01. You are configuring the backend service for a new Google Cloud HTTPS load balancer. The application requires high availability and multiple subnets and needs to scale automatically.
Which backend configuration should you choose?
a) A Zonal Managed Instance Group
b) A Regional Managed Instance Group
c) An Unmanaged Instance Group
d) A Network Endpoint Group
02. You are using a single Cloud Router to exchange routes between your VPC and on-premises network with Dedicated Interconnect. You want to make sure you can still forward traffic, even if all the Cloud Routers in a region go down.
What should you do?
a) Use static routes as a backup to Cloud Router.
b) Turn on graceful restart on your on-premises router.
c) Turn on global routing in your VPC, and create another Cloud Router in a different region.
d) Create a second Cloud Router in the same region, but with a Border Gateway Protocol (BGP) session to a second on-premises device.
03. You have a Dedicated Interconnect with two 10-Gbps links. You want to create a Stackdriver alerting policy that will notify you if either of the two links goes down. Which alerts should you add to the policy?
a) An alert for when the Circuit Operational Status metric threshold for either circuit falls below 1.
b) An alert for when the Interconnect Operational Status metric threshold for the interconnect falls below 1.
c) An alert for when the Interconnect Network Capacity metric threshold for the interconnect falls below 20.
d) An alert for when the Interconnect Dropped Packets metric threshold for the interconnect goes above 0.
04. Your company uses a physical security appliance for intrusion detection in its on-premises data center. Your company wants to collect telemetry data using a VPN that connects the GCP environment with the on-premises data center.
You want to implement a solution that will integrate the GCP environment and transfer telemetry data to the on-premises physical security appliance as quickly and effectively as possible.
What should you do?
a) Set up iptables in all Compute Engine instances in GCP to track connection sessions.
b) Route all traffic in the GCP environment to on-premises for inspection before forwarding back to GCP.
c) Write a script that uses Stackdriver and GCP network logging information to collect and analyze monitoring data for intrusion detection.
d) Deploy a GCP Marketplace virtual security appliance from the same vendor with a multi-nic instance, and grant the security team access to configure the instance as needed.
05. Your new project currently requires 5 gigabits per second (Gbps) of egress traffic from your Google Cloud environment to your company’s private data center, but may scale up to 80 Gbps of traffic in the future.
You do not have any public addresses to use. Your company is looking for the most cost-effective long-term solution.
Which type of connection should you use?
a) Carrier Peering
b) Partner Interconnect
c) Dedicated Interconnect
d) A single Virtual Private Network (VPN) tunnel
06. One of the secure web applications in your GCP project is currently only serving users in North America.
All of the application’s resources are currently hosted in a single GCP region. The application uses a large catalog of graphical assets from a Cloud Storage bucket.
You are notified that the application now needs to serve global clients without adding any additional GCP regions or Compute Engine instances.
What should you do?
a) Configure Cloud CDN.
b) Configure a TCP Proxy.
c) Configure a Network load balancer.
d) Configure Dynamic Routing for the subnet hosting the application.
07. You are designing a new VPC network that will route traffic to networks in your company’s private data center. You want to ensure that your VPC can support high availability in the future.
The data center team requires you to use a routing protocol that can dynamically fail over if there is a link failure in the data center. Your management requires your design to use only native cloud services.
Which routing protocol should you use?
d) Static routing
08. You created two subnets named Test and Web in the same VPC network. You enabled VPC Flow Logs for the Web subnet.
You are trying to connect instances in the Test subnet to the web servers running in the Web subnet, but all of the connections are failing.
You do not see any entries in the Stackdriver logs. What should you do?
a) Enable VPC Flow Logs for the Test subnet also.
b) Make sure that there is a valid entry in the route table.
c) Add a firewall rule to allow traffic from the Test subnet to the Web subnet.
d) Create a subnet in another VPC, and move the web servers in the new subnet.
09. Your application development team is beta-testing a new application over Dedicated Interconnect. This application uses a single TCP socket and requires 7-Gbps bandwidth for optimal performance.
The development team notices that connectivity speed of the application is capped at 3 Gbps over Dedicated Interconnect. You want to resolve this problem.
What should you do?
a) Order a new Interconnect to increase bandwidth.
b) Create a Cloud VPN in addition to the Interconnect, and ECMP traffic over both.
c) Instruct the development team to distribute their application traffic over multiple TCP flow sessions.
d) Instruct the development team to tune their application TCP congestion window, receive window, and all other tcp buffers.
10. Your manager has asked for a list of all Custom Roles with stage General Availability within Identity Access Management. What should you do?
a) From the GCloud Command line, run "gcloud iam list-testable-permissions".
b) From the GCloud Command line, run "gcloud iam roles list --project vpcuser09project".
c) Open the IAM Console and sort Custom Roles. Gather the required information from the Status Field.
d) Open the IAM Console and sort Custom Roles. Gather the required information from the Permissions Field.