Your company just completed the acquisition of Altostrat (a current GCP customer). Each company has a separate
organization in GCP and has implemented a custom DNS solution. Each organization will retain its current domain and host
names until after a full transition and architectural review is done in one year. These are the assumptions for both GCP
environments.
Each organization has enabled full connectivity between all of its projects by using Shared VPC.
Both organizations strictly use the 10.0.0.0/8 address space for their instances, except for bastion hosts (for accessing the
instances) and load balancers for serving web traffic.
There are no prefix overlaps between the two organizations.
Both organizations already have firewall rules that allow all inbound and outbound traffic from the 10.0.0.0/8 address
space.
Neither organization has Interconnects to their on-premises environment.
You want to integrate networking and DNS infrastructure of both organizations as quickly as possible and with minimal
downtime.
Which two steps should you take? (Choose two.)
C D
You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-
based routing using the gcloud command.
Which next hop should you choose?
C
Explanation:
Reference: https://cloud.google.com/vpn/docs/how-to/creating-static-vpns
Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All
applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced
across the 2 connections as desired.
During troubleshooting you find:
Each on-premises router is configured with a unique ASN.
Each on-premises router is configured with the same routes and priorities.
Both on-premises routers are configured with a VPN connected to a single Cloud Router.
BGP sessions are established between both on-premises routers and the Cloud Router.
Only 1 of the on-premises routers routes are being added to the routing table.
What is the most likely cause of this problem?
D
You want to implement an IPSec tunnel between your on-premises network and a VPC via Cloud VPN. You need to restrict
reachability over the tunnel to specific local subnets, and you do not have a device capable of speaking Border Gateway
Protocol (BGP).
Which routing option should you choose?
A
Explanation:
Reference: https://cloud.google.com/vpn/docs/concepts/overview
You want to use Cloud Interconnect to connect your on-premises network to a GCP VPC. You cannot meet Google at one of
its point-of-presence (POP) locations, and your on-premises router cannot run a Border Gateway Protocol (BGP)
configuration.
Which connectivity model should you use?
B
Explanation:
Reference: https://cloud.google.com/interconnect/docs/support/faq
You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size is expected to
host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new services over the next 2 years,
there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services. You want to use VPC-native clusters with
alias IP ranges, while minimizing address consumption.
How should you design this topology?
B
Explanation:
Reference: https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters
You are in the early stages of planning a migration to GCP. You want to test the functionality of your hybrid cloud design
before you start to implement it in production. The design includes services running on a Compute Engine Virtual Machine
instance that need to communicate to on-premises servers using private IP addresses. The on-premises servers have
connectivity to the internet, but you have not yet established any Cloud Interconnect connections. You want to choose the
lowest cost method of enabling connectivity between your instance and on-premises servers and complete the test in 24
hours.
Which connectivity method should you choose?
A
You created a new VPC network named Dev with a single subnet. You added a firewall rule for the network Dev to allow
HTTP traffic only and enabled logging. When you try to log in to an instance in the subnet via Remote Desktop Protocol, the
login fails. You look for the Firewall rules logs in Stackdriver Logging, but you do not see any entries for blocked traffic. You
want to see the logs for blocked traffic.
What should you do?
A
You are using the gcloud command line tool to create a new custom role in a project by coping a predefined role. You
receive this error message:
INVALID_ARGUMENT: Permission resourcemanager.projects.list is not valid
What should you do?
C
Explanation:
Reference: https://cloud.google.com/iam/docs/understanding-custom-roles
You created a new VPC for your development team. You want to allow access to the resources in this VPC via SSH only.
How should you configure your firewall rules?
C
Explanation:
Reference: https://geekflare.com/gcp-firewall-configuration/
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access
is granted through a global load balancer. You have recently engaged a traffic-scrubbing service and want to restrict your
origin to allow connections only from the traffic-scrubbing service.
What should you do?
B
You want to establish a dedicated connection to Google that can access Cloud SQL via a public IP address and that does
not require a third-party service provider.
Which connection type should you choose?
B
Explanation:
Reference: https://cloud.google.com/interconnect/docs/how-to/direct-peering
After a network change window one of your companys applications stops working. The application uses an on-premises
database server that no longer receives any traffic from the application.
The database server IP address is 10.2.1.25. You examine the change request, and the only change is that 3 additional VPC
subnets were created. The new VPC subnets created are 10.1.0.0/16, 10.2.0.0/16, and 10.3.1.0/24/ The on-premises router
is advertising 10.0.0.0/8.
What is the most likely cause of this problem?
D
You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is
configured on the web servers, but responses served by Cloud CDN are not compressed.
What is the most likely cause of the problem?
D
Explanation:
If responses served by Cloud CDN are not compressed but should be, check that the web server software running on your
instances is configured to compress responses. By default, some web server software will automatically disable compression
for requests that include a Via header. The presence of a Via header indicates the request was forwarded by a proxy. HTTP
proxies such as HTTP(S) load balancing add a Via header to each request as required by the HTTP specification. To enable
compression, you may have to override your web server's default configuration to tell it to compress responses even if the
request had a Via header.
Reference: https://cloud.google.com/cdn/docs/troubleshooting-steps
Your companys Google Cloud-deployed, streaming application supports multiple languages. The application development
team has asked you how they should support splitting audio and video traffic to different backend Google Cloud storage
buckets. They want to use URL maps and minimize operational overhead. They are currently using the following directory
structure:
/fr/video
/en/video
/es/video /../video
/fr/audio
/en/audio
/es/audio /../audio
Which solution should you recommend?
D