Google Cloud

Google Cloud Certified – Professional Cloud Network Engineer

PR000240

Become a certified Professional Cloud Network Engineer with exam code PR000240 to validate your networking skills in Google Cloud.

492 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 251–260 of 492

Q251

A company needs to restrict access to GCP resources. Which service is best for managing these permissions?

  • A Cloud Identity
  • B BigQuery
  • C IAM Roles
  • D Compute Engine
Explanation IAM Roles effectively manage resource permissions, unlike the other options.
Q252

You are configuring a VPC. What happens when you create a default firewall rule?

  • A Blocks all incoming traffic
  • B Allows all incoming traffic
  • C Allows specified outgoing traffic
  • D Ignores all traffic rules
Explanation The default rule allows all incoming traffic unless specified otherwise, while other options misrepresent its functionality.
Q253

Which Google Cloud service is designed for managing containerized applications?

  • A Google Kubernetes Engine
  • B Cloud Functions
  • C Cloud Run
  • D App Engine
Explanation Google Kubernetes Engine is specifically built for container orchestration, while others focus on different deployment models.
Q254

A company needs to ensure their virtual private cloud (VPC) subnet has no public internet access. What should they do?

  • A Disable all firewall rules.
  • B Set subnet to private mode.
  • C Remove external IP addresses.
  • D Use Cloud VPN only.
Explanation Removing external IP addresses prevents direct internet access, while other options are insufficient.
Q255

What happens when you set the ingress settings of a firewall to 'Allow all'?

  • A Only specific ports are opened.
  • B All inbound traffic is blocked.
  • C All inbound traffic is allowed.
  • D No effect on existing rules.
Explanation Allowing all ingress settings permits all inbound traffic, which can lead to security risks.
Q256

Which GCP service allows for VPC peering?

  • A Cloud Router
  • B Cloud VPN
  • C Cloud Interconnect
  • D Compute Engine
Explanation Cloud Router enables VPC peering, while the others serve different networking purposes.
Q257

A company needs to restrict access to its instances based on user identity. What should they implement?

  • A Service Accounts
  • B IAM Roles
  • C Subnets
  • D Firewall Rules
Explanation IAM Roles are used to manage access based on user identity, unlike the other options.
Q258

You are configuring a GCP network that requires global load balancing. What should you use?

  • A HTTP(S) Load Balancer
  • B TCP/UDP Load Balancer
  • C Network Load Balancer
  • D Cloud CDN
Explanation HTTP(S) Load Balancer provides global load balancing, while the others do not.
Q259

Which service optimizes application delivery via global HTTP(S) load balancing?

  • A Cloud CDN
  • B Cloud Functions
  • C App Engine
  • D Cloud Run
Explanation Cloud CDN uses caching to accelerate delivering content globally; other options do not focus on load balancing.
Q260

A company needs to set up interconnect between on-premises and GCP. What is the recommended approach?

  • A Use Cloud VPN only
  • B Implement Cloud Router
  • C Use dedicated interconnect partners
  • D Utilize StackDriver
Explanation Dedicated interconnect provides reliable, high-speed links; others do not guarantee dedicated bandwidth.