You need to configure a Google Kubernetes Engine (GKE) cluster. The initial deployment should have 5 nodes with the potential to scale to 10 nodes. The maximum number of Pods per node is 8. The number of services could grow from 100 to up to 1024. How should you design the IP schema to optimally meet this requirement?

1. A. Configure a /28 primary IP address range for the node IP addresse
2. B. Configure a (25 secondary IP range for the Pod
3. C. Configure a /22 secondary IP range for the Services.
4. D. Configure a /28 primary IP address range for the node IP addresse
5. E. Configure a /25 secondary IP range for the Pod
6. F. Configure a /21 secondary IP range for the Services.
7. G. Configure a /28 primary IP address range for the node IP addresse
8. H. Configure a /28 secondary IP range for the Pod
9. I. Configure a /21 secondary IP range for the Services.
10. J. Configure a /28 primary IP address range for the node IP addresse
11. K. Configure a /24 secondary IP range for the Pad
12. L. Configure a /22 secondary IP range for the Services.

Correct Answer: A

You recently noticed a recurring daily spike in network usage in your Google Cloud project. You need to identify the virtual machine (VM) instances and type of traffic causing the spike in traffic utilization while minimizing the cost and management overhead required. What should you do?

1. A. Enable VPC Flow Logs and send the output to BigQuery for analysis.
2. B. Enable Firewall Rules Logging for all allowed traffic and send the output to BigQuery for analysis.
3. C. Configure Packet Mirroring to send all traffic to a V
4. D. Use Wireshark on the VM to identity traffic utilization for each VM in the VPC.
5. E. Deploy a third-party network appliance and configure it as the default gatewa
6. F. Use the third-party network appliance to identify users with high network traffic.

Correct Answer: C

You are designing a new application that has backends internally exposed on port 800. The application will be exposed externally using both IPv4 and IPv6 via TCP on port 700. You want to ensure high availability for this application. What should you do?

1. A. Create a network load balancer that used backend services containing one instance group with two instances.
2. B. Create a network load balancer that uses a target pool backend with two instances.
3. C. Create a TCP proxy that uses a zonal network endpoint group containing one instance.
4. D. Create a TCP proxy that uses backend services containing an instance group with two instances.

Correct Answer: D

You are designing a shared VPC architecture. Your network and security team has strict controls over which routes are exposed between departments. Your Production and Staging departments can communicate with each other, but only via specific networks. You want to follow Google-recommended practices.
How should you design this topology?

1. A. Create 2 shared VPCs within the shared VPC Host Project, and enable VPC peering between the
2. B. Use firewall rules to filter access between the specific networks.
3. C. Create 2 shared VPCs within the shared VPC Host Project, and create a Cloud VPN/Cloud Router between the
4. D. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
5. E. Create 2 shared VPCs within the shared VPC Service Project, and create a Cloud VPN/Cloud Router between the
6. F. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
7. G. Create 1 VPC within the shared VPC Host Project, and share individual subnets with the Service Projects to filter access between the specific networks.

Correct Answer: D

You have applications running in the us-west1 and us-east1 regions. You want to build a highly available VPN that provides 99.99% availability to connect your applications from your project to the cloud services provided by your partner's project while minimizing the amount of infrastructure required. Your partner's services are also in the us-west1 and us-east1 regions. You want to implement the simplest solution. What should you do?

1. A. Create one Cloud Router and one HA VPN gateway in each region of your VPC and your partner's VP
2. B. Connect your VPN gateways to the partner's gateway
3. C. Enable global dynamic routing in each VPC.
4. D. Create one Cloud Router and one HA VPN gateway in the us-west1 region of your VP
5. E. Create one OpenVPN Access Server in each region of your partner's VP
6. F. Connect your VPN gateway to your partner's servers.
7. G. Create one OpenVPN Access Server in each region of your VPC and your partner's VP
8. H. Connect your servers to the partner's servers.
9. I. Create one Cloud Router and one HA VPN gateway in the us-west1 region of your VPC and your partner's VP
10. J. Connect your VPN gateways to the partner's gateways with a pair of tunnel
11. K. Enable global dynamic routing in each VPC.

Correct Answer: A