Free Access to Google.Professional-Cloud-Network-Engineer.v2026-01-02.q124 with Valid Practice Test (Page 16)

Question 71

You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage. You want to ensure that none of the application instances have external IP addresses.
Which two methods can you use to accomplish this? (Choose two.)

A.Enable Private Google Access on all the subnets.
B.Enable Private Google Access on the VPC.
C.Enable Private Services Access on the VPC.
D.Create network peering between your VPC and BigQuery.
E.Create a Cloud NAT, and route the application traffic via NAT gateway.

Question 72

Your company's logo is published as an image file across multiple websites that are hosted by your company You have implemented Cloud CDN, however, you want to improve the performance of the cache hit ratio associated with this image file. What should you do?

A.Configure custom cache keys for the backend service that holds the image file, and clear the Host and Protocol checkboxes-
B.Configure Cloud Storage as a custom origin backend to host the image file, and select multi-region as the location type
C.Configure versioned IJRLs for each domain to serve users the *mage file before the cache entry expires
D.Configure the default time to live (TTL) as O for the image file.

Question 73

You have the following routing design. You discover that Compute Engine instances in Subnet-2 in the asia-southeast1 region cannot communicate with compute resources on-premises. What should you do?

A.Add a second Border Gateway Protocol (BGP) session to the Cloud Router.
B.Configure a custom route advertisement on the Cloud Router.
C.Enable IP forwarding in the asia-southeast1 region.
D.Change the VPC dynamic routing mode to Global.

Question 74

In your Google Cloud organization, you have two folders: Dev and Prod. You want a scalable and consistent way to enforce the following firewall rules for all virtual machines (VMs) with minimal cost:
Port 8080 should always be open for VMs in the projects in the Dev folder.
Any traffic to port 8080 should be denied for all VMs in your projects in the Prod folder.
What should you do?

A.Use Anthos Config Connector to enforce a security policy to open port 8080 on the Dev VMs and deny traffic to port 8080 on the Prod VMs.
B.In all VPCs for the Dev projects, create a VPC firewall rule to open port 8080. In all VPCs for the Prod projects, create a VPC firewall rule to deny traffic to port 8080.
C.Create a Shared VPC for the Dev projects and a Shared VPC for the Prod projects. Create a VPC firewall rule to open port 8080 in the Shared VPC for Dev. Create a firewall rule to deny traffic to port
8080 in the Shared VPC for Prod. Deploy VMs to those Shared VPCs.
D.Create and associate a firewall policy with the Dev folder with a rule to open port 8080. Create and associate a firewall policy with the Prod folder with a rule to deny traffic to port 8080.

Question 75

You are planning to use Terraform to deploy the Google Cloud infrastructure for your company The design must meet the following requirements
* Each Google Cloud project must represent an Internal project that your team Will work on
* After an internal project is finished, the infrastructure must be deleted
* Each Internal project must have Its own Google Cloud project owner to manage the Google Cloud resources-
* You have 10-100 projects deployed at a time,
While you are writing the Terraform code, you need to ensure that the deployment IS Simple, and the code IS reusable With centralized management What should you doo

A.Create a Single pt0Ject and additional VPCs for each Internal project
B.Create a Single Project and Single VPC for each internal project
C.Create a single Shared VPC and attach each Google Cloud project as a service project
D.Create a Shared VPC and service project for each Internal project

Correct Answer: C

The correct answer is C. Create a single Shared VPC and attach each Google Cloud project as a service project.
This answer is based on the following facts:
A Shared VPC allows you to share one or more VPC networks across multiple Google Cloud projects1. This simplifies the deployment and management of the network infrastructure, as you only need to create and maintain one VPC network for all your internal projects.
A Shared VPC consists of a host project that owns the VPC network and one or more service projects that use the VPC network2. You can attach and detach service projects as needed, depending on the lifecycle of your internal projects. You can also delete service projects without affecting the host project or other service projects.
A Shared VPC allows you to delegate administrative roles to different project owners3. You can grant the Shared VPC Admin role to the owner of the host project, who can manage the VPC network and its subnets. You can also grant the Service Project Admin role to the owners of the service projects, who can manage the Google Cloud resources in their own projects.
The other options are not correct because:
Option A is not suitable. Creating a single project and additional VPCs for each internal project will increase the complexity and cost of the network infrastructure. You will need to create and maintain multiple VPC networks, firewall rules, routes, and VPN tunnels. You will also have a limit on the number of VPC networks per project4.
Option B is not feasible. Creating a single project and single VPC for each internal project will not meet the requirement of having separate project owners for each internal project. You will have only one project owner who can manage all the Google Cloud resources in the same project.
Option D is not optimal. Creating a Shared VPC and service project for each internal project will not meet the requirement of having a simple and reusable code with centralized management. You will need to create and maintain multiple Shared VPCs, which will increase the complexity and cost of the network infrastructure. You will also have more Terraform code to write and manage for each Shared VPC.

Question 71

Question 72

Question 73

Question 74

Question 75

Download PDF File