【2026年最新】Google Professional Cloud Network Engineer 谷歌专业云网络工程师真题题库_在线真题试卷与模拟练习_【2026年最新】Google Professional Cloud Network Engineer 谷歌专业云网络工程师真题题库_考试宝

更新时间：试题数量：购买人数：提供作者：

有效期：个月

章节介绍：共有个章节

收藏

我的练习

我的错题
(0道)

我的收藏
(0道)

我的斩题
(0道)

我的笔记
(0道)

专项练习

顺序练习 0 / 0

随机练习 自定义设置练习量

题型乱序 按导入顺序练习

模拟考试 仿真模拟

题型练习 按题型分类练习

易错题 精选高频易错题

学习资料 考试学习相关信息

搜索

题库预览

Your organization's security team recently discovered that there is a high risk of malicious activities Originating from some of your VMs connected to the internet. These malicious activities are currently Undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is Inspected. What should you do?

You have two Google Cloud projects in a perimeter to prevent data exfiltration. You need to move a third project inside the perimeter; however, The move could negatively impact the existing environment. You need to validate the impact of the change. What should you do?

Your organization is implementing a new security policy to control how firewall rules are applied to control flows between virtual machines (VMs). Using Google-recommended practices, you need to set up a firewall rule to enforce strict control of traffic between VM A and VB. Youmust ensure that communications 􀂭ow only from VM A to VM B within the VPC, and no other communication paths are allowed. No other firewall rules exist in the VPC. Which firewall rule should you configure to allow only this communication path?

Your company's Google Cloud-deployed, streaming application supports multiple languages. The application development team has asked you How they should support splitting audio and video traffic to different backend Google Cloud storage buckets. They want to use URL maps and Minimize operational overhead. They are currently using the following directory structure: /fr/video /en/video /es/video /../video /fr/audio /en/audio /es/audio /../audio Which solution should you recommend?

Your organization has a highly available application that is not HTTP-based. The application runs on Multiple TCP ports and is hosted in multiple regions. You need to design a solution to load balance the Application in the same Shared VPC where the service will be accessed. The IP address header must Contain the client's true source IP address. No public internet access is required. What should you do?

You want Cloud CDN to serve the https://www.example.com/images/spacetime.png static image file that is hosted in a private Cloud Storage Bucket. You are using the USE_ORIGIN_HEADERS cache mode. You receive an HTTP 403 error when opening the file in your browser, and you See that the HTTP response has a Cache-Control: private, max-age=0 header. How should you correct this issue?

Your team is developing an application that will be used by consumers all over the world. Currently, the application sits behind a global External application load balancer. You need to protect the application from potential application-level attacks. What should you do?

You are reviewing and tuning Secure Web Proxy at your organization, Mount Kirk Games. Users have Reported that they are unable to reach the documents they need on the Terram Earth website (https:// Www.terramearth.com/docs/∗). The Secure Web Proxy rules configuration is as follows: You need to enable access to these documents. What should you do?

You are disabling DNSSEC for one of your Cloud DNS-managed zones. You removed the DS records from your zone file, waited for them to Expire from the cache, and disabled DNSSEC for the zone. You receive reports that DNSSEC validating resolves are unable to resolve names in Your zone. What should you do?

You need to configure a Google Kubernetes Engine (GKE) cluster. The initial deployment should have 5 nodes with the potential to scale to 10 Nodes. The maximum number of Pods per node is 8. The number of services could grow from 100 to up to 1024. How should you design the IP Schema to optimally meet this requirement?

You are trying to update firewall rules in a shared VPC for which you have been assigned only Network Admin permissions. You cannot modify the firewall rules.Your organization requires using the least privilege necessary. Which level of permissions should you request?

You have configured a Compute Engine virtual machine instance as a NAT gateway. You execute the following command: gcloud compute routes create no-ip-internet-route \ --network custom-network1 \--destination-range 0.0.0.0/0 \--next-hop instance nat-gateway \ --next-hop instance-zone us-central1-a \--tags no-ip --priority 800You want existing instances to use the new NAT gateway.Which command should you execute?

Your company uses web application firewall (WAF) capabilities from a third-party cloud WAF provider. This

WAF provider proxies all the HTTPS connections from internet clients, applies security policies, and then

opens a new HTTPS connection to the public IP address of your global Application Load Balancer in

Google Cloud. Your Google Cloud workloads are the backend of this global Application Load Balancer.

Currently, Cloud Am1or is not configured. You need to create a Cloud Armor security policy that blocks

sessions that originate from internet clients with source IP addresses that belong to the

IP_RANGE_BLOCK IP range. The block must be executed by the Cloud Armor security policy; it will not

be done by the third-party cloud WAF provider. Whal should you do?

You have the following routing design. You discover that Compute Engine instances in Subnet-2 in the asia-southeast1 region cannot

communicate with compute resources on-premises. What should you do?

（含图）

Your organization's security policy requires that all internet-bound traffic return to your on-premises data center through HA VPN tunnelsbefore egressing to the internet, while allowing virtual machines (VMs) to leverage private Google APIs using private virtual IP addresses199..36.153.4/30. You need to configure the routes to enable these traffic 􀂭ows. What should you do?

You converted an auto mode VPC network to custom mode. Since the conversion, some of your Cloud Deployment Manager templates are no Longer working. You want to resolve the problem. What should you do?

Your end users are located in close proximity to us-east1 and europe-west1. Their workloads need to communicate with each other. You want To minimize cost and increase network efficiency. How should you design this topology?

You need to centralize the Identity and Access Management permissions and email distribution for the WebServices Team as efficiently as Possible. What should you do?

You created a new VPC network named Dev with a single subnet. You added a firewall rule for the network Dev to allow HTTP traffic only and Enabled logging. When you try to log in to an instance in the subnet via Remote Desktop Protocol, the login fails. You look for the Firewall rules logs in Stackdriver Logging, but you do not see any entries for blocked traffic. You want to see the logs for blocked traffic. What should you do?

You want to use Partner Interconnect to connect your on-premises network with your VPC. You already have an Interconnect partner. What should you first?