[2025年更新]合格できるProfessional-Cloud-Network-Engineer試験にはリアルな問題解答
Professional-Cloud-Network-Engineer試験問題ゲット最新[2025]と正解回答
Google Professional-Cloud-Network-Engineer の認定は、Google Cloud Platform で働く IT プロフェッショナルにとって貴重な資格です。この認定は、Google Cloud Platform 上のネットワークの設計、実装、および管理に高度な専門知識を有することを証明し、IT プロフェッショナルがキャリアを進め、収益の可能性を増やすのに役立ちます。さらに、この認定には、トレーニングやサポートを含む、他の認定プロフェッショナルやリソースにアクセスできるため、IT プロフェッショナルがクラウドネットワーキングの最新の動向や技術について最新情報を得ることができます。
質問 # 114
You work for a organization called cloudtech5 . Your organization has decided to implement continuous integration and delivery (CI/CD) pipeline on Google Cloud Platform using only hosted products and the popular GitOps methodology . The architecture includes many microservices that are updated frequently and rolled back . Please select the products that should be used.
- A. BitBucket , Cloud Build , Container Registry , Google Kubernetes Engine.
- B. Cloud Storage , Cloud Dataflow,Compute Engine.
- C. Cloud Source repositories, Jenkins on Compute Engine , Container Registry , Google Kubernetes Engine.
- D. Cloud Source repositories, Cloud Build ,Container Registry,Google Kubernetes Engine
正解:D
解説:
Option A is the Correct choice because , Cloud Source repositories is a a fully featured, scalable, private Git repository hosted on Google Cloud . Cloud Build is a service that executes your builds on Google Cloud Platform infrastructure. Cloud Build can import source code from Google Cloud Storage, Cloud Source Repositories, GitHub, or Bitbucket, execute a build to your specifications, and produce artifacts such as Docker containers or Java archives. Container Registry is a private container image registry that runs on Google Cloud Platform. Google Kuberenetes Engine is ideal for deploying small services that can be updated and rolled back quickly.
Option B is Incorrect because , BitBucket isn't Google Cloud hosted service but it can be used to achieve the same results .
Option C is Incorrect because Jenkins on Compute Engine isn't Google hosted product , Cloud build is the right choice because it is a service managed by Google Cloud .
Option D is Incorrect because , the objective is to implement CI/CD pipeline not data processing pipeline .
質問 # 115
Your company's security team wants to limit the type of inbound traffic that can reach your web servers to protect against security threats. You need to configure the firewall rules on the web servers within your Virtual Private Cloud (VPC) to handle HTTP and HTTPS web traffic for TCP only. What should you do?
- A. Create an allow on match ingress firewall rule with the target tag "web-server" to allow all IP addresses for TCP ports 80 and 443.
- B. Create an allow on match egress firewall rule with the target tag "web-server" to allow all IP addresses for TCP port 80.
- C. Create an allow on match ingress firewall rule with the target tag "web-server" to allow all IP addresses for TCP port 80.
- D. Create an allow on match egress firewall rule with the target tag "web-server" to allow web server IP addresses for TCP ports 60 and 443.
正解:A
質問 # 116
You work for a university that is migrating to GCP.
These are the cloud requirements:
- On-premises connectivity with 10 Gbps
- Lowest latency access to the cloud
- Centralized Networking Administration Team
New departments are asking for on-premises connectivity to their projects.
You want to deploy the most cost-efficient interconnect solution for connecting the campus to Google Cloud.
What should you do?
- A. Use standalone projects, and deploy the VLAN attachments in the individual projects.
Connect the VLAN attachment to the standalone projects' Interconnects. - B. Use Shared VPC, and deploy the VLAN attachments in the service projects.
Connect the VLAN attachment to the Shared VPC's host project. - C. Use Shared VPC, and deploy the VLAN attachments and Interconnect in the host project.
- D. Use standalone projects and deploy the VLAN attachments and Interconnects in each of the individual projects.
正解:B
質問 # 117
You are designing a hybrid cloud environment for your organization. Your Google Cloud environment is interconnected with your on-premises network using Cloud HA VPN and Cloud Router. The Cloud Router is configured with the default settings. Your on-premises DNS server is located at 192.168.20.88 and is protected by a firewall, and your Compute Engine resources are located at 10.204.0.0/24. Your Compute Engine resources need to resolve on-premises private hostnames using the domain corp.altostrat.com while still resolving Google Cloud hostnames. You want to follow Google-recommended practices. What should you do?
- A. Create a private forwarding zone in Cloud DNS for 'corp .altostrat.com' called corp-altostrat-com that points to 192.168.20.88.
Configure your on-premises firewall to accept traffic from 10.204.0.0/24.
Modify the /etc/resolv conf file on your Compute Engine instances to point to 192.168.20 88 - B. Create a private forwarding zone in Cloud DNS for 'corp.altostrat.com' called corp-altostrat-com that points to 192.168.20.88.
Configure your on-premises firewall to accept traffic from 10.204.0.0/24.
Set a custom route advertisement on the Cloud Router for 10.204.0.0/24 - C. Create a private forwarding zone in Cloud DNS for 'corp.altostrat.com' called corp-altostrat-com that points to 192.168 20.88.
Configure your on-premises firewall to accept traffic from 35.199.192.0/19 Set a custom route advertisement on the Cloud Router for 35.199.192.0/19. - D. Create a private zone in Cloud DNS for 'corp altostrat.com' called corp-altostrat-com.
Configure DNS Server Policies and create a policy with Alternate DNS servers to 192.168.20.88.
Configure your on-premises firewall to accept traffic from 35.199.192.0/19.
正解:D
解説:
Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.
質問 # 118
You have deployed an HTTP(s) load balancer, but health checks to port 80 on the Compute Engine virtual machine instance are failing, and no traffic is sent to your instances. You want to resolve the problem. Which commands should you run?
- A. gcloud compute health-checks update http health-check --unhealthy-threshold 10
- B. gcloud compute firewall-rules create allow-lb --network load-balancer --allow tcp --source-ranges 130.211.0.0/22,35.191.0.0/16 --direction INGRESS
- C. gcloud compute firewall-rules create allow-lb --network load-balancer --allow tcp --destination-ranges 130.211.0.0/22,35.191.0.0/16 --direction EGRESS
- D. gcloud compute instances add-access-config instance-1
正解:D
質問 # 119
You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BGP) session, and the other one acts as a standby.
Which BGP attribute should you use on your on-premises router?
- A. Multi-exit Discriminator
- B. Community
- C. AS-Path
- D. Local Preference
正解:A
解説:
https://cloud.google.com/router/docs/concepts/overview
質問 # 120
Your company has recently expanded their EMEA-based operations into APAC. Globally distributed users report that their SMTP and IMAP services are slow. Your company requires end-to-end encryption, but you do not have access to the SSL certificates.
Which Google Cloud load balancer should you use?
- A. TCP proxy load balancer
- B. SSL proxy load balancer
- C. HTTPS load balancer
- D. Network load balancer
正解:A
解説:
https://cloud.google.com/security/encryption-in-transit/ Automatic encryption between GFEs and backends For the following load balancer types, Google automatically encrypts traffic between Google Front Ends (GFEs) and your backends that reside within Google Cloud VPC networks: HTTP(S) Load Balancing TCP Proxy Load Balancing SSL Proxy Load Balancing
質問 # 121
You have the following private Google Kubernetes Engine (GKE) cluster deployment:
You have a virtual machine (VM) deployed in the same VPC in the subnetwork kubernetes-management with internal IP address 192.168.40 2/24 and no external IP address assigned. You need to communicate with the cluster master using kubectl. What should you do?
- A. Add the network 192.168.38.0/28 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2
- B. Add the network 192.168.40.0/24 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2.
- C. Add the network 192.168.36.0/24 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2
- D. Add an external IP address to the VM, and add this IP address in the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 35.224.37.17.
正解:B
質問 # 122
Your company's Google Cloud-deployed, streaming application supports multiple languages. The application development team has asked you how they should support splitting audio and video traffic to different backend Google Cloud storage buckets. They want to use URL maps and minimize operational overhead. They are currently using the following directory structure:
/fr/video
/en/video
/es/video
/../video
/fr/audio
/en/audio
/es/audio
/../audio
Which solution should you recommend?
- A. Leave the directory structure as-is, create a URL map and leverage a path rule such as /*/video and /*/ audio.
- B. Rearrange the directory structure, create DNS hostname entries for video and audio and leverage a path rule such as /video/* and /audio/*.
- C. Rearrange the directory structure, create a URL map and leverage a path rule such as /video/* and /audio/
*. - D. Leave the directory structure as-is, create a URL map and leverage a path rule such as \/[a-z]{2}\/video and
\/[a-z]{2}\/audio.
正解:A
質問 # 123
Your organization recently exposed a set of services through a global external Application Load Balancer. After conducting some testing, you observed that responses would intermittently yield a non-HTTP 200 response. You need to identify the error. What should you do? (Choose 2 answers)
- A. Validate the health of the backend service. Enable logging for the backend service and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.
- B. Validate the health of the backend service. Enable logging on the load balancer and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.
- C. Enable and review the health check logs. Review the error responses in Cloud Logging.
- D. Access a VM in the VPC through SSH and try to access a backend VM directly. If the request is successful from the VM, increase the quantity of backends.
- E. Delete the load balancer and backend services. Create a new passthrough Network Load Balancer. Configure a failover group of VMs for the backend.
正解:B、C
解説:
To troubleshoot the intermittent non-HTTP 200 responses, you should enable and review health check logs and log the backend service's responses in Cloud Logging. Reviewing the statusDetails field helps identify the cause of the error. Enabling logging on the load balancer and backend service provides visibility into the issue.
質問 # 124
Your organization has a new security policy that requires you to monitor all egress traffic payloads from your virtual machines in the us-west2 region. You deployed an intrusion detection system (IDS) virtual appliance in the same region to meet the new policy. You now need to integrate the IDS into the environment to monitor all egress traffic payloads from us-west2. What should you do?
- A. Enable firewall logging and forward all filtered egress firewall logs to the IDS.
- B. Enable VPC Flow Logs. Create a sink in Cloud Logging to send filtered egress VPC Flow Logs to the IDS.
- C. Create an internal TCP/UDP load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.
- D. Create an internal HTTP(S) load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.
正解:C
解説:
Packet Mirroring with an internal TCP/UDP load balancer allows for comprehensive monitoring of egress traffic, which includes payloads. This is required for integration with an IDS for detailed inspection of traffic payloads, meeting the security policy needs for monitoring and detection.
質問 # 125
You have recently been put in charge of managing identity and access management for your organization. You have several projects and want to use scripting and automation wherever possible. You want to grant the editor role to a project member.
Which two methods can you use to accomplish this? (Choose two.)
GetIamPolicy() via REST API
- A. role roles/editor
- B. Enter an email address in the Add members field, and select the desired role from the drop-down menu in the GCP Console.
- C. role roles/editor
gcloud projects add-iam-policy-binding $projectname --member user:$username -- - D. gcloud pubsub add-iam-policy-binding $projectname --member user:$username --
- E. setIamPolicy() via REST API
正解:A、B
解説:
Explanation/Reference: https://cloud.google.com/iam/docs/granting-changing-revoking-access
質問 # 126
You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage. You want to ensure that none of the application instances have external IP addresses.
Which two methods can you use to accomplish this? (Choose two.)
- A. Enable Private Services Access on the VPC.
- B. Enable Private Google Access on all the subnets.
- C. Enable Private Google Access on the VPC.
- D. Create a Cloud NAT, and route the application traffic via NAT gateway.
- E. Create network peering between your VPC and BigQuery.
正解:C、D
質問 # 127
You need to establish network connectivity between three Virtual Private Cloud networks, Sales, Marketing, and Finance, so that users can access resources in all three VPCs. You configure VPC peering between the Sales VPC and the Finance VPC. You also configure VPC peering between the Marketing VPC and the Finance VPC. After you complete the configuration, some users cannot connect to resources in the Sales VPC and the Marketing VPC. You want to resolve the problem.
What should you do?
- A. Create network tags to allow connectivity between all three VPCs.
- B. Delete the legacy network and recreate it to allow transitive peering.
- C. Configure VPC peering in a full mesh.
- D. Alter the routing table to resolve the asymmetric route.
正解:C
解説:
https://cloud.google.com/vpc/docs/using-vpc-peering
質問 # 128
You want to apply a new Cloud Armor policy to an application that is deployed in Google Kubernetes Engine (GKE). You want to find out which target to use for your Cloud Armor policy.
Which GKE resource should you use?
- A. GKE Pod
- B. GKE Node
- C. GKE Cluster
- D. GKE Ingress
正解:A
解説:
https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-armor-backendconfig
質問 # 129
You want to implement an IPSec tunnel between your on-premises network and a VPC via Cloud VPN. You need to restrict reachability over the tunnel to specific local subnets, and you do not have a device capable of speaking Border Gateway Protocol (BGP).
Which routing option should you choose?
- A. Dynamic routing using Cloud Router
- B. Route-based routing using default traffic selectors
- C. Policy-based routing using a custom local traffic selector
- D. Policy-based routing using the default local traffic selector
正解:A
解説:
Reference:
https://cloud.google.com/vpn/docs/concepts/overview
質問 # 130
......
練習できるProfessional-Cloud-Network-Engineer問題で認証試験問題集ガイド解答は練習専門Fast2test:https://jp.fast2test.com/Professional-Cloud-Network-Engineer-premium-file.html
無料Google Professional-Cloud-Network-Engineerテスト練習テスト問題試験問題集:https://drive.google.com/open?id=18zNn1VlrdIUyoxq2K__5vpl57LVFFHhO