Question 1

Your organization wants to set up hybrid connectivity with VLAN attachments that terminate in a single Cloud Router with 99.9% uptime. You need to create a network design for your on-premises router that meets those requirements and has an active/passive configuration that uses only one VLAN attachment at a time. What should you do?

ACreate a design that uses a BGP multi-exit discriminator (MED) attribute to influence the egress path from Google Cloud to the on-premises environment.

BCreate a design that uses the as_path BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

CCreate a design that uses an equal-cost multipath (ECMP) with flow-based hashing on your on-premises devices.

DCreate a design that uses the local_pref BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

Answer : A

The BGP multi-exit discriminator (MED) attribute is used in BGP configurations to influence the choice of path in an active/passive setup by prioritizing one path over another for egress traffic. This is ideal for a design that uses only one VLAN attachment at a time.

Question 2

You recently deployed Cloud VPN to connect your on-premises data center to Google Cloud. You need to monitor the usage of this VPN and set up alerts in case traffic exceeds the maximum allowed. You need to be able to quickly decide whether to add extra links or move to a Dedicated Interconnect. What should you do?

AIn the Monitoring section of the Google Cloud console, use the Dashboard section to select a default dashboard for VPN usage.

BIn Network Intelligence Center, check for the number of packet drops on the VPN.

CIn the VPN section of the Google Cloud console, select the VPN under hybrid connectivity and then select monitoring to display utilization on the dashboard.

DIn the Google Cloud console, use Monitoring Query Language to create a custom alert for bandwidth utilization.

Answer : D

Using Monitoring Query Language (MQL) to create a custom alert for bandwidth utilization gives you flexibility and precision in setting thresholds. This helps you quickly determine when VPN traffic exceeds the limits, allowing for timely decisions about adding more links or transitioning to a Dedicated Interconnect.

Question 3

You are troubleshooting connectivity issues between Google Cloud and a public SaaS provider. Connectivity between the two environments is through the public internet. Your users are reporting intermittent connection errors when using TCP to connect; however, ICMP tests show no failures. According to users, errors occur around the same time every day. You want to troubleshoot and gather information by using Google Cloud tools that are most likely to provide insights into what is occurring within Google Cloud. What should you do?

AEnable the Firewall Insights API. Set the deny rule insights observation period to one day. Review the insights to assure there are no firewall rules denying traffic.

BEnable and review Cloud Logging on your Cloud NAT gateway. Look for logs with errors matching the destination IP address of the public SaaS provider.

CCreate a Connectivity Test by using TCP, the source IP address of your test VM, and the destination IP address of the public SaaS provider. Review the live data plane analysis and take the next steps based on the test results.

DEnable and review Cloud Logging for Cloud Armor. Look for logs with errors matching the destination IP address of the public SaaS provider.

Answer : C

Creating a Connectivity Test using TCP in Network Intelligence Center allows you to simulate the connection to the public SaaS provider and receive real-time data plane analysis. This will help determine whether there are any issues with the network path for the specific TCP connection.

Question 4

Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides separate projects for each team. You must also make sure the solution can scale. What should you do?

AConfigure VPC Network Peering, and peer one of the VPCs to the service project.

BConfigure a Shared VPC, and create a VPC network in the service project.

CConfigure a Shared VPC, and create a VPC network in the host project.

DConfigure Policy-based Routing for each team.

Answer : C

A Shared VPC allows the central networking team to manage the VPC network while individual teams can manage their resources in service projects. This solution provides scalability by allowing for multiple service projects under the same Shared VPC, and it allows the network team to maintain control over the network resources.

Question 5

Your organization has a hub and spoke architecture with VPC Network Peering, and hybrid connectivity is centralized at the hub. The Cloud Router in the hub VPC is advertising subnet routes, but the on-premises router does not appear to be receiving any subnet routes from the VPC spokes. You need to resolve this issue. What should you do?

ACreate custom routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

BCreate custom learned routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

CCreate custom routes at the Cloud Router in the spokes to advertise the subnets of the VPC spokes.

DCreate a BGP route policy at the Cloud Router, and ensure the subnets of the VPC spokes are being announced towards the on-premises environment.