
E. Create a route in the code-dev project to the destination prefixes in project data-dev and use nexthop as the default gateway, and vice versa
عرض الإجابة
اجابة صحيحة: CE
السؤال #7
You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage. You want to ensure that none of the application instances have external IP addresses. Which two methods can you use to accomplish this? (Choose two.)
A. Create 2 shared VPCs within the shared VPC Host Project, and enable VPC peering between them
B. Create 2 shared VPCs within the shared VPC Host Project, and create a Cloud VPN/Cloud Router between them
C. Create 2 shared VPCs within the shared VPC Service Project, and create a Cloud VPN/Cloud Router between them
D. Create 1 VPC within the shared VPC Host Project, and share individual subnets with the Service Projects to filter access between the specific networks
عرض الإجابة
اجابة صحيحة: BE
السؤال #8
You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP- capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.What should you do?
A. • Create a Cloud VPN instance
B. • Create a Cloud VPN instance
C. • Create a Cloud VPN instance
D. • Create a Cloud VPN instance
عرض الإجابة
اجابة صحيحة: D
السؤال #9
Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs.Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)
A. Add an appropriate lifecycle rule on the storage bucket
B. Issue a cache invalidation command with pattern /folder-a/*
C. Make sure that all the objects with prefix folder-a are not shared publicly
D. Disable Cloud CDN on the storage bucket
عرض الإجابة
اجابة صحيحة: CD
السؤال #10
You created a new VPC network named Dev with a single subnet. You added a firewall rule for the network Dev to allow HTTP traffic only and enabled logging. When you try to log in to an instance in the subnet via Remote Desktop Protocol, the login fails. You look for the Firewall rules logs in Stackdriver Logging, but you do not see any entries for blocked traffic. You want to see the logs for blocked traffic. What should you do?
A. Check the VPC flow logs for the instance
B. Try connecting to the instance via SSH, and check the logs
C. Create a new firewall rule to allow traffic from port 22, and enable logs
D. Create a new firewall rule with priority 65500 to deny all traffic, and enable logs
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead. How should you design the topology?
A. Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments
B. Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs
C. Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs
D. Create a single project, and deploy specific firewall rules
عرض الإجابة
اجابة صحيحة: A
السؤال #12
Your end users are located in close proximity to us-east1 and europe-west1. Their workloads need to communicate with each other. You want to minimize cost and increase network efficiency.How should you design this topology?
A. Create 2 VPCs, each with their own regions and individual subnets
B. Create 2 VPCs, each with their own region and individual subnets
C. Create 1 VPC with 2 regional subnets
D. Create 1 VPC with 2 regional subnets
عرض الإجابة
اجابة صحيحة: D
السؤال #13
You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BGP) session, and the other one acts as a standby.Which BGP attribute should you use on your on-premises router?
A. AS-Path
B. Community
C. Local Preference
D. Multi-exit Discriminator
عرض الإجابة
اجابة صحيحة: D
السؤال #14
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren't certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users.What should you do?
A. Create a Cloud Armor Policy rule that denies traffic and review necessary logs
B. Create a Cloud Armor Policy rule that denies traffic, enable preview mode, and review necessary logs
C. Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to disabled, and review necessary logs
D. Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to enabled, and review necessary logs
عرض الإجابة
اجابة صحيحة: D
السؤال #15
You are configuring a new instance of Cloud Router in your Organization's Google Cloud environment to allow connection across a new Dedicated Interconnect to your data center Sales, Marketing, and IT each have a service project attached to the Organization's host project.Where should you create the Cloud Router instance?
A. VPC network in all projects
B. VPC network in the IT Project
C. VPC network in the Host Project
D. VPC network in the Sales, Marketing, and IT Projects
عرض الإجابة
اجابة صحيحة: C
السؤال #16
You want to establish a dedicated connection to Google that can access Cloud SQL via a public IP address and that does not require a third-party service provider.Which connection type should you choose?
A. Carrier Peering
B. Direct Peering
C. Dedicated Interconnect
D. Partner Interconnect
عرض الإجابة
اجابة صحيحة: B
السؤال #17
You want to apply a new Cloud Armor policy to an application that is deployed in Google Kubernetes Engine (GKE). You want to find out which target to use for your Cloud Armor policy.Which GKE resource should you use?
A. Configure VPC peering in a full mesh
B. Alter the routing table to resolve the asymmetric route
C. Create network tags to allow connectivity between all three VPCs
D. Delete the legacy network and recreate it to allow transitive peering
عرض الإجابة
اجابة صحيحة: B
السؤال #18
Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift- and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.How should you deploy this service in GCP?
A. Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer
B. Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer
C. Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers
D. Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal- priority static routes to the backend servers
عرض الإجابة
اجابة صحيحة: B
السؤال #19
You want to use Partner Interconnect to connect your on-premises network with your VPC. You already have an Interconnect partner.What should you first?
A. Log in to your partner"?s portal and request the VLAN attachment there
B. Ask your Interconnect partner to provision a physical connection to Google
C. Create a Partner Interconnect type VLAN attachment in the GCP Console and retrieve the pairing key
D. Run gcloud compute interconnect attachments partner update / --region --admin-enabled
عرض الإجابة
اجابة صحيحة: B
السؤال #20
You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.Which two actions should you take? (Choose two.)
A. Open the Cloud Shell SSH into the instance using gcloud compute ssh
B. Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh
C. Generate a new SSH key pair
D. Generate a new SSH key pair
عرض الإجابة
اجابة صحيحة: CE
السؤال #21
You are using a 10-Gbps direct peering connection to Google together with the gsutil tool to upload files to Cloud Storage buckets from on-premises servers. The on-premises servers are 100 milliseconds away from the Google peering point. You notice that your uploads are not using the full 10-Gbps bandwidth available to you. You want to optimize the bandwidth utilization of the connection.What should you do on your on-premises servers?
A. • Create 2 VPCs in a Shared VPC Host Project
B. • Create 2 VPCs in a Shared VPC Host Project
C. • Create 1 VPC in a Shared VPC Host Project
D. • Create 1 VPC in a Shared VPC Service Project
عرض الإجابة
اجابة صحيحة: A
السؤال #22
All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys. None of the instances are set with any SSH key, and no project- wide SSH keys have been configured. Firewall rules are set up to allow SSH sessions from any IP address range. You want to SSH into one instance.What should you do?
A. Use Shared VPC, and deploy the VLAN attachments and Interconnect in the host project
B. Use Shared VPC, and deploy the VLAN attachments in the service projects
C. Use standalone projects, and deploy the VLAN attachments in the individual projects
D. Use standalone projects and deploy the VLAN attachments and Interconnects in each of the individual projects
عرض الإجابة
اجابة صحيحة: B
السؤال #23
Your company has recently expanded their EMEA-based operations into APAC. Globally distributed users report that their SMTP and IMAP services are slow. Your company requires end-to-end encryption, but you do not have access to the SSL certificates.Which Google Cloud load balancer should you use?
A. SSL proxy load balancer
B. Network load balancer
C. HTTPS load balancer
D. TCP proxy load balancer
عرض الإجابة
اجابة صحيحة: A
السؤال #24
You are in the early stages of planning a migration to GCP. You want to test the functionality of your hybrid cloud design before you start to implement it in production. The design includes services running on a Compute Engine Virtual Machine instance that need to communicate to on-premises servers using privateIP addresses. The on-premises servers have connectivity to the internet, but you have not yet established any Cloud Interconnect connections. You want to choose the lowest cost method of enabling co
A. Cloud VPN
B. 50-Mbps Partner VLAN attachment
C. Dedicated Interconnect with a single VLAN attachment
D. Dedicated Interconnect, but don"?t provision any VLAN attachments
عرض الإجابة
اجابة صحيحة: A
السؤال #25
You have a web application that is currently hosted in the us-central1 region. Users experience high latency when traveling in Asia. You've configured a network load balancer, but users have not experienced a performance improvement. You want to decrease the latency.What should you do?
A. Configure a policy-based route rule to prioritize the traffic
B. Configure an HTTP load balancer, and direct the traffic to it
C. Configure Dynamic Routing for the subnet hosting the application
D. Configure the TTL for the DNS zone to decrease the time between updates
عرض الإجابة
اجابة صحيحة: B
السؤال #26
You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.What should you do?
A. Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges
B. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges
C. Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges
D. Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges
عرض الإجابة
اجابة صحيحة: C
السؤال #27
You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP- capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.What should you do?
A. • Create a Cloud VPN instance
B. • Create a Cloud VPN instance
C. • Create a Cloud VPN instance
D. • Create a Cloud VPN instance
عرض الإجابة
اجابة صحيحة: D
السؤال #28
You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements:? IP ranges for pods and services must be as small as possible.? The nodes and the master must not be reachable from the internet.? You must be able to use kubectl commands from on-premises subnets to manage the cluster.How should you create the GKE cluster?
A. "¢ Create a private cluster that uses VPC advanced routes
B. "¢ Create a VPC-native GKE cluster using GKE-managed IP ranges
C. "¢ Create a VPC-native GKE cluster using user-managed IP ranges
D. "¢ Create a VPC-native GKE cluster using user-managed IP ranges
عرض الإجابة
اجابة صحيحة: C
السؤال #29
You are migrating to Cloud DNS and want to import your BIND zone file. Which command should you use?
A. gcloud dns record-sets import ZONE_FILE --zone MANAGED_ZONE
B. gcloud dns record-sets import ZONE_FILE --replace-origin-ns --zone MANAGED_ZONE
C. gcloud dns record-sets import ZONE_FILE --zone-file-format --zone MANAGED_ZONE
D. gcloud dns record-sets import ZONE_FILE --delete-all-existing --zone MANAGED ZONE
عرض الإجابة
اجابة صحيحة: C
السؤال #30
You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in your zone.What should you do?
A. Update the TTL for the zone
B. Set the zone to the TRANSFER state
C. Disable DNSSEC at your domain registrar
D. Transfer ownership of the domain to a new registrar
عرض الإجابة
اجابة صحيحة: C
السؤال #31
You need to establish network connectivity between three Virtual Private Cloud networks, Sales, Marketing, and Finance, so that users can access resources in all three VPCs. You configure VPC peering between the Sales VPC and the Finance VPC. You also configure VPC peering between the Marketing VPC and the Finance VPC. After you complete the configuration, some users cannot connect to resources in the Sales VPC and the Marketing VPC. You want to resolve the problem.What should you do?
A. HTTP(S) load balancer
B. SSL proxy load balancer
C. TCP proxy load balancer
D. Network load balancer
عرض الإجابة
اجابة صحيحة: A
السؤال #32
You are creating an instance group and need to create a new health check for HTTP(s) load balancing.Which two methods can you use to accomplish this? (Choose two.)
A. Create a new health check using the gcloud command line tool
B. Create a new health check using the VPC Network section in the GCP Console
C. Create a new health check, or select an existing one, when you complete the load balancer"?s backend configuration in the GCP Console
D. Create a new legacy health check using the gcloud command line tool
E. Create a new legacy health check using the Health checks section in the GCP Console
عرض الإجابة
اجابة صحيحة: AE
السؤال #33
You are trying to update firewall rules in a shared VPC for which you have been assigned only Network Admin permissions. You cannot modify the firewall rules. Your organization requires using the least privilege necessary.Which level of permissions should you request?
A. Security Admin privileges from the Shared VPC Admin
B. Service Project Admin privileges from the Shared VPC Admin
C. Shared VPC Admin privileges from the Organization Admin
D. Organization Admin privileges from the Organization Admin
عرض الإجابة
اجابة صحيحة: A
السؤال #34
You created a VPC network named Retail in auto mode. You want to create a VPC network named Distribution and peer it with the Retail VPC.How should you configure the Distribution VPC?
A. Create the Distribution VPC in auto mode
B. Create the Distribution VPC in custom mode
C. Create the Distribution VPC in custom mode
D. Rename the default VPC as "Distribution" and peer it via network peering
عرض الإجابة
اجابة صحيحة: B
السؤال #35
You want to implement an IPSec tunnel between your on-premises network and a VPC via Cloud VPN. You need to restrict reachability over the tunnel to specific local subnets, and you do not have a device capable of speaking Border Gateway Protocol (BGP).Which routing option should you choose?
A. Dynamic routing using Cloud Router
B. Route-based routing using default traffic selectors
C. Policy-based routing using a custom local traffic selector
D. Policy-based routing using the default local traffic selector
عرض الإجابة
اجابة صحيحة: A
السؤال #36
You are designing a shared VPC architecture. Your network and security team has strict controls over which routes are exposed between departments. Your Production and Staging departments can communicate with each other, but only via specific networks. You want to follow Google-recommended practices.How should you design this topology?
A. Grant the compute
B. Grant the iam
C. Grant the read-only privilege to the service account for the Cloud Storage bucket
D. Grant the cloud-platform privilege to the service account for the Cloud Storage bucket
عرض الإجابة
اجابة صحيحة: D
السؤال #37
You created a new VPC network named Dev with a single subnet. You added a firewall rule for the network Dev to allow HTTP traffic only and enabled logging. When you try to log in to an instance in the subnet via Remote Desktop Protocol, the login fails. You look for the Firewall rules logs in Stackdriver Logging, but you do not see any entries for blocked traffic. You want to see the logs for blocked traffic. What should you do?
A. Check the VPC flow logs for the instance
B. Try connecting to the instance via SSH, and check the logs
C. Create a new firewall rule to allow traffic from port 22, and enable logs
D. Create a new firewall rule with priority 65500 to deny all traffic, and enable logs
عرض الإجابة
اجابة صحيحة: A
السؤال #38
You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in your zone.What should you do?
A. Update the TTL for the zone
B. Set the zone to the TRANSFER state
C. Disable DNSSEC at your domain registrar
D. Transfer ownership of the domain to a new registrar
عرض الإجابة
اجابة صحيحة: C
السؤال #39
You are increasing your usage of Cloud VPN between on-premises and GCP, and you want to support more traffic than a single tunnel can handle. You want to increase the available bandwidth using Cloud VPN.What should you do?
A. Double the MTU on your on-premises VPN gateway from 1460 bytes to 2920 bytes
B. Create two VPN tunnels on the same Cloud VPN gateway that point to the same destination VPN gateway IP address
C. Add a second on-premises VPN gateway with a different public IP address
D. Add a second Cloud VPN gateway in a different region than the existing VPN gateway
عرض الإجابة
اجابة صحيحة: C
السؤال #40
You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic listed.During troubleshooting you find:•Flow logs are enabled for the VPC subnet, and all firewall rules are set to log.•The subnetwork logs are not excluded from Stackdriver.•The instance that is hosting the application can communicate outside the subnet.•Other instances within the subnet can
A. The traffic is matching the expected ingress rule
B. The traffic is matching the expected egress rule
C. The traffic is not matching the expected ingress rule
D. The traffic is not matching the expected egress rule
عرض الإجابة
اجابة صحيحة: C
السؤال #41
Your company is running out of network capacity to run a critical application in the on-premises data center. You want to migrate the application to GCP. You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances.Which two products should you incorporate into the solution? (Choose two.)
A. GKE Node
B. GKE Pod
C. GKE Cluster
D. GKE Ingress
عرض الإجابة
اجابة صحيحة: CD

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.