Google Cloud

Google Cloud Certified – Professional Cloud Network Engineer

PR000240

Become a certified Professional Cloud Network Engineer with exam code PR000240 to validate your networking skills in Google Cloud.

492 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 431–440 of 492

Q431

A company needs to control access to its API endpoints. Which IAM role should they assign?

  • A Viewer
  • B Editor
  • C Service Account User
  • D API Consumer
Explanation The API Consumer role is specifically designed for controlling API access; the others have broader, less specific permissions.
Q432

What happens when you set a firewall rule with 'deny all' first?

  • A All traffic is allowed thereafter.
  • B Only specific allows will work.
  • C Inbound traffic is completely blocked.
  • D Outbound traffic is affected only.
Explanation Setting a 'deny all' rule will block all inbound traffic unless overridden by higher-priority allow rules; options A, B, and D are incorrect interpretations.
Q433

Which service enables private Google access for VMs in a VPC?

  • A Private Service Access
  • B VPN Gateway
  • C Cloud IAM
  • D Cloud Router
Explanation Private Service Access allows VMs to access Google services privately; other options don't provide this functionality.
Q434

A company needs to control network traffic between different VPC networks. What should they use?

  • A VPC Peering
  • B Cloud CDN
  • C Cloud Load Balancing
  • D Cloud Pub/Sub
Explanation VPC Peering connects VPCs allowing controlled traffic; the others don't manage inter-VPC traffic.
Q435

You are configuring a firewall rule for specific IP ranges. What happens when a rule is set to DISALLOW for an IP range?

  • A Traffic is allowed for that range
  • B Traffic is blocked for that range
  • C Traffic is logged only
  • D Firewall is disabled for that range
Explanation Setting a DISALLOW rule blocks traffic from specified IPs; options A, C, and D are incorrect operations.
Q436

Which service provides secure, scalable network connectivity?

  • A Interconnect
  • B App Engine
  • C Cloud Functions
  • D Cloud Storage
Explanation Interconnect offers private connectivity; others do not focus on networking.
Q437

A company needs a high-throughput data pipeline for real-time analytics. Which service should they select?

  • A Cloud Pub/Sub
  • B Cloud SQL
  • C Compute Engine
  • D BigQuery
Explanation Cloud Pub/Sub is designed for real-time event ingestion and analytics; others do not specialize in real-time data streams.
Q438

What happens when a VPC firewall rule denies egress traffic?

  • A All outbound traffic is blocked.
  • B Inbound traffic is also blocked.
  • C Only specific ports are blocked.
  • D Traffic will be allowed but monitored.
Explanation Denial of egress blocks all outbound traffic, while the other options misrepresent the rule's impact.
Q439

Which Google Cloud service is best for managing APIs?

  • A API Gateway
  • B Cloud Functions
  • C Cloud Storage
  • D App Engine
Explanation API Gateway manages and secures your APIs, while the others serve different purposes.
Q440

A company needs a highly resilient application architecture. Which Google Cloud service should they prioritize for distributing traffic?

  • A Load Balancing
  • B Cloud Pub/Sub
  • C Cloud Firewall
  • D Compute Engine
Explanation Load Balancing distributes incoming traffic for resilience; the others don’t provide necessary traffic distribution.