Professional-Cloud-Network-Engineer 無料問題集「Google Cloud Certified - Professional Cloud Network Engineer」

（A）Use External HTTP(S) Load Balancing with URL Maps and custom headers

（B）Use External HTTP(S) Load Balancing with URL Maps and an X-Forwarded-For header

（C）Use Network Load Balancing

（D）Use TCP Proxy Load Balancing with PROXY protocol enabled

（A）Use standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Interconnects.

（B）Use Shared VPC, and deploy the VLAN attachments and Interconnect in the host project.

（C）Use standalone projects and deploy the VLAN attachments and Interconnects in each of the individual projects.

（D）Use Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.

（A）Configure VPC Flow Logs in the service project VPC for Subnet-2.

（B）Configure a VPC Flow Logs filter for Subnet-2 in the host project VPC.

（C）Configure Packet Mirroring in both the host and service project VPCs.

（D）Configure a firewall rule to permit Subnet-2 IP addresses outbound in the host protect VPC.

（A）Use standalone projects and deploy the VLAN attachments and Dedicated Interconnects in each of the individual projects.

（B）Use standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Dedicated Interconnects.

（C）Use Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.

（D）Use Shared VPC, and deploy the VLAN attachments and Dedicated Interconnect in the host project.

（A）Create a private DNS zone with a CNAME record for *.googleapis.com to private.googleapis.com, with an A record pointing to Google's private API address range.
Create a custom route that points Google's private API address range to the default internet gateway as the next hop.

（B）Create a private DNS zone with a CNAME record for *.googleapis.com to private.googleapis.com, with an A record pointing to Google's private API address range.
Change the custom route that points the default route (0/0) to the default internet gateway as the next hop.

（C）Create a private DNS zone with a CNAME record for *.googleapis.com to restricted.googleapis.com, with an A record pointing to Google's restricted API address range.
Change the custom route that points the default route (0/0) to the default internet gateway as the next hop.

（D）Create a private DNS zone with a CNAME record for *.googleapis.com to restricted.googleapis.com, with an A record pointing to Google's restricted API address range.
Create a custom route that points Google's restricted API address range to the default internet gateway as the next hop.

（A）Open a Cloud Support ticket under the Cloud Interconnect category.

（B）Contact your cross-connect provider and inform them that Google automatically sent the LOA/CFA to them via email, and to complete the connection.

（C）Run gcloud compute interconnects describe <interconnect>.

（D）Download the LOA-CFA from the Hybrid Connectivity section of the GCP Console.

（E）Check the email for the account of the NOC contact that you specified during the ordering process.

（A）* Create a VPC-native GKE cluster using user-managed IP ranges.
* Enable privateEndpoint on the cluster master.
* Set the pod and service ranges as /24.
* Set up a network proxy to access the master.

（B）* Create a VPC-native GKE cluster using user-managed IP ranges.
* Enable a GKE cluster network policy, set the pod and service ranges as /24.
* Set up a network proxy to access the master.
* Enable master authorized networks.

（C）* Create a VPC-native GKE cluster using GKE-managed IP ranges.
* Set the pod IP range as /21 and service IP range as /24.
* Set up a network proxy to access the master.

（D）* Create a private cluster that uses VPC advanced routes.
* Set the pod and service ranges as /24.
* Set up a network proxy to access the master.

（A）Create a firewall rule that allows egress to destination 0.0.0.0/0.

（B）Create a single global Cloud NAT gateway and global Cloud Router in the VPC.

（C）Change the instances' network interface external IP address from None to Ephemeral.

（D）Create a Cloud NAT gateway and Cloud Router in both us-west1 and us-east1.

（A）Manually patch some of the instances, and then perform a rolling restart on the instance group.

（B）Using the new instance template, perform a rolling update across all instances in the instance group. Verify the new feature once the rollout completes.

（C）Perform a canary update by starting a rolling update and specifying a target size for your instances to receive the new template. Verify the new feature on the canary instances, and then roll forward to the rest of the instances.

（D）Deploy a new instance group and canary the updated template in that group. Verify the new feature in the new canary instance group, and then update the original instance group.

（A）resource.type= "gce_network_region"

（B）resource.type= "vpn_tunnel"

（C）resource.type= "gce_router"

（D）resource.type= "vpn_gateway"

（A）Create your NVA with multiple interfaces. Configure NIC0 for NVA in the backend subnet. Configure NIC1 for NVA in the frontend subnet. Place your NVAs behind an internal passthrough Network Load Balancer named ilb1. Add global network firewall policy rules to allow traffic through your NVAs. Create a custom static route with the destination IP range of the backend VM subnet, frontend instance tag, and the next hop of ilb1. Add a frontend network tag to your frontend VMs.

（B）Place your NVAs behind an internal passthrough Network Load Balancer named ilb1. Add global network firewall policy rules to allow traffic through your NVAs. Create a policy-based route (PBR) with the source IP range of the frontend VM subnet, destination IP range of the backend VM subnet, and the next hop of ilb1. Scope the PBR to the VMs with the frontend network tag. Add a frontend network tag to your frontend servers.

（C）Place your NVAs behind an internal passthrough Network Load Balancer named ilb1. Add global network firewall policy rules to allow traffic through your NVAs. Create a custom static route with the destination IP range of the backend VM subnet, frontend instance tag, and the next hop of ilb1. Add a frontend network tag to your frontend VMs.

（D）Place your NVAs behind an internal passthrough Network Load Balancer named ilb1. Add the global network firewall policy rules to allow traffic through your NVAs. Create a policy-based route (PBR) with the source IP range of the backend VM subnet, destination IP range of the frontend VM subnet, and the next hop of ilb1. Scope the PBR to the VMs with the backend network tag. Add a backend network tag to your backend servers.

（A）Review the Ingress YAML file. Add a new path rule for the * character that directs to the base service. Reapply the YAML.

（B）Review the Service YAML file. Add a new path rule for the * character that directs to the base service. Reapply the YAML.

（C）Review the Ingress YAML file. Define the default backend. Reapply the YAML.

（D）Review the Service YAML file. Define a default backend. Reapply the YAML.